How To Subscribe and Unsubscribe is at the end of this note. Mailing List Trouble? See http://langa.com/help.htm
Questions about the advertisers? See the end of this note. Please also see legal notices at the end of this note. LangaList: ISSN 1533-1156

Please recommend the LangaList to a friend! (And maybe win a prize!)

An easier-to read formatted HTML version of this newsletter is available
<a href=" http://langa.com/newsletters/2005/2005-04-21.htm ">here</a>

The LangaList
Standard Edition

Special Expanded Issue!

2005-04-21

A Free Email Newsletter from Fred Langa
That Helps You Get More From Your Hardware, 
Software, and Time Online

Please visit our sponsors and help keep the LangaList S.E. free!

1) More FireFox Pros And Cons

In the current article on Firefox ( http://www.informationweek.com/story/showArticle.jhtml?articleID=160900911 ) my opening argument was "FireFox is a good browser, but not at all the panacea its most ardent fans think it is." My closing argument was "It's great that there are open-source alternatives to try, and it's smart to proactively explore all your options. But go in with your eyes open: All software has flaws. There are no panaceas!"

To me, it's hard to imagine less inflammatory statements. I mean: "All software has flaws." How can anyone disagree with that?

But the froth-on-the-lips crowd is out in force, claiming I'm shilling for Microsoft, or have my head far up a nether orifice. If members of the rabid pro-Firefox crowd admit to any flaws in that software at all, they say that the numbers of flaws are tiny, and the security holes insignificant.

This view, however appealing, is totally false. There is no objective evidence--- zero, zip, nada, nil--- to support that view. Instead, there is a large and growing body of evidence that indeed and of course, there are problems in Mozilla/Firefox, and some of them are quite severe, opening the door to data theft, backdoor infections of your PC, and so on--- exactly the same kinds of problems that Internet Explorer is reviled for!

In fact, in addition to the information originally cited in http://www.informationweek.com/story/showArticle.jhtml?articleID=160900911 , some new info came out this past weekend, after my article was already written: The folks at Mozilla posted advisories on 9 newly-discovered flaws in Mozilla and its offspring (including FireFox):

"Mozilla flaws could allow attacks, data access...Multiple vulnerabilities that could allow an attacker to install malicious code or steal personal data have been discovered in the Mozilla Suite and the Firefox open-source browser." (Full story:  http://news.zdnet.com/2100-1009_22-5674883.html?tag=nl.e589 )

Again, these are *exactly* the same types of problems that IE is rightly criticized for.

Does all this mean that Firefox is a bad browser? Not at all. It means it's a normal browser, and will require vigilance to use safely.

Does this mean that Internet Explorer is wonderful? Not at all. It's a normal browser, and requires vigilance to use safely.

If you keep either browser patched, and use the other security tools we discuss here issue after issue, you'll be fine using either IE or Firefox. In point of fact, most of the actual real-life exploits in IE have affected out-of-date, unpatched, and/or unprotected systems. If you keep your software up to date and protected, you'll be fine.

Bottom line: Firefox is a fine tool. If you like it, by all means use it. But don't think that using it will automatically make you safe from serious browser security issues--- in fact, cold, hard facts prove exactly the opposite. So, once again: "It's great that there are open-source alternatives to try, and it's smart to proactively explore all your options. But go in with your eyes open: All software has flaws. There are no panaceas!"

OK, your turn: What's your FireFox experience been? Or with other Open Source Software? Do you agree that software from Microsoft, Apple, and the Open Source community is roughly equivalent in quality? If not, which is superior, and why is that so? What objective measures can we use to prove or disprove quality assertions? Please read the original article and join the BBS discussion at http://www.informationweek.com/story/showArticle.jhtml?articleID=160900911 . See you there!

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

--- ( Your Clicks On Ad Links Help Keep The LangaList S.E. Free! ) ---

Just pennies per issue!

