Thursday, December 22, 2005

PCLinuxOS - Part 2

Two days ago I converted my wife's machine. It was a snap and she was up and running in one hour with all her files restored from backup. She does not see much difference, but, noticed that it seems to have better performance. I installed the extra games as she likes to play games when she is bored.

I also found out that Beep Media Player can handle streaming internet music. I have had it running for several days now. I put a skin on it so it looks like XMMS. It tooks a bit of digging to find this out, but, the online groups are a great help.

Monday, December 19, 2005


I have now been playing with PCLinuxOS V0.92 for a week now. So far I like what I see. It is very easy to add/delete/update my system with the control centre. It is very much like Mandriva so that there is little change.

The only thing I had to do was to change from DHCP to Static IP as the P2P programs would not properly connect to the servers. I also had to make a firewall change. Once that was done I could start to download files without a problem.

There is still one problem. When I try to stream music through XMMS it won't connect and play. I have no problem with Realplayer or the MPlayer plugin. Realplayer is somewhat slow and skips at times when I am working which I don't like hearing. The MPlayer plugin to Firefox is nice, but, I have to keep the browser running. I probably will be going to the PCLinuxOS site later and see if anyone else has a problem like me.

A few fixes I had to make:
  1. Machine name changed from 'Localhost'. I had to manually tweak that. There is a setting somewhere, but, I have not found it yet.
  2. DHCP to Static IP for P2P to work properly.
  3. Firefox popus. I had to add a new 'Integer' for variable privacy.popups.disable_from_plugins and set it to a value of 2. I also set privacy.popups.policy to a value of 2. That seems to stop the popups.
  4. KDE uses CTRL-TAB CTRL-SHIFT-TAB to move between desktops. Firefox uses that to move between tabs. I had to change KDE so that I use that key combination for Firefox.

Friday, December 16, 2005

New Linux Distro Installed

I am trying a new distro on the machine at home. PCLinuxOS V0.92 was installed. It went smoothly taking about 1 hour on a 1GHz machine. It appears to be a stable as Mandriva and it comes on one CD. It also has everything that Mandriva has and the best part is that it is a livecd that you can try before installing.

There are a few things that I like.
  1. XMMS comes with the package. I prefer this app over Amarok.
  2. Kontact & KPilot work reliably with my palm pilot.
  3. It feels more responsive than Mandriva.
  4. System management has a similar look/feel to Mandriva.
  5. It automounts my USB memory stick and Harddrive like Mandriva.
  6. One CD vs three when installing.

Sunday, November 27, 2005

Playing games with phishers

I just received another phishing attempt in an email that purports to be from Paypal. I forwarded the email, but, this time I was a bit bored so I decided to have a bit of fun with phishers.

Email address: EatShit@die
Password: eatshitanddie
Name: Yousef R Screwed
Address: 24 Sussex, Ottawa

Believe it or not they accepted the above without verifying that @die is not a valid domain. I decided to have fun with the information that they asked for. I had a lot of fun filling in bogus information. I really hope they try to use the information and see how screwed over they will be afterwards. For those of you who are not Canadian the address is the residence of the Prime minister.

The system came back and prompted me for a valid address so I used and it accepted.

Spam summary

Here is a summary of my mail that I have received. I have made a small change. Rather than showing week by week I will show month by month. It has gotten a bit better as the large scale spammers are slowly being taken offline.

Time PeriodLegit emailPhishing attemptsOther Spam% Legit email
June 133 10 264 32.7
July 128 6 158 43.8
August 148 8 126 52.5
September 144 4 87 61.3
October 141 6 97 57.8
November 169 9 105 59.7
December 8 0 2 80.0

Sunday, November 20, 2005

Mandriva 2006

I finally got the download of the three ISO images for the latest Mandriva and burned onto CDs. I then proceeded to back up my main machine. It took about 30 minutes as I have a lot of photos scanned in. Eventually I may move them to the second hard drive and clean up my home directory.

After the backup I inserted the boot CD and did a restart. The installation process has not changed too much. I picked out all of the individual packages like before. A few notes ->
  • GTK-Gnutella is now a package that you can install.
  • CLAM AV is installable. This is nice as we still have two kids using windows and I can scan the shared folder for viruses.
  • In deselected Scribus, but, the support library still loaded. Small point that does not affect installation.
  • CDs, USB hard drives, USB memory sticks, floppies now show in 'Devices' rather than each one cluttering up your desktop.
From the point of boot up, selecting packages, installing packages and rebooting took about 45 minutes. It then booted up and I logged in without a problem. KDE 3.4 has a few changes, but, the basics are still the same.

Jane was installed in the same amount of time. The only difference is that she wanted all of the games installed.

I installed Mandriva 2006 on my daughters machine. Again no hitch, three different computers without any problems at all. She just loves it and thinks that the new backgrounds are totally cool.

I did a scan on the shared drive using CLAM-AV and it found five nasty little critters and trashed them. Jane and I didn't notice them as they were windows based and didn't affect our Linux boxes, but, it is nice to know that the new tool worked.

Monday, November 14, 2005

New Phishing variant

I received an email that looked to be from EBay. It was for a 'survey' and you get a $20 certificate. Reading it I noticed that it stated that I had an EBay account (I dont') so I forwarded it to EBay. I have just received a note back that this is a phishing attempt. The phishers are starting to get better, rather than say you have a security problem they ask you to fill in a survey. As a 'thank you' you get a $20 certificate.

Ebay has a few suggestions ->

In the future, be very cautious of any email that asks you to submit information such as your credit card numbers or passwords. If you are ever concerned about an email you receive from eBay, simply follow these steps:

1. Open a new Web browser and type into your browser address field to go directly to the eBay site.

2. On eBay, sign into your account and click the "My eBay" button at the top of the page.

3. Check the My Messages section located at the top of the My eBay page. If an email affects your eBay account, it's now in My Messages. Any email sent to your registered eBay email address from eBay or from another eBay member via eBay's member-to-member communication system will now appear in My Messages.

