Pay Attention To Me

If only Microsoft supported their own hardware on Windows

2011-07-02T10:20:00.001-07:00

Oh, 404 not found. Well, programming websites can be hard.

Let me see if my device is under warranty. Let's go to the warranty page.

Oh, they don't recognize their serial number. (For about a year, Microsoft had a "temporary problem" recognizing the serial number printed on the mouse. Maybe until the warranty ran out.)

Hey, let me try having their ActiveX control identify the device.

Oh, Internet Explorer blocked the ActiveX control because it's unsafe. No option to allow it to run, either.

When a Microsoft Wireless Notebook Optical Mouse 3000 acts funny in Windows:

continuously disconnecting and reconnecting,
working for anywhere from 2 seconds to 20 seconds, but then breaking,
re-installig Intellipoint, will, at best make IPoint.exe crash, or have no effet.

What's the solution? Should both pieces be tossed in the trash? Batteries have been replaced.

Security of Bitcoin websites

2011-05-18T19:32:00.000-07:00

Bitcoins are a (relatively) new digital currency. Their closest real-world analogue is to cash, since there is no central authority that manages them. Transaction fees within the system are also very very small, less than 0.1% if even that much.

I'm not an expert, but here's a quick primer: you can send coins in your wallet to a valid address, and this transaction is validated by a peer-to-peer network. Addresses can be created at will. Coins are validated via their history, so you can see the addresses of previous transactions involving those coins. For example, I just made up the address 15NhuaukwoUoHWRJijfdrb4iiz6D61mCds; you can see the history of that address here, which is blank right now. (If you give me bitcoins at that address, there is a "receipt" right there. See, bitcoins makes begging on-line seem cool again, just like it was ten years ago.)

Bitcoin's online use also makes a brand-new target for thieves. Instead of breaking into your computer to try and sniff your passwords or selling you off to a zombie net, hackers could directly steal value stored there.

This also applies to websites that handle bitcoins. There is no central body so there is no such thing as PCI Compliance. But websites that allow bitcoins to be transferred to other addresses need to take security very seriously, as if they were handling credit card information or actual cash like a bank.

(Websites that receive payments via Bitcoin do not need to worry as much, but they still should use best practices.)

One example is Mt Gox, a site that facilitates the exchange of different currencies, including US Dollars and Bitcoins. EvilPacket demonstrated a XSS and CSRF attack against the site, which has since been fixed.

One of the more popular source of coins these days are "mining pools," in which lots of people work together to help the peer-to-peer network validate transactions, and are occasionally rewarded with new bitcoins. All these sites have web interfaces. I gave a peek to see if they were vulnerable to some simple attacks.

BTCMine, slush's pool, and MtRed were all safe. (MtRed claims to have fixed a CSRF problem, but if so then it was definitely before I looked, and it seems like it was built right into their framework automatically.)

I incorrectly thought that DeepBit was vulnerable, but the admin pointed out that he already had defenses in place, and when I checked my notes, it turns out he was right all along. Good show there (plus they require email confirmation for changing their destination address).

Bitcoin Pool was vulnerable when I checked. I could change my receiving address blindly, which means it was ripe for a CSRF attack. I dropped an admin a private message in their forum, and didn't get a response. But they seem to have taken action anyway. If you go to http://www.bitcoinpool.com/account.php now, it fails unless you are using a referrer from their own domain.

Mitigation

As users, the big piece of advice: log out of any website that lets you transmit bitcoins. Log in to those sites only one at a time, and with a separate browser (or even a browser within a VM if you have sufficient amounts of money in play).

As website developers, you need to build secure sites. That's a whole different article.

As a network... well, that's interesting. If one were to perform a widespread theft like this, actions could still be taken against the thieves.

Although you may hear people describe bitcoins as anonymous, the better word is pseudonymous. You can make arbitrary account numbers and receive payment at them, but their use can still be tracked. A theft of a sufficient number of coins would attract the attention of the FBI or similar organization.

At some point, just like with US Dollars, the holders of stolen Bitcoins will want to redeem them for goods or services. Even if they bounce the stolen Bitcoins through thousands of addresses, those can be tracked, since the entire nature of the network is that it is transparent. Eventually a vendor of something physical will acquire some of these coins and be able to provide authorities with some kind of address for the crooks.

Fencing stolen coins is still possible, but actually harder than it would be with, say, a briefcase full of greenbacks.

Solving Hangman?

2010-08-17T21:08:00.000-07:00

Over on the Wolfram blog a Mathematica user wrote up a hangman game, and found that "jazz" was the hardest word for his AI to guess.

You can read through his post, but he figures that there are so many easy words that guessing some rare letters near the beginning won't cost you that much.

I took that as a challenge and investigated on my own. In turns out to be pretty hard, even if you get 13 wrong guesses to die, to find all possible words.

Instead of his 90,000 word dictionary, I was using the 230,000 word dictionary in /usr/share/dict/words on OpenBSD. To get a good look at the sub-problem, I restricted myself to the 825 words that could be "_ A _ _". I've included those 825 words in the first comment of this post (since I don't know how to get Blogspot to do attachments and am too tired to try it after working on this for a few hours in evening).

The general strategy is to guess the letters that are most likely to appear. Wrong guesses bring you closer to your doom, right guesses give you a lot of information.

If you could perfectly bisect the remaining words with each guess it would only take 10 guesses, but we can't eliminate that many words at each time.

You could go through the letters in their normal order in the English language, but that gets you to J or Z only after about 20 guesses.

Okay, so let's review. We have "_ A _ _". I'm pretending that we got lucky and guessed "A" first, so we have 25 possible letters left to guess, and 13 wrong answers kill us. There are 825 words and here are how many of those words contain each letter:

 1. r 172
 2. e 172
 3. n 170
 4. t 163
 5. l 148
 6. s 136
 7. i 131
 8. m 117
 9. k 116
10. d 107
11. p 102
12. h 101
13. g 91
14. c 89
15. w 88
16. b 88
17. y 84
18. u 82
19. f 61
20. o 54
21. v 41
22. j 29
23. z 28
24. x 9
(q does not appear at all)

Guessing those in order won't work either, as you can see. But we don't need to guess in that order.

The most straightforward way, and the one used at the Wolfram post if I understood it correctly, is to iteratively find the most common letter in the remaining words and guess that one. I think they called this A* back when I was in school. Or was that a greedy algorithm? I can't remember.

Anyway, if you do that, you get this

Guess Number	Letter	Remaining Words
0	(A)	825
1	R	653
2	N	506
3	L	383
4	E	284
5	S	208
6	T	155
7	K	114
8	M	80
9	Y	55
10	U	38
11	I	26
12	O	16
13	F	8

So after our 13th wrong answer, we are hanged and still have 8 words left: {bach bawd caph dabb hadj jazz wapp zach}.

However, this isn't necessarily the best order in which to guess letters. There are 24! different orders in which you could guess the letters that aren't A or Q. That would take 1.5*10²¹ tries to figure out.

Well, what only matters is the first 13 that we guess, and ₂₄C₁₃ is about 2.5 million. That's still a lot, and it may not generalize for other words.

We can do something like minmax algorithm, where we assume that we get the worst possible result from our best possible guesses, looking forward several steps. Looking forward 2, 3, or even 6 steps the very start leaves us off no better. In retrospect this isn't that surprising, since we still have letters pretty well distributed.

However, if we take the 400 best combinations from that 6th step (with word sets ranging in size from 155 to 204) and look forward 5 steps from there, we get some better results. What I called A* above only had us down to 26 word choices, but the best discovery here is down to 24 words. (We guessed D, E, K, L, M, N, P, R, S, T and Y.)

If we take the 32 best solutions we had there (ranging in size from 24 words up to 30 words), and look forward 2 steps, we can get down to 6 possible words. With the additional letters B and F, those words are {gazi hagi jacu jazz waco zach}.

So I can't always win. I didn't test every single combination, but I'm pretty sure that I got close. If I were to spend more than an evening on this, I would try starting with the common results around position 4 or 5 and building trees from there.

I also think that I might be more successful with Mathematica's smaller word list of 90,000 entries. I can't find a good place to download that or a similar corpus (this gets me close, but it looks like a hell of a lot of work to pull out that data). When I find a dictionary of that size I'll try again.

DC Comics' Spider-Man

2009-08-23T18:25:00.001-07:00

Yes, the tag on those pajamas says "DC Super Friends."

Yes, those are Iron Man and Spider-Man you see.

I suspect most parents won't notice stuff like this. It's like some weird bootleg clothes.

Chase does it again

2009-08-23T17:34:00.000-07:00

Chase is really eager to get me to sign up for their "triple rewards" program, which has so much fine print I just toss it in the trash. But this recent offer made me reconsider. I wonder if that would last forever. Chase's offer department must not have read many Encyclopedia Brown books.

Important updates to you online legal agreements

2009-02-27T09:45:00.000-08:00

Yes, Chase. Thank you. Basic grammar is no longer a useful test to differentiate spam from non-spam.

There but for the grace of God go I

2009-01-01T09:20:00.000-08:00

Microsoft has suffered some embarrassment because their Zune 30s stopped working on day 366 of a leap year. Lots of customers are annoyed, and lots of people are smug about Microsoft facing such problems.

All I can think was: thank God it wasn't me.