"Greetz, Fred! Never again will I let my Plus! subscription lapse as I
did once, unintentionally. You are THE best source for up-to-date info &
all-around content, plus so much more. Gotta have my Fred fix in my Inbox
to keep me apprised ;-) Many thanks for ALL you do for us subscribers, Jolie"

Thanks, Jolie! <g>

The LangaList Plus! Edition is ad-free, spam-proof,
and contains even more content--- tips, tricks, advice, downloads....---
than the Standard Edition you're now reading.

Only about $1 a month!
http://langa.com/plus.htm

--------------( the above is an advertisement )--------------

2) Drive Size Issues

Hi Fred: Why is there a discrepancy between the size of a 120 Gb. hard disk and the size reported by Windows Pro that claims 111.8 Gb.?  What has happened to the other 8.2 Gb.?

The explanation is that hard drive manufacturers calculate hard disk size in 'base 10' notation while Windows does the calculation in 'base 2' (binary) format. This is applicable, both the manufacturer and Windows are right, OK?

But I have read information about something different, for example: hard disk manufacturers use a 160 Gb. drive that has errors on it and sell it like a brand new 120 Gb., because in their line of products they don't have a 140 Gb. You can compare it with chip makers and their processors: you buy a 1800 Mhz. but with overclocking you maybe can reach 2000 Mhz. or more. They guarantee that the processor works well at 1800 Mhz.

Using the same example, can one access the other "good" parts of the remaining 40 Gb. that are hidden with special software or tools that people can't reach? What is the truth? Thanks  in advance for your reply. ---Enrique Paff

All the factors you mention can come into play, Enrique, and we'll discuss them in a moment. But there's one more that has an even larger effect: Drives are sold by "raw" or unformatted capacity. When you partition and format a drive, some of the space on the drive is occupied by the partitioning and formatting data structures.

By analogy: think of a filing cabinet. As sold, it can hold a certain number of pages per drawer. But when you add hanging folders, the frames for the folders, index pages, and so on, you actually lose a little space, but can then organize and find your papers more easily. It's the same with hard drives: The partitioning and formatting takes up some space on the drive, but is necessary to organize and find your files.

Older drive formats (FAT, FAT16, the early Linux formats, etc), were created in the days when drives were tiny compared to today's. The older formats are not very efficient, and can waste a huge amount of space on a large drive. Those formats also can have severe, built-in limits to the size of the drives or partitions they can "see;" today's drives can simply be beyond the ability of these older formats to handle well.

Newer formats (FAT32, ext2, etc.) do better with larger drives; and some formats (NTFS, ext3, ReiserFS, etc.) were specifically designed with very large drives in mind. These latter formats help you to make the most of your disk space, with minimal wastage and no practical limits on disk or partition size. (Yes, there are limits--- e.g. 2 terabytes for NTFS--- but most of us won't reach them anytime soon. <g>)

More info on formatting and drive capacity:
http://langa.com/u/9e.htm
http://langa.com/u/9f.htm
http://langa.com/u/9g.htm

Next, there are indeed marketing factors, where base10 and base2 numbers get intermingled confusingly. You can even see this confusion in a simple Google definition search on the word "gigabyte:" http://www.google.com/search?q=define%3A+gigabyte Some of the sites say a gigabyte is "A billion bytes. A thousand megabytes." This is correct in what we might call "casual techspeak," but it is mathematically imprecise. Other sites say "2 to the 30th power (1,073,741,824) bytes.... one gigabyte is equal to 1,024 megabytes." This is the more precise definition. In fact, a purist would say it's the only "correct" answer. But again, in informal speech, many, many people round off and use the simpler definition. The problem comes when a drive maker labels a drive the casual-speech way, and you're expecting the mathematical way: Then, there'll be a discrepancy of 24MB per GB, which really adds up in the larger drive sizes. (There were even lawsuits about this a couple years back.) So, you have to know how a drive maker defines his terms before you trust the capacity numbers.