Just remember, if you get an email to your registered eBay email address that looks like it's from eBay about a problem with your account or requesting personal information, check My Messages first. If it's not there, it's a fake email.

If you still have any doubt about whether an email message is from eBay, please forward it immediately to Do not respond to it or click any of the links. Do not remove the original subject line or change the email in any way when you forward it to us.

Sunday, November 06, 2005

Linux at home.

Our house uses Mandrake Linux, but, it does not stop me from looking at other distributions to see if they are better. On Saturday I tried Kubuntu 5.10 to see if it will replace our setups. I like the fact that it is on on CD.

My quick impressions:
  1. Installation was fairly simple. I had a few problems on the custom partitioning on my machine.
  2. I like the simple options presented. However, I would prefer finer options on what is installed or not installed. I really didn't need all of the things it installed by default. Not a problem as I could run ADEPT to remove what I didn't like.
  3. I had a few problems with my USB drive being recognized. I realized the the SDA error was really an information message and the drive was there.
  4. It didn't recognize my USB scanner at all. As I need that the distro would not be installed.
  5. It didn't come with any games by default. For me that is not a problem as this is a work machine, not a game machine. For my wife and especially my daughter that was a problem. For my daughter this distro was a non-starter as her PC is not hooked up to the internet and I had no way to easily install all of the cool linux games she likes to play with.
  6. The first ID you create has admin capabilities by default. I like to grant only root the rights to add/delete software. When I want to do something to the machine I sign on as root or use SUDO.
  7. I liked ADEPT. From my short time using it I prefer it over the RPM manager in Mandrake.
As a result of this I am still using Mandrake. When they fix the USB scanner issue and maybe a game issue I will look at it again.

On a side issue my daughter has been playing with my wife's Linux box for the last several months and asking me to install Linux on her own PC as it has more cool games. I installed Mandrake 10.2 in one hour (installation and configuring) she now has a dual boot machine and just loves playing the various games that comes with Linux. She has absolutely no problems logging in and out and working with Linux. She is now using OpenOffice to write her letter to Santa. This impressed myself and my wife as neither of us showed her where office was. For anyone who says Linux has a ways to go in the user interface to match windows keep this in mind-> She is a seven year old who has no problems using the Linux interface and is capable of figuring it out on her own.

My next project is to eventually hook up my daughters machine to the home network. But, I will be setting up a very restrictive firewall on her box. Windows will have not network connection! I can then apply patches to her Linux partition, send files to the printers but she can only surf the web from either my machine or her mother's machine under our supervision. I can also set it up that only a few sites are available to her for researching her class projects.

Eventually Mandrake 2006 will be generally available for download and I will then do the upgrade path on all of the boxes here at home.

Saturday, October 29, 2005

Mail & ranting - again

Since my first posting on the unsolicited cards, labels, stickers etc. of 9/24 I have received a further eight mailings with more cards, seals and labels. It is highly unlikely that anyone from any charity is reading this but...


I already give to a large number of charities (see my original posting). I would really prefer it if you would just send a nice short letter detailing what you have done with my money and what you need help in doing for the next fiscal year. The mailings according your experts are to designed to motiviate people into giving, well for me it won't work. In fact with me it probably will do the opposite, if you have so much money to waste on these things trying to get me to give to you I view it as taking away from your mission of helping others. I have worked 19 years as a volunteer (including board of director member) for a not-for-profit and I know how tight funds are for a not-for-profit. During my time as a BOD member we never did a shotgun approach to raising funds for our programs.

If you want to mount a more effective fund raising program:
  1. Send a targeted solicitation to your existing contributors. Offer them the opportunity to order cards, seals, labels as a bonus of sending in a donation.
  2. Cut back on the shotgun generic mailing with labels, seals and cards. This is a huge expense for your group and probably does not garner a huge response rate.
  3. Clean up your mailing lists. I normally get two or more solicitations from some charities. The only difference is a slight one in my name.
  4. Clean up your mailing lists, again. I received a solicitation for my mother. Only one problem, she has been dead since August, 2000.
  5. Ask the company you are buying your mailing list from on how current that list is, see point 4.

Monday, October 10, 2005

Spam - Yahoo tools

I found a most interesting option in Yahoo mail. It is 'Block Addresses' and it appears to have been there for a while. It has been activated and one whole domain has been blocked at this time. It will be interesting to see what it does to the volume of spam which is coming in.

The one domain that is there right now is SOHU. It appears to be a Chinese site and their emails are quite annoying as they use the ugliest fonts and sizes.

Saturday, October 08, 2005

MS Update - October 11, 2005

Microsoft is planning to release a number of patches (9 in total) this Tuesday. Please use the Microsoft Update feature on your systems. I don't know if the updates are applicable to Win 95/98 systems, but, try to update too. Some of the fixes are deemed critical by Microsoft. While you are at it you may want to update your virus scanning software (you do have a scanner don't you?), spyware scanner(s) and firewall software.

For those of you who are running Linux, don't gloat, there are a number of patches you should be applying. has an advisory watch section that details the various distributions and the fixes. You can check out for the information.

Saturday, September 24, 2005

Mail & Christmas cards - my rantings

This is not on the subject of Linux, but, on bulk mail that I get at home from not-for-profit organizations.

Let me be clear, I do support a number of not-for-profit entities financially with a fair amount of my money. Namely:
  • Alzheimers Society of Canada
  • Arthritis Society
  • Canadian Cancer Society
  • Cancer Research Society
  • Canadian Diabetes Society
  • Covenant House
  • Heart & Stroke - Ontario
  • Nepean Optimist club
  • Ottawa Civic Hospital foundation
  • Ottawa Humane Society
  • United Way
  • Victorian Order of Nurses
  • War Amps
  • Plus others that I can't remember offhand.

What gets me peeved is that I get a large number of unsolicited boxes of cards and labels. Just in the last two months I have received four boxes of cards and each box holds a dozen cards, several for mailing labels, one with a note pad and one with a pen enclosed. The labels are in sizes of approximately 50+. All of these except for one were directly addressed to me from organizations I current contribute to.