Time is one of the thorniest issues involved in computers. Clocks rolling over, leap dates, leap seconds, time zones, daylight savings, changes in daylight savings definitions, "official" sources that disagree with each other -- there is a lot to keep track of. "Time is a morass" a colleague once told me near the beginning of my career. I didn't understand it then, but by now I definitely do.

I was once at a start-up where our beta customers had the software stop working one day. The reason was because the default certificates that we issued had all expired. I wasn't the person who had created them, but I didn't think that the individual who did had made any grave error -- he had to choose an expiration and he did. At the time it was felt to be very far away and that our customers would be generating their own certificates anyway. (This was years ago, when people still believed in PKI.) Our software that regularly verified the certs should have warned that they were about to expire, but again that's a design decision that looks easy after-the-fact.

I did a bad thing.

2008-11-12T17:38:00.000-08:00

I saw a story I liked on CNN about the political transition. I submitted it to Reddit, where it was promptly ignored.

Then I did a bad thing. I am sorry.

For those not familiar with it, the second entry means that 9 hours ago I submitted the first story with a normal headline, and it got 1 point. The first line means that 6 hours ago I submitted the salacious headline, and got 42 points.

If you want irony, here's the top comment on my evil post: Oy.

I run out of gas

2008-09-23T06:40:00.000-07:00

Well, I was wrong.

I tried to wait out the gas panic, telecommuting some days and driving my spouse's car on others.

Over the weekend we were on a trip to South Carolina, which generally has lower gas prices. We took my car because it's more expensive to fill up, so it would have bigger savings. Skipped one station on the way in, and then tried all of them on the way out.

Those gas stations came in 2 varities: out of gas, and only basic gasoline.

My car needs premium, so I'm pretty much out of luck. Experimentation a few years ago showed that it needs about 90.5 octane, so I was able to dilute the 93 in my tank with some 87 to give myself a little more range.

But the lesson to me is clear: next time, I need to panic with the rest of the masses.

Charlotte runs out of gas again?

2008-09-13T07:00:00.000-07:00

Charlotte ran out of gas in the wake (so to speak) of Katrina, before I was a resident. Now Ike is doing a redux, and this time I have the chance to observe the panic in person.

Driving home I saw a very long line at the gas station I usually use -- which has some 18 pumps and I've never had to wait at. The price for premium had jumped from around $3.80 to $4.20, which was typical for Friday's jump. The next station I passed just displayed "$.00" on its sign, and the pumps were taped off, apparently out of gas. That pattern repeated itself the rest of the way home.

People are notoriously irrational about gas prices, willing to spend lots of time and gas to save a few bucks. How scared were folks of being unable to fill up next week?

Last time, the panic was apparently triggered by government officials asking people not to panic. This time, some stations started asking customers to limit themselves to 10 gallons, which just kicked off the nonsense by itself.

At least prices went up to discourage consumption. I'm at about a quarter-of-a-tank, but I think I can hold out until the craziness passes.

Shove Beyond Zork under rug

2008-08-08T19:46:00.000-07:00

I ended up browsing the Wikipedia pages about Infocom several evenings ago, because someone on reddit was talking about games making you cry, and I was apparently the only person who remembered Floyd from Planetfall. (I now see that SicTim brought up the same comment around the same time I did.)

I went over to Beyond Zork, probably the game of theirs I had the most fun with (although not their most fun game -- the distinction is subtle). And they linked to the bugs list for it. Well, they were missing my favorites, so I just had to contribute.

The Bearskin Rug

My favorite object to abuse was the bearskin rug. The bug database told me about a bug that I hadn't known about before -- that standing on the rug could let you move in a blocked direction.

But there was another wacko thing you could do: SHOVE MONSTER UNDER RUG. For many objects, regardless of the size of the object, it gets it out of the way, and you can move around in spite of it.

I cruised through the game trying to shove everything I could see under the rug, and I've made notes below about them. But I'm sure I missed some stuff (especially the fields of Frotzen), so go through yourself and tell me what you see.

SHOVE COOK UNDER RUG. He disappears from the description of the room, and he will be under the rug when you LOOK UNDER RUG. But he still mills about the room, and will stop you from rolling out the onion. You can't otherwise interact with him. If you leave and re-enter the room, the cook snaps from out of the room. (I could swear that you could cheat like this on the Apple II version.) You can shove the onion under the rug, but you cannot get it back, because you cannot lift up the rug. Maybe the weight of the onion gets added to the weight of the rug?

SHOVE MONSTER UNDER RUG. The monster is removed from the room; it cannot attack you and you cannot attack it. Like everything else you shove under a rug, the only way to get it back is to lift up the rug.

SHOVE PTERODACTYL UNDER RUG. A lot like the cook, you can still hear him, even if you cannot see him. See below for what happens if you do this while mounted. :)

SHOVE ARROW UNDER RUG. Cannot do this unless you could normally get to the arrow. But if you do shove it, when you actually pick it up, you'll get the text about ripping it from the pterodactyl's wing, even if the pterodactyl is long gone.

SHOVE EASEL/CANVAS/SAILOR UNDER RUG. Seems to work, but they all still interact normally. Shoving the wood under the rug puts it there, but it will magically float out from underneath it if you don't manually pick it up soon.

SHOVE SELF UNDER RUG. Just like DIP ME IN POOL, self is forever under the rug, or lying on the floor if you pick the rug up again.

SHOVE IDOL UNDER RUG. The craziest thing so far, but you can indeed do it. I've gotten the game to crash by trying to slide the jewel under the rug that the idol was underneath.

SHOVE CARDINAL TOOLBOX UNDER RUG. You can snatch the reliquary immediately. You can win the game pretty quickly if you combine this with the other rug bug to bypass the Christmas Tree Monsters. Toolbox seems to disappear permanently, although presumably finishing the volcano/glyph puzzle will make him reappear.

SHOVE FOOTPRINTS UNDER RUG. You can put the minx tracks there. Wacky, huh?

SHOVE HUNTER(S) UNDER RUG. This resets the minx puzzle. You can restore the minx even if you lost her by disposing of her in quicksand or losing her in the timeline. Each time you stomp out the tracks you'll get 15 compassion points, too.

SHOVE MINX UNDER RUG? The text says she jumps off of it, but it seems she's standing on it. She jumps fully off the next turn.

SHOVE BUTTERFLY UNDER RUG. If you leave and return, it will be lying atop the rug.

SHOVE WORD OF RECALL UNDER RUG. Yep, you can shove the glowing words from the Recall scroll under the rug. Then you can teleport there. If you previously PUT SELF UNDER RUG you will at least have some company. Or you can fight off a monster you previously shoved under the rug; that would be fun, huh? I think the only way to escape is to use the sayonara wand, although the gating scroll might work. The sea chest cannot be opened under here because it is, after all, under the rug. You can summon the pterodactyl, but you can't mount it under the rug.

You can have fun interacting with various objects after both you and them are shoved under. Try the display case, the old woman, the flight of stairs.

You can put the rug in the sea chest, and shove stuff under the rug, and then get the rug. That stuff will be in the chest. All the craziness above and below has just been compounded. Can you try carrying a monster to a brand new area? Is there any other container that's big enough to hold the rug? I don't know.

You can put yourself "in" the pew with the above trick, although you can easily stand out of it.

You can create an infinite loop by shoving the chest under the rug that's inside of it. Same with the pool.

You can also get yourself under the rug by shoving the pterodactyl under the rug and then dismounting. The place will be totally dark unless you light it.

SHOVE SOUTH UNDER RUG. You can shove exit directions, which doesn't seem to do anything as far as I could figure.

SHOVE DOME/CRATER UNDER RUG. Changes the description, but doesn't seem to have an effect. You won't be able to interact with them until they're out from the rug, of course.

SHOVE GONDOLA UNDER RUG. This might make two gondolas be in the room, making it hard to interact with either. "Which do you mean, the gondola or the gondola?"

SHOVE UNICORN UNDER RUG. This empties the stall. The unicorn cannot be seen under the rug, although rubbing the rug reveals something underneath. (This is pretty common.) When you lift the rug the unicorn has disappeared.

Can SHOVE MONKEY GRINDER UNDER RUG, which means you can enter the hall of enchanters. But he will still be present and attacking you, and the fact that he's missing will stop you from leaving, resetting his appearance just like shoving the hunter under the rug. He will continue to beat on you while this happens, though. :(

Cannot shove hurdy-gurdy (while in possession of the grinder) under the rug. The game seems to let you shove the warning nymph, but there doesn't seem to be a change.

THE ARCH: You can get under the arch and shove the arch under the rug. Nothing special seems to happen, even if you leave.

You can put rug in arch and then shove arch under rug. Game freezes in infinite loop, like with other containers.

SHOVE DEAD GRAY HORSE/TRENCH UNDER RUG. Nothing seems to happen.

SHOVE BLACK KNIGHT UNDER RUG. Can shove the black knight under the rug, although the story will proceed as if he were out. If the rug is under the arch when this happens, you can bring him with you on your time traveling adventure. Flinging arrows will stop you from interacting with him. Is there anyway to get him out far enough that your wand of annihilation would be effectivce, like to the present and outside of the arch? Maybe you could use the rug-in-chest trick to get him out.

Can shove the dead prince under the rug, but he will disappear if you travel into the future or the past. Can shove the black horse under the rug, but the story will move him away, just like the driftwood.

