Archive for the ‘Biography-History’ category

HOSTS file.

November 17, 2011

Whenever I am asked to work on a PC, the first thing I do – every time – is install a HOSTS file. It’s one of the simplest security measures you can take – just a text file in a folder – and the least well known. Everybody knows about virus scanners, many users know about malware scanners, but very few people know about the HOSTS file.

So let’s start with what a HOSTS file is.

You may already know what a DNS is: for our purposes here, it’s a map that points a domain name to the address of a computer somewhere on the internet. For instance, “” maps to That number, or “i.p. address”, refers to a specific end-point, or node, on the internet. Tables of DNS records are stored on special servers, so when you type “” in your browser, a request is sent out, the i.p.address is returned, the connection is made, and the computer Out There and your computer Right Here begin sharing information, in this example, a web page.

The HOSTS file is the first stop on your browser’s trip. You’ve got one on your computer now: if you have a Windows PC, go to c:\windows\system32\drivers\etc. Open the file in Notepad. What you’ll see – after all the #comments at the beginning – is an i.p.address and domain name, probably this:     localhost

Another way that us computer guys say is “home”. (It also goes by the term, “loopback.”)

In short, it’s the i.p.address that your computer uses internally to refer to itself. Your computer’s way of saying, “me.”

What this means is that if you type http://localhost into your browser’s address bar, your browser looks to the local computer for that content. (Unless you have a web server installed, it won’t find anything, but you’re welcome to try.)

Here’s the important part:

Because you provided an i.p.address for the domain, the browser stops looking. It doesn’t go to the internet for the content because the HOSTS file says it’s local. Because there’s nothing there, the request dies.


Let’s pretend, instead of an innocent internet user, you’re a piece of malware, and you need to send the information you’ve collected back to the lair of the evil mastermind. You’re programmed to look for, which is, unfortunately for you, an entry in our hosts file. You can’t phone home.

Let’s pretend, instead of a piece of malware, you’re a browser add-on, and your job is to pop open advertising windows. You do this by connecting to the server of your Evil Mastermind to determine which gambling or porn sites you’re supposed to load. Unfortunately, again for you, is blocked. No windows open because you can’t get your instructions and if you do open any, they will be blank.

Isn’t that awesome?

So, that’s all?

That’s all? We’ve blocked malware from transmitting your credit card number and prevented your mother-in-law – who’s checking her email while you’re fixing yourself a stiff drink – from getting a dozen pop-ups for Asian scat and bondage porn, and you say, “that’s all?”

No, as it happens, that’s not all.

You can be a jerk about it.

Go to one of your co-worker’s PCs and put this entry into the HOSTS file:

I’m sure you could find an interesting i.p.address to plug in. You can repoint a website to ANY i.p.address, though you should note that just because you type in the i.p.address of some objectionable site, doesn’t mean that the site will load. Many times, the domain and the i.p.address are linked on the host: you’ll connect to the server, but it won’t show you anything worthwhile. Might be fun to experiment, though.

But seriously…

Your browsing experience will be, just generally, different. Cleaner for one. Take this LiveJournal blog, for instance:

Those ugly purple blocks are ads. This poor user is browsing the internet without a HOSTS file. Tsk tsk tsk.
This is the same blog, viewed on a PC with a HOSTS file. Look ma, no ads!

Now, there are two warnings I need to offer here.

First, you won’t see ads and much content in the margins of your browsing experience, so you might forward a web page you think is hysterical and get an angry email from your best friend complaining about the porn ads on the page. (Use that as an opportunity to set her up with a HOSTS file.)

Two, many websites track button clicks through ad hosting/tracking services that a full HOSTS file blocks, and if that’s the case you’ll get on the site but won’t be able to navigate. is that way: if I want to browse the site, I have to disable my HOSTS file. The “sponsored” links in yellow at the top of your Google search? Blocked.

Those are minor issues, though. It’s very worth it for better, faster, and most importantly, safer browsing.

OK, so where do I get one?



Sending credit card information by email

April 7, 2011

There’s a lot of discussion on the web on this subject. Most writers recoil in horror from the very thought with the attitude of, “Better to be paranoid than sorry.”

Yeah, I can see it, but only to a point.

Let’s pretend that I’m going to send my credit card info in not one, but three emails: the first email gets the first half, second email the second half, and the third gets the CCV number. In each email I’m going to place the numbers inside blocks of random text. I will assume that the merchant I’m contacting already has my billing address.

I contend that this as safe as sending all that information in a webpage form over an SSL connection.

Let’s examine some points.

According to Verisign in a document published in 2005, approximately 2.25 billion emails are sent per day. Since that document doesn’t track domains such as .edu, we can assume that the number is much, MUCH higher. Let’s say, conservatively, 5 billion. That was six years ago. Assuming a growth rate of 10% (a ridiculously low number), we land on approximately 8.9 billion emails. Each. Day. It is safe to assume that number is much higher.