The problem is that I am giving to part of these charities my money and they are sending out materials that must cost them a fair bit of change to make and mail. That money could be used more productively going to what they are in business for. If they want they could send out a targetted solictitation for funds to existing donors and then have a check box that you can fill in if you give over $X for cards or personalized labels. One organization that does this is the war amps. You can check off a portion on the solicitation on if you want to receive personalized mailing labels.

I have hundreds of cards and labels that I have not used from prior years so I have a near-lifetime number of Christmas cards that I can mail out. Please stop, or better, ask me first before you send out the materials.

Thursday, September 22, 2005

State of spam

Well for the last two months the amount of spam I have been getting is on the decrease. I hope that this is a permanent trend. That said I don't think spam will be going away totally, the economics of it is too good for it to be totally eradicated. On the downside the spammers now have my Sympatico id. I have received about six spam and variants of the Nigerian scam letter. I have been letting Firefox flag these as spam and drop them into a spam folder. Later when I am bored I will go through them and purge them.

The phishing attempts have been dropping too. If you get an email that is an obvious phishing attempt check out the site that purported to send the email for an email address where you can forward it to. Why make these crooks lives easier? Have the companies and law enforcement agencies shut them down.

Sunday, September 04, 2005

New Paypal phishing?

I got a new email that purports to be from PayPal on a payment for a class action lawsuit. This is a good trick as I don't have a PayPal account. I am forwarding the email to PayPal and let them figure out if it is a phishing attempt. Why do I think it is a phishing attempt?

  1. I don't have a Paypal account.
  2. It asks for bank account information.
  3. The link does not resolve to PayPal, but, to another website.
  4. None of the links in the email resolve to PayPal.
Confirmed, Paypal sent me an email that this is a phishing attempt. If you receive something similar to the image above forward it to so they can shut down the phishing site(s) in the clickable links.

Spamming Blog

Well it finally happened. My blog got a commercial spam comment. Not even related to Linux which wouldn't upset me much if he/she was also a Linux enthusiast. The person has a commercial site selling CD's on a product which I won't name (Not porn). I enable the new option (word verification) for submitting comments. That at least will make it harder for 'bots' to spam and force an actual person to submit the word verification before putting up their spam.

Saturday, September 03, 2005

My Desktop

I know it is boring, but, you can see what my desktop looks like.

For those of you who are still running Windows it looks close to what you are running. The desktop is called KDE and if you are able to work in Windows you can easily navigate this (or Gnome, XFCE, etc). At the bottom kicker is running, this is your Start menu and task bar. If you look towards the right side of the bottom you will see 1, 2, 3, 4. These are the virtual desktops. I setup for just 4. This allows me to organize my screens in whatever fashion I want. When I start my heavy duty work I can have the browser & email on one desktop, music playing on another, the P2P program on the third and the CD burner running on 4. It makes it much easier for me to work.

When you look at the right hand side you will see an application called GKRELLM. This allows me to monitor how the system is running and what applications are taking up the CPU. It also has realtime weather monitor along with other toys.

Saturday, August 13, 2005

Linux on USB Key

I finally picked up another USB key for storing my documents on. I figured on using the older key (128M) to hold a bootable Linux distribution. I use a number of bootable CD distros, but, I really like DSL as it is quite small, recognizes all of the hardware I have here and the default settings and applications fit what I need it to do.

I booted my main box using the DSL CD and followed the instructions to create an USB version. When I rebooted the machine it didn't boot to DSL. I neeeded to change the boot options of my box to recognize USB-HDD as the option. Once I made that change it booted to the DSL USB device without a problem.

It is a nice tool for an emergency if the CD drive is not working and you need to boot an unusable machine. I will need to explore the options available for backup/restore and eventually look at customising the USB drive. I have a few packages that I prefer that are not on the distro and others I don't want.

Tuesday, August 09, 2005

Linux v SCO OpenServer 6

Normally I don't reply to open letters, but, with what SCO has been trying to do to Linux and the GPL I will indulge myself in going through Darl McBride's 'open letter' and doing my responses to a number of statements that he has made. You can find his 'open letter' at SCO.COM and read for yourself.

We work and live in a competitive environment, as do most companies.


Unlike Pepsi, Coke, GM, Ford, Boing, Airbus, Red Sox or Yankees they don't sue their customers for using the product. Most companies compete against each other using their products and features of their products.

OpenServer 6 Costs Less

Compared to what?
  1. Here in Canada I can buy MS Server 2003 Standard edition w/5 CAL for 929 (Canadian).
  2. Using Mandriva as an example I can purchase the 10.1 with powerpack for 199 Euros. That works out to approximately $431 Canadian. While I didn't dig for the support cost it is mentioned up-front on the page '5 year product maintenance'.
  3. Novell SUSE - Enterprise server (2 cpu) is $349 per year (U.S.). Relatively up-front on their costs too.
  4. You point out the support costs, what is the cost for SCO over five years?
When people talk about 'free' in Linux they usually are not talking about price they are talking about the ability to freely modify the code to fit their needs.

SCO Has a superior Kernel.

Why do you show the things that SCO does and not do a direct feature-to-feature compare? HMMM?

Let me do a quick summary of some of the features you mention.

FeatureSCO Openserver 6Linux Kernel 2.6
Memory supported64GB64GB
File sizesterabyteterabyte

The features that you mention in your open letter have been available to Linux since 2004.

OpenServer Has Better Security

Your choice of MI2G leaves a lot to be desired for the security. Others much more qualified than myself have a more definitive analyis of this. Why did you ignore the SANS institute and their security analysis? I place much more weight on the experts at the SANS institute than than MI2G and I would assume many experts would agree with my opinion.

On the TCO what was the methodolgy used to come up with 'TCO'. Anyone can come up with 'TCO', but please let us know how you measure it so we can do a meaningful compare.

SCO Has a Customer-Driven Roadmap

So do your competitors. Redhat, SUSE, Mandrake to name just three, you can easily find their roadmaps on where they are going.

