Bugs in IE? Which browser should I use?

Internet Exploder has been hit by the cyber-criminals again. Yawn. Actually, this time it’s serious. It affects all versions of Internet Explorer since six, and it’s going to take Microsoft a while to fix it, and I suspect they won’t for earlier releases (anything less than version eight).

Continuing to use Internet Explorer in the mean time is risky, so using an alternative would be a good idea. But which one?

There are strong opinions as to which browser to use, more often related to the companies that produce them than to their technical merits. In the circumstances I thought a quick guide was in order.

Internet Explorer

Produced by Micro$oft and therefore beyond the pale. Actually, it’s pretty good although slow and cumbersome. It trails behind the others in innovative features. A lot of kid web designers specify that their sites are “optimised” for Internet Exploder, which is a reason to avoid such web sites – or use Internet Explorer. As it comes pre-installed with Windows, it’s the most common web browser out there and is therefore the one attacked most often by criminals. However, I’ve seen no evidence that it’s inherently less secure.

It’s Windows-only, and the current version requires XP SP2 or newer.

Download Internet Explorer if you must

Firefox

This one comes from the Mozilla foundation and is championed by the anti-Microsoft brigade. They claim that Internet Explorer is full of bugs, insecure and bad. Firefox is all of the above, but “good”. More bugs and security problems turn up in Firefox than IE, and it has very regular updates to fix them.

Firefox, like Internet Explorer is big and slow – and some of the versions will cause your PC to grind to a halt. The current release (3.5.7) seems okay, but the writers tend to break it too frequently for my liking.

However, Firefox is on the leading-edge of browser design and pushes forward with useful new features before Microsoft has thought of them. It’s also very good from a security perspective in dealing with encryption and suchlike, and is probably the professional browser of choice for this reason.

Please generate and paste your ad code here. If left empty, the ad location will be highlighted on your blog pages with a reminder to enter your code. Mid-Post

Firefox is also cross-platform – available for UNIX, Linux, Windows, Macintosh and so on.

Download Firefox

Google Chrome

This is a wonderful, small, efficient browser from Google. It follows the web standards very well, which means web pages produced to work around problems with Internet Explorer will not look the same on Chrome.

It has one big weakness: it will remember web site passwords, but not in a secure way. Therefore don’t use Chrome for logging in to anything secure. I do hope they’ll fix this soon, but it’s taken a long time.

Download Chrome

Opera

If you like Norway, you’ll love Opera. It’s available from Windows, Mac, Linux, Nintendo Wii and various handheld devices. Its users seem to like it, although it doesn’t have a significant desktop market share except on the Macintosh. I haven’t tried the latest version as I’m happy with Firefox and Chrome, but it’s worth a look if you’re not.

Download Opera

Safari

This is written by Apple and only runs on a Macintosh (or iPhone &c). I would mention the fact it’s proven pretty insecure, but that would upset Mac aficionados, who don’t take such criticisms seriously anyway.

Summary

They’re all insecure. Take your pick. Just avoid IE for a month or so, and be careful if you have to use an earlier version as they might not get around to fixing it.

Why is Sage Line 50 so slow?

NB. If you want to know how to make Sage run faster click here for later posts, and read the comments below (there are a lot!).

As regular readers will know, I don’t think much of Sage accounting software, especially Sage Line 50. It’s fatally flawed because it stores its data in disk files, shared across a network using a file server. I suspect these.DTA files are pretty much unchanged since Graham Wylie’s original effort running under CP/M on an Amstrad PCW. There is continual talk that the newer versions will use a proper database, indeed in 2006 they announced a deal to work with mySQL. But the world has been been waiting for the upgrade ever since. It’s always coming in “next year’s” release but “next year” never comes.The latest (as of December 2009) is that they’re ‘testing’ a database version with some customers and it might come out in version seventeen.

In fact it’s in Sage’s interests to keep Line 50 running slower than a slug in treacle. Line 50 is the cheap end of the range – if it ran at a decent speed over a network, multi-user, people wouldn’t buy the expensive Line 200 (aka MMS). The snag is that Line 50 is sold to small companies that do need more than one or two concurrent users and do have a significant number of transactions a day.

So why is Line 50 so slow? The problem with Sage’s strategy of storing data in shared files is that when you have multiple users the files are opened/locked/read/written by multiple users across a network at the same time. It stands to reason. On a non-trivial set of books this will involve a good number of files, some of them very large. Networks are comparatively slow compared to local disks, and certainly not reliable, so you’re bound to end up with locked file conflicts and would be lucky if data wasn’t corrupted from time to time. As the file gets bigger and the number of users grows, the problem gets worse exponentially. The standard Sage solution seems to be to tell people their hardware in inadequate whenever timeouts occur. In a gross abuse of their consultancy position, some independent Sage vendors have been known to sell hapless lusers new high-powered servers, which does make the problem appear to go away. Until, of course, the file gets a bit bigger. Anyone who knows anything about networking will realise this straight away that this is a hopeless situation, but not those selling Sage – at least in public.

