Misc. Ramblings

Week of 23 July through 27 July 2001
Last Week    Mon    Tues    Wed    Thurs    Fri    Next Week
Home     Diary Index     Search
Contact Dan
   Jump to Last Update

Monday - 23 July 2001

LCD Displays. Our office is looking at replacing our aging video monitors with LCDs. As always, price is an object [or at least a concept - ed.] so we can't get 17-inch models. Does anyone out there have any recommendations for a 15-inch model?

So far, I've looked at the reviews at PC Magazine (see it here) and Computer Shopper (see it here). Having read the reviews, Samsung seems to be rated very well but I have no experience with them. Again, any recommendations will be appreciated. Thanks in advance.

PC Turns 20. The Associated Press story, in the Los Angeles Times (see it here), jumps the gun a bit, but I guess when you are on Internet time you can move things forward a little. In either case, the Times article looks back at the August 12, 1981 introduction of the IBM 5150 Personal Computer. Yes, Apple/Radio Shack/Commodore was there first, but they weren't "IBM compatible."

It was that compatibility, or more accurately, adherence to standards, that set the stage for the PC revolution. Prior to that, computers where a confusing, incompatible combination of operating systems, software, and hardware.

The coming of the IBM not only set the standard, it legitimized the shift from the time-sharing world of the mainframes and mini-computers. Up to then, users were considered second-class citizens who were relegated to "dumb" terminals and whatever software the centralized powers-that-be felt the users should get.

With the advent of the PC on every desk, the power shifted to the users. No longer did they have to fill out forms, in triplicate, to gain access to an application. No longer were "jobs" run in batch mode, in which you submitted a job to the que, waited for it to run on the mainframe, and then waited for the output. Now you could run things in interactive mode - in more or less real time. You could change the parameters of a spreadsheet and almost immediately see the results. You could then take those results and graph them, showing the relationship(s) among the variables.

And yet, there are still those who would try to turn back the clock. Who would try to tie peoples hands and tell them it's for there own good. Who would use the word "Internet" to fool people into thinking it is a Good Thing to give up your flexibility and individual power. "Just trust us, we know what we are doing and what's best for you"; they say. Well, I for one ain't going there. You can take away my PC when they pry it from my cold, dead fingers. [insert background shot of the US flag, the American Eagle, and Apple Power Mac G4, errr IBM PC - ed.]


Top / Home / Monday / Tuesday / Wednesday / Thursday / Friday

Tuesday - 24 July 2001

Equal Time. Before people get the mistaken idea that it's only Microsoft that has buggy software, take a look at KWord. That's the included word processing software that comes in the KDE Office suite. First, I will admit that the problem could be related to my distribution (Caldera OpenLinux that I use at work), or it could be related to all of the failed updates/compiles/patches, etc. Or maybe I didn't hold my mouth just right but I've found KWord to be VERY unstable. As in alpha-level unstable.

For example, I tried to create a simple document that would show the different installed fonts. I got about two pages done when all of a sudden, KWord just blew up and disappeared with not even a blue screen to read. This disconcerting behavior seems to be the default in Linux. When something goes wrong, the program just disappears without so much as a by your leave.

Working in Linux brings back the old saying of "save early and save often." Something I really haven't had to do on regular basis since the Windows 3.1 days.

And it's not only KWord. I installed KBear, a graphical ftp program. I transferred three files with no problem so I decided to get bold and try sending 20 files (each between 200 and 400K). Yup, you guessed it - KBear disappeared off the screen. So I restarted it and tried again. This time, instead of clearing out of town, it decided to camp out on the screen and not leave. I had to use one of the system utilities to kill the process since I couldn't even shut down.

Great strides are being made in the Linux world. But that's because it has so far to go, as a desktop operating system, before Aunt Minnie, or yours truly, could be expected to use it productively. YMMV.


Top / Home / Monday / Tuesday / Wednesday / Thursday / Friday

Hump Day Wednesday - 25 July 2001

Moving Moments. As some of my eleven long-time readers know, we live on a lot with two houses. SWMBO and I live in the front house and we rent out the back house. You may also remember that when I first moved in, after we got married, we lived in the back house. But we soon moved into the front because it had more space.

Now, we are about to move back into the back house. Why, you ask? Well, it comes down to having a dog (yes Marsha, rescued from the Humane Society <G>). You see, the front house isn't situated such that there could be a fenced in area (which is a must). So, the back house it is. Which means we try to shoehorn stuff that fits just fine in the big front house, but will be big trouble in the small back house.

