The Sensible Internet Design Journal
Issue 40 of The Sensible Internet Design Letter
http://smallinitiatives.com/journal75_0_1_0_C4.html
http://smallinitiatives.com/
Saturday, August 16, 2003
Text style sampler
Instructions by Jay Small of Small Initiatives
Use this page to try different combinations of typefaces, text line height, paragraph indents and widths, and see the results (and the Cascading Style Sheet properties that made them) in the blocks of text below. Try this in different browsers and observe the subtle differences.
Here are the variables:
Font: Choose from four commonly installed, screen-friendly fonts: Times New Roman, default on many browsers; Verdana, a popular sans-serif choice; Arial, another popular sans-serif face; and Georgia, a serif face that is screen- and printer-friendly.
Line height: The default setting is 1 em. In printing, this setting would be known as "set solid." The line height is identical to the height of the letters themselves. But Web browsers fudge this a bit when they render text -- in fact, if your font size and line height are both left to defaults, there will be at least a pixel of space between lines of text. You may wish to add more space, especially on text set very wide.
Paragraph indents: By default, stacks of paragraphs in Web browsers do not have first-line indents; instead, the first line of each paragraph is flush-left but you see a full line of space between paragraphs. Most printed text is set with paragraph indents, however, and if you want them they are easy to create. The samples with indents have a half line (0.5 em) of space between paragraphs.
Set base font size
Then, select a base font size. The default size (1 em, or what would be applied if you used no style sheets at all) is typically rendered at 16 pixels.…
http://smallinitiatives.com/whatwevedone/presentations/textsampler/
Instructions by Jay Small of Small Initiatives
Use this page to try different combinations of typefaces, text line height, paragraph indents and widths, and see the results (and the Cascading Style Sheet properties that made them) in the blocks of text below. Try this in different browsers and observe the subtle differences.
Here are the variables:
Font: Choose from four commonly installed, screen-friendly fonts: Times New Roman, default on many browsers; Verdana, a popular sans-serif choice; Arial, another popular sans-serif face; and Georgia, a serif face that is screen- and printer-friendly.
Line height: The default setting is 1 em. In printing, this setting would be known as "set solid." The line height is identical to the height of the letters themselves. But Web browsers fudge this a bit when they render text -- in fact, if your font size and line height are both left to defaults, there will be at least a pixel of space between lines of text. You may wish to add more space, especially on text set very wide.
Paragraph indents: By default, stacks of paragraphs in Web browsers do not have first-line indents; instead, the first line of each paragraph is flush-left but you see a full line of space between paragraphs. Most printed text is set with paragraph indents, however, and if you want them they are easy to create. The samples with indents have a half line (0.5 em) of space between paragraphs.
Set base font size
Then, select a base font size. The default size (1 em, or what would be applied if you used no style sheets at all) is typically rendered at 16 pixels.…
http://smallinitiatives.com/whatwevedone/presentations/textsampler/
Blaster Variant on the Loose
Security experts are now tracking a new variant of the Blaster worm that was first spotted Wednesday morning.
The new version is nearly identical to the original, except for a new name on the executable file and a different registry key. The variant's file name is "teekids.exe," and the key it adds to the registry is: "Microsoft Inet Xp.." The key is located in the same place as Blaster's key is, according to Neel Mehta, research engineer at Internet Security Systems Inc. in Atlanta.
"Some of our customers say that they're seeing more copies of the new one than the old one, but I think that's just bad luck," Mehta says. "It scans exactly the same way and acts exactly the same as Blaster."
Mehta said that some copies of the new variant are coming packed with various known Windows Trojan programs, as well.
http://www.eweek.com/article2/0,3959,1219197,00.asp
Security experts are now tracking a new variant of the Blaster worm that was first spotted Wednesday morning.
The new version is nearly identical to the original, except for a new name on the executable file and a different registry key. The variant's file name is "teekids.exe," and the key it adds to the registry is: "Microsoft Inet Xp.." The key is located in the same place as Blaster's key is, according to Neel Mehta, research engineer at Internet Security Systems Inc. in Atlanta.
