The View from Landmark

Trends and issues in personal computing from Bud Stolker, a long-time PC consultant. The View from Landmark features tips and techniques to make time spent with your computer more productive and rewarding, commentary on new personal computer policies and trends, plain-English explanations of new hardware, software, and network designs and their relevance to you, and answers to common questions. There may be personal material interspersed if Bud believes it is of general interest.

Wednesday, October 11, 2006

Trampled in the Land Rush -- .Mobi, Ho!

This morning at 10:00 am general registration began for dot-mobi domain names. It's been called a "land rush" and boy, did I get run over.

If you're going to have a presence on the Internet, you've got to have a domain name. I have several. My primary company name is LandmarkComputer.com, though I also have Landmark.org and about a dozen other domain names, including TheViewfromLandmark.com and BudStolker.com.

Dot-mobi is the newest type of domain name, dedicated to delivering the Internet to mobile devices. Dot-mobi Web sites are formatted for viewing on mobile devices: short menus, simple graphics, little or no typing required. It almost goes without saying that a dot-mobi domain name should be short.

Dot-mobi's potential is huge. If every mobile device user winds up surfing for dot-mobi versions of Web sites, owning a mobile-branded domain could be an important part of a company's strategy.

Sure, everybody wants a dot-com domain name; it's the recognized standard. Dot-name, dot-biz, and dot-us are still struggling (as indicated by discount pricing on registration of those domains) because they haven't been promoted well.

But dot-mobi is different. Even its launch was different; clearly the powers that be have gotten smarter about how to start up a Top Level Domain extension. First there was a two-week "Sunrise" period in September. To register a dot-mobi domain name linked to an existing trademark (such as Bud.mobi) cost $220-280 for 2 years, depending on the registrar -- a bit steep, but if you had a trademarked name to register, probably worth it.

After Sunrise closed, there was a four-day hiatus, then the two-week "Landrush" period started. During that time anyone could register any available dot-mobi domain name at a premium (though less than the Sunrise fee -- $60-80 for 2 years). After the Landrush closed, then the price went down -- to as little as $30 for two years.

I waited until after the Landrush to see if Landmark.mobi was still available. This morning at 10:00 am I was online, waiting to grab it at the earliest possible moment. It was available! By 10:02 I was already checking out at the GoDaddy domain store, but by the time I punched my credit card number in, Landmark.mobi was gone!

In a (slight) panic, I tried Lad.mobi (for Landmark Lad, my company's "face"). Gone! Bud.mobi: gone! (Not a surprise -- preregistered by Annheuser-Busch, who presumably could afford the preregistration fees.) I tried Oric.mobi -- based on a favorite name -- but at checkout I kept getting a shopping cart error.

Then at 10:15, GoDaddy pulled the dot-mobi registration page -- probably too much traffic for their system to handle.

By 10:30 the GoDaddy store was back up and running and I settled on LComp.mobi -- short for Landmark Computer. Cost for two years: thirty bucks.

I could have gone for LandmarkComputer.mobi -- but try punching that in on your cell phone! (I'll bet dot-mobi gets abbreviated to dot-m on cell phones. And with predictive cell-phone spelling, LandmarkComputer.mobi could wind up being spelled LC.M.)

So I've got my dot-mobi domain name -- hahahahahaha -- I've got it! It's mine, do you understand, all mine!!

Okay, Bud take a deep breath. There, that's better.

It's not too late to get your own domain name, whether it's a dot-com, dot-mobi, or any of the other popular top-level domain names. You can search for and purchase it at DomainsbyLandmark.com, my subsidiary company (though we're not yet selling dot-mobi domain names). I discuss how to choose a domain name at my not-yet-open-for-business Web site that's all about getting started with your own Web site. Here's a preview of the site.

Wednesday, May 03, 2006

Another problem with the same Indian call center

More trouble with Dun & Bradstreet's Indian call center, Effective Teleservices, about which I've written in the past.

They called me today for an update of my D&B Business Information file, assuring me that it's not a sales call. I told the rep that due to a prior incident with Effective Teleservices I would respond to D&B only by snail mail. I asked, "Will you confirm that you're taking me off your calling list?"

He wouldn't say yes, so I asked for a supervisor. "I have no supervisor", he responded.

When I persisted, he put a supervisor on the line.

So right away I'm (a) suspicious, and (b) pretty sure I'm dealing again with the carefree crew at Effective Teleservices. The supervisor's supervisor confirmed this.

I asked to be taken off the calling list, and the supe's supe told me she cannot do this. She did at least offer a customer service number for me to call.

What is with this call center? Are they trained to be difficult?

"I have no supervisor." Right. And I've got a bridge to sell you.

D&B needs to re-think their calling strategy. Putting people like this on the phone as D&B representatives makes the company look really stupid.

End note: I spoke to a Customer Service rep at D&B, and she did in fact remove me from the call list, after a brief but ineffective sales pitch.

Thursday, March 30, 2006

Borders.com in 21st Century cyberspace: clueless

I get a lot of misaddressed mail. I own the Landmark.org domain, and any mail addressed to anybody@landmark.org comes to me.

It's a particular problem since there are three schools for kids with language-based learning disabilities, dyslexia, or attention-deficit disorder that use variations of the Landmark name: Landmark College in Putney, Vermont, Landmark School in Prides Crossing, Massachusetts, and Landmark East School in Wolfville, Nova Scotia.

When I get misaddressed messages I write back, often pointing the sender to my page with other Landmark email addresses.

Occasionally I find myself added to corporate mailing lists, and when that happens I unsubscribe.

But sometimes there's a situation where I cannot just unsubscribe, because the email address is in a password-protected account.

There's no excuse for a corporation to add an email address to an account without validating it. Even large companies do it, and then prove surprisingly clueless when it comes to removing that address.

Case in point: Borders.com.

My email to Borders:

Hi.

I just spoke with a customer service rep at your organization and am
not convinced she handled my issue. She sounded annoyed, and then
almost instantly said she had fulfilled my request. When I asked to be
bumped up to a supervisor she agreed -- reluctantly, I thought -- and
then I was cut off.

So here's my issue:

Someone signed up for the Borders Reward Card program using the email
address kwilson@landmark.org. That's an incorrect email
address. I own the landmark.org domain, and mail addressed
to ANY name @landmark.org comes to me. It happens a lot,
and I spend a lot of time chasing these things down so I don't get
everyone's email! (I even have a Web page devoted to address
corrections: www.landmark.org/address.html .)

The email message that I received directed me to a Web page to
unsubscribe, but it turns out I cannot unsubscribe or change the email
address without punching in a Borders Reward Card number.

How rude! So now I can expect to get mail in perpetuity from Borders
-- with no way to get off that list but to call your company and/or
write an email.

Two requests:

1. Please confirm that kwilson@landmark.org was removed
from your mailing list this morning.

2. Please come into the 21st Century and start using a "double-opt-in"
procedure for adding names to your mailing list:

a. Customer signs up.
b. Customer receives an email thanking them and asking them to confirm their email address.
c. Customer is added to the mailing list only if they confirm the address.

It's common sense, and most large organizations are already using that
procedure or are considering adopting it. It ensures that emails like
this don't have to be written, and that bad feelings are not generated.

Thanks for listening. I await your response.