Can shove the undead warrior (and presumably the ghoul) under the rug, then travel to the past with him. He won't try to kill you at all, but you can injure him. Would something like this work with the pool of radiance and harder monsters? You can "wake him up" by dropping the rug outside the arch in another time period and re-shoving him under it. You can trap him in the past this way. (I don't think you can do the same with the idol or the pool of radiance, and I don't think the other random areas have minirooms like that. But please test. :> )

Can shove the orator under the rug, but he will disappear from there when the crowd carries him away. I can't figure out how to extend this.

You can shove the minxhole under the rug. In any other time period it becomes the trench. It will go back to its original place, much like the helmet, if you go back to the battlefield.

THE DARK CAVES: SHOVE MIRROR UNDER RUG. They still have the same effect, although you cannot see the effect in this room nor turn the mirror.

SHOVE UR-GRUE UNDER RUG. The ur-grue will no longer chat you up as you exit and enter the room, killing you much faster. You have just enough time to drop the rug, shove the shadow under it, blow the bubble, spin the mirror, and get the rug again, which should kill the ur-grue, but the ur-grue will cast his statue spell and end the game. So it's hard for me to figure out just why the light isn't killing the ur-grue. Any way of extending his talking time. . .?

BUT, with the ur-grue out of the way, he won't stop you from searching the plunder for the coconut. You need to get out of that room fast, though! And an under-the-rug-ur-grue will still destroy light sources.

Fun Facts

By using rug bugs to get the Scrystone without the goblet and the butterfly, you can defeat the ur-grue without ever visiting the Implementors. And to my happy surprise, the coconut isn't in the room if the ur-grue hasn't stolen it. Fortunately, you can go back to the Implementors and go through the story to get the coconut to the ur-grue, and the ur-grue will obligingly steal it even though he's dead.

If you go inside the caves and close the door, the grue will show up, and then you can open the door. It will be paralyzed and look like a lurking presence, and you will be free to kill it. After it is dead, it won't retreat until you make that room dark again.

TOUCH SHADOW after RUB RUG will crash the game! Maybe the game isn't ready for that monster taking any kind of damage.

You can kill the monkey grinder through physical combat. THRUST will do it, and you may need the amulet to help. He dissolves in a puff of smoke.

Even with all the bugs above, you still need to kill either the outline or the grinder to kill the ur-grue, because you need to get the rose. So either use the goblet to enter Frotzen and use the rug to get past the corbies, or use the rug to get into Frotzen and use the hurdy-gurdy to get the rose. (If you want to just win via stealing the coconut from the ur-grue hidden under the rug, you can do it with killing only the outline.)

The white hemisphere seems to be that which becomes the scrystone.

You can analyze potions and scrolls and wands by their proper names even when not identified, and even by their magic words.

You can win the game without the Pheehelm, and not using any of these bugs. If you start with an Intelligence of 29, you can get smart enough to peer into the Scrystone without it. This frees up your money to armor up.

Hacking

BZ was around the point where I learned that I could hack into games. It seems obvious now, but back in the day it was some giant epiphany for me to realize that I could analyze the stored data on disk (we're talking about floppy disk, here).

I grabbed the RWTS code from the Beagle Bros. and did massive compares across two floppies. Eventually I found out where the vital RPG stats were stored. All the values were stored by some checksum that I couldn't quite reverse-engineer; however, it was quite a literal checksum; you could swap luck and compassion for endurance and strength on a 1-for-1 basis.

There was one good way of using this: you endurance would go up more the less of it you had. (9 - int(endurance/10)) So you could keep your endurance low and let your other stats grow in the meantime. Meaning you could gain 90 status points instead of 57 from levelling up 9 times.

Or you use the infinite compassion bug I mentioned earlier and transfer those points around wherever you want them.

Cash wasn't protected by any kind of checksum of encoding. You could give yourself thousands of zorkmids. (When I first played the game, I couldn't figure out the idol puzzle, so this was how I ended up "solving" it.)

Now, you're probably wondering what would happen if you got the checksum wrong. Well, you'd get this:

Wow, that was a surprise. It was like the programmers had left a little message in there saying "you are smart but I am smarter." I felt a little chill in my spine at that, like I had been caught at something. A technical nymph appears on your keyboard. 'Shame on you. Bye!' She disappears with a wink.

Other things to try

What if you are in an object that is destroyed? I'm not sure how to do this offhand, but maybe you can use the volcano. What if you leave "self" somewhere that gets it destroyed.

Can you get the ur-grue into the chest? How about the onion?

Can you get the rug into any container besides the chest? It's hard to get monsters out of their area with the chest, since you can't move it while it's open and you can only open it a limited number of times.

Happy classic gaming!

Imaging a real Windows 98 box into a VM

2008-07-31T18:35:00.000-07:00

Hopefully this will help others who try this. If this rambles, realize that you're getting the short version. :)

Like in lots of families, my son has an older machine, an old hand-me-down. It's a 533 MHz Celeron with 255MB of RAM running Windows 98 and can, barely, browse the modern web.

I recently upgraded my home Linux server, putting it into the shell of a my Windows XP desktop that was a few years old. (The machine is great, but I'm just not using it with my laptop.) It's 1.8 GHz with 512MB of RAM. It just sits around serving up files, and I don't use its console at all. So this should be usable by my son to run a VM, and I think at a better quality.

Lots of people in person and on the Internet recommend VMware's p2v program, which had been replaced with VMware convertor. It's "experimentally supported" on Windows 98. I tried several times to install version 3.0.3 and 3.0.2 update 1. Both would be installed 99% of the way and then the installer would unwind everything, without explanation of failure. I even tried installing on my laptop and then transferring the files over. I didn't expect this to work, and it didn't. So much for the Convertor.

So, down into the bits. I boot the Windows 98 machine with a SystemRescueCD (using a version that is a few years old), and transfer an image over to my server.

% dd if=/dev/hda1 | ssh -p 3022 dweber@192.168.33.40 dd of=disk.img

One tough thing to figure out was all of VMware's software, and I can't tell which are free easily. My server already had a very old copy of VMware Workstation, which I used to create a virtual machine. The options for a disk were to create a new virtual disk, use an existing one, or use a physical file system.

That physical file system option intrigured me for a while, since in theory I had the entire filesystem transferred over. But this option only seems to work with an actual 100% physical system, like /dev/hda3. So scratch that.

I don't really have an option for "importing a disk image." But I've got a plan. I make a new disk.

This VMware Workstation is so old that I can't even compile the VMware modules. It's not used to where Linux's latest kernel source file layout works, and I spent quite some time trying to figure out if I could outsmart it, with the help of web searches on my error messages.

Well, the answer was to load up VMware Player, which is free. I boot up my VM with the same SystemRescueCD in its CDROM drive. Start up sshd, and then I go my server and transfer the image back.

% dd if=disk.img | ssh root@192.168.162.100 dd of=/dev/hda1

I rebooted and the machine wouldn't book. Which was pretty obvious: I never set up an MBR. D'oh.

Okay, so I go back to that first dd command and do the whole thing again, this time with /dev/hda instead of /dev/hda1. I only transfer over the first 4GB of the disk, because I don't really care that much about everything working, just something, especially the start.

Now I was able to get a boot, but there were repeated disk errors. Probably because I transferred to a disk that wasn't of the same configuration of cylinders, heads, and sectors.

dd2vmdk looks like an awesome tool for changing the raw disk image into a vmdk file that VMware can use. The how-to screens gave me hope, but the tool is busted. :(

I made a brand new VM, this time with files that I downloaded thanks to the instructions at swap zone, and the URLs to vmdk and vmx files it had. These were invaluable, especially because it told me how to get the precise cylinder/head/sector information from the first disk and build it up on the second. Those instructions talk about using a raw disk, but I just needed to create an dumb image file instead of that. The VMDK spec from VMware helped to understand all the syntax.

(One really tricky bug that I ran into was that I was geting an error message saying "File not found: windows.vmdk". Eventually I figured out that it wasn't having trouble finding windows.vmdk, but rather that some file referred to by the vmdk file was missing.)

So now I finally had a correct VM built. I booted back into a rescue CD, and transferred in the disk image in chunks. (I only had 1 rescue CD, so I moved 20 GB from the Windows 98 machine to my server, and then from the server into the VM. As I type this I realize I could've just created an iso file with dd and skipped that step. Oops. If you do it all at once, you don't have to learn the difference between "skip" and "seek" in dd.)

I booted up and got a VM! It's Windows 98! yay!

Things were slow as puke and the graphics sucked, and I couldn't install VMware Tools with VMware Player. So I looked around VMware site some more and saw that VMware Server is free. I probably should have done this part long ago.

Once that installs, and VMware tools installs, I finally have a good running Windows 98 System.

Oddly, I probably gave the system too much RAM, because at 196 MB it was swapping my server. So I dropped it back down to 128 MB and things ran faster. His UB Funkeys, instead of crawling like a legless dog, now crawls like a two-legged dog. Well, it still feels faster to him, and now he has a better video card, too.

If I could send a message back to myself two weeks ago, I would say:

just use VMware server, it's free and full-featured
download the .vmx and .vmdk files from swap disk
get a second rescue CD, or image the first

Happy imaging!

