Ben, blogging天道酬勤 Confucius said: He who works hard gets well paid. |
Wednesday, October 25
Tuesday, October 24
Which browser to choose, IE7 or Firefox 2?
The browser world has not been this busy before. 5 years after the previous version, Microsoft released IE7, because it feels the threat from Firefox. One week later, Firefox release second edition.
After IE became the dominant browser in the Internet, Netscape closed its product line in Windows system. Microsoft has no intend to develop better browser. Under this circumstance, open source community Mozilla which inherited the source code of Netscape released Firefox in November, 2004.
The biggest difference between Firefox and IE is extensibility: A developer with 1 year experience of HTML and JavaScript can make extension for Firefox. So numerous extensions were made by Firefox fans: TabBrowser, AdBlock, Flashget, Session Saver, Weather Report... The security of extension can be easily verified because the extension is provided as zipped source code, and everyone can check the code. At least the extension can not hurt the operating system. Mozilla provides an add-on website to make those verified extension official. Users can visit this website to find the extensions they like. In another way, developer must have more than 2 years C programming experience to make a success IE plug-in; After the IE plug-in is installed into a computer, it gains admin privilege, and it can become a harmful spyware or Trojan horse. The worse thing is that it is distributed as machine code, and no one except the developer knows exactly what this program does. Since Microsoft cannot check the source code, it doesn't build a website to endorse the extensions. Actually, the IE plug-in has been a problem in the Internet, because a lot of users click "Yes" when they see a pop-up window saying "xxxx program, do you want to install?" Lack of security sense leads to the intrusion of BadWare.
The popularity of extension brings into creativity of programmers. The Firefox updates very often, and the TabBrowser has been built into Firefox 1.0, and the Session Saver and Spell Checker are built into Firefox 2.0. The developer of Firefox adopted the advice from the creative programmers all over the world to build user-friendly browser.
Spelling Checker, (Windows can have it built-in)
RSS reader
Sunday, October 22
IE7: Why is Microsoft coming back to IE?
IE3 was an immature product. Microsoft pushed it to compete with Netscape 3. Shortly after IE3 was lunched, IE 4 was published. IE 4 is good, and it was bundled with Windows 98. So since this Internet Browser is coming with the system, user has no reason to download another one. Netscape's market share dropped dramatically after IE4's existence. It brings the close of Netscape company. Netscape was sold to AOL, and was permanently closed. Fortunately, AOL donated the source code to Mozilla, a open source community, and a non-profit organization.
After Netscape was down, Microsoft has no intention to make IE better. IE5 has two special features: A print preview window, and an Internet radio. The print preview window is nonsense, because you have no control to the printing result. Even if the print preview result is not so good, you can not edit the webpage anyway. The Internet radio was cancelled in the later version, and the function was added into Windows Media Player. IE6 might have better security feature, but it is not a big leap from previous version.
At the same time, the Mozilla community was working hard to create a better browser, Firefox, for user experience. Tab Browsing, Ad Blocker and Pop-up Blocker are designed for users. After the Firefox was released in November, 2004, it has dominated 10% of the browser market. When Microsoft noticed the thread of Firefox, it has to develop new IE, 5 years after the previous version was released.
So, after the IE7 was released, the vice president of Mozilla said:"By Microsoft implementing or adding the features that Firefox has popularized, we have made the web a better place. That can only be viewed as a good thing for users(Both IE users and Firefox users)."
Time Line:
Netscape Navigator 1.0: December, 1994
Internet Explorer 3.0: August 13, 1996
Netscape Navigator 3.0: August 19, 1996
Opera 2.0: August 1996 (Shareware)
Netscape Navigator 4.0: June, 1997
Internet Explorer 4.0: September, 1997
Opera 3.0: December 31, 1997
Netscape Navigator 4.08: November, 1998 (Last version of Navigator)
Netscape Communicator 4.5: August, 1998
AOL acquired Netscape: November, 1998
Internet Explorer 5.0: March, 1999
Netscape 6: November 14, 2000
Opera 5.0: December 6, 2000 (Ad-Sponsored)
Internet Explorer 6.0: August, 2001
Netscape 7: August, 2002
AOL closed down Netscape division: July 15,2003
Mozilla Firefox 1.0: November 9, 2004
Opera 8.5: September 20, 2005 (Free version)
Mozilla Firefox 1.5: November 29, 2005
Internet Explorer 7.0: October 18, 2006
Mozilla Firefox 2.0: October, 2006 (planned)
Internet Explorer 8.0: ??