You talk about methodology, please tell us what methodology SCO follows for software development and maintenance? Most companies working in the IT field who are successful are using a methodology of some sort, they must. It allows a group of people
  1. To work together as a team developing a product that will work as spec.
  2. Allows for a repeatable process to deliver a product on time with minimal defects.
  3. Allows for a roadmap to be build that the team works for.
  4. Allows for people to join and drop out with minimal impact to the project and the timeline.

OpenServer 6 is Backward Compatible

To a large extent so is Linux. If there is something that is not available or does not work there is usually a community for that product that will take on the project and develop a solution.

By the way, part of the products in OpenServer are GPL products so who are the people really doing the fixes for any compatibility problems?

SCO Allows You to Focus on Your Core Competency

Software is a tool and a good tool allows a company to focus more time and effort on their job. The current Linux distros are literally put in a CD, answer a few questions and the machine is running. You don't need to patch the kernel, compile binaries or check version dependencies, it has been done for the user already by the distro.

SCO Owns and Warrantees its Products

Only so far as you own what code you have written and put into place. There is a dispute at this time with Novell on the fact of if you even own the copyright to the source code. This also does not include the fact that you don't 'own' any of the third party code. Just remember part of your code may be GPL and you must follow the GPL in order to distribute.

SCO is Unifying its Code Base

That depends on how you look at it. In a mono-culture there is one and only one way of doing things, the result, well look at MS Windows. In Linux if a group do not like the direction a software package is taking the community is free to take the code in a new and wonderful direction. A point in this case is XORG. Look at Novell, IBM and Mandriva and the fact that they can live, work and profit from the GPL.

CO UNIX: Legendary Reliability

How much do your customers trust you when you sue your customers for using your product? I would assume that Autozone is less than trusting at this point in time.

SCO Has an award winning support team

How is this different from IBM, Redhat, Novell, SUSE? They have teams of experts who know the products too. That and if the product question is a third party GPL product who do you think the third party will support a bit better, a company that tried to repudiate the GPL and sue their own users or companies to embrace and respect the GPL?

Wednesday, July 27, 2005

Wonder why I don't like Windows - Redux

This is another reason I don't like Windows.

A neighbor has been away for a couple of months. When they came back he started updating his software. He was in the middle of updating Adobe when the install crashed. When his PC rebooted it told him that NDIS2SUP.VXD was missing. This was a result of updating the PDF viewer! What does this have to do with a PDF file? That and the update also made a royal mess out of his hard drive and registry file. There were crosslinked files all over and the chkdsk on startup would not fix the problem, it told you that you had to use the windows version. That is a problem in that his system would not boot to Windows even in safe mode. A simple update totally screwed up the registry and HD. Later he will have to rebuild his machine from scratch. I have stopped counting how many times he has had to rebuild the machine because the registry is screwed up by a simple update to his software.

We were able to do backups of his data thanks to the Knoppix CD that I had. As he has a router he has access to the web and can pick up his email via the webmail interface that his ISP provides. He is still unsure about having Linux as his full time option, but, he appreciates having the CD in an emergency so he can at least send/receive email.

Update 2005/07/27 -
We were able to get things back up by deleting his network card and then let the system detect that there was 'new' hardware. It seems to work, but, you should not have to do that when you are updating software that has nothing to do with networking.

Saturday, July 09, 2005

New variant of 'Phishing'

By now most of you may have heard of the term phishing. Well there is now a new and more dangerous variant that is being termed 'spear phishing'. This is a more troubling development as it is harder to recognize and guard against. This email is more selective of its target and will appear as if it came from within your corporate email system. The attack itself can be a program attached to the email, a Word document. Once they get in they can then use your machine to gain access to other systems within your business.

  • Be suspicious of email attachments.
  • If the mail asks you for rekeying of confidential information (like your ID & Password) never use the attached link. Go to your browser and go to your corporate site yourself. Check with the security people before doing this if you are as paranoid as I am.
  • Never give confidential information to a stranger.
You can get more phishing information at network world.

Sunday, June 26, 2005

Spam Fun

As you can see with my spam summary I do get a lot of crap. Am I worried? No, that is the activity with my Yahoo email account. My Sympatico, GMail, Hotmail don't have that problem (yet).

Now why would Yahoo have this much spam? Simple
  1. I do the bulk of my email (other than personal) via this account.
  2. For waranty cards I use my yahoo account for the email address.
  3. For software registration I use my yahoo account for the email address.
  4. I post to two Yahoo stock message groups and I use my Yahoo account as my email address.
It works, my Yahoo account is the only one that gets all of that crap. My personal account has only email from friends and family.

Saturday, June 18, 2005

D-Link problem

Earlier this week our DSL connection speed dropped big time. The curious part was that the Windows machines were running at full speed, but, the Linux boxes were having problems finding web sites. It had the appearance of a DNS problem or someone was trying to DDoS me. I called Sympatico, but, they only support windows (which is only fair to simplify their support). I was going through a number of online sites and found a possible fix. The D-Link box allows you to define the Primary DNS address. I looked at the Status tab and found the DNS IP address and went back to HOME/WAN tab and put in the DNS address and the speed problem on the Linux boxes disappeared.

I dropped a short note to Sympatico describing the fix and they are now looking at putting that information into their knowledge base for others who have the problem (and are not running Windows). If anyone has a technical description of why I will put it up here.

Sunday, June 05, 2005

Phishing & Spam

Today was a real low for emails. My Yahoo account had forty-two emails from Saturday morning until today (Sunday). Of the forty-two only one was a legit message and that was a reply from Paypal about my forwarded note on a phishing attempt. Of the forty-one messages there were three more attempts of phishing and two of those claimed to be from 'Paypal'. The other was claiming to be from another bank. Thirty-eight were porno spam. Just a click select all of those messages and a delete and they were gone. This is why people are probably getting turned off, they have to spend their valuable time getting rid of garbage. This is like having a telemarketer call you collect or junk mail sent postage due.

