News from PANUG/BizNix - June 12, 2002 http://panug.org - http://biznix.org Hardware has grown following Moore's Law, software seems to be stuck with Gresham's Law. -Jim Horning, Inside Risks Gresham's Law: http://www.cin.org/gresham.html Yesterday's Dilbert strip: Software vendor: Our new version is a step backward in quality and reliability. We're counting on your irrational need to have the latest version of every software product. Dilbert: I hate your weasel guts...but I'll take one for home and one for the office. DIVERSITY by Ed Sawicki - Accelerated Learning Center / Tailored Computers The Dilbert joke (above) happens to coincide with an item mentioned in today's SANS broadcast where someone suggests that using older versions of popular software would likely result in fewer attacks since attackers tend to focus on the latest versions of software - something I agree with up to a point. One of the editors (Murray) attached this comment: "Another way of looking at it is that a population is at risk from homogeneity and a little diversity reduces that risk marginally." Murray seems to be out of touch. The population is not at risk of homogeneity. We've been there for years. That's why every virus attack affects such a large population. Diversity does not marginally reduce risk. It reduces risk substantially. BIZNIX MEETING This month's BizNix meeting is this Thursday, June 13 at 6:15 pm at Novell's office in Tigard. The main presentation is the Linux Terminal Server project. This is the coolest thing. It allows you to use older computers that would normally be considered too underpowered to be useful, to be used as Linux X terminals. Each X terminal can run Linux desktops and applications and perform as if it were a more powerful machine. You can also connect to a Windows terminal server and run Windows applications. If you'd like relief from having to replace the computers in your company every few years, don't miss this presentation. ACCESSIBILITY by Dick Pilz (ED - this article is a follow up to last week's articles on Article 508) Section 508 covers much, much more than Web documents. One of the core tasks for the QA group that I am in at Symantec is testing and certifying Ghost software to comply with Section 508. It only applies to windowing/mousing systems - character-based systems have no problem. There are several excellent "508" sites you can Google to. One thing that you can try is to use a screen reader to navigate your pages. (XP has a mediocre reader and there are lots of shareware ones.) Make sure that all parts of the page can be accessed solely by keyboard commands. If it is possible to do that - not convenient, but possible - then you probably comply. Any required inputs must be voice-command enabled. A lot of that is browser dependent, though, so standard formats like HTML and XML should do the trick. For example, the Ghost help files are Windows CHM files and since everything in the printed manual is in the help and vice versa, that component complies. Here's a free service that identifies access barriers to web sites by individuals with disabilities: http://bobby.cast.org/html/en/index.jsp DUMB, DUMBER, & ETHEREAL by Ed Sawicki - Accelerated Learning Center / Tailored Computers Ethereal is a free, multi-platform LAN Analyzer program that runs on a variety of operating systems, including Linux and Windows. While it doesn't have all the features of commercial products like Sniffer and its decendents, it's great for troubleshooting LAN packet-related problems. The problem is Ethereal While using it recently, I noticed packets from something called the "msproxy" protocol. Since I use no Microsoft servers on my network, this is cause for concern. Was I being hacked? Is my firewall not doing its job? It took about two seconds to realize that these were plain old DNS packets but Ethereal was decoding them as msproxy. DNS servers use port 53 and the msproxy protocol uses port 1745. The packets I was looking at had source ports of 1745 and destination ports of 53. Which is it - DNS or msproxy? It's DNS of course. Port 53 is a well-known port that should always trump any port higher than 1024. In my case, port 1745 was just an ephemeral port used by a DNS resolver (client). Decoding errors like this make Ethereal less useful. Fortunately, the Ethereal designers also consider this a flaw when I reported it and will fix it.