Strider Password Generator

2008-07-10T18:46:00.000-07:00

I have fun with classic games. I grabbed the Capcom Classics Mini Mix for the Game Boy a while back, mostly for Bionic Commando, but Strider was a nice bonus.

Back in the 1980's, game consoles didn't have memory sticks, and it was rare for a cartridge to actually have persistent storage. So most adventure games used "passwords" to store the game state: a long string of digits that you could re-enter to continue playing later.

Some were very easy to reverse-engineer; MegaMan 2 barely even bothered making it tough, and MegaMan 3 wasn't that much trickier. Some were obviously complicated -- Metroid, for instance, although Metroid has such a big following that many people have analyzed the entire ROM, giving direct access to the code for the password so that the checksum could be analyzed.

Strider fits a bit in the middle. The password at the start of the game is AAIA AAAA AAIA, practically begging to be understood. Trying to change it to all A's fails, but it's technically a valid password, just one the game is hardwired not to accept.

Each letter of the password can range from A to P, making it one hex digit. So we're looking at a total of just six bytes. There's a little bit of slack available, because 26 bits could encode all possible game states. I'll refer to each letter in the password as a nibble.

Slowly iterating through the game state and comparing passwords takes a while, but the simple form is that a password starts with all A's, and then adds values in pairs, using the second-last nibble as a very rough checksum.

Keys: Add 8, 4, 2, 1 for keys 1, 2, 3, 4 to the third and eleventh nibbles.
Boots: Add 8, 4, 2 for Aqua, Magnet, Attack to the fifth and eleventh nibbles.
Disks: Add 8, 4, 2, 1 for disks 1, 2, 3, 4 to the seventh and eleventh nibbles.
Disks Analyzed: Add 8, 4, 2, 1 for disks 1, 2, 3, 4 to the ninth and eleventh nibbles.

So AAIA AAAA AAIA is the password for having key 1, which you have when the game begins. The game doesn't let you start without key 1, which is why the AAAA AAAA AAAA password is rejected.

So if you forget all the above, you can just change the I's in the default password into P's and you'll start with 4 keys. Pretty quick for skipping ahead in the game.

If you're familiar with the game you'll notice that I've left some other stuff out, including the keys and disks that are higher than 4. These aren't nearly as simple, but I'll give it a shot. Really, the Javascript code might be clearer.

For each level above 1: Add 1 to all nibbles, but 2 to the second and 0 to the eleventh.
Key 5: Add 14 to all nibbles, except 10 to the fourth, 0 to the sixth, and 0 to the eleventh.
Disk 6: Add 4 to all nibbles, except 8 to the eighth, and 0 to the eleventh.
Disk 5: Double the previous.
Analyzed Disk 6: Add 4 to all nibbles, except 8 to the tenth and 0 to the eleventh.
Analyzed Disk 5: Double the previous.
Plasma Arrow: Add 1 to all nibbles, but 2 to the sixth and 0 to the eleventh.
Red Dragon Open: Add 1 to all nibbles, but 2 to the fourth and 0 to the eleventh.
Fought Kain: Double the previous.

So there's one common theme to this set: adding 0 to the eleventh nibble. If you look at it sideways and squint, you can kind of see a connection between the values for disks 5-6 and disks 1-4. The key 5 value is totally bonkers.

One obvious point comes up that when you are adding all these numbers, you get overflows. The rule is just to toss them away, except for the first nibble. However many times it overflows, you increment the eleventh nibble that many times. This is why key 5 is described as adding 14 instead of subtracting 2.

By messing with game data like this, you can easily create unwinnable games:

Often times the game will lock you into an area to level up and not let you leave until you pick up a key item. If you already have the item but not the level, the game won't let you leave.
If you give yourself all the boots and grab key 4 out of the upper room of Kazakh, you'll be stuck in a room you can't exit without key 2.
If you go to the Red Dragon without both Slide In and the Magnetic Boots, you can't get to the boss. And I don't think you can defeat that boss if you don't have Plasma Arrow.

The level-up logic is pretty straightforward: if you accomplish something to get you to level X, your level is bumped up to X -- unless it's already higher, in which case you stay at that level. Sometimes I found the game awarding me with a level up even when my level stayed the same. ("BKAP BDAN ANAB" might do this, but my notes are messy right there.) Which level you are at determines the "story" you get at the password screen.

"BBJC BBEB EBOB" will generate an interesting bug if you analyze disk 4. (I've found another way of getting this bug, with Kain instead of Matic, but don't recall exactly the code path I took to get to it.)

I can't quite figure out the logic for what areas you can travel to after analyzing disks. I do know that once "Red Dragon" is checked, though, that's the only place you can ever travel to. For a real challenge, try doing that at level 2 with only Plasma Arrow and Magnetic Boots.

Feel free to play around with this. Let me know if you find any interesting stuff.

PLEASE ENABLE JAVASCRIPT

Dear Dotster,

2007-11-17T10:49:00.001-08:00

Dear Dotster,

You never write. You never call.

I just find out one day that my domains are all locked.

You don't even drop me an email telling me when it happens.

What's up?

I was an MIT professor: The Richard Jenkins Story

2007-10-05T10:38:00.002-07:00

Well, no. But an MIT professor writes about the Star Simpson story with a headline that looks to provide insight.

I posted the following comment but it never got approved. It's possible that his blog software sucks (it took me three tries to not get a 500 error, although the last time explicitly said I was successful). I was mostly annoyed by the poor logical arguments, which wouldn't bother me so much from some random joe, but I think that professors from my alma mater shouldn't say things that are silly on their face.

This is mostly a mini-rant and I probably would've left it alone in the comment section there, but when I saw other comments posted later than mine being approved, I just decided to post it where I could.

Would Playdough by itself be sufficient to trigger a police response?
Should I tell them not to carry [circuit boards] to the airport?
... my late mother used to wear a broach to holiday parties which looked like a Christmas tree, lite up, and was battery powered. A star is not that removed from a Christmas tree, after all. Would such a device have been read as a bomb in the current climate?

You are right that no individual component was at all threatening by itself.

However, there is a much different picture when all those elements are taken together.

I'm not saying that the State Police acted appropriately (although I do not wish to be in their shoes). But your analysis is not becoming of an MIT professor.

Oh, and where do you get off titling this "I was a Teenage Terrorist: The Star Simpson Story" when you are not Star Simpson, and didn't even talk to her about the incident, and acknowledge that you've probably never even met her?

about firewalls and bonds

2007-09-19T07:31:00.000-07:00

If you're lucky enough to not be involved in the drama of the computer security industry, you've probably not noticed the near-flame wars going on about de-perimeterization and the Jericho Forum.

I won't get into the details, because, as in most flame wars, they don't matter. But one thing in the latest salvo really got my hackles up. Not for the arguments, but for the disclaimer:

I work for a vendor of network perimeter security appliances. But, keep in mind, I would not be working for a perimeter defense company if I did not truly believe that the answer lies in protecting our networks. If I believed otherwise I would work for a de-perimeterization vendor, if I could find one. :-)

Poppycock. People change jobs all the time. Do you believe it when a CEO leaves a Fortune 500 company "to spend more time with his family"?

Part of my reaction comes from not being in marketing. An engineer is allowed (hopefully expected) to have a nuanced view of things. If a marketing person does, they're not really doing their job right. And engineers move across sectors a lot more, too. Non-competes play a part, of course, but after a period of time a given segment stops driving our curiosity; moving around keeps us fresh.

Over the past 10 years, I've built product for security companies selling all sorts of things: penetration testing, scanning, auditing, recording, DDoS defense, network profiling, remediation. I'm currently doing interesting work for a UTM vendor (just like the poster of the above disclaimer, although he won't call it that), which would seem to put me in the "network-based" defense category. But I'm also personally building some host-based defense mechanisms.

Which of those are the "best" way to secure your computers? It's a foolish question. Most people need a mix of those solutions, and just which mix depends on your situation. I currently deal with a lot of SMB (small- and medium-sized businesses, if you're not up on the lingo), which makes sense since I'm working for a UTM vendor, and that's the nice sweet spot for UTM's. Those customers have limited internal expertise and limited dollars, so an all-in-one package does a great job.

Occasionally customers will ask me if they should get rid of their host-based defenses, like antivirus software. My answer always comes down to "are you happy with it?" For most people, they don't care, so they leave it alone. But other folks get really pissed off by Norton Anti-Virus.

It's true that host-based defenses can open up new holes. You can read the argument of a maker of network-based defenses on why. (The points are valid, but just remember that you're reading the page of a vendor biased against host-based solutions, who avoids mentioning that network-based solutions can create vulnerabilities too.) However, there are threats that network-based defenses just can't deal with, like malware on removable media or encrypted connections.

For a lot of people, these threats don't matter, or are so small compared with their network threats that they'll just deal with them as is. But it's incorrect to try to wave away these threats, such as saying "well, they should have policies against that" or "no one really does that any more."

I'll close with a quote I think I got from financial analyst Allan Sloan, but couldn't find. "When Bill Gross (manager of the world's largest bond fund) talks about stocks, he's really talking about bonds." So when a marketer of product X talks about Y, he's really talking about how Y is inferior to X.

How I became a reddit war criminal

2007-09-15T14:13:00.001-07:00

So I found myself on Reddit Friday night, and I saw a post about the size of the stars in the universe.