And then there are the sector-relocation areas. It's not at all unusual for a huge drive to have an uncorrectable manufacturing defect or three somewhere on its surface, so many drives ship with a low-level "remapping" tool that automatically substitutes a good location somewhere else on the disk for the bad location(s). Your software may know nothing of this remapping--- it can address the moved location by its original address, and the drive's firmware handles the translation to the new address. In this way, a few bad sectors don't cost you any net drive space; and your end-user software doesn't waste time trying to correct uncorrectable manufacturing defects (it never even sees the bad sectors).

I've never heard of a case where a sector-relocation area significantly affects a drive's total capacity. I suppose it could happen, but I think this is not a likely thing. The first two issues, though--- raw versus formatted capacity, and base10 versus base2--- are *huge* factors affecting how much usable space you end up with on any given drive.

You'd think drive size would be simple, wouldn't you? <g>

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

3) Return Of The "Malicious Software Removal Tool"

Fred: The "Malicious Software Removal Tool"--- This the 2nd time Microsoft has include this program in their update. The first time I had trouble after the program ran. This time my computer would not boot-up had to start in Safe Mode restore to later date. I have Trend Micro PC-cillin Internet Security 2005 for antivirus, spam & firewall this program seem to be the problem. I wonder if other people have the same problem with this download?  I contact Microsoft and they told me uninstall this program and run update them reinstall program. I did and it works, but it looks like this update will part of the month updates @ Microsoft. I contact Trend Micro waiting for reply. I have a laptop which  has Z/A e-Trust EZ Armor and have no problem with this update. ---Ned

The "Malicious Software Removal Tool" is actually a mini-anti-malware tool; it only targets a small number of the very worst and most common worms/trojans/viruses going around. But because these malware nasties evolve, so does the tool: Indeed, a new version will be released about once a month, so you'll be seeing this tool again and again.

My guess is that you're correct, Ned, in that one of your other tools is seeing the activity of the Microsoft tool as suspicious, (or vice versa); and they're blocking each other, bringing your system to a halt.

Now that MS' plans are clear--- there will be an updated "Malicious Software Removal Tool" released about once a month--- the anti-malware vendors can adapt and adjust their tools to avoid stepping on the Microsoft's tool's toes. My guess is that your crashing problem should be short-lived; and will go away after an update to your other anti-malware tools, soon.

But if not, see the list of some known-good security tools on page two of this article: http://langa.com/u/9c.htm ; if one doesn't work for you, simply try one of the others!

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

4) "Universal" Disk Imaging?

Fred - I dunno if you're aware of Universal Imaging Utility. http://www.binaryresearch.net/UIU.htm

It's basically a whopping big database of drivers for all seasons glued onto an image, thereby allowing the image to be installed onto virtually any other platform where it will probably find appropriate drivers ... I think.

The company is very responsive and will send a free time-limited trial version on a CD. They ship it really fast, post your request and in a couple days it arrives in the mail. They follow up with email to  make sure you're happy and see if you're still interested. Regards, Gavin

No, Gavin I hadn't heard of this, it's interesting!

The Universal Imaging Utility is designed to work with your existing disk imaging tool (it's not an imaging tool in itself). It acts as a kind of "driver interpreter," letting you move an image from one system to a completely different one: The Universal Imaging Utility makes sure the correct drivers end up on the target machine, no matter where the image originally came from.

I'd approach it with caution, as it's trying to get a disk image to do something it's not designed for. And even if it solves the hardware differences, there'll still be software issues with "Product Activation" and such. But with a trial available, and with a full cost of only $19, the Universal Imaging Utility could be worth a careful test if you're interested in moving complete drive images between dissimilar PCs.

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

5) Scheduling Notice; Expanded Edition

It's not exactly Spring Break--- no beer bongs or wet T-shirts here!--- but I will be taking a short break next week. That's why this issue is considerably longer than usual--- something extra to tide you over. <g>

I'll be back at the keyboard in a week, on May 2, writing the next newsletter issue which is scheduled to appear the following Monday, May 9th. See you then!