"Some of our customers say that they're seeing more copies of the new one than the old one, but I think that's just bad luck," Mehta says. "It scans exactly the same way and acts exactly the same as Blaster."
Mehta said that some copies of the new variant are coming packed with various known Windows Trojan programs, as well.
http://www.eweek.com/article2/0,3959,1219197,00.asp
Friday, August 15, 2003
The Bright Side of Blaster
The Blaster worm has infected hundreds of thousands of Windows machines, shut down the Maryland state DMV, put network administrators on overtime, crashed countless consumer's home computers, and on Saturday it will attempt a denial-of-service attack on Microsoft's Windows Update site. But that doesn't make it all bad.
Blaster, also known as MSBlast and LovSan, hit the Internet on Monday, spreading through the RCP DCOM vulnerability discovered by the Polish security research group Last Stage of Delirium earlier this year. The worm is built on dcom.c, one of the public exploit programs that emerged to demonstrate and exercise the flaw in the days and weeks following Microsoft's July 16th advisory. According to data gathered by (SecurityFocus publisher) Symantec's DeepSight network of intrusion detection systems, by Thursday afternoon the worm had infected over 330,000 Windows XP and Windows 2000 machines.
As nasty as that is, security experts say it could have been much worse: the worm is hampered by clumsy construction, and it does not contain a malicious payload to damage victim's files. Moreover, in its reckless tear through cyberspace Blaster is accomplishing what a month of warnings from the security community, an unprecedented mass-e-mail campaign by Microsoft, and two advisories from the Department of Homeland Security all failed to do: it's forcing companies and consumers to install the patch for the serious RPC DCOM vulnerability, shutting down computer intruders who've had their pick of these systems for weeks.
http://www.securityfocus.com/news/6728
The Blaster worm has infected hundreds of thousands of Windows machines, shut down the Maryland state DMV, put network administrators on overtime, crashed countless consumer's home computers, and on Saturday it will attempt a denial-of-service attack on Microsoft's Windows Update site. But that doesn't make it all bad.
Blaster, also known as MSBlast and LovSan, hit the Internet on Monday, spreading through the RCP DCOM vulnerability discovered by the Polish security research group Last Stage of Delirium earlier this year. The worm is built on dcom.c, one of the public exploit programs that emerged to demonstrate and exercise the flaw in the days and weeks following Microsoft's July 16th advisory. According to data gathered by (SecurityFocus publisher) Symantec's DeepSight network of intrusion detection systems, by Thursday afternoon the worm had infected over 330,000 Windows XP and Windows 2000 machines.
As nasty as that is, security experts say it could have been much worse: the worm is hampered by clumsy construction, and it does not contain a malicious payload to damage victim's files. Moreover, in its reckless tear through cyberspace Blaster is accomplishing what a month of warnings from the security community, an unprecedented mass-e-mail campaign by Microsoft, and two advisories from the Department of Homeland Security all failed to do: it's forcing companies and consumers to install the patch for the serious RPC DCOM vulnerability, shutting down computer intruders who've had their pick of these systems for weeks.
http://www.securityfocus.com/news/6728
Thursday, August 14, 2003
Photos.com, unlimited downloads of the 60,000 photos, for only $299.95
You know that high-quality stock photos are not inexpensive, and yet bargain-priced images often don't have the quality you need for your Web or print design projects. Variety and image freshness are also important – when you're on a deadline, looking for just the right image, time is money.
This is why the subscription-based Photos.com site has proven so popular. Now you can take advantage of this special offer to obtain unlimited downloads of the 60,000 photos, for only $299.95 (a 40% savings) for an entire year. Photos are available in three convenient sizes, in such popular categories as business, health, technology, lifestyles and more. Why not try out a few of the free photos first, to make sure the image quality meets your needs?
Sign up by August 30, 2003 at www.photos.com/promo/andromeda to take advantage of this limited-time offer.
www.photos.com/promo/andromeda
You know that high-quality stock photos are not inexpensive, and yet bargain-priced images often don't have the quality you need for your Web or print design projects. Variety and image freshness are also important – when you're on a deadline, looking for just the right image, time is money.