Mozilla Firefox 3.0: May, 2007 (planned)
Saturday, October 21
Is High Tech Fragile?
Today one news was about a fire in New Brunswick. It was a small fire; when the fire fighters came, it had been put out by the technicians. But because one cable was on fire, the communication of that city was interrupted: More than 100,000 residential phone were cut, and the 911 was not function either.
Update: The news was heard from TV. Now after I searched the Google News, it turns out the fire was in St. John, NewFoundland. The outrage lasted for four hours. Even the Internet, bank machines and ATM machines were interrupted in that four hours.
Why the backup system was not successfully started to replace the damage system? The company will investigate this problem on Monday. But this is truely frustrating. If a back up system can not take over the system, we have no reason to pay big money in the back up system. Expence of a back up system includes the hardware, software, labour to back up everyday, or the bandwidth for real-time backup.
It is such a small file, that even a technician can put it out. How can it cause trouble to the whole island for four hours? Is high tech that fragile?
Thursday, October 19
California Stop
California is a land of fruits and nuts... At least that is what the vehicle plates say. People in this state were so smart to find that it is good to allow making a right turn on the red traffic light (after a full stop). Not to be left behind, the other states now says it is right to go right-on-red.
Another driving habit in California is illegal. The "California Stop". Usually we have to come to a complete stop at each and every stop sign there is, no matter how peaceful the surroundings appear. California stop is the act of slowing down but not completely stopping at a stop sign.
Labels: Driving
Sunday, October 15
What should you do before you call IT service?
In the eWeek, one article is talking about How to Stay in Your Help Desk's Good Graces:
- You should know how to save and back up your work.
- You and you alone are responsible for knowing your password.
- You should know how to email effectively, securely and efficiently.
- Do your part to secure your workstation.
- You should troubleshoot before calling for help.
The first one is reasonalble. You should know how to save and back up your work. Back up your work regularly, so when bad things happen, you are not that nervous. The computer is vulnerable. It is extremely vulnerable. Don't rely on it. This is the word from an old IT professional, please take it.
The second advice is to make sure you know your own password, and don't let others have it. Although you might not have anything important in your computer, you don't care too much about your password. But what if some people log in the system using your account? How will you get yourself out of the mess if the system log says you are the one who accidently deleted an important company file?
The next advice is about email. I would add "Internet" as well. Spam email, Phishing website, Trojan horse are common sense for Internet users. If you are not familiar with any of these three concepts, you should take some time to read some security articles. At least you should read the related pages in the wikipedia. Deleting useless email will release hard drive space of server, relieve the anxiety of the IT department; It actually give you more space to save useful email.
The forth advice is to do your part to secure your computer. The previous advices tell you to be serious of security. While the responsibility for securing the corporation's network falls predominantly on the IT department, there are something the employees can do to ensure that their computers are not the stations that wave the bad guys in.
Among these, not opening risky attachments or downloading unknown software from the crazy Internet are near the top of the list. If in your work you desperately need some software which is introduced by a friend, talk to the IT guys, ask them to make an accessment, get their approval before you install it. They will be only too happy to do that, because they have the chance to check it first before a rampant virus is controling the network. Creating a strong (enough) password, and locking your computer when you leave it, are the rest of things you can do. It's not too difficult, isn it?
The last advice, troubleshooting before you call for help, is to show your respect to the IT guys' work. You don't want them to come over only to press the "Reset" button. Give them some challenging job, please. You can press the "Reset" button by yourself, you can check the plug of the computer/printer, and check the paper tray if it is empty. The biggest secrete in Microsoft's Windows system is: When you get error message now and then, save your work and reboot your computer. Mostly your computer returns to normal after a reboot.
Another meaning of troubleshooting is to find out "How to
Tuesday, October 10
Random Number Generator
A computer can not create random number, because everything is under control--except the Blue Screen of Death.
