|
Saturday, September 04, 2004
A Zogby America opinion poll released yesterday indicates that Mr. Bush took a two-percentage-point lead over Mr. Kerry. The poll, taken during the Republican convention, suggests that 46 per cent of likely voters back the President, compared with 44 per cent for his Democratic rival.
The results are within the statistical margin of error, but
BUT? But what?
How the fvck is a change within the margin of error news?
Is everyone retarded?
I hate when the report on polls as if they mean anything.
I extra hate when the report on a change that is within the margin of error.
POLLS ARE NOT NEWS
Kerry takes the gloves off as Bush leads polls
posted by Richard at 17:31 /
permalink (post) | permalink (numeric) /
comment
Friday, September 03, 2004
Like Google, I think "search, don't sort" is the winner.
I have been using Microsoft's free Lookout which is saving me tons of time searching my Outlook email.
(In case you're wondering, work inbox is over 6000 messages. I used to try sorting them into folders but decided it was a waste of time.)
Anyway, Copernic Desktop Search is another free Windows option.
They have kind of reverse focuses,
Lookout is Outlook search + documents,
while Copernic is document search + Outlook.
posted by Richard at 17:03 /
permalink (post) | permalink (numeric) /
comment
So NX is this groovy new low-bandwidth X remote access everything replacement.
It will run encrypted over SSH (port 22).
Otherwise, it appears to use ports 5000-5200, according to a mailing list message I found
If you prefer to run sessions without ssh encryption and you have default values for the configuration parameters of your NX Server installation, a generic client that wants to connect from the WAN must be able to access, in addition to port 22, TCP ports in the range [5000-5200].
I'll explain why: selecting 'SSL encryption' forces NX Client to use the same (encrypted) channel created during the authentication phase to tunnel all the X traffic. If 'SSL encryption' is not enabled NX Client uses a ssh channel just for authentication purposes and, after a successfull authentication has took place, the client reconnects to a display in the range starting at 'DISPLAY_BASE' upto the value ('DISPLAY_BASE' + 'DISPLAY_LIMIT').
These parameters default to the values "1000" and "200" respectively; if you want you can take a look at your server configuration file (usually '/usr/NX/etc/node.conf') and tune them to fit your needs.
TCP port numbers are obtained by adding the value "4000" to the display numbers.
Regards,
Fabio Rosati - NoMachine
www.nomachine.com
NoMachine, Italy
nxusers 21/01/2004 Re: Firewall access/port forwarding
posted by Richard at 10:19 /
permalink (post) | permalink (numeric) /
comment
FuturePhoto 4x6" $0.29, 8x10" $3.99 until September 9, 2004.
I just noticed, apparently no one at FS knows the difference between ' (feet) and " (inches). All of their promos say 4'x6' (four feet by six feet).
posted by Richard at 07:10 /
permalink (post) | permalink (numeric) /
comment
Thursday, September 02, 2004
Laura Bush says
Many of my generation remember growing up at the height of the Cold War, hiding under desks during civil defense drills in case the communists attacked us. And now, when parents ask me, what should we tell our children - I think about those desks. .... And we need to explain that because of strong American leadership in the past we don't hide under our desks anymore.
Now I call that small thinking.
Instead, I call now for a
Strategic Desk Initiative
I propose an SDI project to build a mile-high wooden school desk, covering all of the continental United States.
posted by Richard at 19:55 /
permalink (post) | permalink (numeric) /
comment
Microsoft Opens MSN Music Store
Requires Payment with a valid credit card with a U.S. billing address .
posted by Richard at 12:35 /
permalink (post) | permalink (numeric) /
comment
from Network Security Assessment, page 72
Here is a checklist of countermeasures to use when considering technical modifications to networks and filtering devices to reduce the effectiveness of network scanning and probing undertaken by attackers:
• Filter inbound ICMP message types at border routers and firewalls. This forces attackers to use full-blown TCP port scans against all of your IP addresses to map your network correctly.
• Filter all outbound ICMP type 3 unreachable messages at border routers and firewalls to prevent UDP port scanning and firewalking from being effective.