One Sage Solution Provider, realising that this system was always going to time-out in such circumstances, persuaded the MD of the company using it to generate all reports by sitting at the server console. To keep up the pretence this was a multi-user system, he even persuaded them to install it on a Windows Terminal Server machine so more than one person could use it by means of a remote session.

If that weren’t bad enough, apparently it didn’t even work when sitting at the console, and they’ve advised the customers to get a faster router. I’m not kidding – this really did happen.

The fact is that Sage Line 50 does not run well over a network due to a fundamental design flaw. It’s fine if it’s basically single-user on one machine, and I have clients using it this way. If you want to run multiple users, especially if your books are non-trivial, you need Sage 200/MMS – or a different accounting package altogether.

BBC reports hacking scam – brace yourselves for more chain emails

You saw it here first –

I’ve just spotted this tucked away on the BBC News website:

Suspect hacker calling residents

A warning has been issued about a suspected computer hacker who has been calling residents on the Isle of Man.

Identifying himself only as “Mark”, he does not state a surname or a company, but says he is phoning regarding a complaint of slow internet connection.

He then asks the computer user to give him remote access by typing in logmein123.com.

The instructions should not be followed and people should contact their service provider, police have said.

Yeah, right!

(a) this smells like a typical hoax, recognisable to anyone who knows anything about computer security; and
(b) it’s going to turn up on an email chain letter sooner or later.

The BBC has great difficulty reporting on anything to do with technology, as they’re all seem to be media studies graduates. But surely journalist are supposed to check their facts anyway?

Gary McKinnon who has Asperger’s syndrome

The Home Secretary (Alan Johnson) has just answered an emergency question in the commons as to why he’s declined to block the extradition of Gary McKinnon to the USA for ‘hacking’ (whatever that means). He said that the medical evidence didn’t amount to enough, he’d admitted he was guilty, and besides, he hasn’t got any discretionary powers in the matter.

In some ways, I agree with him. McKinnon may very well have done what he’s been accused of; and as far as Asperger’s Syndrome goes – do me a favour!

Gary McKinnon
Gary McKinnon
He was diagnosed with this condition last year by Prof. Simon Baron-Cohen from Cambridge University. It’s a psychological illness, right? Well actually there are many who’d doubt that. He certainly seems to be the authority on the subject, based on the number of papers published and TV appearances – acceptable to academia and pop culture. He’s the country’s foremost expert on the condition. But is it an illness?

A few years back Prof. Baron-Cohen devised the A.Q. test, a series of 50 self-assessment questions for those wondering if they have the condition. Apparently the general population scores 28%. I score 76%. Do I have a mental illness? I don’t think so; in fact it’s often said that half the scientists in the world would score highly on the assessment too. Us nerds might be different, but so are gay people. Try telling them they’re ill! If you want to know more, just Google the subject.

Gary McKinnon is also, apparently, upset and depressed. Who wouldn’t be in his circumstances?

It might be worth reminding ourselves what he’s actually done (according to Alan Johnson):

He accessed US government computers looking for UFO evidence while smoking dope (as one does), and in the processes has damaged their operation. According to the Americans (and Mr Johnson) he knocked out all the military computers in Washington for 24-hours.

Apparently this was done by using perl to look for blank passwords, a technique a find entirely credible. That’s right – McKinnon is a script kiddie. He claims he was caught when using Windows Remote Desktop while the real user was still on the machine, which also fits.

Now for this he deserves to be prosecuted, the same as the morons who were prosecuted for criminal damage while attempting to thieve hereabouts. The difference is that Harrow magistrates decided just to give them a good ticking off after they’d made up some sob story about turning their life around. McKinnon’s treatment is on the other extreme.

Unfortunately for him, there’s an obvious political element. The American military has lost (more) credibility and they want someone, preferably foreign, to divert attention. They can’t catch Bin Laden, so he’ll have to do. Anyone in the data security game knows that any serious cyber-criminals will be able to cover their tracks, so IF serious deliberate damage was done and IF they traced it back to this script kiddie then the one thing you can be pretty sure of is that he wasn’t behind it. Either that, or all the computers in Washington were in such a fragile state that they’d fall over if you sneezed.

In spite of the Home Secretary’s assurances about the extradition arrangements between here and the USA being reciprocal, many will suspect that this case results from the special Labour-Bush relationship – the one where Bush asked and Blair gave.