So, the "random number" in the computer actually is "pseudo random number". It is generated following some function. If you know the function and some other conditions, you can actually predict what will be the next "random" number. A simple function is:
- xn+1 = (xn)2 Mod M
Another question is: Each time you get "8372", the next number must be 90384. We can know the whole sequence of random number. If this random number generator is applied in a game, you can predict computer's next step when the last step is familiar. The game is not fun at all?!
So the number M must be changed every time. The next number after "8372" will be something else. We give an initial "seed", and the sequence will be different, if the initial seed is different.
The standard method to initialize a random number generator is C language is:
srand ( time(NULL) );when the time() function creates a long number which is the colapsed seconds from midnight of Jan, 1, 1970. This number increases every second, so you can never get the same random number sequence.
Some new programmers forget to initial seed before using rand() function, and the function creates the same sequence of numbers. That is funny. XJ takes advantage of this feature, use the same seed to create the same sequence of random numbers, so that he can trace his code again and again during debuging.
One parameter to justify if a function is a good random number generator is the distribution of generated numbers. The created number should be randomized enough. If you are creating numbers between 1 and 1000, then the chance that one number is between 100 and 200 should be the same as the chance that is is between 500 and 600.
One online gambling website publiced its source code to convince its players that the game was fair, there was no trick in this website. Three yeas ago an MIT PHD student found a bug in the random number generator. After he got several cards, he could guess what the "seed" was, then the next "random" number and the next card would not be a secret to him. The more cards he got, the more accurate his guess would be. He could have won big money using his knowledge. Instead, he published his research :D That is how a real researcher works.
So if an intruder knows the algorithm, the seed, and historic number, he can easily calculate the whole sequence of the number and predict the next one. That's why it is always a "pseudo random number". It's hard to hide the algorithm, because sometimes an intruder can get your source code. The intruder can be an insider, or the programmer who creates this software. So make sure you hide the seed perfectly. Some algorithms can create random numbers in good distribution, but people can guess the seed from historic numbers. This kind of algorithms can't be used in security area then.
Labels: Algorithm
Monday, October 9
Eco System of Virus
Last Monday, a computer in my lab got infected of virus. The network admin tried several anti-spyware softwares, and tried to delete the virus manually in safe-mode. But after the softwares deleted several virus, one virus was still alive.
On Friday, the computer had become very slow, and a new message pop-up saying:"You computer has been slow down 40% because of virus. Please click the link to purchase xxxx anti-virus software". When the admin ran the anti-spyware software again, 5 virus were found, so the only way to deal with it is, of course, reinstallation.
There was only 1 virus on Wednesday, why 5 virus were found on Friday? Because the immortal virus created a port allowing other virus to intrude this computer. This is the Eco System of Virus.
Yes, when a virus is executed, it gets the privilege to run anything. The first thing is to create a back door, so that it can enter the system any time it wants. Other virus will take advantage of the back door, and get in this computer without permission of the origin virus. For example, in the Sony rootkit scandal, Sony's Badware hides itself from users by changing to operating system to hide file names begins with "$sys$", then the new virus are named with "$sys$". If your computer are infected with Sony's Badware, you can't notice the existence of the new virus.
In a eco system, co-existence is not the only relation between members. Competition is also important. Competition can create better generation, and eliminate the worse ones.
Even in the Eco system of Virus, there is competition. The famous case was between Netsky and Beagle. The war was in 2004, when one programmer accusing another programmer stole the source code. The virus can get rid of another one when it has the control of a computer. but in the second day, another one creates a new generation which can delete its rival.
The evolution of virus is also interesting. A virus can't prevail too long, because the security experts in the world will definitely find a solution to prevent the distribution. The authors of the virus know this well too. So, a virus must have next generation which has new feature to bypass the solution of previous generation. A virus (or the programmer) learns how to fight with the world during the evolution. It also learns how to take advantage of backdoor from other virus, and avoid attack of rivals. The Beagle virus is wise enough to set a deadline in it's program, because it knows one generation of virus can't stay for more than 1 month, and it knows clearly the next generation will be stronger, and the ancestor should suicide to release the resouce for the next one.
One question amazed a lot of peoples: How do police find out who is the author of a virus?