It also means we will have to build a fence, and wall for the back. This is not a small cost. And then there are the "might as wells." You know, since we are moving to the back, we might as well do [insert an unending list of costly renovations]. We've had some preliminary work done already such as having the lot surveyed (highway robbery I say, highway robbery). We also replaced the waterline to the back house since, for some reason, it was made out of plastic instead of copper (plastic is cheap but does not last as long). We've also been fighting a losing battle with ground termites. The costs so far? A little under $11,000 US. Ouch!

Mail Bag

From: Jan Swijsen
To: Dan Seto
Date: Wed, 25 Jul 2001 10:57:48 +0200
Subject: tft

Hello Dan,

I have been using a 15.1 LG screen at home for the last 3 years now. (LG is sometimes referred to as LG-Philips) The picture size (not glass but picture) is the same as the Mag 17 inch screen it replaced. In these three years I haven't had a problem with it and it hasn't faded at all. It is bright and sharp with a steady completely flicker free image. It is viewable (readable) at very sharp angles left to right (I guess it has about 160 degrees) with only a limit on the vertical angle, it stays readable when tilted but the brightness changes and the colour shift. The warranty (expired now) was that it could be turned in for replacement if any single pixel was not functioning. I know from Masset, my regular hardware shop, that LG are about the best flat screens he sells, with almost no returns (he also sells NEC, Iiyama and Belinda LCD screens at the moment).

I got a second, cheaper flat screen recently, a LifeTech (a rebranded German product, so I don't think I can relate that to a brand you will find on your side of the globe). It is not bad, no defects and again a razor sharp image. It is a bit too bright, even at the lowest setting, resulting in somewhat washed out colours.

I can heartily recommend LG.

The only thing I see going against these flat screens is their colour rendition. The colours never blend (probably because there is no glow) so for graphics work where colours are important they may not be a good choice. But than for that type of work you should use bigger screens, 19 inch and up, and these sizes are not something you want to go to with flat screens (unless you can print your own money of course).


From: Dan Seto
To: Jan Swijsen
Subject: Re: tft
Date: Wed, 25 Jul 2001 06:47:40 -1000

Hi Svenson,

Thanks for the feedback. I've heard good things about Philips and so they are on my short list (Samsung, Philips, Sony). Right now, the cheapest LCD screen I know of locally available is a Viewsonic selling for $399 US, but I'm kind of leery of going with the lowest price (the others are in the $500 range).

Mahalo nui loa - Dan


Top / Home / Monday / Tuesday / Wednesday / Thursday / Friday

Thursday - 26 July 2001

Laurels and Darts. Speaking of graphing, and I was (see Monday above), here's a link to a site which tries to show what good graphical presentations should look like. Be aware, some of it is rather esoteric, but it may be of some use to those who need to display information in a quick and clear manner.

Italians Discover Murdered Corpse. In what is described as dogged determination, Italian investigators have determined that the 5,300-year-old corpse, discovered frozen in 1991 in an Alpine glacier, had been killed by an arrow. Authorities are still looking for the assailant, who is assumed to be still at large, but dead. Film at 11.

No Good Deed Goes Unpunished. So you work for a state university in Georgia and decide to load one of those distributed computing programs, like SETI and the like, on the computers there. You figure all of those "wasted" computing cycles can be put to better use. And you are right. But you missed one small detail. You didn't get permission from your supervisors, which you need because these aren't your computers.

So David McOwen is now facing fines of $415,000 US and up to 15-years in jail if he is convicted of felony. See the Los Angeles Times story here.

Thought for the Day - For everyday work, my Linux client is 99% promise and 1% delivery. - Doc Searls, Senior Editor, Linux Journal

Mail Call.

Date: Thu, 26 Jul 2001 08:18:50 +0200
From: Jan Swijsen
To: Dan Seto
Subject: Re: tft

You can go with the lowest price but than you must be especially careful. Check before you buy. Look at a full black screen and at a full white screen, the best way to detect defective pixels (I have one in the LG but it is only defective when the screen is cold and I don't notice it most of the time). Try a multicoloured background (flowers, people, anything with large adjacent bright colours) at various intensity ranges to check out the colour quality. And try to look at the screen with the ambient light turned down a bit if you can, often even the lowest brightness level will be a bit on the bright side. Typically brightness and contrast are only adjustable over a narrow range.