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

6) "NoSpyMail" Pt 1

Fred, Here's a small freeware application I discovered (I forget how) some time ago that disables the surreptitious little chunks of code that send information about you back to the originators of email without your knowledge.  Named NoSpyMail, this clever little add-in for Microsoft Outlook automatically disables the surreptitious replies and notifies you when an email containing this code is received.  NoSpyMail is from Belshe Software and can be found here: www.belshe.com/nospymail/  I was amazed when I first installed NoSpyMail just how many email messages I received contained this code.  Mostly were from commercial senders, but not many junk emailings.  And no, the LangaList does not contain this code.  8-)

I was not previously aware of this type of code and was interested to discover that the sending of this information back to a sender is apparently not blocked by ZoneAlarm Pro or the like.

Now having switched to the open source browser and email products from Mozilla, FireFox and ThunderBird, I miss the reassurance that NoSpyMail provided me with previously.

Just a couple of questions.  Do you think this form of protection serves a useful purpose and if so, do you know of any way to provide this same protection in ThunderBird? Many thanks. ---
Regards, Brett Sinclair

PS: This mail message contains no spyware.  8-)

Do I think this "protection" is useful? No; unfortunately, not even a little. All it's doing is blocking normal web-based operations.

Let's take a step back and think of what happens when you open a web page: Your browser sends a request to a distant server asking for a page plus whatever pictures, music, files, etc. may be embedded in the page. The server gathers the requested data and sends it--- where? How does that server know to send the info to *you* out of all the millions of people who are on line? It knows because your original request includes a "return address" as part of the request.

If browsers spoke English, you'd hear your browser say something like this to a server every time you click a link or encounter an automatically executing link:

Please send me [name of page or file or picture or music, etc.] plus any additional graphics, music, or files embedded in that object. Send it to me at [your ip address goes here]. If the information I want exists in different formats for different browsers and operating systems, please respond with the format that's best for [name of your browser and operating system goes here].

The remote server logs the request, and sends the file/picture/music/whatever to the designated address, in the requested format (if multiple formats are available or required); and the transaction is done.

Again, this happens for every single link. In a nutshell, it's how the entire web works!

Same goes for HTML email, which is really just a form of web page. If you read any HTML-formatted email that contains any link whatsoever--- pictures, music, files, *anything"--- then by necessity your system must tell a server what you want, where to send it, what format to use, etc; just like the plain-language example above. The server then responds to the request from your system, and sends the picture, music, file, or whatever, that's part of the email.

(con't next item)

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

7) "NoSpyMail" and Web Bugs, Pt 2

Now, let's look specifically at NoSpyMail. It says "spymail" can reveal:

Your computer operating system and version
Your browser type and browser version
Your IP address and location information
The date/time when you read a message
Notification that you received the message
The identity of anyone you forward the message to

The first three items deserve a big "so what?" That information is not private or secret or personal; in fact, you've sent out that information on every link you've ever clicked; and for every embedded file, graphic, music clip, and whatnot you've ever downloaded; since the first day you surfed the web. Your browser and HTML email client broadcast that info all the time--- they *must,* so external servers can respond to your requests. Again, this information is not private or secret; and in fact is necessary for the Web to work. Making it seem like it's being stolen from your system is just plain silly.

"The date/time when you read a message." Again, big whoop. Servers log all incoming requests as something like "request for [name of object or file] received from [ip number] at [this date and time]." This is how the servers keep track of which IP address asked for what files, graphics, or what not. It's how web servers work, and isn't anything to get worked up about.

"Notification that you received the message." See above.

"The identity of anyone you forward the message to." I suppose it could happen: If the server knows that a certain unique message was sent to you, and then that same unique message sends a click or retrieval request from someone else, then, by inference, you must have sent the message to that person. But at most all the server will have is a second anonymous IP address; not "the identity of anyone you forward the message." Again, the vendor is playing this up for fright effect.