If Alan Johnson is right, and he really does have no discretion to stop this charade, the real question David Burrowes (McKinnon’s MP) should have followed his answer with was “Why not?”

Bank of England Fraudulant Accounts scandal

So, the Government/Bank of England lent £61,000,000,000 to prop up the Scottish banks last year and didn’t think we should know about it. It didn’t appear with any clarity in the accounts, and I’ve just been listening to “Lord” Myners, Gordon Brown’s “Treasury Minister” defending this on Today, saying that “…no retail bank customers lost out.” So that’s alright then?

As usual, he was let off lightly. The Bank of England is publishing cooked books, and the justification is that it’s for the greater good. What I’d like to know is: what’s the point of publishing accounts if they’re deliberately misleading? Or more accurately, dishonest.

The government seems to think it’s okay to lie to us whenever it feels that we’re better off not knowing something. And you can hardly call £61,000,000,000 a trivial issue that’s easily overlooked by mistake, can you? Well perhaps it is to Gordon Brown and his banking mates. No wonder they fail to see any problems with their expense claims.

According to Myners, the board of Lloyds was made aware of the loan at the time they were merging with HBOS in those murky circumstances. So what? Lloyd’s isn’t owned by the board – the Lloyds shareholders had every right to know, but they decided to keep quiet about it. They were tricked into voting for a merger with a bank that was only propped up by a massive secret loan.

Paul Myners is, of course, a New Labour Lord, given a peerage by Gordon Brown after donating £12,700 towards his leadership campaign in 2008. He hasn’t been elected by anyone other than the Labour Leadership.

The fundamental issue here is that if any company published cooked books, concealing a £61,000,000,000 transaction, they’d have the serious fraud office all over them – and rightly so. This government, on the other hand, thinks it knows best and will only tell us what it thinks we should know. Sounds familiar?

Of course, plenty of people must have known about it and kept quiet. So why has the news come out now? Presumably someone was about to spill the beans and they’ve published as the least-worst option.

Digital Economy Bill

As we all know, the Queen’s Speech yesterday was written by Gordon Brown and contained a fantastic list of things he’d do should the British public ever elect him as Prime Minister. While everyone was falling about laughing at the idea of new laws to make both budget deficits child poverty illegal, you might have missed some gems from Digital Economy Bill, which was announced today and will be published tomorrow (Friday).

In verbiage reminiscent of Wilson’s “White heat of technology” twaddle, the Queen was obliged to say:


“My government will introduce a bill to ensure the communications infrastructure is fit for the digital age, supports future economic growth, delivers competitive communications and enhances public service broadcasting.”

The actual bill appears to include such ideas as the £6/year tax on all land telephone lines (why not mobiles?) to ensure that everyone in Britain can get 2Mbps broadband by 2012. Do these politicians understand what the term ‘broadband’ means? Why should we be subsidising the infrastructure for ISPs who’ll be charging us whatever the like for the use of the new network we’ll be paying for in this extra tax.

Perhaps the biggest ‘idea’ is a clampdown on Internet based piracy. New Labour’s sleazy spin-doctor Peter Mandelson was on about this recently, and it’s going to be in the bill. Apparently persistent offenders will get a series of stiff letters and the ISP will eventually pull the plug on them. Get real! Anyone with the slightest idea how the Internet works knows that you can’t tell whether material transiting a network is subject to copyright. You can’t even tell what it is! No amount of legislation will change that.

On the same tack, children are going to be protected by making it illegal for video game retailers to sell games intended for over 12’s to under 12’s. That’s really going to work. The government can’t keep hard drugs out of a prison, so how are they going to stop anyone getting hold of dubious video games.

Another nice little earner for the treasury is switching over to digital radio by 2015. If you thought updating to digital TV was bad, they now want you to scrap all your radios too. Including those in cars? DAB radios use 20 times the power of simple FM receivers – not exactly a green idea either.

I do hope that whoever wins the election next year will ditch these stupid ideas, but do the conservatives have any better idea about what the Internet really is?

New Botnet?

Over the last 24-hours I’ve intercepted several emails containing malicious attachments in .zip files. There’s nothing odd about that, expect these are coming from ‘clean’ IP addresess.

Is this a new Botnet, spreading fast?

Yesterday the subject was “your mailbox has been deactivated” and they pretended to come from the IT support team at your domain name. If you don’t have an IT support team it’s a bit of a giveaway. The message continued:

We are contacting you in regards an unusual activity that was identified in your mailbox. As a result, your mailbox has been deactivated. To restore your mailbox, you are required to extract and run the attached mailbox utility.

Best regards, technical support.

Today they’ve got the subject “Payment request from , where the company varies.