I bought the LG over three years ago (jan-1998). The normal market price at that time was between 50000 and 60000 BEF (say 1200 and 1500 USD) and that was for the (more or less) common 14 inch screens, 15inch had only just been introduced at premium prices. LG was new in Europe so they launched with an aggressive price. I got it at just under 35000 (say 800 USD), lower than rock bottom price.

I didn't need a screen at all really, I just walked into the shop browsing their software, checking up on modems etc. Then I saw the screen side by side to a NEC 14" LCD (at the expected $1500) that had been on display for two weeks, half the price and a much better picture. I didn't think twice (probably not even once <g>). It is only in the last four or five months that the prices got lower.

Another thing to take into account is what you get extra for the extra price. Back to LG. They had two models. The 'cheap' basic model and the up market one. They use the same LCD panel but the upmarket one had a more stylish housing and included a set of speakers. And it did cost about 30% more.

From: Dan Seto
To: Jan Swijsen
Subject: Re: tft
Date: Thu, 26 Jul 2001 07:48:00 -1000

Thanks for the tips on what to look for in evaluating which flat panel LCD screen to buy. I'm sure I, and my readers, can use them to pick the model right for them.


Top / Home / Monday / Tuesday / Wednesday / Thursday / Friday

Aloha Friday - 27 July 2001

It's Friday!

First Things First. The BackChannel has been a little quiet the past couple of weeks. I guess too quiet. The waters were stirred up again this morning (HST) regarding what treaties the US may have signed off on or are willing to amend. A very wise person said certain subjects should not be discussed in mixed company. Perhaps, mixed company should be expanded from meaning the two sexes to people from different countries/cultures/continents.

Now, don't get me wrong, I'm all for free speech. If you want to stand on your soap box and let everyone know what your opinions are, more power to you. You have that right and no right means anything if you can't exercise it. But there are limits to that right. You can't yell "Fire!" in a crowed theater (unless, of course, it is on fire). You can't incite an "imminent lawless action", e.g. riot. And you can't libel someone (yes, I know, you can literally do all of the above, but if you do, it will be considered illegal and not part of free speech).

So if people want to have at it on any subject, go for it. Having said that, discretion is many times the better part of valor. And common sense.

Stealth CoyoteLinux Firewall. As many of you know, I use a version of the Linux Router Project (LRP) setup to act as a firewall and router. The LRP is a distribution of Linux shrunk down to fit on a single floppy. The advantage of of this is you can setup a very minimal PC (586 with 12 MB of RAM and a floppy drive) and have something that is as secure as hardware costing many times more.

The specific version of the LRP I use is called CoyoteLinux. It has a very simple command line install program that asks a few questions and then rolls your own firewall. Now, there is a perfectly logical debate as to whether it is better to use a PC running Linux as a firewall or to get something like a LinkSys router with a firewall capability burned in. The former may require you to learn about IPChains and port forwarding. The later requires a leap of faith that the firmware will be updated as bugs and holes are found. I'll leave it up to you to decide which to implement because I think either can work and either can have problems.

As for me, I went with the LRP. The lesson for today, class [I though he'd never get to the point - ed.] is about stealthing a port. The CoyoteLinux firewall closes all ports. That is not the same as stealthing a port. A computer with a closed port will respond to a scan by saying the port is closed. A stealthed PC will not respond at all. It seems intuitive that being a "black hole" is better than letting the Script Keedeezs know where you are. For some of them, just knowing you are there is enough for them to try to find a way in.

So if you are using CoyoteLinux, how do you stealth the ports? I thought you'd never ask. You could try reading the FAQ here. But if you did, you'd find it didn't work. Gee, a How-To that tells you how to do something, but doesn't work. Who'da thunk it? <G>

What you need to type in will depend on what services you need open. If you are not running a server or do not need SSH access, you can stealth all ports. If not, you may need to do what is listed below. So here are the steps you need to stealth the ports on CoyoteLinux firewall version 1.29:

1. Login to the router with user: root [enter]
2. Type in your password: [enter]
3. At the Configuration menu, choose number 1. Network Settings [enter]
4. At the next menu choose 3. Misc startup [enter]

This will bring you to the rc.local file. If this file name is not what you see at the top of the edit screen, stop! Hit control c (that's hold down the control key while at the same time pressing the letter "C", without the quotes) to exit and try again. If you are in rc.local, then proceed to type the following lines at the bottom of the rc.local file (by first using the down arrow key to get there):