This is why the subscription-based Photos.com site has proven so popular. Now you can take advantage of this special offer to obtain unlimited downloads of the 60,000 photos, for only $299.95 (a 40% savings) for an entire year. Photos are available in three convenient sizes, in such popular categories as business, health, technology, lifestyles and more. Why not try out a few of the free photos first, to make sure the image quality meets your needs?
Sign up by August 30, 2003 at www.photos.com/promo/andromeda to take advantage of this limited-time offer.
www.photos.com/promo/andromeda
Wednesday, August 13, 2003
Blasting Blaster
In mid-July, Microsoft supplied patches for a vulnerability in the DCOM Remote Procedure Call module that could allow a worm to download and run any program. Microsoft Windows NT4, 2000, XP, and Windows Server 2003 were affected. This Monday, machines without the patch became fair game for the fast-spreading Blaster worm. Blaster is set to launch a Distributed Denial of Service (DDoS) attack on windowsupdate.microsoft.com this Saturday, August 16th. You don't want to be a part of that, so be sure you have the patch installed.
But what if your system is one of tens of thousands already compromised by Blaster? You may not be able to install the patch, or to do much of anything. On most machines Blaster triggers a Windows shut down sequence with a 60-second warning, leaving no time for downloading. Your first step is to abort the shutdown by entering the command "shutdown /a" (no quotes) in the Start menu's Run dialog. With the countdown halted, you can try the free removal tool from Symantec or do the job by hand.
http://www.microsoft.com/security/security_bulletins/ms03-026.asp
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
http://www.pcmag.com/article2/0,4149,1217751,00.asp
In mid-July, Microsoft supplied patches for a vulnerability in the DCOM Remote Procedure Call module that could allow a worm to download and run any program. Microsoft Windows NT4, 2000, XP, and Windows Server 2003 were affected. This Monday, machines without the patch became fair game for the fast-spreading Blaster worm. Blaster is set to launch a Distributed Denial of Service (DDoS) attack on windowsupdate.microsoft.com this Saturday, August 16th. You don't want to be a part of that, so be sure you have the patch installed.
But what if your system is one of tens of thousands already compromised by Blaster? You may not be able to install the patch, or to do much of anything. On most machines Blaster triggers a Windows shut down sequence with a 60-second warning, leaving no time for downloading. Your first step is to abort the shutdown by entering the command "shutdown /a" (no quotes) in the Start menu's Run dialog. With the countdown halted, you can try the free removal tool from Symantec or do the job by hand.
http://www.microsoft.com/security/security_bulletins/ms03-026.asp
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
http://www.pcmag.com/article2/0,4149,1217751,00.asp
Blaster Worm on the Move
The Blaster worm continued to tear through the Internet Tuesday morning as security experts struggled to find and fix infected systems. The worm is presenting a unique problem for security specialists because it is infecting a large number of PCs owned by home users, many of whom may be unaware that their machines are compromised.
And because Blaster's scanning algorithm tends to start by looking for IP addresses that are close to the infected machine's, the worm can rattle around inside a local network for quite a while, consuming bandwidth.
Officials at the CERT Coordination Center estimated that the number of infected machines is in the hundreds of thousands and will continue to grow. "A large number of the compromised machines are those of home users. In this case it isn't as easy as downloading a patch because they can't get enough bandwidth to get online and get the patch," said Marty Lindner, team leader for incident handling at CERT, based at Carnegie Mellon University in Pittsburgh.
"The compromise has a harder time getting out of the local network, so it's harder to measure how many machines are infected."
Blaster began spreading early Monday afternoon Eastern time and quickly gained momentum. The worm exploits the RPC DCOM (Distributed Component Object Model) vulnerability in all of the current versions of Windows, except ME. The worm scans the Internet and attempts to connect to TCP port 135. After establishing a connection, Blaster spawns a remote shell on port 4444 and then uses TFTP (Trivial File Transfer Protocol) to download the actual binary containing the worm. The worm is self-extracting and immediately begins scanning for other machines to infect.