The answer is: The computer world is so complicate that a newcomer can't make (good) virus alone. So if a good virus is going around the Internet, the programmer must have experience, or acquire experience from some old-hands. So he must be an active member in hacker community, and he shows off his programs to his friends.
Friday, October 6
The Print function of VB
Today I tried working with the Visual Basic for a while. The Print function gave me a headache for 20 minutes. The VB language is not well defined as C, and you can do a simple thing in several ways,
The first thing is to print some numbers in one line. In a loop, I used
Print i & " "but each number is printed in one line. I checked the Print command carefully, and found I ignored the optional charpos in the commend:
charpos Optional. Specifies the insertion point for the next character. Use a semicolon (;) to position the insertion point immediately following the last character displayed. If charpos is omitted, the next character is printed on the next line.So I changed the previous line as
Print i & " ";and it works fine now.
Also, the Tab part of the command is tricky. In the documentation, you can use
{Spc(n) | Tab(n)} expression charposTab(n) followed by expression. Common sense tells me I should be able to use it in this way:
Print i & Tab(1)but failed.
In C language and Java language, "\n" means a new line. But in this Print function of VB, it doesn't work. You can get "slash n".
Labels: Programming
Thursday, October 5
Conversation about virus
This is a translation of " 新浪MSN大中毒事件"
Today I got a message from MSN asking me to open a link.
Unexpected, after I clicked the link, a software is downloaded and executed. Consequently, of course, my computer was infected by virus. I have a lot of Sina user friends in
I think the MSN virus is distributed to those MSN users in the friend list after it
Because many Sina netizens are in each other's MSN friend list. Sina netizens infect each other, finally bring the virus to this blog.
It is worse if your office computer is infected by virus, because you have to get those IT guys in support department to solve the problem. He will defenitely ask you something you don't like.
"Your computer got virus. What did you do?" when he asked this, he meant:"What kind of software did you download? You surf Internet when you are in office?"
So I politely said:"Yes, that's a virus. I clicked somthing I don't know. I am so glad that you can help. By the way, could you check the MSN too? I couldn't get it connected." whey my eyes said:"None of your business!"
He said "OK" when he was apparently thinking:"How can you play MSN in office? Do you come to work or play?".
I said:"I appreciate that." with the attitude: Mind your own business! I like MSN, what does it have to do with you anyway? Everyone in the office has it installed.
The computer was recovered, virus was erased, and the IT guy left.
It is lucky that the virus is not from porn website. Otherwise, it's hard to explain.
Labels: Malware
Wednesday, October 4
Difficulty in writing blog
Does anybody
This is the first book I found from the library by searching "writing".So I changed it into:
This is the first book in the library by searching "writing".and it works.
And this is the second time the blogger.com reject my blog.
Update: Above words were written
Labels: Blogger
Keep anonymous in campus?
In The Lance, one news is interesting:
Ontario universities have been brought under a provincial privacy act that gives students the right to keep their names private, placing new constraints on everything from attendance forms to how the marks are posted.The province's Freedom of Information and Privacy Act has been in place for over 18 years, and the Act is to protect personal information of individuals from being disclosed by government organizations. Yes, an educational institution is a government organization, and it should apply to this Act. But it will bring troubles to the campus life. For example, a student's name can't be given without his permission, that means the teacher can not print out an attendance sheet with students' names and ask everybody to sign in, otherwise, the teacher is violating the Act. Also, putting a pile of marked assignment for students to pick up is restrictly prohibited
The Lance quoted words from Wilfrid Laurier University's privacy officer:
"A university is a community of learners. You come to university not to be anonymous, but to explore your identity. [The Act] is not a perfect fit with this."He said it was causing major inconveniences in the classroom. It seems that the "privacy officer" is not happy to apply the Act too. But
No need to say the reason, privacy is important to every individual. We don't want our personal information being compromised in any way, especially by government agents. We trust our government, and we tell them our income, our
But in another way, studying in a specific university is your privacy information. You have the right not to tell others your education information, and sometimes you have good reason to do so. So releasing names by a university will violate your privacy to some extend.
We will leave this topic to lawyers :)
Tuesday, October 3
Let's talk about Reinstallation
Installing a system is quite strait forward. The modern operating systems including Linux and Windows are very easy to be installed. You simply put in the CD and run the installation program, answer several questions. Two hours later, you have a fresh operating system to play with.