You can see right on that page what caught my eye:

░░░░░░░░██░░░░░░██████░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
░░░░░░░░████░░██████░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
░░░░░░░░██▓▓████▓▓██░░░░░░██████████░░░░░░░░░░░░░░░░░░
░░░░░░████▓▓▓▓▓▓▓▓██░░██████▓▓▓▓▓▓████░░░░░░░░░░░░░░░░
░░░░████▓▓▓▓▓▓▓▓▓▓██████▓▓▓▓▓▓▓▓▓▓▓▓▓▓██░░░░░░████░░░░
░░░░██▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓██████████░░░░
░░██▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓████░░░░
░░██▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓██████
░░██▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓██████████▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓████░░
░░██▓▓▓▓▓▓▓▓▓▓▓▓▓▓██████▒▒▒▒▒▒██▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓██░░░░
░░██▓▓▓▓▓▓▓▓▓▓████▒▒▒▒▒▒▒▒▒▒██▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓██░░░░
░░░░██████████▒▒▒▒▒▒▒▒▒▒▒▒██████▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓████░░
░░░░░░░░░░██▒▒▒▒▒▒▒▒▒▒▒▒▒▒██▒▒██▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓██░░
░░░░░░░░░░██▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒██▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓██░░
░░░░░░░░████▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒██▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓██░░
░░░░░░░░████████████▒▒▒▒▒▒████▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓██░░
░░░░░░████░░░░░░░░▓▓██▒▒▒▒██▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓██░░░░
░░░░░░████▓▓░░░░░░░░██▒▒▒▒██████████▓▓▓▓▓▓▓▓▓▓██░░░░░░
░░░░░░████░░░░░░░░▓▓██▒▒▒▒██▓▓▒▒▒▒▓▓██▓▓▓▓▓▓██░░░░░░░░
░░░░████████████████▒▒▒▒▒▒██▓▓▒▒▓▓▒▒▓▓██▓▓██░░░░░░░░░░
░░████▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▒▒▓▓▓▓▓▓▓▓████░░░░░░░░░░░░
██▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓██████░░░░░░░░░░░░░░
██▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓██░░░░░░░░░░░░░░
░░██████▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒██░░░░░░░░░░░░░░
░░░░██▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓██░░░░░░░░░░░░░░
░░░░██▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒██░░░░░░░░░░░░░░
░░██▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒████▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓██░░░░░░░░░░░░
░░██▒▒▒▒▒▒▒▒▒▒██████▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒████░░░░░░░░░░
░░████████████████▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒████░░░░░░░░
░░░░░░░░░░░░░░░░░░████▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒██▓▓▓▓██░░░░░░
░░░░░░░░░░░░░░░░░░░░████▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒██▓▓██▓▓██░░░░
░░░░░░░░░░░░░░░░░░░░░░████▒▒▒▒▒▒▒▒▒▒▒▒████▓▓▓▓▓▓▓▓██░░

JelloShotz had done a good old ASCII Art picture of Fry (done with Unicode characters, of course).

I had been wondering just what kind of nonsense one could put into a Reddit title. People have put a few clever Unicode things into them before, like the right-to-left character.

So would this work as a Reddit title in its own right? I didn't think so; I'd probably have to do something weird, like submit 30 titles all at once, to build it all up.

So I tossed a post together quickly, submitted it, and my heart skipped a beat as my screen refreshed showing everything working perfectly.

I expected the submission to look like a bunch of garbage and quickly disappear from sight. But it worked on the first time. (Reddit titles don't allow carriage returns, AFAIK; it worked because the width of each row was enough to force one "word" per line.) And right in your face, too.

You can't un-ring a bell.

I thought about deleting it right away. But when I checked my votes, I had 3 upvotes. People had noticed already, and if I removed my entry, someone would just create another one, now that they realized how it could be done. So I left it there, unsure of just how the community would react to it.

I made two comments, hoping to throw myself on the mercy of the crowd. I asked if I should feel bad, and another pointing either credit or blame (depending on your opinion of my submission) to the original artist. Stealing credit is bad.

I watched it spend the next few minutes accumulating upvotes, with an occasional downvote. So, it seemed to be going fine.

It would hit #1 just after an hour. And most people were cool with it. The little pieces of animus were pretty funny, especially the charges comparing me with a kid pointing a gun at a friend. The best gave me a title for this post.

The reaction as I went to bed was decent; 905 upvotes and 385 downvotes. I had to go on a Cub Scout hike the next morning so I didn't get to check things until Saturday afternoon, at which point I was at 2134 upvotes and 1926 downvotes. While the Friday night crowd may have enjoyed it, clearly the Saturday morning crowd wasn't having any of it.

I got some questions from colleagues and commenters so I just put them all here:

Q. You linked to cats in sinks? WTF?

A. I needed a URL, so I just looked through the ones saved in my browser.

Catsinsinks.com a common testing URL I use for my lolograms.com project. I figured it was nice and innocuous. Despite the fact that this could've been a huge driver of clicks, I passed up on pimping my own personal project, because 1) it's definitely not ready for a reddit effect, 2) it would practically be an invitation for people to try their own Unicode-ART, and I haven't set up any defense against it, and 3) if this pissed people off, I didn't want them to find themselves on my doorstep.

Q. Dude. What the hell.

A. Sorry. I can't say that if I could go back and in time that I'd do it any differently, but I get why people would be pissed about it showing up at #1. If it's any consolation, hundreds of people voted to put it there.

Q. What if everyone does this?

A. Anything annoying can't get into the top page, pretty much by definition. I did have this chill run down my spine in the few seconds after I realized I had successfully posted: what if we're gonna get a whole bunch of titles like this?

The "new" page could definitely become a wasteland, but this is already true with people posting plain old spam links. The defenses against those posts would work against these ASCII art type posts.

Q. Did you consider telling the Reddit founders about it first?

I did consider that; and in the past I informed them about a particular nasty way of submitting things that could really piss people off without anyone being able to track down who did it. They handled it very professionally, which would encourage me to do it again.

(I've yet to publicly release that flaw -- a new baby tends to occupy one's time -- but they've already fixed it. I'll get around to it at some point.)

I'm not sure what I could've said to them, though. "People can be dicks when submitting stories"? I think they know that one. ;)

Another tale of the MBTA

2007-08-31T12:49:00.000-07:00

Should've made this last month, but life gets busy...

I was taking the Commuter Rail home; the Rail caters to a slightly more sophisticated clientele, since these are people using the train to get from the homes in the suburbs to their downtown Boston jobs.

So I figure this would be a great place for the CharlieCard. If anything, they must've started it's use here, right?

Well, no.

I pull out my CharlieCard to show to the attendant as he comes through the train to collect the fare. I expected him to have a portable reader, which would be less expensive than the new readers-plus-gates that they use to let people on and off the subway.

"What's that?" he said, acting as if I had tried to pay him using a dead frog.

"A CharlieCard," I said.

"No it isn't," he said.

"It says 'CharlieCard' right on it."

"It's not a CharlieCard. It's a receipt."

I pulled out the other item I got, which had "receipt" printed on it, and asked him what the difference was between the two items.

"I don't know what you're trying to pull, but the fare's $5.75."

Well, okay. I paid in cash.

So not only does the Commuter Rail not accept the Charlie Card, their workers can't even recognize it.

The MBTA takes less than 3 minutes to annoy me.

2007-07-12T13:15:00.001-07:00

Visiting Boston for the weekend, and the new Charlie Card system that the MBTA is using has already eaten one of my fares.

I bought a $10 card and swiped it through the gates. It didn't open.

The workers were dumbfounded that it didn't work; they acted like I told them that the machine had come alive and chased me. They kind of looked at each other, waiting for something magical to happen.

Eventually something magical did happen: my foolishness. A worker pointed back to the card slot. Not thinking too far ahead, I re-inserted my Charlie card, which of course did another $2 charge, and this time opened the door for me.

Opening the door for me for free after my lost charge was possible, although they were avoiding it. I knew that trying to get my $2 back on would be impossible. So I said "oh well" and walked on through.

reflecting on CSRF

2007-06-28T13:03:00.000-07:00

As more light and heat is being generated by the release of (at least) 8 products being vulnerable to CSRF attacks, what surprised me more than the flaw existing practically everywhere was the (non-)response by supposed security vendors.

All software has bugs. It shouldn't be any big surprise to reveal that.

What keeps you ahead of the game is how you respond to bugs, including security holes, especially for security vendors.

Yet, besides Check Point, their reaction seems to have been to cover their ears and pretend it didn't happen. One vendor claimed to have filed "a formal complaint with CERT"; we'll get out more about that one later. :)

Computer forensics in the courtroom

2007-05-18T06:14:00.000-07:00

http://www.startribune.com/467/story/1183612.html

If you have child porn on your computer, how does a court use forensices to determine if you did it on purpose?

Kevin Lang, a computer forensics examiner with Immigration and Customs Enforcement, testified that Furukawa had to have known he was downloading the porn, which includes telltale file names. He said the programs that Furukawa used to find files could not be automated.
But Furukawa testified that he had written a simple macro, or computer program, to automate the downloads. Lang acknowledged under cross-examination that it might be possible to do so.
Coombs, the New Zealand expert, said that he had examined the macro code and concluded that it would have worked as Furukawa described.

