VBOK Edition #21 - Request For Comments May 1, 1999 ______________________________________________________________________ WIN FREE PRIZES FROM VBOK!!! I'm giving away $150 worth of software. (This applies to both PC and MAC users.) See section 8 for details!! ------ WIN MORE FREE PRIZES FROM VBOK!!! I'm giving away another $100 worth of software (PC only, sorry MAC people). The winners for this giveaway are: Eli Allen and Cynthia Herrick Cynthia was chosen by random number generator, and Eli was chosen as thanks for all of the great help he has been to VBOK for the submissions and tips to the newsletter. Both of you can go to: and choose one software package each from the list below: IconForge ($37.95 suggested retail) FileWrangler ($44.95 suggested retail) pc/Recall ($37.95 suggested retail) SecurDesk! LV ($49.95 suggested retail) (This is the light version) Download them, play with them, and let *me* know which you choose. Shortly thereafter, you will be contacted by a representative of Cursor Arts software who will get your mailing address to ship you the fully registered boxed version. Stay tuned VBOK troopers, there are more free giveaways like these coming in the future, and as always, there are no strings attached other than I get to print your name as the winner in VBOK. This is my way of saying thanks to all of you who have subscribed. ------ The VBOK newsletter will finally be making it's way onto a real mailing list server. I've been running it from my favorite e-mail software (The Bat!), but the subscriber list has gotten just a little too big for me to keep up with. The changeover shouldn't affect those already subscribed, but keep your fingers crossed anyway. :^) ______________________________________________________________________ TOC 1. Request For Comments (RFC) 2. Voting Booth and Other VBOK Stuff 3. Software Review 4. Cool Sites 5. Tips, Tricks, Do's and Don't Do's 6. That's the news! 7. Security Issues, Hoaxes, Viruses and Other Urban Legends 8. VBOK Contests and rules If the columns in the below articles appear misaligned, it's because you are using a non-fixed width font. If you would like to see them nice and straight, change your e-mail font to Times New Roman. ______________________________________________________________________ 1. Request For Comments (RFC) ------ There are a plethora of standards when dealing with computers. They exist for hardware, software, and how each of these should interact with each other. This article will deal with what are called "Request For Comments" (RFC). RFCs started in 1969 as an informal network of engineers and ARPANET architects to discuss problems and standardization for the Internet (back then it was just ARPANET). As the years went on, RFCs became more formal and eventually spawned two sub categories. These categories are "For Your Information" (FYI) and "Standards" (STD). Often you may hear someone reference an RFC stating it as a standard. While an RFC is the beginning of a standard, it isn't truly one. In fact, you could regard them more as notes or even discussions. They can be written by anyone who wishes to comment on or attempt to standardize how something works on the Internet. The vast majority of them are technical and deal with protocols and definitions, some are meant to be humorous, while others are basically FAQs. There are even some that are just a condensed version of conversations. The basic premise behind an RFC is that someone will write it, receive feedback, make changes, post the updated version, and start the cycle over again. The odd thing about them is that they may not necessarily update the old RFC, but write a new one. This can be very confusing and I find that generally the whole thing is slightly chaotic. As of this writing, there are 2,495 RFCs and a pretty good index can be found here. Please note that there are quite a few dead links on the page for the complete listing of RFCs, but I like to use this source first as they also list the RFC titles as well as the authors and superceded information. If the link for a particular RFC is dead, you can try the Internet Engineering Task Force (IETF) So, how does an RFC become an RFC? There are two ways. The first is to submit it to the IETF, and the other is to submit it to an RFC editor via e-mail at . RFCs sent to the latter may end up getting forwarded to the IETF anyway, so you might as well go to the source first. For more information on writing an RFC, please read RFC-2223 "Instructions to Authors" The IETF is a loosely organized group that anyone may join and attend meetings for. If you would like to read more on IETF, you may read their RFC-1718 entitled "The Tao of the IETF". Just to whet your appetite, here are a few RFCs from different areas: Here are the RFCs that made it to STDs. RFC-2300 "INTERNET OFFICIAL PROTOCOL STANDARDS" ------ Ever wondered where the standard for e-mail messages came from? RFC-822 "Standard for the format of ARPA Internet text messages" ------ How about the new and upcoming Internet Protocol Version 6 (IPv6) RFC-2460 "Internet Protocol, Version 6 (IPv6)" ------ Information regarding Post Office Protocol version 3 (POP3) this is how you generally get your e-mail. RFC-1460 "Post Office Protocol - Version 3" ------ As an example of how odd RFCs can be, here is an interesting one to check out: RFC-2324 Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0) ______________________________________________________________________ ** A word from our sponsors ** ---------------------------------------------------------------------- PERSONALIZE THE NET! ---------------------------------------------------------------------- Now you can locate, select and distribute the information that is important to you! * WebSeeker - Utilize the power of over 100 search engines to perform advanced searches, and get valuable results. * WebWhacker - Take the Net on the road! Download parts of or entire web sites for off-line viewing. * ClickBook - Print any document or web page in a double-sided booklet