The January meeting of the PC Club of Costa Rica is this Saturday, Jan
15th, at the Panamerican School in Belen. It starts at 8:30AM. This
meeting is very important to the club in that we will discuss a new way
of forming up the club that will make things easier and simpler. And we
need your input for this to happen.
The agenda is as follows:
8:30 General computing news, including technology and happenings in
the computing world (demo of webcams)
9:00 Repair clinic: bring anything needing repair and those there will
attempt to fix it
9:30 Open sharing and socializing
10:00 Formal classes, impromptu classes, special talks (formal class:
"part 1, email")
11:15 Club business, wrapup of sharing, end of meeting
And now, news you can use:
Item 1: From Dorie Dawson:
IE flaw threat hits the roof
Three unpatched flaws in Internet Explorer now pose a higher danger, a
security company warned after code to exploit one of the issues was
published to the Internet.
Secunia said Friday it has raised its rating of the vulnerabilities in
Microsoft's browser to "extremely critical," its highest rating. The flaws,
which affect IE 6, could enable attackers to place and execute programs such
as spyware and pornography dialers on victims' computers without their
knowledge, said Thomas Kristensen, Secunia's chief technology officer.
Exploit code for one of the vulnerabilities, a flaw in an HTML Help control,
was published on the Internet on Dec. 21 in an advisory
GreyHats Security Group.
"In order for us to rate a vulnerability as extremely critical, there has to
be a working exploit out there and one that doesn't require user
interaction," Kristensen said. "This is our highest rating and is the last
warning for users to fix their systems."
The exploit code can be used to attack computers running Windows XP even if
Microsoft's Service Pack 2 patch has been installed, Secunia said. The
company is advising people to disable IE's Active X support as a
preventative measure, until Microsoft develops a patch for the problem. It
also suggests using another browser product.
The Secunia advisory also warns of another HTML Help control vulnerability
that, when used in combination with a drag-and-drop flaw, could be used to
attack PCs--though in that case, it would have to be with the interaction of
the victim. The company first issued an
89&siteId=22&oId=2100-1009-5517457&ontId=1009&lop=nl.ex> alert about the
three security holes in October.
"Microsoft knew of this back in October," Kristensen said. "In my opinion,
it's not fair to have a vulnerability known for two months without having an
available patch, especially when every little detail (of the vulnerability)
is out there."
"Microsoft is now aware of all three issues, and I'm sure they're giving it
an even higher priority," he added.
Microsoft said it was investigating the public reports of the exploit,
adding that the delay in fixing the IE patch was related to the extensive
work needed to produce an effective patch.
"It's important to note that security response requires a balance between
time and testing, and Microsoft will only release an update that is as well
engineered and thoroughly tested as possible--whether that is a day, week,
month or longer," a Microsoft representative said. "In security response, an
incomplete security update can be worse than no patch at all if it only
serves to alert malicious hackers to a new issue."
The company is advising people to check its safe
ex> browsing guidelines and to set their Internet security zone settings to
"high." It also suggests people continue installing automatic security
updates from Service Pack 2.
This latest discovery marks another setback in Microsoft's
<http://news.zdnet.com/2100-3513_22-5378366.html?tag=nl> efforts to shore
up its security. When Microsoft launched SP2 in August, Chairman Bill Gates
touted it as a significant step in shoring up systems against attacks.
Secunia also offers users the ability to conduct an online
tId=1009&lop=nl.ex> test of their systems to see if they are vulnerable.
Item 2:Should you use stickon labels to label the CDs you burner in your burner?
Here's what Fred Langa of the Langalist says:
Indeed, the worst problem was stick-on, print-it-yourself labels, Mark---
they have a history of ruining the CDs or DVDs they're stuck on--- but
they weren't the only problem: The real problem is solvents, and they can
be in the glue on stick-on labels, or in the liquid "carrier" of inks.
But not all solvents are equally bad. Some, like the solvents used in
felt-tip "Sharpie" permanent markers, seem to flash off almost instantly,
leaving behind only mostly-inert dyes or pigments. I would guess that
water-based inks, used in moderation, also wouldn't pose much of a
Whatever harm a solvent may do is exaggerated if the solvent is trapped
against the data-carrying top surface of the CD (as with stick-on labels)
or slathered on in heavy application directly to the CD surface.
That leads me to use two rules of thumb: Use no stick-on labels, ever;
and don't put a lot of ink on any CD or DVD.
If I want to label a backup, for example, I'll use a fine- or medium-
point felt-tip Sharpie to write the machine name (in shorthand form) and
the date on the CD. Thus, I'll label today's overnight backup for my
Systemax 3.2GHZ PC as "S32-20041220." If I need to record more
information about what's on a CD, I'll write it on a paper or Tyvek CD
storage envelope (they only cost about a penny or two apiece, in bulk).