Borders' response:

. . . Unfortunately, I was not able to locate the email address mailto:kwilson@landmark.org in our Borders Rewards database. Possibly the Customer Service Representative was able to remove the email form our database. I apologize if you were accidentally disconnected during your call to our Customer Contact Center. If you like you can call back our Borders Rewards Customer Care line toll free at 800.443.7359 for confirmation. I apologize for the frustration this has caused.

We appreciate your feedback and your patience with the process and look forward to resolving this issue as soon as possible.

Sincerely,
Scott
Borders Rewards Customer Care
www.BordersRewards.com

It would be nice if that were the end of it, but the next day another misaddressed email arrived from Borders.

I wrote again:

Hello, Scott, and thanks for your response.

Despite your assurances that kwilson@landmark.org is off your mailing list, I received another message sent by Borders to that email address this morning, entitled "the Shortlist: Of Codes, Kong & Coupons".

I don't know exactly how Borders handles its mailing lists, but it seems to me in this regard it has done a poor job.

First, Borders allowed an inappropriate email address to be added to its mailing list without requiring any kind of confirmation.
Second, Borders, by requiring me to furnish a Borders Reward Card program which I do not have (since I am not kwilson), caused me to call, then to write a personal note to try to get the address removed from the mailing list. Time-consuming and annoying.
Third, although Borders tells me it cannot find kwilson@landmark.org on its mailing list, the mailings continue.
And fourth, although you included my original complaint at the bottom of your response, it's reproduced with html formatting tags in the text, making it very hard for anyone to figure out what I said in the first place.

Nice work, guys! I'm forwarding copies of this message to the President of Borders and to your Webmaster in the hope that somebody somewhere will nudge Borders into the 21st Century, requiring a simple "double opt-in" procedure for adding customers to your mailing lists (Double opt-in is described in my original message).

I am also copying this correspondence to my blog for clients at http://theviewfromlandmark.blogspot.com/2006/03/borderscom-in-21st-century-cyberspace.html as an example of how clueless a large corporation can be.

Please take kwilson@landmark.org off all of your mailing lists and confirm that you have done so.

How hard can that be?

(End note: The followup from Borders was utterly ineffectual and indicated that they have written off this issue. I'll pick it up next time I get another misaddressed email from them.)


Wednesday, January 04, 2006

Windows Meta File vulnerability explained

Can you explain in simple terms the nature of this "vulnerability?"

Likewise, what does the "patch" do?



WMF files are native to Windows. They contain vector graphics -- all straight lines. Curve are simulated by connecting a series of points with many straight lines. Such files can be enlarged or reduced with little or no loss of quality. Typically these graphics files are used to exchange graphics information between Microsoft Windows applications.

A part of Windows called the "WMF graphics rendering engine" has a flaw that launches various kinds of evil exploits when a user views a maliciously formatted WMF file. Any application that automatically displays a WMF image will cause the user’s machines to get infected. This includes older versions of Firefox, current versions of Opera, Outlook and all current versions of Internet Explorer on all versions of Windows.

Because WMF files are ubiquitous on the Internet, you can get an infection from almost anywhere. A Web site that displays even one WMF file can get you. So can an email, if you're using a preview window. These image files can be modified very easily to download any malware or virus. Different Web sites download different kinds of spyware -- even worms are possible. (Worms differ somewhat from viruses in that they are proactive -- you might say "alive" -- and can bypass standard virus protection filters.)

I saw one such infection last week in a print shop. While the boss was out, the pressman browsed "just one" pornographic Web site for "the first time in my life". His computer caught an evil piece of spyware. It called itself "Spy Sheriff" and offered to remove itself for a fee. It blew right past Microsoft Windows AntiSpyware (which I highly recommend) and passed unnoticed through an Ad-Aware scan. (Ad-Aware is a usually excellent free spyware removal program.) In this case Spybot - Search and Destroy -- another excellent freebie -- caught it, but that's not true of some of the malware that the WMF vulnerability enables.

Typically it's the naive user who gets burned with unwanted garbage on his/her computer. But the WMF vulnerability spreads the wealth around, so that even sophisticated users can get burned.

Note that the biggest problems will be found in Windows XP and 2000.

Installing the patch prevents the computer from displaying certain WMF elements. One of the unfortunate side effects is that with the patch installed, you can no longer see thumbnails of photos stored in an XP folder. Current thinking is that we can live with that until January 10, when Microsoft claims it will have its official patch available for download.

The following material is excerpted from a Blog page at
http://www.f-secure.com/weblog/archives/archive-122005.html#00000753:

Researchers at Sunbelt Software have discovered more sites that are carrying malicious WMF files. One, the domain "beehappyy.biz", is supposedly owned by a previous president of Soviet Union, according to the WHOIS domain registry database:

Registrant Name: Mikhail Sergeevich Gorbachev
Registrant Address1: Krasnaya ploshad, 1
Registrant City: Moscow
Registrant Postal Code: 176098
Registrant Country: Russian Federation
Registrant Country Code: RU

"Krasnaya ploshad" is the Red Square in Moscow.

You can get burned even while working in a DOS box! Just simply using the WGET command-line tool to download a malicious WMF file is enough for the file to execute.

The Google Desktop program creates an index of the metadata of all images, which is enough to invoke the exploit and infect the machine. This all happens in real time, as Google Desktop contains a file system filter and will index new files in realtime.

So . . . be careful out there!

Thursday, November 10, 2005

My best Autostitched panorama yet

(This entry refers to an earlier post at http://theviewfromlandmark.blogspot.com/2005/10/free-panorama-software.html.)

My best Autostitched panorama yet -- a composite of 32 one-Megabyte-sized frames. It's quick-and-dirty; I didn't use a tripod or spend much time lining up my landmarks, so the margins are ragged. The software did a beautiful job nevertheless. See if you can get this to display full-size, so you can scroll around. Lots of detail, and the original has even more. (In Internet Explorer, point to the picture and you'll get a resizing box. In Firefox, just click on the photo.) I cut the size for Web posting, but it's still a 1.1 Mb. file.

http://www.theviewfromlandmark.com/graphics/Landmark-fall-day-2005.JPG

The camera is a Sony Mavica MVC-CD500, a 5 Megapixel unit with 3X Zeiss zoom lens. A bit unwieldy, but takes great photos (movies, too) on mini-CDRWs. More info.

More panoramas coming soon.

DSL provider in Washington, DC?

I need an internet hookup on Capitol Hill for my business. Do you have any suggestions? Verizon DSL is not an option in my area.

I punched in your phone number at www.verizon.net/dsl and it indicates that you ARE eligible for business DSL. But if you're sure that service won't work for you, there are other high-speed providers.

Although there is no comprehensive list of high-speed Internet providers, a few informal search tools exist. Punch in the first six digits of your ten-digit phone number here: http://www.dslreports.com/psearch?b=Search+for+DSL+ISPs+by+Phone+number and you'll get a list of possible providers. Of them, I'd take a look at Earthlink, Atlantech Online, and Covad in that order.

For residential service, Verizon beats them all hands-down with its 700Kbps service at $14.95 a month.

If you don't need broadband service, then try www.all2easy.net. They offer accelerated dialup service for $9.95/month.

Thursday, October 27, 2005

Free panorama software

I've been looking for years for a program that will take a series of linear photos and blend them into a panoramic image without warping the ends down into a horseshoe shape -- quite a trick.