For users who cannot free up enough bandwidth to download the patch from Microsoft Corp., CERT recommends an alternative remedy. Users should physically disconnect the infected machine from the Internet or network. Then, kill the running copy of "msblast.exe" in the Task Manager utility. Users should then disable DCOM and reconnect to the Internet and download the patch.
Instructions for disabling DCOM are available at Microsoft's Knowledge Base Web site.
http://support.microsoft.com/default.aspx?scid=kb;[LN];825750
http://www.eweek.com/article2/0,3959,1217020,00.asp
The Blaster worm continued to tear through the Internet Tuesday morning as security experts struggled to find and fix infected systems. The worm is presenting a unique problem for security specialists because it is infecting a large number of PCs owned by home users, many of whom may be unaware that their machines are compromised.
And because Blaster's scanning algorithm tends to start by looking for IP addresses that are close to the infected machine's, the worm can rattle around inside a local network for quite a while, consuming bandwidth.
Officials at the CERT Coordination Center estimated that the number of infected machines is in the hundreds of thousands and will continue to grow. "A large number of the compromised machines are those of home users. In this case it isn't as easy as downloading a patch because they can't get enough bandwidth to get online and get the patch," said Marty Lindner, team leader for incident handling at CERT, based at Carnegie Mellon University in Pittsburgh.
"The compromise has a harder time getting out of the local network, so it's harder to measure how many machines are infected."
Blaster began spreading early Monday afternoon Eastern time and quickly gained momentum. The worm exploits the RPC DCOM (Distributed Component Object Model) vulnerability in all of the current versions of Windows, except ME. The worm scans the Internet and attempts to connect to TCP port 135. After establishing a connection, Blaster spawns a remote shell on port 4444 and then uses TFTP (Trivial File Transfer Protocol) to download the actual binary containing the worm. The worm is self-extracting and immediately begins scanning for other machines to infect.
For users who cannot free up enough bandwidth to download the patch from Microsoft Corp., CERT recommends an alternative remedy. Users should physically disconnect the infected machine from the Internet or network. Then, kill the running copy of "msblast.exe" in the Task Manager utility. Users should then disable DCOM and reconnect to the Internet and download the patch.
Instructions for disabling DCOM are available at Microsoft's Knowledge Base Web site.
http://support.microsoft.com/default.aspx?scid=kb;[LN];825750
http://www.eweek.com/article2/0,3959,1217020,00.asp
MediaSavvy
The online ad boom could delay content charges
Right now, there is more money to be made selling ads online than selling news.
With online advertising continuing to climb (Emarketer says online ad spending will be up 4.8% in 2003), and with online newspapers getting an outsized share of that growth, who is going to be willing to jeopardize their seat on the gravy train by charging for content?…
http://mediasavvy.com/archives/000412.shtml#000412
The online ad boom could delay content charges
Right now, there is more money to be made selling ads online than selling news.
With online advertising continuing to climb (Emarketer says online ad spending will be up 4.8% in 2003), and with online newspapers getting an outsized share of that growth, who is going to be willing to jeopardize their seat on the gravy train by charging for content?…
http://mediasavvy.com/archives/000412.shtml#000412
checkinstall
…it's not always easy to get ready-made binary packages. Checkinstall handles that problem by building a binary package out of a compiled source tree. Where you normally do the ./configure && make && make install routine to build a package, checkinstall intercepts the make install part and builds a package ready for installation in Red Hat, Debian, Slackware, or RPM-based distributions. That way, when your vendor finally does catch up, you can remove the package with a single command (instead of hunting its components down by hand) and install the new binary package without a hassle. Good stuff.
After you ./configure; make your program, CheckInstall will run make install (or whatever you tell it to run) and keep track of every file modified by this installation, using the excelent installwatch utility written by Pancrazio 'Ezio' de Mauro (p@demauro.net).