This is a lot better than the "virus defense." It appears that the defendant had child porn on his computer, but since he was automatically downloading everything he could find, he wasn't deliberately grabbing it.

IE6 and error code 12030

2007-04-13T09:49:00.000-07:00

If you are running Internet Explorer 6 and using Ajax, you may get some XMLHttpRequests terminated with code 12030.

Microsoft's knowledge base at http://support.microsoft.com/kb/193625 shows that this code is

  12030       ERROR_INTERNET_CONNECTION_ABORTED
              The connection with the server has been terminated.

Googling turned up no help; the people encountering this don't seem to be aware of how network sockets work, so I had to actually figure it out on my own.

This happens when the client thinks a connection has been kept open, and the server thniks it is closed. The server has sent a FIN, and the client has responded to that with an ACK. Running "netstat" on the Windows client shows that the connection is in the CLOSE_WAIT state, so IE6 really *ought* to have realized this before trying. This is entirely the client's fault. If you wait about 60 seconds, the Windows OS stack will retire the connection.

If you need to support IE6, you have some solutions, in various degrees of ugly:

retry the ajax request in case of error code 12030
if the browser is ie, send an empty request to the server ahead of each ajax request
bundle up your ajax requests such that the time between them is ( (greater than server_timeout) AND (less than server_timeout + one minute)

IE7, fwiw, will issue a RST over the CLOSE_WAIT socket as soon as it realizes it has an outgoing connection to make. That, and the socket will only stay in that CLOSE_WAIT state for about 5 seconds anyway.

20% growth per week is far too low

2007-02-19T11:16:00.000-08:00

Check out this one-page article in Inc. magazine, particularly the section near the bottom entitled "Build the brand" that's from the Chairman of the Board of New York Angels:

HedgeStop's audience growth rate of 20 percent a week is far too low. If you project that over two years, the site still would not have as many visitors as some of its competitors, such as Young Money, which has about 1.2 million users. If Carroll and Carlevato can get this site to the point where traffic is doubling each week, they may be able to attract investors. (Emphasis mine.)

Let's get this straight. A 20% growth per week is (more than) a doubling every month. Over two years, that would be "only" a 171-million-fold growth. (Hm, maybe 20% is only an estimate, rounded up from 15%. That still grows traffic by 2-million-fold.)

Who knows what planet VC's are living on these days. The doubling per week that the Chairman wants, over the same two year period that they use, would lead to a market of 10³¹ users, assuming they have just 1 right now.

VC's don't really seem any smarter this time around.

Google bombing to change someone's title tags

2007-01-26T08:08:00.000-08:00

Made a post over on Calyptix's blog about how you can change other people's title tags in a Google search for pages that don't contain a <TITLE> attribute. Lucky timing since Google announced this morning that they were going to fight back against Google-bombing. Right now that's the only real defense you've got, besides getting rid of all plain-text files from your website.

Bad Software Interfaces, Part 88

2006-12-21T14:53:00.000-08:00

Post office vending machines need UI improvement.

It's Christmas Card season again, so I went to the post office to drop off a bunch of stamped cards, and pick up some more stamps for any stragglers. Of course there was a huge line, which was expected as people are shipping packages. So I hit the vending machine to grab stamps. I could tell the people in line in front of me were getting frustrated, but it wasn't until I got to use it myself that I saw the problem. Here was my plan: since stamps are currently 39 cents, a book of 20 is $7.80. I had a ten dollar bill, so since I didn't want to get crushed with metal change, I was going to get a book of 20 and then enough individual 39-cent stamps to eat up the balance. Well, the machine was out of change. First mistake is that it didn't show this right away. Vending machines have had a "use exact change" light for decades. I stuck in my $10, the machine gave me a credit for $10.00, and then I selected the book of 20-stamps. The machine said that it couldn't give me $2.80 of change, and it rejected my purchase, and spat back my $10. Fortunately I had a $5 and managed to scrounge up enough $1's to get to $8. This time when I made my purchase, it gave out my stamps. Then a note flashed very quickly on the screen–too quickly for me to be sure of the exact message–along the lines of: "unable to give 20¢ change, Post Office notified." The next thing that the screen showed was a balance of $0.00. Well, thanks. So here's the story of what's going on:

The software expects to be able to dispense change.
If it can't, then it sees if the amount of change left over is below some threshold:

If it is, print a "sorry about that" and eat the money.
If not, spit the money back out at the user.

I've dealt with these machines before, and had them spit change back out at me before I was done buying things. I've also had it eat an entire book of stamps, to which the usps.com website says "you'll need to contact the local post office." (Losing $7.80 is annoying, but not so annoying that I want to find time to stand in line to process a claim that the machine ate my money.) The entire "customer makes a single purchase" model might work for buying snacks, but stamps are often gotten in multiples. The designers of this machine were clearly aware of this, because certain purchases (1-cent stamps) let you select a quantity. Normally this model is just annoying. It saves a little bit of time for a few transactions (buy one thing and go), but makes many other transactions take a lot longer, as I have to put the money it spits out back into the machine to buy the other things I wanted. But when the software refuses to let you carry a balance across transactions, lack of change becomes a real liability. Even if I couldn't've gotten my 20 cents back out, at least I could've left it there for the next person in line. Spread the Christmas cheer and all that. I really don't blame the software engineers who built this. Having seen things like this before, what I'm guessing is that the requirements never stated anything about the ability to dispense change, and the solution of refusing to do some transactions while eating the change on others was stapled on at the last minute. Note 1: It's curious that the machine fed me back my ten-dollar bill. How many bills can it return like that? I doubt it can rewind its entire store. If I had paid with ten $1 bills, would it have spit them all back one at time? Or would I only have gotten back my last dollar? Note 2: The coin insert slot was busted, based on the grumbling of the people in line in front of me, so you couldn't help but lose the fractional part of a dollar in any purchase. What if I had bought a single 39-cent stamp?

Calyptix announces prices

2006-12-15T13:06:00.000-08:00

Local UTM manufacturer Calyptix (with which I'm helping) has released a new version of their product, and announced prices as well: http://www.calyptix.com/pricing.php Prices are way below what you'd get for a similar product from Barracuda or SonicWall. And there are no per-user fees -- the "number of users" is just a performance benchmark.

This stuff writes itself

2006-12-15T07:48:00.000-08:00

http://edition.cnn.com/2006/TECH/internet/12/12/cyber.crime.reut/

Computer hackers will open a new front in the multi-billion pound "cyberwar" in 2007, targeting mobile phones, instant messaging and community Web sites such as MySpace, security experts predict.

As we used to say in the 80's, like, duh. This really shouldn't count as news. Security experts will always say the sky is going to be falling, for two reasons:

Things will indeed get worse.

It gives us jobs.

New York Times

Anyone want to write a "computer security researcher predicts bad things" headline generator?

What Voting Is Not

2006-12-13T15:59:00.000-08:00

I've seen a few misconceptions about voting that keep on getting repeated. I'm going to address the most common ones I see.

Voting is not an ATM transaction.
Voting is not a science project
Voting is not exact

not

So can technology help?

There are steps that can be taken to make voting more accurate, trustworthy, and transparent. But it takes a serious look at what our relative priorities are for an election, and a careful analysis of the solutions available. ¹Imagine that you asked 10,000 people to fill in a Scan-tron form with their initials. Do you think that only 2 would get it wrong in some way? Would any confuse a small-print O with a Q? Who would use a pen despite being given a #2 pencil? Would people without a middle name follow the format you told them? Did you even think of the problem of no middle name beforehand? None of these are common problems, but when you trying for 1% of 1% accuracy they become things you have to deal with.

The industry's new Howler Monkey-elect

2006-05-10T12:49:00.000-07:00

The computer security industry is metastasizing out a new Howler Monkey: http://www.securityabsurdity.com/failure.php Here's the posting I left there, because I'm expecting it to be deleted: This may surprise outsiders to the computer security industry, but there is nothing special about one of us saying "everything sucks." Every few years, the industry generates a new Howler Monkey. He is a favorite of the media because he's willing to "tell it like it is." Steve Gibson and Richard Smith were previous holders of the title of Chief Howler Monkey, but eventually they get shunned by the rest of the industry and became laughing stocks. Then the media needs to find a new Monkey to jump for them. This is just Mr. Eppel's attempt to climb to the top of the Mountain Of Monkeys. It's generally a good career move, certainly better than languishing in obscurity, so I don't fault him for that. But I don't want anyone to believe that he's some kind of saint or "speaking truth to power." This is a play we've seen many times before.

How to piss away your brand-name

2005-12-16T10:41:00.000-08:00

With v5 of its great WRT54G wireless router, Linksys went from a Linux-based OS to a VxWorks-based OS. Why? Hardware. Even a free Linux has its costs: it required them to use twice as much RAM. The Linux based product is one they've been debugging for many years; there are probably millions out there. The VxWorks one is brand new, and going through all the obvious quality pains you would expect. One classic issue that has returned is the timeout of inactive connections. Tech support was ever oh-so-useful. Check out how it's supposedly confidential, too. Bleah.