I found Panowarp last year -- an interesting page. Panowarp does what I need it to do, but you have to be a rocket scientist to run it.

Then this week I found Panorama Factory the day the new version was released. (Check out the slide show.) Its older free version probably works all right, but the paid version is just what I need. Trouble is, I don't want to spend sixty bucks for it.

Today, while waiting for a haircut, I dug down through the pile of magazines -- Vogue, Stylist, Haircut, Fashion, Beauty, Brides, etc. and finally extracted a copy of Digital Photography (can't find its Web site). The feature article mentioned Autostitch in passing. The program is free with no strings attached, and it's awesome! Just feed it pictures and it sucks them up and spits out a perfect job with a flat horizon and no stitch marks in the sky or on the ground. Landmark panoramaSo I'm playing with it. Its default output is a little light on content, but I fiddled with the controls and came up with a 50 Mb. JPG that was beautiful -- much better than my wobbly, ghosted last effort. The settings are extensive and just need a little tweaking for the right output size.

So . . . that's all. Get yourself a copy of Autostitch and try it! This small panorama lacks detail, but has a perfect horizon. Once I get the hang of the settings, I'll have the Web site banner head generate randomly selected panoramas. (It will be similar to the banner head at www.domainsbylandmark.com.)

Thursday, October 20, 2005

Domain notification renewal: A scam?

Hi, Bud.

This document looks like a scam to me. Do you know anything about them? I had renewed my domain registration through something like 2011. If it is a scam, is there some fraudbusting outfit I can forward this to, to alert them?

The general impression I get from Googling for comments about this outfit is that it's a scam, but they haven't broken any law. It's just a carefully worded sales pitch. They want you to buy a new domain name.

Notice that they're not referring to (yourdomain).com, but to (yourdomain).us -- a different domain entirely. I cannot find any registration for (yourdomain).us, which means you could -- and probably should -- register the name.

In a way they're doing you a favor by bringing this to your attention. It underscores the need to nail down domain names similar to yours before somebody else grabs them. Your domain name is (yourdomain).com. But in a lot of minds, .com, .net, and .org names are pretty much interchangeable.

Although (yourdomain).org and (yourdomain).net are already taken, there are new extensions available: dot-us, dot-info, dot-name, dot-biz, etc. None has the recognition factor that dot-com has, but it may be worth grabbing the top 3 or 4 new extensions to hedge bets against confusion with another company, or against someone who intentionally wants to siphon off traffic from you.

I regret not having grabbed my domain name sooner. Six months earlier (in 1995), landmark.com was available. But mid-'95 when I got to the Internet the name was taken, so I took landmark.org. Now all the landmark extensions are taken -- dot-net, dot-biz, dot-us, dot-tv -- all of them. So I added LandmarkComputer as a domain name and use landmark.org only as a backup. Go to any popular variation on my domain name -- landmarkcomputer.com, .org, .net, .biz, .us -- and you'll find that it belongs to me. That to me is the right way to ensure the continuing value of an Internet domain name.

So no, don't respond to this scam. You could report them to the BBB or the FTC; I doubt that would do any good. But do consider grabbing (yourdomain).us before somebody else does!

Tuesday, August 23, 2005

Visit to a senior citizen

I met a charming older lady the other day: Joyce Miller (not her real name) was having a problem with her computer.

What a nightmare. Joyce, though very nice, is clueless about PCs. That's okay; a lot of my clients are retired or just plain elderly, and I don't need them to be computer experts. In general we get along very well.

Joyce's daughter had given her a hunkajunk Compaq running a bootleg copy of Windows XP in just 60 Megabytes of RAM (didn't even know that was possible!). It was infested with spyware, and she had somehow triggered Windows Activation, which was timing out. When I got there the machine was barely wheezing, and it said she had one day left to activate Windows.

She didn't want to spend a lot of money and there was no data to save. I offered to nuke the computer and install a clean Windows 98, then add another 64 Mb. RAM so the system didn't have to work so hard.

It turned out everything was wrong with the computer. By the time I got it back to Landmark and turned it on, Windows Activation had timed out, and I couldn't boot it to look at any of the settings. I dug in and found the original key number, and when I tried to activate, I got a message to the effect that "this number has been activated too many times".

Windows 98 wouldn't load cleanly -- I tried 3 times. It wouldn't accept an antivirus program, only one of two spyware programs would run, it wouldn't load Office 97 -- things like that. It also had a broken floppy drive and a broken CD-ROM drive. (Joyce, a VERY basic user, didn't know that!)

It took (no kidding) 20 hours to get this computer to run, and though it sort of worked for me, when I returned it to her it did nothing but crash. Before we gave up on it, I asked Joyce for her user name so I could get her re-connected to the Internet via her dialup account. She knew the password, but not the user name.

"Well, what's your email address?" "I don't know."

"How can you not know your email address? That's all you're using this computer for."

"Well, I just respond to mail that I receive."

Hopeless. I called her daughter in the Midwest, who was also clueless. Then I called Joyce’s rather antisocial son-in-law at work. He was pretty surly, and insisted that I had the right user name (though the dialup service refused it each time). Other problems: The email address turned out to be eugenia johnson (joymiller@all2ez.net). Eugenia Johnson (I forget her last name) is Joyce's daughter, but I didn't know that.

"So,” I said to Joyce, “your name is really Eugenia?" "No, I'm Joyce." "You're sharing an email account with your daughter?" "I don't know." "But I thought your name was Joyce, not Joy." "It is." "Then why is your email address (joy)?" "I don't know."

The dialup service refused to accept her user name and password. Finally the son-in-law pointed out that all2ez is actually all2easy (different spelling), which means her email address has always been spelled wrong!

Finally, a blessing: the computer crashed totally. I stood up and declared it dead after a two-hour session with Joyce. She admitted her daughter told her the computer was junk when she gave it to Joyce.

Ultimately I took the computer away and trashed it for her. But not before asking one more question:

"So . . . how are you going to get your email?" "I'll wait until Spring, when my daughter visits, and ask her to bring me another computer. I don't really need it."

Her parting words to me were, "Don't lose confidence in yourself."

Aaaarrrrrgggghhhhhhh!! 20 hours spent, and I only charged for an hour and a half. I'm sure she thought she overpaid.

Thursday, April 14, 2005

Letter to my (soon to be ex-)Credit Union

This letter provoked an immediate response from my credit union.
See "Epilog" below the letter.


Kathleen O. Geary, President and CEO
Patricia J. Ellis, Chairman of the Board
HEW Federal Credit Union
200 Independence Ave. SW
Washington, D.C. 20201

April 14, 2005

Dear Ms. Geary and Ms. Ellis,

I don’t generally examine my statements from HEWFCU. I parked a little money there a long time ago, and assumed that, as in the past, your institution -– and mine -– would quietly grow my savings.

Imagine my surprise, then, when I took a closer look and found that your monthly “inactive account fee” had taken what was a little over $200 at the end of 2002 and slashed it to $155 by the end of 2004. This is a loss of close to 25% in two years, despite the fact that this is an interest-bearing account.

Surprise! I read the credit union newsletter but must have missed the notice announcing the new fee.

I don’t object to modest inactivity fees in general, but this one seems more than a little punitive.

Let’s face it--the loss of $50 won’t ruin me. But it does sour my long-term relationship with HEWFCU, which I joined well over 30 years ago.