*Any* link you click or that's embedded in an email or web page can serve to send the above kinds of data back to a server, so if it bothers you to reveal things like your IP address, your only real option is to unplug your PC and never go online again. On the other hand, if you want to surf the web, realize that you must--- *must*--- exchange this kind of data with servers in order to receive the files or pages you want to see. The servers aren't "spying" on you when they obtain this data. It's how the web works.

What bothers some people is when all the above happens with "web bugs," small, empty graphics embedded in some HTML-based emails to do some of the above. As Brett found, some totally legitimate uses include tracking delivery rates or identifying delivery problems with email--- totally valid, totally above-board, totally harmless. But spammers can use it, too, and that's what freaks out some people, causing them to seek "protection" from this kind of simple data exchange in email.

But again: Do I think this "protection" is useful? No; not even a little. You're better off with the suite of valid, useful security tools we've discussed repeatedly here. For example, a good spam-blocking or filtering tool will remove most of the bad email before you ever even see it. That way, nothing in those mails can cause trouble. And if something bad is inside the mail that remains, the rest of the security tools--- the antivirus, anti-malware, etc--- will catch it.

In the past, we've also discussed turning off the "preview" function of your email client, as this prevents the automatic opening or activation of embedded objects or links in any emails. This is desirable because you must explicitly open an email before anything can happen with that email. This gives you the ability to manually discard suspect mail, unopened and unread, before anything can be triggered inside.

If, after all that, a few "web bugs" make it into the rest of your mail, so what? You won't be revealing any information that you don't already reveal in the course of normal browsing anyway. Talk about a fuss over nothing!

If you've read this newsletter for any length of time at all, you know I'm a nut about online security. But some online "threats" are largely imaginary or exaggerated for effect by the purveyors of "security" software. Web bugs are one such item. There are far more important issues to worry about!

(More info: "The Web-Bug Boondoggle" http://www.informationweek.com/story/IWK20010621S0030 )

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

8) Last Full Week To "Recommend And Win"

At the end of the month, I'll choose three more monthly winners who each will get a FREE ONE YEAR SUBSCRIPTION to the LangaList Plus! edition. (If your name is drawn and you're already a Plus! subscriber, your current subscription will be extended by a full year.)

To have a shot at winning, just use the following link to recommend the LangaList to a friend. Your friend just may find a new source of useful information; I just may gain a new subscriber; and you just may win a FREE ONE YEAR SUBSCRIPTION! (Full details also available via this link): http://langa.com/recommend.htm

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

9) Movies Won't Play

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

10) Code Load Success Story

After his site was listed in a "Load The Code" section, code-loader John Carson wrote:

Hi Fred, Just a quick Load the Code success story. My site http://www.kibbutzvolunteer.com  appeared in your e-newsletter; my visitors jumped [twentyfold]! Many thanks, John Carson, Kibbutz Volunteer

Do you have a home page or website? (It doesn't matter what size.) Please click over to http://langa.com/code.htm , and maybe you can join the thousands of LangaList readers who have "Loaded the Code!" (If you've already "Loaded The Code" and are wondering if your site will appear here or on the Langa.Com web site, please see http://langa.com/link.txt )

Speaking of which: Here's another eclectic sample of reader sites--- some professional, some very personal:

View A Randomly-Chosen Reader Site
http://langa.com/randomlink.htm

Manually Browse All Posted-to-Date Sites Starting At
http://langa.com/readersites.htm

Virtual Forums
http://www.virtualforums.net/

Strategic Development 4 USA
http://www.sd4usa.com/

Leask site
http://netdial.caribe.net/~leask/

David Reeves, painter
http://www.davidreeves.ca/

Riverbank
http://riverbank1.netfirms.com/

Translation, Vibration & Noise Expert
http://www.andynic.eclipse.co.uk/home.html

fraha's own
http://www.xs4all.nl/~fraha/

My forBedin Sight
http://www.forbedin-sight.com/home.html

Orange Coast PC User's Group
http://www.ocipug.org/

Equipping the people of Swaziland
http://www.perels.com/Agape/index.htm

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

11) Download Helper Needed

Fred, I live in a digital black hole, with the only available high speed internet being satellite.  That means I spend a lot of time, fingers crossed, downloading patches.  There are some recommendations in past issues, but do you have any recommendation from the current crop of download managers? They tend to appear and then vanish. ---Alan P. Biddle