I hope that the Canadian government takes a good look at the report of the national task force on spam. You can read more at The only upside to all of this spam is that it is on my Yahoo account and not my mail personal email address.

Two of the recommendations that I like and I quote:
There should be an appropriate private right of action available to persons, both individuals and corporations. There should be meaningful statutory damages available to persons who bring civil action.

The businesses whose products or services are being promoted by way of spam should also be held responsible for the spamming. Responsibility should also rest with other third-party beneficiaries of spam.

I like the thought of going after the spammers (if they are in Canada) and make them pay for wasting my time.

If your ISP offers mail filtering take a good look at it and save yourself some time & effort deleting the obvious garbage.

Saturday, May 28, 2005

More Phishing

Since the last blog I have had three more attempts at phishing information out of me. They have now escalated in that my Ebay account is now suspended. That is quite amusing as I don't have an Ebay account.

This week when I logged on the my bank account the bank had a note about phishing and the bank had an email id and a 1-888 number to report any phishing. Check your banks, insurance companies, telcos, etc for information on how to report phishing attempts.

The number of attempts are going up and the phishing notes quality is starting to improve (unfortunately). Remember any legit company you do business with will never ask you to retype any personal information again because of a fraud attempt, system upgrade, etc. If you want to verify go to the web site yourself, never use the attached link.


Make that four more attempts. I got one that purported to be from Wells Fargo. Very similar text to a few of the others, but, this had spelling errors. The attempt was forwarded to Wells Fargo. Keep this in mind, don't delete the note, forward it. If you do this we have a good chance that they can shut down the sites before too many people get hurt. Yes, they will go elsewhere and start again, but, why make it easy for them. These people are the cockroaches of the internet and deserve to be exposed and shut down fast and hard.

If you think that these attempts don't cost you anything, think again.
  1. It takes bandwith and disk space of your ISP for these notes.
  2. It takes your time & effort to delete these notes.
  3. Real people may actually fall for these type of mesages and their identity and money are stolen.
  4. The businesses affected have to incurr costs and these costs are passed on to you in one form or another.

Monday, May 23, 2005

Phishing season is now open

It seems that there are a large number of Phishing emails going around. I had five on the 21st and so far today (23rd) I have had six. Most of them were obviously bogus as I don't have an EBay, Paypal or SKY bank account. The others I did have an account with.

if you get one that looks to be from MSN go to for more information.

I have a number of addresses you can use to report phishing attempts.
  • -
  • -
  • MSN.COM -
  • -
  • -
You can always delete the messages without trying the above, but, the traffic will probably not decrease.

What are the warning signs ->
  1. Requests for personal information. Most of the messages are asking you to rekey in personal information.
  2. Alarmist. They will try to panic you into replying so that you don't lose your account.
  3. Spelling & Grammar. Many times there are obvious spelling and grammatical errors. Unfortunately the scammers are learning.
  4. Mis-spelled sites. Small changes in site names. Example yah00 instead of yahoo. See if you can easily see the differences in the two names.
  5. The link says one thing but when you move the mouse over the link the site name does not match or is a series of numbers (ie. vs
  6. If it sounds too good to be true. Trust your feelings, paranoia is a good thing today.
If you have doubts about the message open your web browser and go to the site yourself, don't use the link provided.

Sunday, May 22, 2005

Wonder why I don't like Windows?

Today is why I don't like to use Windows unless I must. The family file/printer server is still using Windows98 as I use it to do my taxes. The tax software is still Windows based so I cannot migrate that machine to Linux (yet). This morning it took 10 (yes ten) boot attempts before it would launch. Most of the time it would lock just after I type in my password. I waited five minutes each time. It also reset the screen to 640x480 16 colour mode. When I tried to change it it would allow me to go to 1024x768 in 16 colour mode, when I tried 32 bit it reset the machine to 640x480. On the tenth time it booted up and then I could change the resolution to 1024x768 32 bit colour mode.

Nothing special about the hardware, it is a basic P700 with 512Mb of memory. No special attachments or settings. This machine didn't want to boot to Windows for some reason. Windows 2000 or XP is not an option as this is an older machine and the performance will be less than fast.

I will be doing my normal backups on the server to CD and make a decision on one of the following things:
  1. Migrate the server to Linux and forego using the tax software.
  2. Buy a newer machine for the server and have Windows and cannibalize the P700 for parts.
  3. Buy a newer machine for the server and have Linux and cannibalize the P700 for parts.
  4. Rebuild the machine (again) with Windows98.
Option 4 is a royal pain. I don't add/delete a lot of software on the machine. This is the configuration:
  1. Stock Windows 98, legit copy!
  2. Fully patched via Windows Update.
  3. Firewalled.
  4. No email.
  5. Browser is Firefox.
  6. Tax software.
  7. Only shared resources are the hard drive and the printer.
  8. No Games!
Rebuilding to Windows 98 with all of the patches takes a better part of a day. If I rebuild it as a server in Linux it takes me all of 2 hours (that includes patches). The linux boxes are rock solid and my wife has been using her Linux box without a crash for years now. I stopped counting the number of times the server has been rebuilt in Windows.

More Spoofing and Phising

This morning I checked my Yahoo email. As I normally get a lot of spam I was not too surprised that I have a lot of spam in my bulk email. I was surprised to see five emails claiming to be from EBay and one from Paypal. Two of the EBay claimed I had created an account. They all purported to be from those companies.

As always I am skeptical of emails asking me to go to a clickable link and retype all of my personal information. Also, I don't have an EBay account or Paypal account. I went to and and found that they have and ids for this type of activity. If you get messages like this please forward them so they can help shutdown the phishers.

Saturday, May 21, 2005

Email & Etiquette

Email is a fact of life for most people today. You usually have to read and write Email at work and for many of us we read and write Email at home. The only problem is there are those who are not aware of how annoying their habits are, or, they just don't care. A few things to make your Emails a bit more readable and less annoying to the rest of the world.
  • Don't capitalize everything. This is the electronic version of shouting.