It seems this credit union has switched from a policy of “let us help you grow your money” to one of “let’s take what we can while he’s not looking”.

Your message on the credit union’s Web site cites as a daily goal “Exceeding Expectations Every Time”.

Certainly you have exceeded all expectations for greed. Twenty-four bucks a year to maintain my puny account?

You should be ashamed –- and I should be more watchful. I should have participated in credit union elections and “thrown the bums out” when that policy was first instituted. But I note that there is no election for the HEWFCU Board this year. Without opposition, the same people who were on board when the fee was put in place are automatically re-elected. (Good way to save money!)

I am considering depositing the smallest amount of money possible -– to keep the account active -– so I can participate in the next election.

As far as managing my money, I can do better throwing a buck a month down the sewer than sticking with HEWFCU.

I invite your response but will be surprised to actually hear from you. Clearly small-account holders don’t count for much. Shame on your credit union for nickel-and-dime-ing my account in such a disappointing way.

Sincerely,


Bud Stolker
(Edward W. Stolker, Jr. / account #40077, a number which I still know by heart)


________________________________

Epilog:

Six days after I wrote this letter, two credit union officials called me at the request of Ms. Geary. HEWFCU is refunding all of my money and is changing its policy on inactive accounts, according to Jeff Goff, the credit union's VP for Administration, and Brian O'Sullivan.

Under the new policy my account will not be subject to inactivity fees, since I'm over 55. But those fees paid to date would not have been refunded had I not complained.

"We're very lenient in refunding these fees when asked," admitted Goff, hinting that when the fee was first instituted there were complaints. He justified the inactivity fee by claiming it costs $72 a year to maintain an inactive account. And, he said, "The fee is to notify members that the account is inactive." Duh!

Seems like if they had my best interests at heart they might have written instead of charging. Let's see . . . I made 43 cents interest last year (interest is a quarter of one percent annually) and was assessed $24 in fees. I guess charging me is a better deal for them than writing me!

Why didn't I contact Member Services before writing the letter, he asked. Well, I did call, but the recording said I was ninth in line for service, and that the wait for the first caller was an estimated 18 minutes. "We're trying to address that too," remarked Goff.

Good thing I didn't let the account languish for another six months. I would have been charged an Escheat fee of $50 or the entire account balance, whichever was less.

________________________________

PS -- a day after writing the Epilog: Attempting to enroll in the "Internet Home Branch" feature so I can check my balance from home, I am greeted with a persistent "page cannot be displayed" error. I guess the server is busy processing inactive account fees.

Tuesday, April 12, 2005

Cracking a Password-protected Dell Laptop

A client brought me her Dell laptop today with an interesting security problem: Her 14-year-old son and genius-grade computer geek, retaliating for the loss of his computer privileges, had password-protected her computer so that she could no longer access her business files.

She wanted me to crack through the protection and retrieve her files.

No problem, I figured. I’ll just remove the CMOS battery that holds the time, date, and hardware configuration, and the computer will revert to its factory defaults (including no password).

It didn’t work that way. In fact, I was utterly unable to get past the security screen.

It turns out that many Dell, IBM, HP, Sony, and Toshiba laptops are protected by a password chip. This EEPROM (electrically erasable programmable read-only memory) chip requires an EEPROM programmer (an electronic device) to retrieve the data. Trouble is, the chip is soldered to the motherboard and is extremely delicate.

Dell sells a lot of laptops to the Defense Department. That chip is part of DoD’s C2 security scheme for computers, which as you’d expect is pretty strong. The government's “Trusted Computer System Evaluation Criteria” define a series of divisions from D (least secure) to A (most secure), with levels within those divisions. There’s no “back door” password for C2, nor will Dell help unlock the computer.

My client actually had two identical computers. The twin was her son’s, which she had confiscated. So I put her hard disk in her son’s unprotected computer, hoping that it would work there.

It didn’t. The password protection covered the hard disk in or out of the computer – just what you would expect a security protection scheme to do.

A German entrepreneur advertising on eBay will try to retrieve the password if you unsolder the chip and send it to him. But even if you solder in a new chip successfully and unlock the computer, the hard disk remains locked.

Basically, there is no easy way around the protection except to get the password from the person who put it in. But in this case, he’s been sleeping on the garage floor for several nights and shows no signs of giving in.

Bottom lines:

1. Make regular copies of your data and put them in a safe place.
2. Don’t separate a geek from his computer without considering the consequences.
3. Spank your child regularly, starting at an early age.

Update April 14: Wanting to go back to a normal life, the son at long last gave up the password. Mom promptly put her own password in place, shared it with a couple of friends in case of extreme emergency, and deducted my consulting fee for research and experimentation from her son’s bank account. Case closed.

Monday, March 28, 2005

India Calling (I)

This week I received several calls from an Indian call center claiming to represent Dun & Bradstreet.

The calls began with the urgent news that someone had attempted to access my D&B credit report, and that D&B needed to update my information. When I voiced my concern about the legitimacy of the request, the caller in each case became increasingly strident, argumentative, and belligerent. And because each rep had an unmistakable Indian accent, I figured these calls were outsourced at best, and bogus at worst.

When I asked to speak to a supervisor, those supervisors were equally argumentative and insistent. When I demanded in no uncertain terms to be removed from D&B's list for such calls, I was refused.

In one case, when I asked the rep to verify that this was really D&B calling, "Bob Simpson" retorted that he could not be sure that I am really Bud Stolker. (The fact that HE called ME, not vice versa, seemed lost on him in the heat of argument.)

I especially doubted the authenticity of these calls since I had received a call from D&B for routine updates to my file just two weeks earlier. At that time I gladly confirmed the information on file.

I called D&B Customer Service and learned that the calls were indeed sales calls, and that D&B did indeed sponsor them.

They came from an Indian call center in a technology park in Gujarat, “where azure seas meet sparkling sands, blushing sunsets embrace rosy dawns, where lions prowl and flamingoes preen”, according to the Tourism Corporation of Gujarat Ltd.

The call center manager responded promptly to my complaint by firing one rep and suspending another. But it was a wakeup call in terms of giving out privileged information by phone. Until this week I have always trusted callers claiming to be from Dun & Bradstreet. D&B still actively solicits confidential business information by phone. Yet this latest round of callers had no clue about customer relations, and sounded for all the world like sleazy condominium salesmen calling from a boiler room operation. I wouldn’t trust them with my company data for all the tea in . . . uh . . . India.

Several things worth learning from this incident:

1. Call centers may be recording your conversation without your knowledge. Effective Teleservices records every D&B-sponsored call. In this case the call center manager was able to play back the conversations and determine that his reps had violated company policy. In fact, he sent me copies of the recordings. (Listen to these calls: See "India Calling (II)", below, or click here.)

2. D&B has no way to absolutely verify authenticity of their telephone representatives. Nor does any company which does not use a confidential PIN number or equivalent. D&B Customer Service advises small businesses to check your own company report frequently if you don’t wish to deal with telephone calls from the company. If you’re a small business and you have a D-U-N-S® Number, you can check and update your info by using D&B’s eUpdate service. (You may need to obtain a password from D&B Customer Service at custserv@dnb.com; call them at 800-333-0505.)