Let’s say there are one million hackers in the world whose sole purpose in life is to watch emails for credit card numbers. Each hacker gets 8900 emails to deal with: with 86,400 seconds in a day, he has about 9 seconds to process each one. Any good programmer can write a program to do this automatically. We’re not done, yet, though.

Now, the average email takes an average of ten to fourteen steps through various servers before it lands in your inbox. It is extremely rare for two consecutive emails to take the same path. Thus, our hacker will in all likelyhood, not see all three of the emails. That’s okay, though, because some other hacker has the other missing pieces.

Maybe. And even if so, which one (or two) of the million hackers has the other pieces?

Can you see how hopelessly complex this problem is? Working on the theory of diminishing returns, the amount of effort required to harvest one credit card number this way just isn’t worth the effort.

Now, another scenario:

Tonight, I will go out to dinner with my family. When the meal is done, I will hand my credit card to the waiter. He or she will disappear with my card for as long as ten minutes. During that time, that card is out of my control: the waiter can do whatever he or she wants with it. If I’m not otherwise careful online, Facebook or some blog somewhere will divulge my home address – all the information anyone would ever need to steal my identity.

I do this at least once a week without a second thought.

One wonders if the paranoia isn’t a little misplaced.


Installing software

July 22, 2010

My partner at work is one of those people who installs every upgrade and always accepts the default installation for any new software. Now, if you read that and thought, “Wow, what an idiot,” then I’m preaching to the choir: go to the Fellowship Hall, grab a cup of coffee and a serving of pie and wait for me, I’ll be there in a minute.

If you read that and thought, “What’s wrong with that?” read on. This article is for you. I’ve got pie waiting so I’ll be as brief as possible.

Remember those days way back when, when software came on CDs, and what it said on the package is what you were installing and that was it?

Now, all the software you could ever want to do just about any task that software can do is just a download and a few mouse clicks away. That’s a mixed blessing, as it happens, and this is the most important part:

Most software comes bundled with other stuff, and if you accept the default install, you’re getting it all whether you like it or not.

It used to be that the bundled software was innocuous, nothing to worry about. Most often, now, it’s yet another browser toolbar you don’t need or want. (Most open source software published under Gnu licensing rules is bundle-free.) Install enough stuff, and your browser will start to look like the picture.

Is that what you want?

Even software I would usually trust right out of the gate, like the anti-virus I just installed this morning, AVG, had the toolbar bundled with it.

Remember this one thing, if nothing else: there is no browser toolbar that you need. All “helpers” just provide functions that are readily available in most browsers anyway, slow down your browsing experience, and, usually, report your browsing habits back to the owner, who then sells that information to marketers.

Really, is that what you want?

Here are my hard and fast rules on installing software:

Never, ever, EVER accept the default installation. Always select the “Custom” install.

Never, ever, EVER install any software except the stuff I specifically downloaded and want

It’s so simple, isn’t it? When faced with the choice of “Simple” (or “Quick”) and “Custom”, always choose “Custom.” Do this, and your PC will be cleaner, faster, and your browser window will always be user-friendly.

Search Engine Optimisation

February 16, 2010

I am an expert at optimizing websites for the maximum impact on search engines. An expert, seriously. I know as much as the dudes getting $500 a month who optimize websites for a living.

It’s simple. Ready? Write this down:

It’s all about text content.

Not images. Not Flash. Not Ajax. Certainly not keywords.

Content. Text. Text Content.

Google™ doesn’t use KEYWORDS, and never has. Yahoo!™ doesn’t.

If you want Google™ to rank you for “pottery” in “Lawrence, Kansas”, then make sure that those three words appear as often as is logically possible in your content. It doesn’t get simpler than that.

Have an image? Make sure the ALT tag has text. Have a link? Make sure it has a TITLE tag. Make sure the link doesn’t say “Click here”, but is meaningful, like “”Get more information about Kansas Pottery.”

Visit blogs, online forums, and newsgroups related to your subject. Post, reply, flame, and make sure your web address appears at least once in every one.

Visit related websites, and see if they’ll link back to you.

That’s IT.

If you Google™ “how do I optimize my website”, you’ll find all kinds of resources, and they’ll all say basically the same thing. It’s about getting the word out, then having the word on your site.

After that, things get a little vague.

If you call me on the phone and ask, “Why did Google™ drop 20 of my pages from it’s index?” my first inclination is to respond, “I don’t know, why don’t you call and ask them?” Since I can’t do that, what I say instead is, “I don’t know, let me check on it and get back to you.”

The fact of the matter is, when I call you back, I’ll have nothing to report, and I’m not going to make something up.

Because I don’t know. Nobody knows. Google™ doesn’t publish how their search works, and I could beg them all day and never find out. In the parlance of my industry, Google™ is a “black box”: you feed it your input, you get output, and you’re not allowed to see the inner workings.

When I say, “I’ll check”, I’m just allowing you time to get distracted and busy. In your mind, I’m likewise busy; in reality, I’m getting a cup of coffee and working on somebody else’s issue.

