While at the local pizza shop at lunchtime, I was reading this news article about some kids who broke into their school computers. The so called "Kutztown 13" figured out the admin passwords on the laptops they were issued, and started causing a variety of havoc.

So, read the article, then decide what the moral of the story is. You may choose more than one:

• Don't give computers (especially expensive ibooks) to school kids
• If giving expensive ibooks to students, and intending to lock them out of some features, don't leave the admin password taped to the back of the laptop
• Don't put Internet filtering software on the client, put it on the server
• Don't give a Porche to a group of unsupervised 16 year olds and expect them to travel the speed limit and stop at all stopsigns.
• It doesn't matter that anyone signs an agreement saying that they'll obey this and that, and may be criminally charged if they break the rules -- there will always be parents (and thus kids) who think they are exempt from having to follow the rules and consequences they agreed to
• Don't give "locked down" computers to young/immature people who are also smarter than you
• Don't leave security vulnerabilities on locked down machines (they didn't say this was the case -- but they did say students cracked an encrypted password (after having the original password, taped to the back of the computer, changed). Being that it's a Mac, it was likely the passwords in the /etc/shadow file. Which should not be readable by users, so it seems that there may have been some vulnerability they took advantage of)

Actually, I may be shooting for an "all of the above" here. Did I miss any?

Patrick briefly brought up the idea of optimal fonts the other day. I looked around for some more information, and discovered this research on optimal web design from Michael L Bernard at the Universiry of Wichitah.

Mentioned in it is that, not surprising, some fonts are easier to read than others. Based on the font you choose for your website, someone may be able to read it faster. What is surprising, is that between some fonts which are similarly legible, some actually lead to deeper comprehension of the material being read. Wow.

There's also an optimal size. Using 10 point is generally significantly slower to read, and 14 point a bit slower to read, than 12 point.

He found Arial and Courier to be the most legible font. Arial is best for anti-aliased fonts. The serif font George led to higher levels of comprehension than the sans serif font Verdana. Children prefer sans sarif fonts such as Arial and Comic.

He also suggests that the optimal line length should be 11 words, or 40-60 characters. Someone is more likely to lose their place with longer line lengths. Longer lines are also more tiring to read.

And then comes background colors. He warns that one needs to choose carefully if using a textured background. He often reduce clarity of the text. He feels that dark text on light backgrounds is best, particularly black on white.

There are a number of other pages on topics including placement and types of graphics, whether frames are okay, how to promote loyalty, and even appealing to international users. Color makes a big difference here -- green represents safety in the US, but criminality in France.

SCO and Computer Associates (CA) had a lawsuit going on over various issues (details here). Breach of contract sort of stuff, relating to SCO Unixware.

As part of the settlement, CA got a few Unixware licenses. Fair enough.

Well, SCO goes and tacks on Linux IP licenses to go along with each of the Unixware ones, and runs around shouting that CA is now a Linux licensee. That's just evil.

CA, of course, has no intention of purchasing Linux licenses from SCO, and think the suit is ridiculous. I think this gem of a quote sums up CA's position quite well:

"By the way, CA doesn't have enough UnixWare licenses to cover all its Linux servers", Greenblatt said.

Bwhahahahha.

There's a really neat Interview on Slashdot with one of the founders of the Iraqi LUG.

There's all kinds of things in that story that we don't get to hear in the news. There seem to have been some incredible benefits from the war. They only need a few dollars a month to have someone become a full-time Linux advocate, I think I may donate. They aren't afraid to try Linux there, but there are very few who know about it.

Somewhat more aggravating is that they have DSL available in Baghdad, but I *still* can't get that in Harrisburg. Wah :-)

I was actually getting some work done before receiving these links:

• Dodge: my highest is 19.369 seconds
• Smack the Penguin: my highest is 595

Woah, the Zaurus SL-5600 is on sale for $299. I've pondered getting one of these before, but the initial price of $550 or whatever that was is a bit expensive. I also wander how much I'd use it after 6 months when the fun-factor wears off. Is it just cool to own, or is it actually useful?

Shana was also interested in the idea. Wouldn't it be neat to have a gradebook/attendance application on a PDA? Just walk up and down the aisle, checking off homework into the PDA. Alas, I don't see an existing software package for this. But that shouldn't be too hard, right? (that's what Linus said when he first started working on Linux)

There is a version of Perl for the Zaurus, perhaps I could write something like that in Perl. This may even be something OpenThought could do. It would give me some extra incentive to create a built-in webserver plugin for OpenPlugin, as opposed to requiring Apache or IIS (and Chris has already done all the hard stuff).

Anyhow, PDA usefulness would be a good topic for some discussion at our next CPLUG meeting.

While researching wireless security, I ran across an article discussing wireless LAN's at Lowe's.

As many know, Lowes uses Linux as their POS system. But it also turns out that they sometimes use a wireless connection within their store, between the POS and their servers. That's fine, except that many of these stores don't even bother to turn on WEP, let alone use real encryption.

Well, the article talks about 2 crackers from the Michigan 2600 scene who also noticed this. They were able to sit in their car and collect credit card numbers. Argh. There's even a comment from someone who went to a local Starbucks, and just accidentally connected to a nearby Lowe's network.