• Consider configuring Internet firewalls so that they can identify port scans and throttle the connections accordingly. You can configure commercial firewall appliances (such as those from Check Point, NetScreen, and WatchGuard) to prevent fast port scans and SYN floods being launched against your networks.
On the open source side, there are many tools such as portsentry that can identify port scans and drop all packets from the source IP address for a given period of time.
• Assess the way that your network firewall and IDS devices handle fragmented IP packets by using fragtest and fragroute when performing scanning and probing exercises. Some devices crash or fail under conditions in which high volumes of fragmented packets are being processed.
• Ensure that your routing and filtering mechanisms (both firewalls and routers) can’t be bypassed using specific source ports or source-routing techniques.
• If you house publicly accessible FTP services, ensure that your firewalls aren’t vulnerable to stateful circumvention attacks relating to malformed PORT and PASV commands.
• If a commercial firewall is in use, ensure the following:
1 The latest service pack is installed.
2 Antispoofing rules have been correctly defined, so that the device doesn’t accept packets with private spoofed source addresses on its external interfaces.
3 Fastmode services aren’t used in Check Point Firewall-1 environments.
• Investigate using inbound proxy servers in your environment if you require a high level of security. A proxy server will not forward fragmented or malformed packets, so it isn’t possible to launch FIN scanning or other stealth methods.
• Be aware of your own network configuration and its publicly accessible ports by launching TCP and UDP port scans along with ICMP probes against your own IP address space. It is surprising how many large companies still don’t properly undertake even simple port-scanning exercises.
posted by Richard at 10:59 /
permalink (post) | permalink (numeric) /
comment
Wednesday, September 01, 2004
Jon's shows on the conventions are not so very good.
Mainly the correspondents are very weak in their bits :(
Also I thought McCain was going to be on but he wasnt't.
Oh well.
Ok Jon says McCain TOMORROW.
posted by Richard at 23:03 /
permalink (post) | permalink (numeric) /
comment
The Onion reports
Small Group Of Dedicated Rich People Change The World
Cynics often say that one man can't make a difference in a huge and complicated world. But this week in New York, a few tremendously rich and powerful men have given those naysayers reason to reconsider their views. At the Republican National Convention, which concludes Thursday, a handful of dedicated men will change the world.
posted by Richard at 17:11 /
permalink (post) | permalink (numeric) /
comment
A fairly advanced network security topic.
Managing Security with Snort and IDS Tools has just come out from O'Reilly.
Sample Chapter 6: Deploying Snort (PDF) is available free online.
posted by Richard at 15:28 /
permalink (post) | permalink (numeric) /
comment
August 2004 webhits
looking back
main site webhits
total Last month: 128376
port-table Last month: 87975
oracle-port-table Last month: 1222
trojan-port-table Last month: 15843
Google saw
port-table 93,683
oracle-port-table 1,182
I hit 4000/day for port-table on Tuesday
Tuesday 31 August 4,046
total August 2004 for this blog: 2018 hits
So port-table gets twice as many hits per day as this blog gets all month.
UPDATED 2004-09-03.
posted by Richard at 07:21 /
permalink (post) | permalink (numeric) /
comment
Tuesday, August 31, 2004
This is a transcript directly from the Whitehouse.
Remarks by the President and Mrs. Bush at Taylor, Michigan Rally
I have cut out all of Bush talking and just left the audience in.
They boo everytime he talks about the evil Democrats.
AUDIENCE: Booo!
AUDIENCE: Booo!
AUDIENCE: Four more years! Four more years! Four more years!
AUDIENCE: Booo!
AUDIENCE: Booo!
AUDIENCE: Four more years! Four more years! Four more years!
AUDIENCE: USA! USA! USA!
AUDIENCE: USA! USA! USA!
AUDIENCE: USA! USA! USA!
AUDIENCE: USA! USA! USA!
AUDIENCE: Booo!
AUDIENCE: Booo!
AUDIENCE: Four more years! Four more years! Four more years!
This is the advanced level of political discourse in the United States.
I was going to write a thing about Bush saying yesterday that there's no winning the war on terror, and today that you can win the war on terror, sort of hmm, what am I looking for, a floppy flapping thing? But I can't be bothered to Google up his obvious foolishiness.
posted by Richard at 22:34 /
permalink (post) | permalink (numeric) /
comment
The Republican Party platform, as summarized by Reuters
Party's delegates approve platform
I have excepted the highlights.