  • Try to avoid sending the complete email to everyone. Cut out the portions that are relevent to your reply. Remember not everyone has high speed internet.
  • Don't do a 'Reply All' if you don't need too. Too often I get a 'I agree' type of message when I don't really need to know that.
  • Fancy paper backgrounds are fine, but, it is sometimes hard for some of us to read the text. Remember the KISS principle.

  • When composing an email to someone who really pissed you off. Save the message as a draft and walk away from the machine for a while. When you come back review the note and ask youself... Can I say this to the face of the person I am sending this to rather than an email?

  • Double check the name(s) of the recipient(s). There is nothing more embarrasing than sending a less than nice email about someone and they are one of the recipients of that email.

  • Chain letters.... My favourite subject for going postal. After reading it I normally delete them. If you send a chain letter just think of this, after 6 generations if no one breaks the chain there will be 1,000,000 (one million) emails sent out (assuming 10 people).

  • If you have a large file to send, try to remember to ask the recipient before sending. Some ISPs put a limit on the size of a persons inbasket.

  • Remember your email is not private. It goes from network to network and if the admin wants to they can read your message. If you want privacy use the telephone or write a letter.

Thursday, May 12, 2005

Mandrake 2005 LE

Well it is finally out and the download sites are running at a respectable speed. Over the last few days I upgraded the box to 10.2. XMMS is still not in, but, Amarok seems to be a good alternative. The only thing negative is that GKRELLM needs some of the XMMS libraries for the plugin RPM to install.

KDE is stable and I think I will be standardizing on that at home to make supporting the machines easier for me. I have not seen any performance improvements with 10.2, and more importantly I didn't notice any slowdowns on the new release.

I will be leaving my main work machine running for at least a week and then if there are no problems I will be upgrading the other boxes to the same version.

Installation like always was a snap and after one hour I had a working machine with all of the packages I need to browse, read email, play music and burn CDs and many more packages.

Saturday, May 07, 2005

Can you do this in Windows?

For those who are running Windows let me know if you can do all of this at the same time.
  1. Download two files (590 Mb & 718 Mb) at 200 K/sec for each!
  2. Play streaming internet music without missing a beat.
  3. Burn a full CD without a problem.
  4. Browse the net in a browser session.
  5. Update a blog session and preview it in separate windows.
This is why I like Linux. Besides being free it allows me to do all of the above tasks at the same time without missing a beat or creating a bad CD. The hardware is a 1 Ghz machine, 512Mb of memory and 190 Gb of hard drive space. Video, sound & networking is integrated on the MOBO.

Friday, May 06, 2005

More Linux Distros

I read another review of a live Linux CD. Kanotix is the name. It appears to have all of the tools I use when helping people recover their machines after something happens in Windows. I will have to try this out on the server and see how it handles an older machine. Since a number of current distros had a problem with the servier the server is the perfect test machine. I prefer the live CD option first so I don't have to rebuild the server from scratch (again) before I put Linux permanently on the server. If it doesn't work I may just find a new home for the machine and pick up an inexpensive refurb and make a server out of the machine.

The functions I want the server for is:
  1. Backup of data from the other home machines in the network.
  2. Backup to CD of any critical files.
  3. Share the printers between machines in the network.
  4. Shared hard drive space for common files.

Sunday, May 01, 2005

Spam, spam and more spam

When will they learn. Today my yahoo account was flooded with 20+ pieces of obvious spam. They purport to be about a company trading in the stock DGCP.OB. The company appears to be traded (over the counter ... '.OB' is your clue), but, the mail is obviously trying to pump up the interest and get people to buy the stock.

If you get an email from anyone from the server '' it is probably less than legit. Who in their right mind would take the advice of a person who has an email with that type of domain name?

For me in Yahoo it is real simple. I scanned the Bulk mail folder to make sure that nothing legit was in it, I then clicked 'Empty'. However, the economics of bulk email is such that all they need is one or two people per 1,000 to make a profit.

Where did they get my Yahoo id? It is real simple. I routinely post in the SCOX forum and it is a simple matter to use a PERL script to harvest the messages and email ids. I know for a fact that this is possible as I have a script that I use to capture & archive my own forum messages. It takes me about 15 minutes to run. Am I worried that I get a lot of spam? No,
  1. The Yahoo id is a 'throw-away', if it gets too bad I will delete it and create another.
  2. Yahoo has a fairly good spam filter and obvious spam gets moved into the bulk folder.
  3. I use the yahoo id for registration cards. If the marketers use it for their spam my own personal email id won't get hit.
  4. I protect who gets my real email id so the spam in minimal there.
If you don't already have a Yahoo, Gmail or hotmail account I would recommend it and your home email should see a decrease in spam.

Saturday, April 30, 2005


I gave the Minislack distro a try on my main work machine. It worked quite fast and installation was a breeze. The only problem that I had was that it would not recognize the USB hard drive. As I use the USB drive for my backups I had a problem, I could not restore my files. Looks like I am back with Mandrake as my main distro. Mandrake is great, but, I am always looking for something that is a good but faster and smaller.

I am now using Mandrake 10.1. To keep things simpler I am using KDE as my desktop so that everyone else in the family don't have to learn XFCE (KDE is the default on the other machines).

Sunday, April 24, 2005

Quiet week

Now that the Linux box is back up and running the home network is again quiet and stable. The server is back on Windows98 and sharing the printer.

On the Distro side of things I am now looking at Minislack as a possible replacement for Mandrake. The part I like is that it is on one CD and not three. I will write another post when I convert.

My next project will be a new machine after the boys have finished their last semester of college and I have a few spare dollars. The new machine will be built to handle the requirements of scanning in photos and converting video. With that in mind I figure at least one gig of memory. The hard drive I figure to be around 80-120 gigs internal and I will flip the external 120 gig USB drive to the server.