That certainly makes me think twice about using credit cards at a store like that (as I prepare to go there and buy a dishwasher).

As much as we all hate spam, a lot of work goes into sending it out. From a spammers perspective, there's millions of potential customers, with only a single piece of software between them and us -- the spam filter.

I ran across an article which looks at the next wave of spam. The problem is, that our spam filters are getting too good. They look at text, and differentiate human to human interaction from advertisements.

The obvious thing, if you were a spammer, is to create spams which appear more personal, more human. How? Well, they've begun including text from novel's where the copyright has expired. It's also been noticed that spams have been getting longer -- are spam filters are unlikely to be fooled by just a few words, so they need to add lots. An example is a spam I have here in my inbox offering extended auto warranties.. there is text in the body of the email which reads:

She laughed bitterly. Anne slipped her arm around her. "Leslie, is it that you have learned to care for Mr. Ford?" Leslie turned herself about passionately. "How did you know?" she cried. "Anne, how did you know? Oh, is it written in my face for everyone to see? Is it as plain as that?" "No, no. I--I can't tell you how I knew. It just came into my mind, somehow. Leslie, don't look at me like that!" "Do you despise me?" demanded Leslie in a fierce, low tone.

I did a search, and found that the above text is from Anne's House of Dreams.

I'd be surprised if spam filters couldn't catch text like the above. But this is cat and mouse, just like viruses. Spam filters get better, spam finds it's way through, spam filters get better yet, yada yada yada. My boss keeps saying that spam is going to make email useless. I can see his case, though it can be said that viruses haven't made computers useless.

Argh, this really irritates me. It's suddenly become mainstream that the next version of IE will be able to block popup ads. As examples, see this ZDNet article, here's one at News.com, another over at Media week, and I'm even hearing it on the radio.

At least this AVN Online article had the decency to mention the fact that this feature has been available in most other web browsers. They understate the fact that it's been available since around the year 2000. Microsoft is 4 years late! I really wish I had the number for the radio station handy when I heard that piece come on there. The morning show hosts were talking about it, as if it were the greatest thing since cheese in cellophane packets. And to them, it was. Most people have no reason to try Netscape or Opera... why bother, IE comes with the computer. Seeing how much people care about features like these, they really need to hear about the alternatives. I would have loved to call in to tell them about other products, but I couldn't find the number before I had to run off to work.

It started as road rage, moved to sidewalk rage. We now have work rage, and recently even spam rage. Soon, there's bound to be a case of FUD rage. Don't worry, it won't be me you read about in the news. I'm happy to take it out on some old computer equipment laying around the house. You'd be surprised how satisfying it can be to smash a keyboard, keys go flying everywhere ;-)

Wow, this story is infuriating. It's just Microsoft at it's tactics again, but it's just disturbing to hear what they actually are.

Microsoft is on trial for stealing technology. The facts are, before the case has even begun:

• Microsoft has admitted deleting 35 weeks of emails, pertaining only to this case. Why? Because, they claim, Burst's technology was "unimpressive and not of interest to Microsoft". However, it took them two years to figure that out, and enough emails were kept that printed out, they filled 120 boxes. If the technology was that aweful, and they only managed to figure that out after two years, why didn't they delete all the messages, and not just 35 weeks worth? Yeah, maybe just a little suspicious. It's also of interest that for those 35 weeks, they not only deleted the messages off the user desktops, they took the time to go to the mail servers and removed the copies from there.
• Microsoft has begun cc'ing lawyers when sending emails. This allows them to claim attorney-client privilages. Microsoft can't claim to have invented this either though, the lawyers in the tobacco cases figured that one out.

The Burst lawyers did their homework though, and noticed from the Sun-Microsoft trial that Microsoft stores all emails on over 100,000 off-site tapes. So, the judge ordered them to produce the messages. The judge wasn't buying their tale either -- upon Microsoft's statement that finding the messages would be like finding a needle in a haystack, the judge reminded them that is was they who put the needle in the hay. Good one, judge :-)

ZDNet is carrying a story which brings up an old topic -- should venders be legally responsible for their products. Many of us in the IT field spend hundreds of hours every year performing maintenance on systems due to problems that exist in software we purchased. That could easily increase to thousands of hours if one of those problems is somehow exploited by a worm, and we have to clean it up. Instead of putting the burden on us, the purchasers of a product, should we put the burden on the vender to get it right the first time, or be legally responsible?

The story uses the example of a civil engineer. A mistake by a civil engineer is often career ending. Maybe if more time and thought went into programs, along with the added legal pressure, software would be higher quality.

The counter argument, of course, is that programming is a complex task. There are an incredible amount of variables (no pun intended) to deal with when creating lines of code. Not the least of which is the fact that what we design software for today may not be what people choose to use it for tomorrow. Often existing software solutions have to be warped to handle new variations of a problem.

Two things that come to mind here are Sendmail and BIND, each of which seems to carry an unfortunate track regord of lax security. Neither of these packages, though, were initially built to handle the security issues that exist on the Internet today. Additionally, the Internet is expanding at an incredible rate, and people are demanding more and more from the software they use. But there are a finite amount of people in the world able to work on this software, security and features always seem to be lagging behind.