3. Even the largest, most prestigious companies are not above hooking you with a phony sense of urgency. The fact that someone bought access to Landmark’s business credit rating should not have triggered an urgent sales call. I had updated my company info just two weeks prior to these calls. There was no need to worry me on a false pretense. Though D&B has been around for 160 years and Landmark for only 24, D&B still needs to look at how it communicates with its customers.

You won’t much much mention of Dun & Bradstreet on its corporate Web site. In October 2001 the company officially changed its name to D&B. The intent of the new branding, according to a press release, was to show “an intense focus on enabling customers to make better, more confident business decisions.”

Decide this: Don’t give business or personal information away by phone, even if the caller swears he is legit. (What else would he swear?)

Want to know more about Landmark Computer Labs' financials? Go to D&B's Web site and key in “Landmark Computer Laboratories, Inc.” in Virginia for what D&B calls “a meticulously researched and continually updated report that provides an informative, in-depth evaluation of a company's financial stability”. Cost: $121.99. (Wow -- At these prices why do they have to outsource to India?)

India Calling (II)

I have now received recordings of the phone calls I mentioned in India Calling (I).

It’s a bit frightening that sales calls can be recorded without disclosure, but we’re living in the 21st Century and that’s the way it is. (My brother, a strong privacy advocate, might point out that that’s not the way it HAS to be.)

Now that Effective Teleservices Inc. has kindly forwarded me the calls, you can judge for yourself whether Dunn & Bradstreet’s latest sales push works for them.

Note: These transcripts have been condensed. Caller identities were confirmed by the call center manager, who apologized profusely. He fired Mrigank and suspended Mrigank's buddy Dharam. There’s much more on the recordings.

.wav fileCall number 1: March 22, 2005
(785K wave file | length 12:33. Note: mild profanity!)

(phone rings)

Bud: Landmark Labs, Bud Stolker.

Mrigank (heavy Indian accent): This was in regard to your business credit file with Dun & Bradstreet.

How do I know you're with Dun & Bradstreet?

There has been some activity over your business credit file, so I need to discuss credit options regarding that.

Now how do I know you're with Dun & Bradstreet?

I am having a snapshot of your company.

Can you give me some particular information about my company, so I know you're looking at that?

Well, what I can say is that you started your business in 1982 (actually my D-U-N-S® report shows the year as 1981), and right now you are having an inquiry over your business.

So again, how do I know you're with Dun & Bradstreet? What assurance do I have? Surely you have a way of proving this. If you can't answer this question, I can't talk with you.

Okay, I can give you your D-U-N-S® Number, which no one else can give you.

But isn't that public information?

No, this is your unique identification number.

But if someone does a D-U-N-S® on me, they'll get my ID number, right?

Yes.

(more discussion)

I would feel much more comfortable if we conducted this conversation by email or by regular mail.

Let me tell you, I don't need any information. I was here to provide you with something. I was here to tell you something about your company -- about what is happening in your business credit file. If you are not comfortable over the phone, I can send you this information via email.

Okay, that's fine.

Your email address, please?

Don't you have it there?

No. I don't have your email address.

You should. I do have an email address that Dun & Bradstreet has on file.

Bud, I am having a snapshot of your company. I don't an email ID because email IDs keep on changing.

So I still have no assurance that you are from Dun & Bradstreet.
What is it that you need?

My concern of calling you is that we have identified businesses like you who are having an inquiry over that. What it shows is that somebody has requested information about your business credit. They are looking into your business credit files with Dun & Bradstreet, and moreover, we have noticed that you are not checking your business credit files frequently. Am I right?

So you're selling me a service, is that it?

Yes.

No, I don't want the service. This is not really a legitimate inquiry. All of this is a sales call, is that right?

Well, it's a consultation call with Dun & Bradstreet. If you sign up for the service, I will be happy to do that for you.

You're really a piece of work. Take me off the list for calls like this from Dun & Bradstreet or whoever you are.

(arguing ensues, interspersed with sales pitch)

Before we go any further -- I would like to talk to your supervisor, please.

(Note: What follows is Bud's explanation to supervisor “Kevin” – actually Dharam, a wise-mouthed smart-alec impersonating the supervisor, according to the apologetic call center manager when he explained the situation. Dharam has been suspended for this incident. Listen to the recording!)

(more arguing ensues)

Before you get off the line, what I want from you is an assurance that I'll be taken off the Dun & Bradstreet calling list for calls like this. It's very important to me that you do that.

And furthermore, I want a confirmation by US mail that I've been taken off the list.

"Kevin" (actually Dharam): Well, I can put you off this system, but someone might . . .

(more argument)

You won't be able to do that? For all its power, Dun & Bradstreet cannot drop a note in the mail that says you're off our calling list for sales calls?

No, we won't be able to put you off the calling list.

Okay, I'm gonna get off the phone. This is absolutely pointless. I don't believe for a minute that you're Dun & Bradstreet. If you are, you're doing a terrible job of representing them -- a terrible job. That's it. Goodbye.

Anything else, Bud?

------------------

.wav fileCall number 2: March 25, 2005
(256K wave file | length 4:05)

(phone rings)

Bud: Landmark Labs, Bud Stolker.

"Bob” (heavy Indian accent): Bud, my name is Bob – Bob Simpson. I’m calling from Dun & Bradstreet. The reason for my call is to tell you that there has been an inquiry on your company’s credit report. Are you aware of that inquiry?

Bud: Bob. How do I know you're from Dun & Bradstreet?

You can call me at 1-866-353-7667.

And how do I know that's Dun & Bradstreet?

You can go on our Web site. Now you dial this number and I'll pick up the phone. Or somebody else will pick up the phone and they will call me.

That's very strange. That doesn't sound like Dun & Bradstreet.

Then, how do I make sure that I am talking with Bud Stolker?

You dialed my number! You wanted to reach me!

(argument ensues)

Let me talk to your supervisor.

There is no supervisor here.

There is no supervisor! And you're Dun & Bradstreet and you're just sitting in an office in India calling me and asking me to give you company information. That's just great. You must be very proud.

Let me ask you one thing, sir. Do you have any problems if I call you, like, I'm an Indian. Do you have any problems if I call you?

Yes.

What! Do you have any problems with Indians?

No. I have problems with Dun & Bradstreet -- supposedly Dun & Bradstreet -- calling me and milking me for company information.

But we are giving you this call to . . . we are not here to earn money.

This is a sales call, Bob, is it not?

It is a sales call, sir.

Take me off the calling list for all of Dun & Bradsteet -- for all sales calls. Now surely you can do that.

I can do that, sir, but let me tell you one thing. It is ME who can do that -- not other persons.

I'll tell you what I'd like from you, and surely you can give this to me. Give me a number or an address of someone at Dun & Bradstreet that can verify that this is a legitimate call. Not calling you back -- calling someone at Dun & Bradstreet who can say "Yes, we have a call center in India that is doing sales calls and they are authorized to call you".

Why should I give you the information?

Because if you don't, I'm going to climb through the phone line and I'm gonna strangle you, Bob! Do you understand that?

Goodbye, sir.

---------

.wav fileCall number 3: March 25, 2005
(30K wave file | length 0:29)

(phone rings)

Bud: Landmark Labs, Bud Stolker.

Dharam (heavy Indian accent): May I be connected to Bud?

This is Bud.

Hi, Bud. How are you?

Who is this?