I noticed that laser prices have been dropping. I see laser printers routinely advertised for under $200 here. For those of you who have ink jets check them out. I have an old HP4 that gets 3,000 to 5,000 pages per cartridge. The cartridge is about $120, that works out to about $0.004 to $0.0024 per page. Ink jets have a higher per page cost. It is something to think about if the majority of your printing is black & white.

Tuesday, April 19, 2005

Phishing Attempt

Another attempt to get personal information about me again. It failed as I don't use the bank in question.

  • Most companies won't ask you to rekey in personal information.
  • The link when you move your mouse over it won't be the same as what shows up as the text.
  • Never click on the link, go to your browser and either type in the URL (web link) or you have already bookmarked the company home page.
The bank did have a web site and an email address for phishing attempts. The note was forwarded to them and within five minutes I had a reply. This is quite fast and is an indicator that the business community is starting to be more aggressive in fighting this problem.

I have clipped the message, but, the name of the bank has been removed.

Dear client of [redacted] Bank,

Technical services of the [redacted] Bank are carrying out a planned software upgrade. We earnestly ask you to visit the following link to start the procedure of confirmation on customers data.

To get started, please click the link below:

[phony link redacted]

This instruction has been sent to all bank customers and is obligatory to fallow.

Thank you, Customers Support Service.

Update, I now have a second email purporting to be from the same bank asking me to rekey my personal information. The web link is a different one so the bank probably got the first link shut down.

For those who don't know me I work in the IT field as a consultant (16 years life insurance systems and 7 years in telecom data billing systems). When we do upgrades on the software we never ask the clients to update their information, that is part of the conversion plan for the software installation/upgrade.

Monday, April 11, 2005

Server Outage - Part 2

It looks like it may be the server itself that had a problem. I put the 'defective' drive into my Linux box and it loaded up without a problem. I tried rebooting the server using Knoppix and the PS/2 mouse now does not work so I may have a failing box.

Again, not a problem as I have backups of all of my critical data on CD. Upside is the Linux box now has an additional 40GB of disk space and the server will now be strictly a printer server with limited file space.

I also forgot what a pain Window can be. Multiple reboots even for the simplest driver installations. The massive set of updates from Microsoft that needs to reboot. I spent more time rebooting the machine than reloading Windows. I hope the newer versions of Windows don't have this problem, I know I don't have these problems with Linux.

Basic server is running. Boots up nicely and the printer is now shareable only by the machines on my home network. I haven't installed ZoneAlarm as this machine may be given to a family member, instead I am trying the Sygate personal firewall. That way I can legally keep my copy of Zonealarm for the new server (if it is Windows based). Later today I should be re-installing the virus scanner and then the various spyware scanners.

Sunday, April 10, 2005

Server Outage - Why you should backup.

For those who wonder why I harp about making backups this blog will explain why.

Today I had the harddrive in the file/printer server fail. The machine has been acting up, but, I put it down to Windows. I tried to install various flavours of Linux, but, it kept locking up or generating weird errors. I finally got into partitioning the drive and told it to do a format and thorough check and it told me it had an unrecoverable error. Fortunately I made a backup last week so I lost nothing.

This is a great object lesson on why I keep telling everyone to do a regular backup. I am lucky in that I had an old 6 gig drive and I am now in the process of putting Windows back on. For some reason the hardware is too old for the latest distros and I am not putting up a huge fight. I will put Windows back on and a basic firewall. I may end up making a present to a family member of the machine. It is still an excellent basic entry level machine.

And for those who are curious, yes it is a legit license. I have a legit registered copy of Windows 98. I also have three copies of Windows 95 for the other machines in the house that are still on Windows. I also have legit licensed copies of Winzip, Zonealarm, McAfee. People, don't pirate software!

Friday, April 08, 2005

Fake Microsoft Security Update

Looks like another email is going around trying to get people to go to a fake site. The timing of this is almost perfect as Microsoft will be doing their updates/patches next week. Remember that when you get an email don't click on the link. Manually type in the address, or if it is a site you visit frequently bookmark it. You can read more about it on the ZDNET link (Click on the title of this blog).

Tuesday, April 05, 2005

Linux at Home

This is not as hard you might think. You can keep your existing Windows® setup and still have Linux. There are a number of 'live' CD based distributions. These CDs will allow to try out Linux without installing it on your computer. I keep a number of them in my briefcase as emergency boot CD's. FYI, these CDs helped two people who had virus infections. It allowed me to safely boot their machine and copy their documents to a CD burner. If you want more info:

  • Damn Small Linux - Great mini distribution. This comes with the basics and is an excellent way to see Linux work.

  • DistroWatch - Link to all Linux distributions

  • Knoppix - Excellent overall distro. Comes with all of tools (other than a virus scanner) you will need. Office package, CD Burner software, multimedia (XMMS - MP3 player), file manager. Can read Windows® drives (read only mode for HPFS file systems).

We use Mandrake Linux on two of our machines at home. Jane does not ever want to go back to using Windows®. My work in supporting Jane has also gone down as the machine is not crashing on a regular basis (actually it has never crashed since I converted her in 2003), no need to update our virus scanner or firewall on a regular basis (sometimes daily in our other Windows® machines during a bad virus outbreak). The only thing I need to do is to regularly check for patches and install them (Mandrake 10.1 has a piece of software that sits in my task bar and lets me know when there are patches). I regularly have a browser, email, XMMS (MP3 player) and K3B (CD Burner) running all at the same time without noticably slowing down the machine. Linux also has virtual desktops so we can organize our work on multiple screens (this has to be seen to be understood and appreciated).

You have a number of desktop environments to choose from. Jane prefers KDE. I use XFCE as it is a small and light environment and allows me to run both KDE and Gnome software.