The full text is:

We recorded a payment request from "" to enable the charge of $ on your account.

The payment is pending for the moment.

If you made this transaction or if you just authorize this payment, please ignore or remove this email message. The transaction will be shown on your monthly statement as "".

If you didn't make this payment and would like to decline it, please download and install the transaction inspector module (attached to this letter).

The interesting thing is that none of these have come from IP addresses that are currently listed as part of a botnet, known spam sources or anything. They’re completely clean. I’ve no proof that the two attacks are related, but I’m suspicious.

If anyone has more parts to the jigsaw, please share them with a comment.

Cleaning an LCD Monitor or TV

I needed to clean a large LCD screen today. My usual recommendation for such things is to us a soft dry cloth (preferably microfibre), and to do it gently so as not to crack the glass. But this screen had a stubborn smear – possibly caused by a hand being wiped across. It had the appearance of a water mark of some sort – mineral deposits left by a cloth or tissue dampened with tap water perhaps?

The soft cloth wasn’t going to shift it, so a liquid was called for. But what?

You certainly don’t want to use use alcohol based cleaners on the delicate plastic of an LCD. It might be okay on some, but if it’s not you’ll trash it permanently. So a quick trawl of the web found me the favoured recipe, and everyone’s consistent about it distilled water plus vinegar, mixed 1:1. Any everyone’s wrong!

Vinegar is a great cleaner, and I use it for lots of things. But the idea of a 50% solution is a big warning – how strong is the vinegar to begin with? It’s too precise a recipe using imprecise ingredients. I tried it nonetheless, and ended up with a smear covering most of the screen rather than the original area I was trying to clean.

Time for some home cooking, and the solution is simple. Distilled water, a bit of vinegar and a small drop (no more) of washing up liquid (detergent). This lifted the deposits into suspension or solution on contact. The other trick you need to use is a double cloth – wipe off immediately after wiping on, before it has had a chance to dry.

I used soft kitchen paper towels for the process, but I thought the monitor was made of fairly hard plastic. A micro-fibre cloth would be safest if you’re not sure.

Spammer without a Motive

Anyone who knows what I’m about will have guessed that I’d take an interest in the spamming attempts on this blog site. And indeed I have. However, a couple of weeks ago I had a slew of comments for which I can’t deduce a motive.

They took the form of meaningful comments to half a dozen posts – the sort of thing you’d normally let through even they they didn’t add any useful knowledge. They were also well written, by someone who clearly spoke English. But they didn’t add up.

The author purported to be an American cleric, and the comments were written from that viewpoint. However, they didn’t smell quite right – there were a few slips that suggested they weren’t written by a west-coast American priest. Investigation revealed they were, in fact, sent from a computer in Manchester or thereabouts.

So what’s the game? Well there were no links or other nasties in any of the posts. The web site of the poster (which may well have been blocked anyway) was a religious blog in the USA, but it hadn’t seen any activity since mid-2006.

Could this person have been creating an identify for a sock-puppet? Well having waited a couple of weeks, the name hasn’t appeared anywhere else. It could be that the poster failed to convince anyone, but the Internet is a big place and most blogs aren’t posted by computer security experts.

The only explanation I can think of is someone trying to create an identity with enough rights that subsequent posts could get through unmoderated. This would have taken a great deal of further work, especially as the email address provided was an anonymised temporary one.

So, I’m still stumped!

Some of the comments were quite funny, so I might let them through anyway and see what happens.

Scam.co.uk

Scan Computers has been around for some time, and they’ve always been tricky when it comes to faulty goods (I have a pile of DOA hard disks on my shelf to prove it). Now they’ve gone a step worse. Their latest wheeze is to add ‘installation insurance’ to your order without you knowing about it. There is a check-box, but it doesn’t always seem to stick and to make it trickier they don’t add it as an invoice line, they add it to the tax and shipping.

Watch out.

They’re still using a premium rate telephone number (without the required Ofcom warning) as their sole contact method if you have query about this extra charge. Incidentally, if you want the standard rate number for them it’s 01204 474747.

Nonetheless, I’ve sent them an email asking for an immediate recharge, or I’ll put a dispute on it with the credit card company. Let’s see what happens.

It’s a shame when this happens, because the people at Scan are basically very decent and helpful when you do manage to contact them, and they’re the place to go for high-end graphics systems. Like many companies, it seems they have someone in the money-making department dreaming up such schemes in the short term, and hack-off the punters long-term. Although this was less than 0.5% of the order value (it was only applied to some cooling fans – the big stuff wasn’t covered anyway), little things like this do get noticed and create a bad feeling – and everyone has a choice. Continue reading “Scam.co.uk”