Well, Bud, okay. Now, if I tell you, you would be angry.
(pause)
Yes, who is this?
(long pause)


How can I help you?

Yes, who's this, Bud?
(pause)


(Bud hangs up)

------------------
.wav fileCall number 4: March 25, 2005
(236K wave file | length 3:46)

(phone rings)

Bud: Landmark Labs, Bud Stolker.

Dharam: This is Kevin and I'm calling from Dun & Bradstreet.

Oh, sure you are.

I am the supervisor on the floor. How may I help you?

(more)

Did our agent try to harass you? To abuse you?

(more)

Okay. Now let me tell you. Do you know that Dun & Bradstreet is in 120 countries?

I am going to call Dun & Bradstreet Business Solutions and ask them if they have any affiliations with Indian call centers. I need to verify that you're legitimate.

And so, please tell me, after you have called someone and if you feel that we are legitimate, will you call us back?

Probably not. Why should I?

Okay, Bud, before you end this conversation, the only reason -- I would like to tell you is, first of all -- this is not a sales call. -- and Bud -- I would need to know -- are you recently using any services from Dun & Bradstreet?

This is a sales call!

I'm just asking you, Bud!

I cannot believe that D&B hires people as obnoxious as you. I am going to call and see if in fact they are. And if they are, I'm going to suggest that they terminate the service, because I've spoken with three, maybe four people from your organization, and you're just as obnoxious and as pressing and as unhelpful as you can possibly be.

Friday, March 11, 2005

Verizon DSL Ups Its Speed

Most clients know that I've been a strong advocate of Verizon DSL for home and small business broadband service. They had a shaky start a few years ago and created ill feelings when their service was unreliable and their support structure was worse, but they've come a long way.

Now, in the face of competition -- mostly from Comcast cable -- Verizon is doubling its download speed at no charge.

The problem is, they haven't publicized this, as far as I can tell.

I learned about this from a client who switched his primary voice service to Vonage, a VOIP (Voice-Over-Internet-Protocol) phone company. (He's very pleased with the service, which costs $24.95/month for unlimited calls in the US and Canada, includes lots of features, and lets him use his standard telephones.)

Then I heard about it again while talking to a DSL technician who was fixing a glitch in my service. He volunteered that I'm "eligible" for a speed boost from 768 kilobits per second to 1.5 Megabits per second.

Verizon is raising its price in March -- from $34.95 to $37.95 per month. But if you commit to a one-year contract, Verizon drops the price to $29.95 -- and that includes the higher speed.

I wanted to make sure the higher speed works before committing, so I called Verizon's billing office (1-877-483-5898 in northern Virginia, Maryland, and DC) and asked for the higher speed. Lo, and behold, they said the increase will take effect within "20 minutes to 24 hours".

I'm still waiting, but wanted to share the news.

By the way, the higher download speed -- 1.5 Mbps -- is still only half that of Comcast (who has announced even higher speeds). For most homes and small businesses, considering the price, it's probably fast enough. Upload speed is still limited to 384 kbps, slow enough that you wouldn't be tempted to run a server over DSL.

Tuesday, February 15, 2005

Spam count way down from last summer

Isn't anybody spamming any more?

I'm getting maybe 100 spams a day right now. Last summer the count was 14,000 daily. It wasn't so bad -- the spam was totally managed (ask me for details on how to keep clutter away from your in-box) -- but it was remarkable. I could hit "delete all", and by the time the screen refreshed there might be another five or ten spams trapped there.

What has happened?

My guess is that much of the spam was coming from a few sources, and that those spammers have died, been arrested, or moved on. The bulk of it was dictionary attacks* and alphabet attacks**.

Both techniques are utterly ineffective, not to mention inconsiderate; what are the odds, really, of there being a "broussard@mydomainname.com"?

I believe the spammers were getting scammed by the scammers. The heavily-advertised CDs (like this: http://www.cashexplosion.net/emails.htm) offering 10 million, 100 million, even 400 million email addresses consist primarily of garbage addresses. Even the most dedicated spammer must be discouraged, having sent out tens of millions of emails to useless addresses, to get back at best a handful of responses!

Maybe the spammers have graduated into phishing exercises, the current fad. Maybe they're just gearing up for the next big attack. Maybe I've ordered so little in the way of organ enhancers, pharmaceuticals, and mortgage restructuring that they've decided the staff of landmarkcomputer.com is a band of cheapskates.

Or maybe I've just been lucky . . . so far.

---------

*dictionary attack: pairing up common names with a known domain name in hopes of hitting a few live targets, e.g.:

jjones@mydomainname.com
kjones@mydomainname.com
ljones@mydomainname.com,
and
gleason@mydomainname.com
garland@mydomainname.com
broussard@mydomainname.com.

**alphabet attack: random sequences of letters and numbers, e.g.:

ahkdy1@mydomainname.com
ahkdy2@mydomainname.com
ahkdy3@mydomainname.com.

Thursday, January 20, 2005

"License to Seat": Does Bill Gates know about this?

We've run into Steve Mann before, when he was exploring the implications of video cameras on our privacy at MIT. (We were looking into the Open Network, our still-only-half-baked scheme for promoting a collective intelligence.)

Steve, now a professor at the University of Toronto, has produced a conceptual art piece called License to Seat. It's an "Internet chair" with spikes that retract when a user produces a "seating license". The exhibit sports a card reader and a rack-mounted "license server" that warns when seating time is about to expire. The text on an LED sign mounted to the back of the chair reads:

WEARY TRAVELLERS NO LONGER NEED TO STAND FOR HOURS ON END... USE YOUR GOVERNMENT ISSUED PHOTO ID CARD TO DOWNLOAD A FREE SEATING LICENSE.

The exhibit's Web site has lots of interesting pictures and cool videos. Steve is making a point about companies who track us and bill us for the use of software and other household goods.

Steve MannSteve Mann as pictured on the original Landmark Web site, circa 1995. He has written a book -- and claims to be the inventor of -- wearable computers. More on Steve Mann and his book, Cyborg.

Your time is expiring

Thursday, October 14, 2004

Google's Desktop Search program combs your hard disk for long-lost info

Google, Inc., the online search engine company, today released a new program that can search your hard drive and retrieve information stored in a variety of formats.

Google Desktop Search is free for Windows users. (You must be running Windows XP or Windows 2000 with Service Pack 3.) Download it at http://desktop.google.com.

The program searches your local hard drive and creates a master index, which it keeps up to date as a background process. Though it works offline, it can also mesh with the online Google search engine. Once you install the program, any online Google search results will include information on your hard drive as well as on the Web. You can select the types of information to be indexed and searched. It can read Microsoft Office applications and several types of e-mail programs, including Outlook, Hotmail, and Yahoo Mail. It can save all AOL Instant Messenger conversations and all Web pages stored on a computer.

As of now, it does not work over a network.

There are privacy issues here, but the Google people insist that the program does not pass local information to the online search engine. (See Privacy concerns, below.) If you decide not to use it, the program uninstalls cleanly.

Microsoft is working on its own tool to search files, but announced recently that it would not be ready in time for the next version of Windows in 2006. AOL is also working on such a program, and industry analysts believe Yahoo will develop a similar tool.

Oddly, Google Desktop Search is not compatible with the company's new Gmail service.