When make install is done, CheckInstall will create a Slackware, RPM or Debian compatible package and install it with Slackware's installpkg, "rpm -i" or Debian's "dpkg -i" as appropriate, so you can view it's contents with pkgtool ("rpm -ql" for RPM users or "dpkg -l" for Debian) or remove it with removepkg ("rpm -e"|"dpkg -r"). Aditionally, this script will leave you a copy of the installed package in the source directory so you can install it wherever you want, which is my second motivation: I don't have to compile the same software again and again every time I need to install it on another box :-).
http://asic-linux.com.mx/~izto/checkinstall/
…it's not always easy to get ready-made binary packages. Checkinstall handles that problem by building a binary package out of a compiled source tree. Where you normally do the ./configure && make && make install routine to build a package, checkinstall intercepts the make install part and builds a package ready for installation in Red Hat, Debian, Slackware, or RPM-based distributions. That way, when your vendor finally does catch up, you can remove the package with a single command (instead of hunting its components down by hand) and install the new binary package without a hassle. Good stuff.
After you ./configure; make your program, CheckInstall will run make install (or whatever you tell it to run) and keep track of every file modified by this installation, using the excelent installwatch utility written by Pancrazio 'Ezio' de Mauro (p@demauro.net).
When make install is done, CheckInstall will create a Slackware, RPM or Debian compatible package and install it with Slackware's installpkg, "rpm -i" or Debian's "dpkg -i" as appropriate, so you can view it's contents with pkgtool ("rpm -ql" for RPM users or "dpkg -l" for Debian) or remove it with removepkg ("rpm -e"|"dpkg -r"). Aditionally, this script will leave you a copy of the installed package in the source directory so you can install it wherever you want, which is my second motivation: I don't have to compile the same software again and again every time I need to install it on another box :-).
http://asic-linux.com.mx/~izto/checkinstall/
Monday, August 11, 2003
Download and Build Quake II for .NET
Vertigo Software Inc. has released Quake II .NET, a version of id Software's popular Quake II game ported to the Microsoft .NET common language runtime (CLR) using Microsoft Visual C++ .NET 2003.
Download Quake II .NET from Vertigo Software, Inc., including full source code and project files for Visual C++ .NET 2003, as well as a white paper describing the effort.
This application demonstrates the powerful capability of Visual C++ to retarget existing C++ code at the .NET CLR with little effort. It shows how a highly performance-critical application like Quake II can retain these characteristics in the CLR environment, while simultaneously offering new features implemented using the .NET Framework.
Download Quake II .NET from Vertigo Software, Inc.
http://www.vertigosoftware.com/Quake2.htm
http://msdn.microsoft.com/visualc/quake/
Vertigo Software Inc. has released Quake II .NET, a version of id Software's popular Quake II game ported to the Microsoft .NET common language runtime (CLR) using Microsoft Visual C++ .NET 2003.
Download Quake II .NET from Vertigo Software, Inc., including full source code and project files for Visual C++ .NET 2003, as well as a white paper describing the effort.
This application demonstrates the powerful capability of Visual C++ to retarget existing C++ code at the .NET CLR with little effort. It shows how a highly performance-critical application like Quake II can retain these characteristics in the CLR environment, while simultaneously offering new features implemented using the .NET Framework.
Download Quake II .NET from Vertigo Software, Inc.
http://www.vertigosoftware.com/Quake2.htm
http://msdn.microsoft.com/visualc/quake/
Sunday, August 10, 2003
Photo Album Script Generator
This program automatically generates HTML codes for a customized photo gallery. HTML developers, who do not have much time to write codes or want to use a simple personal photo gallery, can use it. For Microsoft Internet Explorer 5+, Netscape Navigator 6+, Opera 6+ and Mozilla 1.2+.
http://javascript.internet.com/miscellaneous/photo-album-script-generator.html
This program automatically generates HTML codes for a customized photo gallery. HTML developers, who do not have much time to write codes or want to use a simple personal photo gallery, can use it. For Microsoft Internet Explorer 5+, Netscape Navigator 6+, Opera 6+ and Mozilla 1.2+.
http://javascript.internet.com/miscellaneous/photo-album-script-generator.html
Subscribe to:
Posts (Atom)
Posts