* Support a constitutional amendment that would prevent legal same-sex marriage. Oppose legal recognition of gay unions, including shared employee benefits.
* Oppose abortion and support parental notification laws.
* Fight the approval of judges the Republican Party calls activist to prevent rulings in areas such as same-sex marriage, abortion rights and the use of the Pledge of Allegiance.
* Oppose federal licensing of gun owners and national gun registration.
* Double the funding for education on abstinence ....
* Work for the return of voluntary school prayer to schools.
* Remove unnecessary barriers to domestic natural gas production and support development of the Arctic National Wildlife Refuge.
posted by Richard at 20:18 /
permalink (post) | permalink (numeric) /
comment
In fine ranting form today, I also wrote a letter to the Globe.
It went something like this:
President Bush is "a wartime leader on a par with Winston Churchill"?
Are you sure that headline wasn't supposed to be Your Morning Smile?
The story was frontpage with the tagline at the top:
Bush team puts faith in 9/11
Which also reminds me of my earlier ranting about "9/11" and how somehow this date has become unanchored in time, somehow now September 11th is in the perpetual present.
Plus which, ok 3000 people died in 2001 due to a terrorist attack on the US.
Let's look at the terrible death toll from terrorism in the US in the past ten years (please correct me if I am wrong):
1994: 0
1995: 168 (Oklahoma City bombing)
1996: 0
1997: 0
1998: 0
1999: 0
2000: 0
2001: 3000 (approx)
2002: 0
2003: 0
2004: 0 (so far)
Meanwhile, 2000 teenagers (ages 13-19) in the US die every year by committing suicide, including 1000 who exercise their constitutional right to bear arms... and deliberately shoot themselves.
There are lots of sources for leading sources of death in the US, I used WISQARS Leading Causes of Death Reports from the US Government CDC.
posted by Richard at 19:48 /
permalink (post) | permalink (numeric) /
comment
This week's Economist has a cover on Bush and they give him I think entirely too much credit.
This is the letter to the editor that I wrote:
SIR - On Inauguration Day Mr. Bush swore an oath before God and his nation. He did not pledge to protect the American people from harm, but to "preserve, protect and defend the Constitution of the United States".
The concept of "illegal enemy combatants", in which by the stroke of a pen an American citizen or a foreign national can be made a non-person, beyond the protections of national and international law, is a gross violation of this sacred oath.
If only for this policy, Mr. Bush and his administration deserve to fall.
That's the end of the letter. For more information on the Inauguration (more of an unauguration which did not augur well for the future of America) you can see
BBC News: Guide to the Inauguration Ceremony
PBS NewsHour - Inauguration 2001:The Beginning Of A New Presidency
The video quality is kinda crummy, but nevertheless, you can watch Mr. Bush, with his hand on a Bible, swear the oath, including the "so help me God" part at the end added by George Washington.
George W Bush takes the oath of office [2001] (RealVideo)
Here's some of my previous rantage on this topic:
2004-06-30
2004-06-09
2003-02-25
posted by Richard at 19:27 /
permalink (post) | permalink (numeric) /
comment
virus snap
Latest I have been getting is W32/Bagle.dll.dr
-- Update August 31, 2004 --
A new Bagle variant was discovered. Messages received contain the following information:
Subject: foto
Body: foto
Attachment: foto.zip or foto1.zip ( containing foto.html and foto1.exe)
foto.html contains the JS/IllWill trojan, proactively detected with the 4260 DATs or higher.
foto1.exe contains the W32/Bagle.dll.dr trojan, proactively detected with the 4385 DATs or higher.
Three of these so far today.
posted by Richard at 19:00 /
permalink (post) | permalink (numeric) /
comment
Yahoo News Tech Tuesday this week is all firewalls.
Including
What You Should Know About Firewalls
They have info from PC World.
I found a June 2004 story Bigger Threats, Better Defense where PC World tested various security tools.
posted by Richard at 17:19 /
permalink (post) | permalink (numeric) /
comment
Troubleshooting Windows Firewall in Microsoft Windows XP Service Pack 2
Links to 30 Word document which is fairly good.