Or are they? There are other projects, such Postfix and and Djbdns, which have particularly good security track records. So what's the difference? Postfix and Djbdns are newer, and have been designed from the ground up with today's Internet in mind. This doesn't mean they lack features either, Postfix is incredibly feature rich, and has been shown to peform much better than alternatives. Djbdns's point isn't features, and was meant to be simple. But there are other DNS alternatives available that are security concious and contain the features people want.

Perhaps this means that the answer to software problems is a redesign cycle. Maybe the Internet moves faster than we can keep up with, and that all software needs to have it's core, the foundation it's built on, re-examined on a set cycle. The problem with this is that little details, the kinds that cause security concerns in the first place, can easily be overlooked in this fashion. It's the same thing that happens when we write papers or books, and the reason an author needs someone other than himself to proofread his work.

This has the potential for angering Joel On Software enthusiasts, but perhaps software needs to be rebuilt regularly from the ground up to be able to handle the evolving needs of people. Who's to say that in 7 years, Postfix won't have similar security problems that Sendmail has now? Maybe new technologies will exist then, unlike anything the Postfix authors possibly could have dreampt up. Adding to Posfix the ability to handle these new technolies may cause the developers the need to "hack" these features in, as Postfix wasn't designed for that sort of work. With enough hacks, things start to get overlooked.

What if every five years, software were rebuilt? One of the big problems here is that it's an incredible endeavor. Software which has been around for awhile might take an enourmous amount of time to rebuild, as seen with Mozilla. Then again, let's compare Mozilla to Internet Explorer. Which would you rather use? Internet Explorer, even the newer versions of it, seem to have a variety of flaws which allow websites to have complete control of your computer. I don't think there are many, if any at all, flaws like this in Mozilla.

So, in this browser instance, we've solved numerous security issues and built a better core, while sacrificing a period of time where there were no updates at all to the software. Perhaps a small amount of developers could continue to maintain the original product, while the remainder of the team builds the new one. It's my feeling that, even with Mozilla's being built from scratch, that it by far outdoes Internet Explorer today, in everything. Features, security, flexibility, and extendability are all superior. Was it worth it?

Many complained about the delay in Mozilla's 1.0 release, that it took so long before a usable release was available. This reminds me of the many delayed gratification studies:

"When considering how to productively harness your feelings, practice some emotional self-control and delay gratification, Kilgore advises. Stanford University researchers tested children's impulse control by placing a marshmallow in front of them and telling them that they would receive a second one if the first remained when the adult leading the group, who needed to leave the room, returned."

"The longitudinal study found that, overall, the children who delayed gratification and did not eat the marshmallow were more successful later in life, as measured by a range of factors including happiness, income and job satisfaction, than those children who ate the marshmallow."

www.umich.edu/~urecord/9900/May22_00/15.htm

Are we so much into the now that we can't wait for something better later? It could very well mean the difference between secure, flexible software and insecure software with hacked-in features that causes many hours and dollars in maintenance simply to prevent worms and virii from breaching the system.

"The significant problems we face cannot be solved at the same level of thinking we were at when we created them."

- Albert Einstein (1879-1955)

I just ran across this article telling about some new features in Google. Namely, that Google can now solve math equations, and do conversions.

Some Math Examples

• 1 + 1
Returns: 2
• 5 * (5 + 2) / 2
Returns: (5 * (5 + 2)) / 2 = 17.5

Some Conversion Examples

• 12 inches to centimeters
Returns: 12 inches = 30.48 centimeters
• speed of light to mph
Returns: the speed of light = 670 616 629 mph

Or, what we've all been yearning to know:

• What is the speed of light in furlongs per fortnight
the speed of light = 1.8026175 × 10¹² furlongs per fortnight

For more info, see Google's Calculator.

I read an article in the newspaper this past Sunday, apparently Harrisburg is going to be getting wireless! I sent out this notice to the local CPLUG:

There is a very interesting article in Sundays Patriot News (front page of the business section) about the Harrisburg area being served by a wireless network.

Come September, PAOnline will be deploying a beta test of it's wireless network (802.11b). They have a main antenna on Blue Mountain, and will have a bunch of "base stations", as they call them, throughout the county retransmitting the signal. Their goal is to provide wireless service to all seven midstate counties.

You do have to be a PAOnline customer to use the service, but that can cost as little at $10/month.

During the beta test, speeds will be around 128k/s. They plan on offering higher speeds in the future, though they may charge more for them.

This will all be available after Labor Day this year. This will apparently make Dauphin county the largest metropolitan area in the country served by wireless. Very cool :-) I would personally seriously consider dropping a Cable or DSL Internet connection at home for wireless. At that point, you're already paying for a service you can go anywhere and use.

On a sadder note, apparently the Harrisburg City Government will be using our tax money to offer a competing service. Sigh.

So, I might be able to drop by DSL or Cable connection altogether, and be able to wander around the entire county playing with a wireless connection. As the article mentions, this will be the largest metropolitan wireless network in the country. Coolness :-)

Here is the full text of the article.