Privacy concerns have been haunting Google lately. Gmail, its free, search-based web mail service that includes an astonishing gigabyte (1000 megabytes) of storage, has been criticized for the way it inserts advertising into email messages. It “reads” the body of each message and tries to place an ad that’s appropriate to the context. For example, if you’re talking about travel, it might insert an ad for an airline or a vacation spot.

What makes Gmail really special is its built-in search engine that finds any message an account owner has ever sent or received. That means there's no need to file messages in order to find them again.

Gmail is still in test mode and is not yet available to the general public, but it has already had an effect on free mail services: both Hotmail and Yahoo Mail have raised their storage limits as a reaction to Gmail’s gigabyte capacity. (If Gmail interests you, sign up for notification of its official release.)

Speaking of Google services, I should mention that Blogger, the service that enables me to easily publish this blog, is yet another fabulous freebie from Google. It's easy, it's fun, and because it requires no software on your PC, you can post from anywhere. I recommend it. Read all about it and set up your own blog at http://www.blogger.com.

Tuesday, September 21, 2004

Up in flames; down on the Web

Two of our six Web sites were down yesterday. They are hosted by two different companies in Baltimore. The power grid in that area hadn't failed since 1982, but an explosion and underground fire in downtown Baltimore Monday morning caused the grid to fail. Power was cut to approximately 50 city blocks. City Hall was without power. 2400 city and state employees took the day off. The traffic light system went out. And several Internet providers, including AT&T and Qwest, were left without power.

The problem manifested itself in interesting ways. We could surf the Web using Verizon DSL but could not use any of the features of our landmark.org site (now used primarily for testing, maintenance, and privileged features for some clients). We could get to the Postini Web site, but couldn't log into our spam filter. We could send email but couldn't receive it.

So an underground fire 50 miles away created problems for our Web sites -- and thousands of others.

Our primary Web host's data center has a dual power feed from the so-called "redundant grid with three power generators", with a transfer switch between the two feeds. But when the grid itself failed, the additional power feed could not operate. The data center is installing yet another generator to deal with the highly unlikely event of another grid failure.

In a perfect world this kind of problem would not happen. Makes you kind of wonder just where our soft spots are, how many there are, and how we can protect ourselves from random events and purposeful attacks. In the worst case, if the servers had all fried or all of Baltimore had burned down, we could have moved our Web sites to a different host. We would have been down for 24-48 hours, but our Web sites would survive. At least we were backed up.

More information on the Baltimore fire: http://wbal.com/stories/templates/news.asp?articleid=22926


Wednesday, September 15, 2004

Steganography: new spam/scam technique

Look up steganography and you'll find that it's one of the fundamental branches of cryptology, the study of techniques that can be used to conceal information. Literally steganography means "covered writing", from the Greek words steganos (covered) and graptos (writing).

Now this process is being used to elude spam filters.

The trick, according to a recent eWeek article (http://www.eweek.com/article2/0,1759,1644840,00.asp), is to take all of the text and images that would normally constitute a spam message and embed them in one large image that looks like a collection of text and graphics. The resulting single-image message provides virtually no keywords or other information to a spam filter and thus passes through uncensored.

Most spam filters check for key words (Xanax, Valium, Viagra) or text strings ("free offer", "degrees for sale") to identify spam. That's why so many common words are misspelled: to slip through the keyword filters. And that's why you'll often see meaningless text strings in spam (<qua erskine phony condensible aida sporadic*); they reduce the "spam score" of the message. But if the entire message is one large graphic, the context is unreadable by simple filters.

Below is an example of a stenographic scam. The Amazon logo, text, and hyperlink are all part of one image. Don't worry; the link doesn't work. The message may look a bit out of place here against a darker background, but if you received it as an email message, you could be forgiven for not noticing that the message is a large graphic.


image of a steganographic message














Click anywhere on the original message and it takes you not to Amazon, but to this encrypted address: http://www.amazon.com%6Cexec%6C%6F%62%69%64%6F%73%6C%61%6D%61%62%6F%74@%32%30%33%2E%32%32%39%2E%32%31%32%2E%31%34%35:%32%35%35%32/%69%6E%64%65%78%2E%68%74%6D. The address decodes to a server hosted by Korea Telecom at 206 Jungja-dong, Bundang-gu, Sungnam City, Gyunggi-do, Korea, 463-711. Point to the link and look at the browser status bar to see the actual address.

These scam artists are looking for your credit card number and pin, and any other information they can get. Korea Telecom may have pulled the plug on this particular scam -- as of this writing the link doesn't work.

Other apparently nonsensical messages embedded in the source code of this message: "I advise you without any ega you can't miss it Are you sure? in 1825 That's lovely . . . in 1860 You might put Forget it! 253 No thanks 1 in 1946 292 going to Will you . . . ."

Amazon indeed!

Another way filters can identify spam (or a scam) is by comparing an image against known "bad" images. But it's a simple matter to randomize a few bits in the graphic, thereby altering the file's checksum.

Conclusion: A steganographic message may have a lot more content than meets the eye. Spam may have a scam lurking beneath the apparent message. Either our filters will have to get smarter, or we will.




*random text string culled from today's collection of spam. Here's a longer version, also from today's email:

predominate ossifies antiquarians cordage eme percolate tallymen outpresses leached arachnophagous. aspartyl prealarm neostriatum stalklet regulatively sparged slapdash glaucophanite vaugnerite. apyrases weighted spelled eroses tantawy sodioplatinic zoonomia. eupneic programer lenticula preallow dundee claustrophobe psychopompos gauntries lifo cordage. ciboule priapean blennymenitis stiff! nesses mastectomy sunset inbreathe sabine semioblivious seafarers. dwellers shellacked tractlet ataman smockings unamalgamated cresswort quillaia. geodesical sabine preilluminate halakah nonundulatory superorganize marketeers. apometabolous orthograph tutory palatines blackguard zoosporocyst. scrawler slopeness misunderstander stereognostic rhyming. subserrate contravention myelodiastasis illicitly volplane promote besprinkling extrapelvic eyedropperful. governs esophagectomy palaeography mussuk hemapophyseal. rubidiums muzjiks videlicet lakist misunderstander cytost unmixable reata. steadfastness glamoury pantywaist balden autosign. findal ataman undisinherited skirl bandsmen pickford condemnate sparged. uluhi tannings mesmerizes prisonlike amusively khazens pst eschalots. cacuminous buttocker etatist bullcomber mirv esoterism yappiness. rave gaynesses derival letting smockings despotat nonimmunities malocclusion yens ultramodernist. animists diabolarch docking mussuk coto! neaster yens.


Tuesday, August 31, 2004

A visit from the master

Ed Stolker in tuxTomorrow night at this time Dad will be in town for a special visit.

If you've been a Landmark client for a few years you may remember him. Chances are he built that Landmark 286 or 386 computer you have stashed in the attic. For a while he was the primary custom builder of our PCs.

More recently he helped build a temporary shop for us at Landmark. Before that he helped build our facility at Ameri-Tech Concepts (from whom we separated last year).

Dad knows things. He understands electricity and sheet metal and power tools and plumbing and internal combustion. He has all the artisan skills that sometimes skip a generation. And he's got all the answers to my questions -- usually the right ones.

You might say he's my personal Google.

Ed Stolker, Los Angeles Police DepartmentDad's current claim to fame is as Los Angeles' oldest police officer (84 years of age). In October he'll be named Reserve Officer of the Year for rough, tough Van Nuys, his home district of 30 square miles with over 325,000 residents.