When I call you back, and I do, I will report to you what you already know. You had a hundred pages indexed yesterday, eighty today. You’ll deny messing with the site, I’ll deny messing with the site. Then I’ll tell you, “We’ll do an audit on our side, and let you know if you need to change anything on your side. It can take up to two weeks for Google™’s index to change, so we’ll revisit this then, okay?”

So, I’ll admit, that last bit was a lie: we’re never going to revisit this. By tomorrow morning, the next day at the latest, you will have forgotten about this whole issue. That’s the nature of your business, and mine.

So there’s the situation: you want the Ultimate Search Engine Optimization Answer.

Okay, here it is: there isn’t one. Are you listening? There. Is. No. Ultimate. Answer.

SEO has been on the internet radar since the first search engine appeared more than ten years ago. SEO has been big business for the last five or so. Don’t you think, in five years, if there were an Ultimate Answer, someone would have found it by now?

The best we can do is make educated guesses, do all the things we know to do, and hope that Google™ doesn’t screw us both. And if it does, we live with it.

Beware the guy who tells you, “For $100 a month I can guarantee you a high ranking on Google™.” That’s true, for a couple of weeks, until something else comes along that’s optimized a little bit better, or has content that’s a little bit newer.

Anybody who can write a website can “do” SEO: keep your content relevant, fresh, and easy for Google™ to read.

It’s not a task to be done. It’s a process to be followed.

Ballistics in the 1970s and 1980s

November 21, 2009

So, today I’m watching The Bourne Identity. The first one. From 1988, with Richard Chamberlain. The one that actually followed the book almost letter for letter. Remember that one? That’s okay. No one else does, either.

This is not to say it’s a film you can’t learn something from. You can learn how not to design a soundscape. What you observe – or hear – is:

All guns, regardless of caliber, environment, target, or proximity to the viewer, sound exactly the same. For example:

A pistol, fired in a wood paneled room with 12′ ceilings, a few feet from the viewer

sounds just like

A revolver, pressed against and fired through a heavy overcoat in a Saab sub-compact, a foot away

sounds just like

A revolver fired close to the wall (and an assailant’s ear, as it happens) in an elevator, a few inches away

sounds just like

A pistol, fired in the open air using a silencer, from several yards away.

And I think that in all the sound effects libraries in all the world there were only two ricochet sounds, and they were used regardless of the surface being struck…including water. Thus, that bullet, fired in the passenger cabin of the aforementioned Saab hits the roof with a sound that whines and decays away just the like bullet that bounces off the stone wall next to the hero’s head in a high narrow alley.

Makes one wonder if the sound designers actually watched the films they were working on – or ever listened to how things actually sound.

Contrast this with the sound design of the ballistics for, say, Pearl Harbor (Michael Bay, 2001). There are two places that really stand out. (Keep your opinions as to the relative value of this film to yourself. That’s not why we’re here.)

In the British fighter attack on the German bombers, the 20mm rounds are heard striking metal – thin metal at that – and those that miss can be heard flying by the camera.

In the attack on Pearl Harbor itself, the bullets from the 7.7mm guns on the Japanese fighters (Aichi D3A, or “Val”s) and torpedo bombers (Nakajima B5N, or “Kate”s) exhibit different sounds: the heavy metal plating and wooden decks of the American ships ping, clang, and thump, the concrete and asphalt of the airfields pocks.

It’s an unsettling level of realism.

Still learning the tools…

April 30, 2009

There nothing to equal the frustration of spending several hours on an effects sequence in AfterEffects and FXHome, only to export it to Premiere and discover that when you decoded the footage off the source DVD using DVDx that DVDx decoded it at half-size.

Aha!, you think, not trusting yourself to not put a fist through your monitor, no wonder it was so hard to line the fire up with the building windows.

Shit. And it took hours to decode. So, not only do I have to start over on the effects sequence (thankfully, it’s short-ish, seven seconds or so), I have to back up even further and re-decode. This time, I’m using Super© and I’ve confirmed what I’m getting by dragging twenty seconds or so into Premiere.

May 13, 2008

Three things an aspiring movie maker needs to know about writing:

  1. Each movie operates by its own set of rules.
  2. You can’t make up the rules as you go, but you can make them up.
  3. The rules don’t have to be explained, but the audience does need to know what they are.

In today’s installment, we’re going to examine rule #3: The rules don’t have to be explained, but the audience does need to know what they are. Of the three, this one is the hardest to grasp, and the one that is most easily messed with.

When you were a kid, did you ever get caught with your hand in a cookie jar? Your mom, glowering down at you over her horn-rims, demanded, “Explain yourself!” And the best you could reply was, “I dunno…” Your audience is like, in this over-stretched analogy, your mom.

The audience wants to know what the rules are. They need to know, deep down, what the rules are. Knowing the rules gives the audience something to stand on while they watch the rest of the movie. That’s why movies like Jacob’s Ladder and Donnie Darko are so tough to watch: those movies operate with their own set of rules (see #1) mostly made up (see#2) but the audience is not told what they are (as in DD) until the end (as in JL). It takes a skillful director and/or writer to carry that off. Me? Probably not yet.