\n\n

Subject

very short timeout in WRT54G v5

Discussion Thread

Response (Xxx Xxxxxx X(00000)) 12/16/2005 10:25 AM

Dear Valued Linksys Customer, Thank you for contacting Linksys Technical Support. Look for a “keep alive” option on the SSH client software and enable it. If you have any further questions, feel free to visit our Knowledge Base at http://www.linksys.com/kb/ or send us an e-mail at support@linksys.com so that we can further assist you. Thank you and have a nice day! Sincerely, Xxx Xxxxxx Badge ID 00000 Linksys – A Division of Cisco Systems, Inc. Product Support Specialist Website: http://www.linksys.com Network Setup: http://www.linksys.com/edu This correspondence is considered confidential and any reproduction for the purpose of public disclosure is forbidden without written permission by the author signed above. Please keep all previous emails as a point of reference.
Customer 12/15/2005 09:02 PM
If I leave a telnet or ssh session open for ten minutes with my WRT54G, the connection is forcibly closed. This wasn\'t a problem with my previous WRT54G. I am running "Firmware Version: \tv1.00.4, Dec. 8, 2005" How can I change or eliminate this value? This correspondence is considered confidential and any reproduction for the purpose of public disclosure is forbidden without written permission by the author signed above. Please keep all previous emails as a point of reference.

Customer 12/15/2005 09:02 PM

If I leave a telnet or ssh session open for ten minutes with my WRT54G, the connection is forcibly closed. This wasn't a problem with my previous WRT54G. I am running "Firmware Version: v1.00.4, Dec. 8, 2005" How can I change or eliminate this value?

Egads.

Bad E-Commerce Interfaces

2005-12-08T21:35:00.000-08:00

God rest ye merry merchants, may ye make the Yuletide pay. Shop enough on Amazon.com and you realize just how difficult some e-commerce sites make it for you to give them money. I give a lot more latitude to smaller companies. But when the major vendors screw these things up I wonder why someone hasn't been fired. Here are some big ones I've been running into this holiday season: 1. Shipping is $100. I'm not kidding. Now I know why they can charge $30 less than anyone else for a hard drive. An inevitable side-effect of the price-comparison websites. 2. Please correct this field. Often times it's obvious what's bust up. Other times I'm not exactly sure how they want my phone number broken up over multiple fields. Which brings us into... 3. Needing fields If you guys can't parse "617-864-4120" on your own, are you really going to process my credit card information correctly? Which brings us to... 4. Not accepting free form credit card numbers I know there's a Computer Science fetish about validating input. We all learn the importance of it in school. I also understand why this fetish would apply extra strongly to the credit card field; botches of credit card numbers make the national press. You want to be sure that it's right. But entering a 16 digit credit card is very prone to user error. If I type in "371449635398431" I have to check back-and-forth many times. In fact, that credit card number only has 15 digits. That's because it's an American Express card. (Don't try that specific number; it's a dummy account AmEx has for testing purposes.) Let me use spaces. Let me use dashes. All you care about is the digits themselves. I can sum it up with this axiom: The fields that are most important to get right should be the most accepting of any user input. 5. Having a "Clear All Fields" button If a geneticist ever examines the history of web forms, they'll wonder how the pernicious "Clear" button ever survived. Like nipples on men, they only exist as vestigial organs, cluttering up HTML's DNA for the times they are actually needed. The "Clear" button essentially says "irretrievably destroy all my work." It doesn't work like "Undo" which 1) can often be undone itself, and 2) only undoes one thing. Computer manufacturers have gradually subdued the "Reset" buttons on the fronts of their machines, some just recessing them, others getting rid of them entirely. This was a good move, since hitting "Reset" was something you rarely wanted to do and doing accidentally would have a tragic outcome. This probably deserves a post all of its own. 6. Long pages all at once It sucks to navigate through 12 screens to buy something. It also sucks to have to deal with one big webpage. usairways.com has this problem. Once you've chosen the ticket you wish to purchase, you need to work over a page containing the flight information, an "I agree with the terms", a "select seats" button, your personal information, your billing information, and a button that says "purchase." I buy tickets there fairly regularly, because it's cheaper than using Orbitz and they give me frequent flyer bonus miles for doing so. More than once I've just thrown in the towel and bought the ticket from Orbitz, though. You want to press "select seats" before you select "purchase." Better hope you didn't get anything wrong because... 7. Not maintaining state If you bounce the user back to the webpage they were just on to correct something, it is critical that you leave all the information that isn't broken alone. This sounds obvious, but usairways.com clears the "I agree" button each time you go back through the page. When I'm trying to fix what's broken, I don't want to double-check the entire page to see what has been changed on me. That one webpage seems to have been designed by vandals. 8. Not letting me check things over After I enter all my information and everything is finally complete, I want one last page that says "okay, here is your order. Press BUY to buy." So many things can go wrong when entering information, particularly if I had to wrestle with multiple of the above problems. 9. Saying "Purchase" multiple times. Here's another usairways.com problem. After you select the ticket you want to buy, it pops you to a webpage where you enter your username and password, and has a radio button saying "Purchase ticket" next to the button "Continue." "Purchase" might be the most nerve-wracking button someone can encounter. I'm always worried that when I hit it, a page will pop up saying "Thanks! We're sending your item with $200 shipping!" or "we're mailing out the 3 hard drives now" when all I asked for was one. Keeping on saying "Continue" until I'm at my confirmation screen. 10. Saying "Don't Hit Submit More Than Once" This is a trivial computer science problem. It's extremely easy to generate a random number, hide it in the form, and make sure that only one form with that number gets accepted. This is a sure sign of an e-commerce site put together by fools. Thankfully it seems to be fading. Ten is a nice round number. I think I'll stop there.

Driving differences between Charlotte and Boston

2005-11-15T12:17:00.000-08:00

I knew there would be significant differences between Charlotte roads and Boston roads. Boston has a well-deserved reputation for aggressive drivers, and getting a car there after not driving regularly for over 10 years was a baptism of fire. Compared to that, driving in Charlotte feels like being on training wheels. As an example, let's take the intersection of I-74 and Sam Newell. It's a four-lane road meeting a two-lane road. And it takes 4 minutes for the light to go through its cycle. Encounter another 3 of those intersections and it can take over 15 minutes to travel 2 miles. Why does it take so long for the light to cycle on such small roads? Because there is an explicit green-left-arrow for left turning vehicles that preceeds the general green light -- and left-turning cars are usually given a red-left-arrow during this step, guaranteeing that there will be a large build-up of cars waiting to turn left when they next get their chance. Over all, it's much calmer than Boston, in which the left turning cars would just watch for a break in oncoming traffic and gun it. Given that the total cycle in Boston is usually less than a minute, you're guaranteed that at least one car will get to make a left turn (actually 2 or 3 are guanteeed to make it, given Boston's drivers' tendency to pull forward and block the intersection) each minute. I'm not sure if the hand-holding is a good idea, but Charlotte implements it well. While north-south traffic is making left turns, the east-west traffic is given an explicit green-right-arrow. (The only issue here is that U-turning traffic has to yield.) So this leads to the biggest surprise: given all of the above, you would expect Boston drivers to be more patient about making a red light, since they will get another chance very soon, and that Charlotte drivers would be more impatient, since it'll be a while before they get their turn. But of course that's wrong. Boston drivers will go through a red light a whole 2 seconds after it's changed, while Charlotte drivers will (mostly) sit back and gladly wait 4 minutes for their next chance. Guess things are just more mellow here.

What's in a middle name?

2005-11-11T18:06:00.000-08:00

So I went about getting my new North Carolina driver's license. (This was after getting new NC insurance and before getting a NC license plates. Fortunately contract work affords me some scheduling flexibility so I could put this off until my workload had significantly decreased.) Lo and behold, my Massachusetts driver's license didn't have my middle name on it, just an initial. Same story with my Social Security card. Presumably my passport does, but it's at the bottom of an unknown box as a result of two moves. I had to find a notary public, which ended up being my bank. (Not even they knew my middle name.) And had them notarize a form in which I attested to my middle name. As Sharon said "for pity's sake." I could've given them any middle name and it still would've worked. But I had to spend an hour combusting gasoline nonetheless. Anyway, more of my move is now complete.

Lawyers manufacturing data for class-action suits

2005-10-09T12:11:00.000-07:00

(Still in the process of moving to Charlotte.) The lawyers defending silica manufacturers against a class-action suit discovered lots of the same people claiming injury from both silicosis and asbestos poisoning. It seems that when you give some doctors a chest X-ray, whether they say "this patient has silicosis" or "this patient has asbestos poisoning" depends on what the lawyers paying for the diagnosis are looking for. Normally this is hard to prove, especially when the doctor can claim to be an expert witness. But for thousands of patients some doctors gave both diagnoses.

When Dr. (Ray) Harron was asked about another case of a person who first received a diagnosis of one disease, and then of the other, Judge (Janis) Jack interrupted the questioning to ask what happened to the first illness. "Well," she said, "where did it go?" Dr. Harron responded, "Like I say, I don't know." Shortly after that, Dr. Harron cut his testimony short, citing the need to retain his own lawyer.

I am shocked, SHOCKED.

Charlotte runs out of gas

2005-09-01T15:39:00.000-07:00

Great to see the place I'm moving to knows how to respond to a crisis: http://www.news14charlotte.com/content/local_news/?AC=&ArID=101499&SecID=2

Minutes after local and state leaders asked people to conserve gasoline because of a temporary supply shortage, long lines formed at gas stations all across the region.
...
City leaders asked people not to panic, but it seems like that is exactly what is happening. Instead of conserving, people are filling up.
“I'm not even on empty,” one woman said. “I've got three-quarters of a tank. I'm not taking the chance.”