While I have had problems with CDs being ruined by stick-on labels, I've
never had *any* problems caused by this simple manual labeling method.
So, because the above works so easily and inexpensively, I see no reason
to try a more elaborate, expensive, and potentially dangerous labeling
method. Why take a chance with your data?
On the other hand, if you really want to print right on your CDs and
DVDs, buy the more expensive brands of blank discs: These often have a
protective plastic top coat to help preserve the data-carrying layers. In
contrast, cheap CDs usually have naked foil as the top surface; these are
OK for the simple labeling method described above, but I'd never trust
them to any kind of label-printer.
Item 3: Just For Grins
With all the sadness and trauma going on in the world today, it
is worth reflecting on the death of a very important person,
which almost went unnoticed last week. Larry La Prise, the man
who wrote "The Hokey Pokey", died peacefully at age 93. The
most traumatic part for his family was getting him into the
coffin. They put his left leg in, and then the trouble started.
Item 4: From Kim Komando on spyware
MICROSOFT RELEASES BETA VERSION OF SPYWARE UTILITY
Microsoft has posted a test version of a utility designed to fight
spyware. The free download is available for Windows 2000 and XP.
Spyware is advertising-related software that collects information on
your interests. It usually accompanies the download of something else,
and is often disclosed in the other program's terms. Many spyware
programs are unobtrusive, but some seize control of important functions
of your computer.
Microsoft recently purchased Giant Software, a maker of anti-spyware
programs. The download is the fruit of that purchase.
I will continue to use the anti-spyware programs recommended on my
site. I know they work. You should do the same. If you try the
Microsoft utility, remember that anti-spyware programs sometimes
conflict. Here are the links for my recommendations and Microsoft's
Item 5: From Sid Matthews (or someone emminently funny)
An invisible man married an invisible woman. The kids were nothing
to look at, either.
Item 6: From Mitch Frazier, who recently dismantled a hosting service:
(2) Dual Processor Systems $1000/each
2U Rack Mount Case
Dual Pentium-III 1.2 GHz
Dual 36GB SCSI Drives
(2) Single Processor Systems $700/each
2U Rack Mount Case
AMD Athlon XP 2.0GHz
80GB IDE Drive
Item 7: From Woody's Watch about scams to watch for:
With more sophisticated junk mail filters and savvy email users the
subject lines on messages have become more misleading to entice you to
at least glance at the message before deletion.
An example of this is the spate of messages, usually for prescription
medicines, that have message headings that appear to be about tracking a
parcel. A real courier company name is used with a sincere but fake
DHL Ship Notification, Tracking Number : QH1245689-0000
In the same category are subject headings like:
RE: info you requested
Re: Foxnews coverage
And many, many more ...
Item 8: And for advanced users, something for you about "shared memory"
from Fred Langa
"Shared" System Memory
Reader Brett Schulte sent in a note with two separate questions. We
answered one in the previous item; here's the second:
My laptop uses shared memory which I can set in the bios
anywhere from 8MB to 128MB. For normal Windows applications
what's the best setting? I'm guessing the bare minimum of 8MB
is enough... Windows doesn't seem any faster with 128MB than
with 8MB! --- ---Brett Schulte
Usually, "shared" memory is used in PCs where the video system is built
right onto the motherboard, sometimes called "on-board" or "embedded"
video. This is common in laptops (to save space) and in lower-end desktop
PCs (to save money). Instead of having a separate graphics/video card
with its own special-purpose video RAM, these systems "share" the normal
system RAM, reserving some for the use of the built-on video system, and
the rest for use by the operating system, applications, utilities, etc.,
as standard RAM. (These systems may also use the PC's own CPU for
processing the video, instead of having a dedicated graphics co-
processor; but that's another issue.)
As Brett found, there's usually a setting in the BIOS that lets you
determine how much RAM should be set aside for sharing by the video
system. The more RAM you set aside for video, the better the video
performance may be in graphics-intensive applications--- photo editing or
viewing, streaming video, games, etc. But it's a trade-off because every
megabyte you set aside for the video system is a megabyte that's not
available to the OS.
In standard office-type PC uses--- email, word processing, etc--- you
usually do better by giving the video system less RAM, and leaving as
much as possible for use as normal system RAM. But if you find screen
redraws taking too long, or run into obvious video-related problems
(color problems, inability to run at a high resolution, etc.), you can
try bumping up the amount of RAM assigned to the video pool until the
problems go away.
Shared-RAM video systems are usually never as fast as the better
dedicated video cards: the latter almost always have dedicated
coprocessors and special high-speed RAM that's not shared with anything
else. If you need maximum video/graphics performance, a separate video
card is usually the way to go.
"OnBoard" Video OK?
Fresh Look At On-Board Video:
Item 9: See you at the meeting on Saturday.