But reinstallation is another story. Most computers which are required to reinstall a new system are abused. A lot of programs are installed and a lot of files are saved in those computers. Some files might contain virus. So it is important to save those programs, files, and settings of programs before installing a new operating system.
Reinstall a new system in the same folder as the old one without formatting the drive is not a good practice. The old system is broken because of some reason. Maybe the computer gets virus? Maybe the system files corrupt? At least, there are too many useless files in the system folder. If you install the new system in the same folder to replace old one, the useless files are kept to slow down the new system. So the best option is to format the drive to clean up everything before reinstallation. That’s why we need to save data before formatting.
Monday, October 2
Virus experience
AdWare Experience
A computer in my lab got an AdWare today.I don't know what the girl did to her computer, but when she asked me about the installation of EditPlus, I noticed her computer was slow. Suddenly, a message popped up:” Your computer is infected with AdWares, Please visit xxxx.com". Yes, that AdWare’s function is to promote a software to delete adwares...First of all, the girl is a Computer Science graduate student, like me. So we can assume she knows the basic idea of computer and Internet.Second, Norton Antivirus Corporation Software is running in her computer. This is mandatory in all our labs, and the virus-library is updated. Also, the Windows XP is updated as required.Third, there is a firewall in the campus network.With all these 3 factors, we still can't protect a computer from attack of AdWare, what a brutal world!Then I tried to help her to get rid of the AdWare. She doesn't know too much about computer security, and I don't want her to bother me all the time. But 10 minutes later, I gave up.There is one system tray icon indicating this software, but the only function is to bring up the "Your computer is infected with AdWares" message. There is no "exit" or "close" menu attached with it at all.Since Norton Antivirus is installed, the standard procedure is to run it to scan the whole computer. Of course it failed as I expected. Since the BadWare is running in memory, there is no way to find it out, if it is smart enough. Five years ago, an Antivirus software can capture a running virus and kill the process before it deletes virus files. Now the virus knows how to hide itself from Antivirus softwares, especially when the virus is running with admin privilege. So I tried to kill the virus process manually. From the Windows Task Manager, I saw too many processes. After all other windows are closed, I saw several suspicious processes: ishost, hostsys, and some others. I am familiar with most of the system processes, and I am sure these two processes are not related to system. But after I killed "ishost", it appears again. Yes, this virus is smart enough to run several processes, and each of them can initial another, if one process is terminated. I actually tried to use "Ctrl" key to select both processes, but the Windows Task Manager doesn't support this operation.Since the virus procedure is running and it has administrator privilege, I know I can't delete it. So I checked the startup registry and the running service list. There're too many software installed in this computer, and I can't say I know everyone of them. So I gave up.I know the correct way to kill the virus is to restart into Safe Mode, and delete the virus files and registry entries of virus manually. But because it’s hard to tell the virus files and entries from normal files and entries, especially when the computer is not managed by me, I decided to leave this task to network admin. I think he may suggest to reinstall Windows, or leave the virus alone :D No kidding! Sometimes, if the virus is harmless, we leave them alone in our computer, if the expense of reinstallation is too much.
What is the expense to reinstall system? Let’s talk about this topic tomorrow.
-----------------
In the above article, I mixed AdWare, BadWare, and virus. AdWare is installed in computer without user’s permission, and the function of it is to show commercial Ads. Virus’s function is to destroy your file and use computer resource in your computer to distribute itself. Anyway, BadWare, or MalWare, includes everything we don’t like.
People are familiar with the word of “virus”, and we used to call any unwanted software as virus. But that is not correct. Virus, in computer history, has its own definition. A virus is a program which can conceal itself, and redistribute itself to other computers, and do something bad to the computer when the situations is met. Concealment, redistribution and bad action are the three signs of virus. BadWare is a new word, which can include virus, adware, spyware, Trojan horse, and joke program.
Update:
The Network Admin ran Cleanup!, Ewido Security Suit and AVG Anti-Spyware at the same time. After running them several times, that adware’s icon disappeared, but there is another popup message in some language I don’t know:
NON HO TROVATO NESSUN MODEM PER LA CONNESSIONELooks like an unclean program.
Labels: security