I hope that the last gallon pumped from each station cost $100. I doubt it, though. It probably wouldn't've helped quell any hysteria, but it would've made people think twice about whether they really wanted to spend $800 to top off their tanks, unless they really needed it.

Tierney and Simmons bet

2005-08-24T17:43:00.000-07:00

In a redux of Julian Simon's Bet With Paul Ehrlich about metal prices, John Tierney and Matthew Simmons have bet each other about whether the price of a barrel of oil will be more or less than $200 in the year 2010: http://www.nytimes.com/2005/08/23/opinion/23tierney.html I've been encountering people on-line who claim that Simmons is shooting fish in a barrel, and wish they could be a part of it, too. When I offer to take them up on it, they suddenly stop. (Incidentally, if anyone wants to do a $10,000 to $25,000 version of the bet, drop me a line and I'll pay your legal fees.)

WaMo college rankings

2005-08-22T15:46:00.000-07:00

Washington Monthly has come out with a ranking of colleges based on national service, social mobility, and production of academic minds and research. I thought it was an interesting concept even before I saw my alma mater as number one. Following up on other comments on WaMo's blog about the differences between MIT and Harvard, I related a tale of my own:

When I go back to the MIT campus, I'm a little concerned by the student body. They all look happy and healthy and well-dressed. It's scarily like Harvard. I'm worried that they are drawing too much from the upper-class. This could absolutely be my own blindess; when I was a student I didn't pay any attention at all to fashion, so I may simply have been blissfully unaware if most of my classmates were good dressers and I was the exception. (I mostly worried about keeping my hair out of my eyes.) Also, MIT is explicitly trying to make their student body more suicide-proof via the admissions office. High-strung? Kind of a loner? Don't say so on your MIT admission form.

.NET Framework leaks memory "by design"

2005-08-22T13:02:00.000-07:00

Well, not quite. But it's still funny: http://tinyurl.com/88qjd The .NET Framework keeps XML meta-data in memory, and doesn't provide anyway to unload it. Official response: "This is by design. ... Caching and retrieving all of the various potential arguments passed to this constructor would be quite complicated." yay.

Felis Catus

2005-08-05T16:07:00.000-07:00

http://en.wikipedia.org/w/index.php?title=Cat There's currently an edit war happening at the Wiki over the definition of "cat." So you might have to use this special link to see the version I'm referring to: http://en.wikipedia.org/w/index.php?title=Cat&oldid=20362687

New listing, new interest

2005-08-04T09:17:00.000-07:00

So I've got a new listing for my condo up at MLS #70235596, and already within 12 hours I've scheduled 3 viewings. I'm asking slightly less and offering slightly more to buyer's brokers, so those could be factors. But I think it's much more likely that my new lister (Omega Real Estate) is actually forwarding the information onto me. I knew that fsbosupport.com sucks. I didn't realize just how much.

Mars

2005-08-02T07:34:00.000-07:00

Jon Tierney has another Op-Eds in the NYTimes today, following that of last Saturday's, about going to Mars. http://www.nytimes.com/2005/07/30/opinion/30tierney.html http://www.nytimes.com/2005/08/02/opinion/02tierney.html And Tierney harps on a particular bugaboo of mine, the tendency for NASA to ignore alternatives to artificial gravity when they can instead spend money figuring out that zero gravity is bad:

For decades NASA's doctors have been trying to find some physical therapy to mitigate the effects of weightlessness, but astronauts can still barely walk after six months of it. Meanwhile, NASA has largely ignored an obvious alternative: redesign the spaceship instead of the human body. Artificial gravity could be created during the flight to Mars by twirling the ship.

Hopefully this will help build momentum for Mars missions.

Buy This House

2005-07-28T16:28:00.000-07:00

I put some new pictures onto my Condo For Sale site. Brokers can make 2.5 percentage points for bringing a buyer.

Classifying network attacks

2005-07-28T13:11:00.000-07:00

Some of the Lincoln Lab work that I was involved in back around 1998 got brought up again on Bugtraq. I finally felt compelled to post there again. For brevity I made a much shorter post, but here's the full rambling text before I managed to edit it down a bit. Context: The discussion was how to categorize attacks. Historically the industry has used the words "local" to definte an attack that gets someone super-user privileges when they are a normal user on the system, and "remote" allows someone who merely has network access to the machine to gain actual permissions on it. Crispin Cowan wrote: > I participated in that Lincoln Labs study, and my recollection is > that the remote/local distinction was already popular on bugtraq at > the time. I was working on that project, and Dr. Cowan's recollection matches mine. Talks of "local" and "remote" were already in use somewhat on Bugtraq, although I don't think they had yet become universal. (I'd like to claim that the Lincoln studies helped push use of those terms along, but the concepts are so simple and elegant that their universal use was inevitable.) One of the mental models involved in those 1998 classifications of attacks was a "presence" of an attacker -- is the attacker outside your network, on your network, or on your machine as a non-privileged user? This model doesn't necessarily fit in well with some of today's most common attacks, as was mentioned when this thread started. It's not that trojan horses (whether you interpret that to mean just hostile applications, or hostile data run by vulnerable applications) weren't known about in 1998. It's that those attacks weren't considered all that important when compared to things that were more common at the time -- smurf attacks, pings of death, Sendmail buffer overflows, SYN queue starvation. I've seen a lot of classification schemes proposed on Bugtraq in the intervening years, some of them quite good. (Search the archives for "taxonomy" or "classification".) But unless they are -very- simple to use, they won't be taken up by the community. If you can come up with a single word that imputes the concept of "malicious data that I can easily get onto the victim's machine and in front of the victim's eyes but requires him to run it," that would be a great step forward. Simplicity is key. (Unlike this posting, which I did not have time to make shorter and simpler.) But a foolish consistency is the hobgoblin of taxonomies. How do phishing attacks fit in with that 1998 taxonomy? I could suppose it's called local-to-root, but a better response would be to a) come up with a better taxonomy, or b) accept that every possible "attack" in the world may not fit into a given taxonomy. It seems the CVE folks have just accepted that exact fits aren't going to happen and are living with a bit of imprecisenss. Trying to come up with a perfect taxonomy will drive you insane, especially as you are dealing with the classification of the actions of very creative humans. And on the subject of compound attacks, there was also some work coming out of Rome Labs at about the same time that was doing some formalizing the chaining of, say, remote-to-local with local-to-root attacks to make a remote-to-root attack.

Revenge is the best Revenge

2005-07-26T21:26:00.000-07:00

So today for the first time I found myself really thinking "boy, I really wish I had a blog." With my latest attempts to sell my house (more on that later), I contracted with a flat-fee MLS service, but they gave really poor service, and promised some things they couldn't deliver. So I figure if I create a page such that anyone searching for www.fsbosupport.com or "FSBO Support" would eventually come across here, it'll help lead people towards companies that provide better support. More details and e-mail contents later.

Guess Number	Letter	Remaining Words
0	(A)	825
1	R	653
2	N	506
3	L	383
4	E	284
5	S	208
6	T	155
7	K	114
8	M	80
9	Y	55
10	U	38
11	I	26
12	O	16
13	F	8

Subject
very short timeout in WRT54G v5

Discussion Thread
Response (Xxx Xxxxxx X(00000))	12/16/2005 10:25 AM
Dear Valued Linksys Customer, Thank you for contacting Linksys Technical Support. Look for a “keep alive” option on the SSH client software and enable it. If you have any further questions, feel free to visit our Knowledge Base at http://www.linksys.com/kb/ or send us an e-mail at support@linksys.com so that we can further assist you. Thank you and have a nice day! Sincerely, Xxx Xxxxxx Badge ID 00000 Linksys – A Division of Cisco Systems, Inc. Product Support Specialist Website: http://www.linksys.com Network Setup: http://www.linksys.com/edu This correspondence is considered confidential and any reproduction for the purpose of public disclosure is forbidden without written permission by the author signed above. Please keep all previous emails as a point of reference.
Customer	12/15/2005 09:02 PM
If I leave a telnet or ssh session open for ten minutes with my WRT54G, the connection is forcibly closed. This wasn\'t a problem with my previous WRT54G. I am running "Firmware Version: \tv1.00.4, Dec. 8, 2005" How can I change or eliminate this value? This correspondence is considered confidential and any reproduction for the purpose of public disclosure is forbidden without written permission by the author signed above. Please keep all previous emails as a point of reference.
Customer	12/15/2005 09:02 PM
If I leave a telnet or ssh session open for ten minutes with my WRT54G, the connection is forcibly closed. This wasn't a problem with my previous WRT54G. I am running "Firmware Version: v1.00.4, Dec. 8, 2005" How can I change or eliminate this value?

Guess Number	Letter	Remaining Words
0	(A)	825
1	R	653
2	N	506
3	L	383
4	E	284
5	S	208
6	T	155
7	K	114
8	M	80
9	Y	55
10	U	38
11	I	26
12	O	16
13	F	8

Guess Number	Letter	Remaining Words
0	(A)	825
1	R	653
2	N	506
3	L	383
4	E	284
5	S	208
6	T	155
7	K	114
8	M	80
9	Y	55
10	U	38
11	I	26
12	O	16
13	F	8