The WF can allow exceptions either based on program (it will open any ports a specified program requests) or based on TCP/UDP port.
There is a new option for netstat.
-b will display the set of components by file name that are listening on each open TCP and UDP port
e.g.
netstat -anb
This is hmm vaguely useful sometimes. Mostly for ports opened by programs.
For the operating system ports it's not particularly useful.
If I don't know what port 1900 is for, telling me that WS2_32.dll, ssdpsrv.dll, ADVAPI32.dll and kernel32.dll were involved with opening it probably still doesn't greatly enlighten me.
It's nice that in the 21st century our most popular operating system still uses 8.3 filenames for all of its core components.
Link from BroadbandReports Security Forum.
Link added to the Built-in Windows Firewalls section of my broadband security page.
posted by Richard at 06:44 /
permalink (post) | permalink (numeric) /
comment
Monday, August 30, 2004
New York Times Can Microsoft Beat iTunes With a Store of Its Own?
Via Macintouch, more or less.
Meanwhile, still no iTunes Music Store Canada.
posted by Richard at 12:31 /
permalink (post) | permalink (numeric) /
comment
InformationWeek Clarke Touts Broad Approach To IT Security
Clarke listed 10 steps for businesses to follow:
* Establish automatic monitoring of compliance and auditing capabilities of networks. "Every day you can see if you're secure," he said.
* Acquire a patch-management system and service. Noting that 50 or 60 patches are issued each week by software providers, Clarke called patching "the No. 1 headache of CIOs."
* Set up an identity-access-management system, preferably a two-factor password-ID system. "Almost any password can be broken" by programs easily available on the Internet, he noted.
* Data should be encrypted in sensitive areas. He said proposed California legislation calls for many IT organizations to encrypt data.
* Participate in an early-warning system, preferably with an organization with a set of detect sensors.
* Establish rigorous security-oriented service-level agreements with ISPs. Clarke indicated that the FCC is considering making this provision mandatory for certain IT users.
* Institute an IT security-awareness program, a sort of catch-all program that would educate staff on widespread security aspects of their networks.
* All software--not just products from Microsoft--should be systematically tested. Clarke noted that buffer-overflow problems have been cited for years but little has been done to correct the problem. He said there is a need for "software products that test software."
* Secure the physical part the IT organization to make sure that intruders can't just walk in and violate security.
* Address "the road-warrior problem," as illustrated by network users logging in from remote locations who unknowingly have infected software, typically on laptops.
Incidentally, this lower-case XHTML thing is driving me nuts. Who makes text case-sensitive? Stupid XML.
posted by Richard at 12:19 /
permalink (post) | permalink (numeric) /
comment
Sunday, August 29, 2004
I have six Gmail invites.
Make your case and I'll see what I can do.
posted by Richard at 15:51 /
permalink (post) | permalink (numeric) /
comment
orkut's latest brilliance is it has decided my correct password is an invalid password
UPDATE 2004-09-01: I reset my password and cleared all my Orkut cookies, then I was able to log in again.
posted by Richard at 15:47 /
permalink (post) | permalink (numeric) /
comment
McWet has created a blog celebrating the last place finishers from the current Olympics.
posted by Richard at 11:27 /
permalink (post) | permalink (numeric) /
comment
Some woman was having a meltdown somewhere nearby outside late last night / early this morning. This gist appeared to be, concerning whomever she was talking to:
- I just want to know the truth
- It's important to me
posted by Richard at 09:25 /
permalink (post) | permalink (numeric) /
comment
sundown, you better take care
I love sunsets (theinflux.com)
posted by Richard at 09:22 /
permalink (post) | permalink (numeric) /
comment
|
![[add RSS feed]](http://www.feedburner.com/fb/images/pub/fb_pwrd8831.gif)
![[add RSS feed]](http://www.feedburner.com/fb/images/pub/feed-icon32x32.png)
![[Add to My Yahoo]](http://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo4.gif)
![[subscribe on Bloglines]](http://www.bloglines.com/images/sub_modern4.gif)