That would be an exceptional achievement for anyone else, but for Dad it's about par. When he joined the LAPD in his late 70s -- without fudging the rigorous physical exam -- it was just his latest career move. This guy has credentials as a Naval shipfitter (he helped build the battleship Wisconsin, Army intelligence officer, refinery instrument mechanic, home escalator installer, nuclear plant engineer, and several other occupations.

His colorful life has included . . .
-- riding atop a coal delivery truck as a kid because he didn't have trolley fare,
-- lugging around a machine gun (and being shot at) in Germany in WWII,
-- owning a butcher shop near a Gypsy encampment in the Philadelphia swampland,
-- joining Mensa because he "felt like it", and
-- raising a couple of sons whose skills, though not insubstantial, pale next to his.

He has survived it all with grace, and without noticeable wear. As he travels east to see his newest two great-grandchildren, I salute him.

Though in the photo he's taken his hat off, it's my hat that's off as always to Ed Stolker. He makes me proud to be named Ed Stolker, Jr.

Ed and Bud Stolker in Venice, California


Thursday, August 26, 2004

You call this a managed network?

One of my clients -- a great guy -- is kind of a poster boy for how not to administer a network.

I knew he was in trouble when I surfed to his company's Web page and found it had become a porn site. His technology guru let the Web site registration lapse, and a speculator picked it up. It's now for sale for $500 by a no-name sleazeball in Florida (phone number 999-999-9999). My client was actually using a different domain name for his Web site and never noticed that the Web name he was using and the Web name he was publicizing didn't match.

Just about the time he called me in to clean up his network, the employee who was administering his network quit. History may be repeating itself: the former net admin is the listed contact for the company's current Web site. If he decides to hold that Web site hostage he can do it -- maybe not forever, but long enough to aggravate all concerned.

That same former network admin, who no longer returns phone calls, left his PC running but locked. No one knows the password. I was able to crack into the computer (yes, you can break password protection on Windows 2000 and XP servers with a simple floppy disk), but it's scary that we might have had to nuke the administrator's PC and start over without prior knowledge of how it worked and what he was working on.

There's more. It takes 2-3 minutes for a user to log onto the server. Maybe that's because it's running Windows 2003 Server in 128 Megabytes of RAM! Many basic home computers have four times that much memory. The 8 Gigabyte hard drive is maxed out, too.

One wonders how the network admin was spending his time.

I tried to open the server to upgrade memory but found it's locked. No key available. Okay, no sweat, I probably have a key that works, but are you getting the picture?

There's more. Users are flickering on and off the network. The Internet feed is unreliable. There's a tangle of unlabeled wires leading to the primary network switch (a multiport connector box). The switch is bolted to the leg of a lab bench, just begging to be kicked by the PC user sitting there. At the far end of some of those connections, the Ethernet cable comes right out of a hole in the wall. It's not punched down to the back of a wall socket. Put a kink in the wire, and you can't just replace a patch cable. You've got trouble, my friend, yes trouble right here in River City.

But I digress. There's a point here begging to be made:

Take care of your network; it's a primary business asset. Make sure you, the business owner, own what you need to own (in this case the rights to your Web site). Don't use a staffer's kid to string network cable if you want it to work reliably. Make sure everything is documented and labeled. And don't give away the keys to your kingdom -- or your server.

Hey, it's late and I'm tired after chasing wires all evening. I could go on, but not tonight.

A word or two to the wise . . .

. . . and a mention of our newest service, Domains by Landmark. Not only can you register and renew domain names at competitive rates, you can lock the registration and set it up for automatic renewal. That ensures you won't find one of your most precious business assets -- your Web name -- ripped off. If you're a dot-com, make sure you reserve similar Web names, too: dot-net, dot-org, dot-biz, dot-us, dot-name -- before someone else grabs them!

Wednesday, August 25, 2004

Publishing digital photos easily

I've found an outstanding tool for creating Web photo albums. It's a freeware program named JAlbum by a generous fellow named David Ekholm. JAlbum reads all the photos in a folder, compresses and reformats each one to a size of your choice, creates matching thumbnails*, then generates a sequence of Web pages using the thumbnails as an index to the larger pictures. Click on any thumbnail and a slide show revs up automatically. You can select from a variety of skins**, configuring the look and feel of each Web page to an astonishing degree.

Here's a sample album I created for a family reunion. The original photos were about 1.4 Megabytes each. JAlbum compressed them to less than 50K each for fast loading. JAlbum is a Java-based program, so it runs on Windows, Macintosh OS X, Linux, Solaris, AIX, OS/2, eComStation -- any platform that supports Java 1.3. I could go on about this program, but just read the feature list for yourself, download this gem, and get started on those online photo albums!

PS -- No spyware comes bundled with JAlbum; it's an utter gift. My hat is off to Mr. Eckholm. Such a deal!

* A small image representing a much larger one.
** An alternative graphical interface. A skin customizes the look of the program without affecting its functionality.

Tuesday, August 24, 2004

What browser should I use?

See update 3-11-2005 at bottom of this entry for updates on Firefox and Mozilla.

Here's an interesting graphic from Re_Invigorate Propaganda, a site I wandered upon this morning. The font is so small and dark that I wonder how anyone can read it. Probably done on a Macintosh! The solid colors look ratty because I lightened up the whole image a bit after doing a screen grab.

It shows the most popular Web browsers and the most popular operating systems -- allegedly in real time. I don't think so, given that the latest Netscape listed is Version 5!

Look at the stats on Internet Explorer: in use by 90% of the market. A client who doesn't like the Microsoft browser called yesterday asking what's his next step forward from Netscape 4.76. Should he upgrade to the Netscape 7.2 Web browser and email program? (He's still using Windows 98.)

No, I said. New versions of Netscape are slow and burdened with ugly graphics and technical difficulties (which I won't go into here). I suggested Mozilla as a free alternative. Mozilla isn't even listed on this chart, but the chart has got to be a couple of years out of date. The new Mozilla is supposed to be fast and unburdened with the Netscape legacy.

Other choices are Opera ($39) and Firefox (also by the Mozilla people --fast, free, and capable).

Update 3-11-2005: The scene has changed considerably since August 2004 when I first published this entry. Today's top browser choice for those in the know, hands down, is Firefox. It's been downloaded 27 million times and is on its way to displacing Internet Explorer at the top of the heap. The Mozilla Foundation is calling it quits with Mozilla because Firefox and its email companion, Thunderbird, are proving so popular.

The last release of Mozilla will be Version 1.7.

Monday, August 23, 2004

First posting

I'm looking for an easy way to keep The View from Landmark up to date. Putting together each issue of The View requires several html pages: one for the overall "container" and one for each article. Then I have to publish a version for email and one for the Web.

It's a lot of work.

My hope is that blogging will simplify the publishing process so that I can get on with the business of writing. There's lots of information I want to share with Landmark clients and other readers.

Blogger is a free Google product. While not the most sophisticated of the many blogging programs available, it's all I need for now. Using it ensures that these pages will be indexed by Google.

I like the fact that I can go back later and update any posting without changing the original date stamp. (Posted 2 days later.)

Eventually I may step up to something like Movable Type -- free for personal use, licensed for business use. Powerful stuff.