# Flush any autofw's (so we can rerun this file)
ipmasqadm autofw -F
# Send any port requests to non-existent internal PC.
#  In this case, I'm using 254, but you can use another
#  as long as there isn't anything on your LAN with that
#  IP address! If there is, choose another number,
#  otherwise, all scan requests will be going to that PC.
# Uncomment the line below (by deleting the "#" character
#   just in front of the line) only if you do NOT use SSH connections or
#   do not have a web server open to the world.
# If you don't know if you use SSH for secure telnet connections
#   I would assume you don't. I also assume you would know if you are
#   running a server or not.
# ipmasqadm autofw -A -r tcp 1 65535 -h
# If you uncommented the line above, please skip the
#   following and go to the line about servers. For all others, 
#   continue reading on.
# Uncomment the two lines below only if you use SSH connections.
# ipmasqadm autofw -A -r tcp 1 21 -h
# ipmasqadm autofw -A -r tcp 23 65535 -h
# Note the break in numbers leaves port 22. This is for those
#   who use SSH to make secure connections.
# Type in the following line (for UDP requests), unless you need to use
#   a service which requires a UDP port to be opended. If you do,
#   you will need to split things up as the above is for SSH connections
#   but substitute udp for tcp and whichever ports you need for the ones
#   listed above:
ipmasqadm autofw -A -r udp 1 65535 -h
# For those who have web servers at port 80, you will need to
#   uncomment the line below (note the IP address
#   is the internal address for your server, so please substitute the
#   correct address for the xxx.xxx.x.xxx:
# ipmasqadm autofw -A -r tcp 80 80 -h xxx.xxx.x.xxx
# Finally, enter a blank line at the end of the rc.local (hit the
#   enter key while the cursor is at the end of the file).
# Now, you need to save the file and then exit. Hit the F1
#   key to see what key combinations you need to press to do that.
#   [End of file]

5. Now to edit the rc.masquerade file. Assuming you've edited the rc.local file and exited, you will be looking at the menu which includes 4. IP Masquerading configuration. Pick this file by pressing the number 4 key and then hitting the enter key.

You should now be in editing mode and the top of the screen should say you are in the rc.masquerade file. Arrow key down to the bottom of the file and type in the following:

# Block PINGs from outside only. Note this configuration assumes you are
#   using two Ethernet cards in your firewall and that "eth1" accesses
#   the Internet, as opposed to your using a dial-up to the Internet.
#   Note also that the line below is one complete line and that the
# part is all zeroes (naughts), not the letter "O".
#   Further note the two dashes in the section --icmp-type.
/sbin/ipchains -A input -s -p icmp --icmp-type ping -j DENY -i eth1
# As before, add a blank line at the end of the file, save the file,
#   and exit. At the menu, press the letter q and
#   enter to get back to the main configuration menu. Once there, you
#   need to press the letter "b" (without the quotes) and enter to
#   backup the changes you just made. This is very important.
#   If you do not back up the the changes, they will not be there
#   the next time you reboot (which you will have to do to get the
#   changes initialized. Actually, you could just type in the above
#   changes at the command line but again, every time you rebooted,
#   you would have to retype them in).
# Finally, you need to make the diskette read-only by sliding the
#   little tab so that you can see through the window. This 
#   keeps the bad guys from permanently altering your files should
#   they somehow hack through your firewall. Remember, however, if you
#   need to make changes to any of the files on the disk, you will 
#   need to slide the tab back to its original position.
# [End of file]

Once you have rebooted, you need to check to see if everything is working correctly. To check for the status of the ports, go the Steve Gibson's Shields Up! page found at his website here. Follow the instructions on scanning your ports. It will take awhile for it to scan 10 specific ports, but if you did everything right, the scan will tell you all of the ports are stealthed. Or not.

To check to see if pings from the outside are blocked you will need to get to another PC, not on your LAN, and ping your router's IP address. If you get 100% loss you know that is working also.

The above How-To is substantially based on the work of E. A. Fritz. I have, however, substantially expanded the explanations so that even neophytes like yours truly could understand it. Any errors in the above are mine alone.

Have a Great Weekend Everyone! - Aloha!

Last Week    Mon    Tues    Wed    Thurs    Fri    Next Week
Diary Index   Link to the Daynotes Gang

© 2001 Daniel K. Seto. All rights reserved.