December 7, 2000 – Brian.Carnell.Com

Problems with Firewall Software

Internet News has a story about popular firewall software — including the package I use, Norton Personal Firewall — failing to stop outbound traffic that would be generated from something like a trojan or a virus.

The key for the Norton package is automatic rule-based outbound permission schemes. Basically if you foolishly choose the wrong option, Norton just assumes that if a program identifies itself as Internet Explorer, that it really is Internet Explorer and simply lets the outbound connection go through. Not a good idea.

As Steve Gibson, who wrote a utility called LeakTest to test the ability of various firewall programs to stop these sorts of trojans, says, “This idea of allowing all these apps pre-approval is ludicrous. It’s trivial to get permission out of the firewall without notifying the user.”

Norton replies that if you’re running a virus checker and the firewall the risk is minimal — but they’re going to update their software anyway. Gibson endorses ZoneAlarm which uses cryptographic signatures of pre-approved applications to make sure it’s really IE rather than a trojan or virus trying to make an outbound communication.

And yes, I’ve found these sort of things on my system, though how they got there I haven’t a clue, so the risk is real.

Americans Overwhelmingly Oppose Proposed Washing Machine Regulations

A few weeks ago I wrote about the Department of Energy’s plans to enact new water efficiency standards for washing machines that would essentially eliminate top loading washers — because a top loading washer that met the requirements would costs about $900 more than current models. The suggested changes aren’t proving too popular with Americans.

Rasmussen Research recently conducted a poll asking a random sample of people how they felt about the proposed regulations:

Sixty-two percent of respondents said they did not support the proposed regulation. Only 10 percent of respondents said they favored the regulation. The rest were unsure.
When told that the DOE estimated the washer would cost more up front but save more money over time to due to reduced water usage, 58 percent of respondents still opposed the regulation. Only 22 percent said the tradeoff would be worthwhile. The remainder were unsure.

This is exactly the sort of thing libertarians should take a high profile opposing. It’s a bad regulation that is likely to prove very unpopular once people are made aware of it.

Source:

New DOE Proposal A Wash. Rasmussen Research, December 1, 2000.

Lego Announcements

Lego lost a lot of money this fiscal year, mainly because they experienced strong sales in 1999 and then completely overestimated just how large sales would be in 2000. They do seem to have a good idea of how to get back to profitability, however, with some interesting announcements on how they’re better going to serve their customers.

The Internet is really propelling a lot of Lego interest among adults, and the Lego corporation is embracing that community.

First, they’ve made it a lot easier for people to go online and order bulk quantities of different bricks, and there are hints they might be willing to go the obvious next step with LEGO Direct Senior Vice President Brad Justus saying, “In the future, we hope to offer our consumers the chance to see their ideas come to life as actual products.”

There are hundreds of excellent design for Lego projects in LDRAW and other formats. If Lego can manage to create a service where a customer could submit the automatically generated parts list from one of those files online and then have those parts shipped to users, they could see big increases in the bottom line.

If it were smart, Lego might even get into some sort of affiiliate network-like arrangement with some of the more creative Lego folks. I’ve seen a few people on the Internet who tried to run businesses basically by designing very impressive Lego sets and offered to sell the parts and building instructions. For the most part, though, such endeavors are simply too time consuming. Now if Lego made it easy for those folks to act essentially as resellers of Legos, things would get very interesting. (Though obviously there would be a lot of legal and marketing obstacles in the way of that, but it could happen).

A few weeks ago I pointed to Lego builder Eric Harshbarger’s mosaic of the Mona Lisa done entirely with Legos. Lego has picked that ball up and run with it, working with Harshbarger to offer an online Lego Mosaic. Simply upload a picture in JPEG or GIF format and it automatically turns it into a Lego mosaic. For about $30 you can have all the necessary bricks and building instructions, along with a frame, mailed to you. Currently the program converts the picture into a grey scale mosaic, but color and 3-D sculpture versions are planned for the future.

Look, Up In the Sky: It’s A Web Site … No, It’s an E-Mail List

I like to create and manage topical web sites. Almost every book or article on web site promotion or community building says that a great way to promote such sites is by creating and managing an e-mail list devoted to whatever topic the web site is devoted to. In fact I’m currently subscribed to a few mailing lists run by the same folks who run web sites I find useful.

But running a mailing list is a pain in the behind. One way to do it is install a popular mailing list program such as majordomo on a server and do it all yourself. I used to do that for announcement-only lists and it was a huge headache; I wouldn’t even want to think about having to maintain a mailing list with one of those programs. On the other hand there are a number of sites such as Topica that allow you to run a mailing list very easily — if you’re willing to have your users suffer through advertisements in order to get the maximum benefit.

And using either of those options doesn’t solve a fundamental problem. There is still an enormous disconnect between the content of the web site and the content of the mailing list. With all of the sites I visit that sponsor mailing lists, there is almost no direct relationship between the content on the web site and the content on the mailing list (in fact for some sites, a mailing list seems to be offered in lieu of a web-based discussion forum, which also tend to be disconnected from the web site content).

The other day the folks at Macrobyte solved all three problems with a new feature that finishes turning Conversant web sites into e-mail lists. From the beginning of this site anyone could join it and then request to subscribe to it via e-mail. Since it is a database-driven site it’s just a matter of taking information that is posted via the web and sending it out through e-mail, as well as taking information sent via e-mail posts and replies and making sure it gets to the right place on the web site. The beauty of the system is that it’s a database that’s just as comfortable passing along information in an e-mail message (or newsgroup message even — but more on that in a few weeks) as it is in displaying it in a web page.

The folks at Macrobyte finished the job recently when they made it possible to subscribe and unsubscribe to the site purely through e-mail. If you are not a member of this site but would like to receive it by e-mail, all you have to do is send an e-mail to ….. Like any number of e-mail list software packages, it is set up to require a return confirmation e-mail, and sends along a “Welcome” message that I can configure to my heart’s delight.

The beauty of this, as far as I’m concerned, is that now I can promote my web sites as mailing lists as well. To be sure, as Seth notes, viewing a Conversant site as just an e-mail list really ignores the incredible power the software has, but on the other hand it does give that option for users who might want to discuss a topic via e-mail but who would have little time or patience to do so through a web interface.

To my mind this is really a dramatic extension of the power of Conversant that will go a long way toward helping me expand the audience for my web sites.

Alec Baldwin Knows About 'Wackos'

MSNBC reports that Alec Baldwin recently attacked online journalist (and I use that term loosely) Matt Drudge. Baldwin said, “I would put him in the wacko category.”

I’m not necessarily a big fan of Drudge, but this is coming from a man who thinks we should abandon important medical research that could save millions of lives because it involves killing some mice and other animals.

To my mind Drudge and Baldwin are kindred spirits (actually I respect Drudge more because he never made such a horribly bad movie as The Shadow.)