What is on My Linux box:

  • Amarok to play MP3;
  • Doom - Good games are available;
  • Firefox Browser - Built-in pop-up blocker and other great features;
  • Gaim - IM for Hotmail and ICQ;
  • GFTP - File Transfer Protocol program;
  • GIMP - Image manipulation;
  • GQView - Image viewer;
  • GTK-Gnutella - a P2P application;
  • J-Pilot - Interface with my Palm Pilot;
  • K3B - CD Burner software;
  • MC - Midnight commander. Similar to Norton Commander;
  • MPlayer - Plays movies;
  • Open Office;
  • Screem Web development environment;
  • Scribus - DTP;
  • SMB4K - Allows my Linux box to talk to my Windows file server;
  • Thunderbird mail;
  • XSANE - Frontend to my USB scanner;
  • and a large number of other packages!

Is Linux perfect? No, but, it is much more stable and secure right out of the box. It comes with a large number of free software packages. It is almost at the point where a person who is using Windows® can convert themselves over to Linux without any help.

Friday, April 01, 2005

Linux & Recovery

As you may have noticed I have been doing a few updates here. I did get a new monitor last Monday and Linux detected it without any problems. I didn't need a new video card as the temporary monitor didn't play well with the card in the Linux box. Also, no special manual configuration, Linux handled it all for me without a problem.

I didn't have to do anything special for recovery as Linux handled it well. I am quite pleased at how Linux handled a shutdown while running and recovery was as smooth and quick as it would have been in Windows.

Security & Tools

Security is a process and not an absolute. While your machine may be secure today, tomorrow it may be vulnerable.

Your best defence is knowledge and a healthy dose of scepticism. If an email and/or file does not sound/feel right trust your instincts.

What tools are available

A router is a physical device that joins multiple wired or wireless networks together. Most routers now come with a built in firewall. This is an additional level of protection for your home network. The bonus is that you can now easily share your connection (if your ISP allows this). Just remember that if you go the wireless route you need to enable encryption and please change the default password!

We are using a router here at home and it is quite nice and I don't need to keep an extra computer on to share the connection, just the router (uses much less hydro).

At home here we use Zonelabs ZONEALARM PRO® on our server. If you are setting a home network up using ICS (Internet connection sharing) this is an excellent firewall to use. Zonelabs also makes a free version for home use.

Symantec and McAfee® have great resources on the current and past hoaxes.

Spyware Detectors
SPY-BOT S&D and AD-AWARE are what we use at home for the server and the two remaining Windows machines. Lavasoft also has an free online forum

Viruses/Trojans/Worms scanners
Again, Symantec and McAfee® are my two favourite anti-virus packages. They provide quick updates on a regular basis and have an excellent library of current trojans/worms/viruses.

Windows Update
Windows® 98 and higher has a tool called 'Windows Update'. This is a quick way to find out what critical patches needs to be installed. Please note that if you are not using either DSL or cable modem you will be online for many hours as these patches many times are very large.

Monday, March 28, 2005

If you get a note about a patch

If you receive an email from Microsoft®, McAfee®, Symantec or any other software companies that attaches a program saying it is an update, patch or fix for a virus... DISCARD the note without opening. Never, ever open the attached file.

Most (if not all) software companies will never send you a note with a file attached. If they do an update or patch a critical flaw they might send you an email without any attachments! Be paranoid and don't use the provided link. Go to your browser and type in the link yourself (if you don't have the link already bookmarked). The reason is that some trojans/viruses take advantage of a flaw in how some browsers render web pages (if you have not applied the patch) and you won't be sent to the site that is in the email.

Sunday, March 27, 2005

Unintended testing of Linux Recovery

Looks like my 15 inch monitor on the work machine blew. Dead and no response. I even when hooked up to the server to see if it was the monitor or the video card.

When I get a new monitor I will be finding out how well Linux handles a less than controlled shutdown as I couldn't see the results of my keying a shutdown. I obviously screwed up the keystroke sequence as the machine didn't power down as expected. It was an old monitor (1998) so it is not a major loss, but, the video card I have in the work machine won't handle the 17 inch monitor that is on the server. It may be an excuse to buy a 'new' video card for the machine too.

On the upside at least I have the server I can use for a day or two. I don't like it using the server this way, but, I need my internet fix.

Lesson learned ->
  • Write down the keystrokes required to do a controlled shutdown when I don't have a monitor.
  • Find out where I can safely dispose of old electronics rather than putting it into the garbage.

Monday I will be looking at a new monitor and doing a recovery of what I had in progress.

Saturday, March 26, 2005

Welcome to my musings

This will be my forum to track a number of things that I have been following and doing and hopefully you will find of interest. I have a personal web page that I have be using. My personal pages has a section on security, trojans and how to protect yourself. Over time I will be transferring some of those thoughts from there to here as a short series of blogs on various aspects on PC security.

I am also a Linux enthusiast who is in the process of converting my home network of 6 PCs from Windows to Linux. As a Linux enthusiast I am also following the SCO lawsuits, particularly SCO v IBM and I will probably be posting a number of my musings here.

Mandrake 10.2 Beta

Well I downloaded release candidate 2 (RC2) of Mandrake 10.2 and installed it on my main work machine. It took only about 60 minutes to install and configure the basic setup of this distribution. It took me another 2 hours to tweak and download various packages/updates. My observations:
  • It didn't have XFCE, not a problem I downloaded the RPM files and installed without a problem. For those of you who don't use Linux, XFCE is a light-weight desktop environment. With my current setup my system will use about 60 megs at startup. I like the environment as it stays out of my way when I work.
  • It didn't have XMMS. This is a major pain as I run GKRELLM to monitor the system and the plugin package expects XMMS to be on the system and won't load until I do. This is a problem as I can't find XMMS for 10.2 RC 2 at this time. Hopefully Mandrake will change this as I really like XMMS.
  • I found amaroK and it appears to have most of the functionality of XMMS. Most importantly it allows me to play web music (yay).
  • Thunderbird (email) was not installed, again this is not a problem as I can download and install the RPM.
  • GTK-Gnutella was not installed.
So far the RC2 distro seems to be solid and I have not had a problem yet with this machine. I like Mandrake as it is easy for me to install, configure and support. The only thing that I have noticed is that the number of CDs have been growing and the bloat factor has been increasing. Now to work on Webmin and configure my security sessions back to their normal paranoid levels.