I've been using "Star Downloader" for a while now; it's available in two versions, free and Pro, with the usual kinds of features split. Seems to work pretty well, and integrates with your browser (Mozilla browsers, too!). http://www.stardownloader.com/

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

12) Just For Grins

Hi Fred, Suggestion for your "Just for Grins:"
 
Not so much to bring a grin to your face, but rather to explain the grin on my face if you were to spot me in the car/plane/train. With the advent of numerous portable devices to play music, and with my constant desire to learn and improve myself (a huge task!), it occurred to me that with the existence of http://www.gutenberg.org/  and numerous improved text readers, I could actually "read" whilst traveling. To this end I generate MP3 files (32Khz, mono) from books I get off www.gutenberg.org , and put them on my cell phone (which I disconnect from the network whilst flying), and then play them whilst traveling ? in the last three months have "read" 14 classics, never read before! Not sure if I am better for it, but sure have enjoyed it. The text readers still need improvement, but after a bit of "reading," one can get to anticipate their inadequacies. Cost to date = nil
 
I am not the originator of this idea, but I am sure it might appeal to many of your readers who perhaps had not considered this possibility! The pay-for text readers are probably better than the free ones, but I have not felt the need to go there yet.
 
Bill Liversidge --- Durban South Africa

Thanks, Bill! Gutenberg.org is pretty cool--- over 15,000 e-versions of literary classics and other works, all in the public domain, converted to electronic format by volunteers!

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

13) Plus! Edition Highlights:

• Knoppix, *Inside* Windows!
     (an old favorite Linux, now easier than ever)
• Free Beta Of Norton Internet Security 2005
     (yup--- free!)
• "Home Search Assistant" Problems
     (how to get rid of this stubborn software)

Plus! edition subscribers not only get much more content in every issue (like the above), but also have access to a private web site with over 100,000 words of special content and features not found in *any* issue of the newsletter; along with dozens of private downloads and much more---all for around just $1 per month!

Plus! Edition info: http://langa.com/plus.htm

Click to email this item to a friend
http://langa.com/sendit2.htm

return to top of page

(Give a gift subscription to the LangaList Plus edition!
Click <a href= " http://langa.com/plus_gift.htm ">here</a>)

See you next issue, 2005-05-09!

Best,

Fred
( Editor@Langa.Com )

Please recommend the LangaList to a friend! (And maybe win a prize!)

An easier-to read formatted HTML version is available in the "Current Issue" section of http://langa.com.  (The HTML version of each issue normally is available by 9AM EST [UT-5] of the issue date.) All past LangaList issues are also available at the Langa.Com site.

return to top of page

Administrivia:

UNSUBSCRIBE (instant removal!): http://langa.com/leave_langalist.htm

SUBSCRIBE (it's free!): http://langa.com/join_langalist.htm

CHANGE ADDRESS? LIST TROUBLE? HAVE QUESTIONS? OTHER PROBLEM? NEED HELP? See http://langa.com/help.htm

This newsletter is SPAM PROOF and requires two levels of subscriber confirmation before delivery begins: See http://langa.com/info.htm

About the advertisers: http://langa.com/privacy.htm#ads

Disclaimer: http://langa.com/legal.htm  In brief: All information herein is offered as-is and without warranty of any kind. Neither Langa Consulting LLC, nor its employees nor contributors are responsible for any loss, injury, or damage, direct or consequential, resulting from your choosing to use any information presented here.

This newsletter is a service of Langa Consulting LLC and is Copyright © 2005 Fred Langa / Langa Consulting LLC. All worldwide rights reserved. LangaList: ISSN 1533-1156

return to top of page