or brochure. BLUE SQUIRREL: http://www.bluesquirrel.com/index.html?ASCID=192 ------ Your desktop is a reflection of you. Take control of it and mold it to your specifications. These two programs will help you do just that. * IconForge - Makes it easy to create/edit icons, cursors, animated icons/cursors and other small bitmap images (including small GIF/animated GIF, BMP, etc.) * ActivIcons - A convenient way to change the standard Windows desktop icons and cursors, without having to manually locate and change various Windows Registry settings. Best of all, it's FREE! CursorArts: http://www.cursorarts.com/ ------ Want to see your advertisement here? Send mail to with the text 'Advertiser' in the SUBJECT line for more information. ______________________________________________________________________ 2. Voting Booth and Other VBOK Stuff ------ Last month's question was "How many times per day do you check e-mail?". There were 181 voters and they voted a little something like this: Votes Percent 1 30 17 2 - 3 50 28 4 - 6 19 10 7 - 10 9 5 Alot! 73 40 This month's question is "What type of Internet connection do you have?" Go here to vote: ------ Speaking of voting, click here to vote for VBOK as one of the best newsletters in the "E-zines Top Ten Poll"! It's just a click, no need to fill anything out. ------ Come visit the VBOK forum and live chat. You may discuss anything computer related and it's a good place to get help with any computer questions you may have. ______________________________________________________________________ 3. Software Review ------ Name: IconForge Genre: Icon editor Platform: PC Win95/98/NT SP3+ (16 bit available from web site) Type/Cost: Trialware/$37.95 Size: 2.8MB Homepage: Download Software: !!! Recipient of the VBOK Superior Software Award !!! This is an exceptional program. CursorArts did a very fine job not only on it's interface, but in it's functionality. This has definitely got to be the easiest icon/cursor editing package I've ever had the pleasure of using. IconForge let's you create and edit not only standard icons and cursors, but animated icons and cursors as well. A function that is available to test your cursors and icons is in my opinion, pure genius. It changes your cursor to the one you are creating, and provides a test window that is broken down into two main areas. The left area is a palette so that you can see what your icon/cursor looks like over different background colors. The right area has interactive objects such as buttons, checkboxes, and a text entry field for you to test the hotspots and cursor orientation. You can do all this within the IconForge program itself. In addition to the normal colors and pixel level editing of your cursor/icon, they go one step further and add special effects capabilities such as blur, whirlpool, curl edge, wave, and many more. IconForge allows you to import just about any image for use as an icon/cursor, as well as extracting existing icons from EXE, DLL ICO, ANI or CUR format files (including Win 2x and OS/2 .ICO files.) The export functions are equally well matched as you can export to all of the above mentioned file formats and icon libraries. Lookout desktop, you're getting a makeover. ------ Name: ActivIcons Genre: Desktop enhancement Platform: PC Win95/98/NT Type/Cost: Freeware/FREE Size: 1.09MB Homepage: Download Software: Once you're done using IconForge to create a whole new look for your desktop, use ActivIcons to implement the master plan. Some of the key features are: - Change the icons for anything on your desktop (Network Neighborhood, Trashcan etc.) - Change out your mouse cursors - Make the icon text background transparent (no more ugly boxes around the icons text to mar your serene background wallpaper.) - Change the color of the Icon text. - Save and restore the desktop icon setup. ______________________________________________________________________ 4. Cool Sites ------ Real-Time Flight Tracking This place is just too cool! After entering the flight number of an aircraft, you will be presented with a graphical map showing the current location, heading, speed, altitude, it's flight path and it's arrival time. Now you'll know just how much closer your mother-in-law is before she lands. :^) If you don't know of a flight number, you can have it display a random flight. ------ Acronym Finder Wow, if it's an acronym, you'll most likely find out what it stands for here. If not, you can add your own definition. If you add fifty of them, you get added to their list of contributors. You'll be seeing my name up there soon as I only have 14 more to go. Currently they are cataloging 86,000 acronyms. ------ Compilation of free e-mail services Trying to find a better free e-mail service than the one you currently have? Try this site out. They have a very comprehensive information base on all things e-mail related. The second URL, is for web page maintainers in which you can create anti-spam mailto links. You just type in the e-mail address you want one created for, hit submit, and it will convert the address to numerical ASCII representation and e-mail it to you. Then, you just cut and paste it into your web pages. According to them, this is how it works: "Mailto Encoder introduces codes that spambots will "choke" on, but which a normal mailing program ignores. Therefore people can still send you email but spammers can't get your address!" While this may be true, it makes me wonder what happens to search engine bots that attempt to catalog your e-mail address during the time it's indexing your web site. ------ Camp Chaos Entertainment Inc. If your humor causes other people to run away screaming and shouting, then this is the place for you. Great animated cartoons with humor that'll have you rolling. ------ Reseller Ratings http://www.resellerratings.com/ Thinking about buying a new computer, hardware or software, but are afraid of getting burned? Reseller Ratings let's you read what other consumers have to say about a business. You can even register with them and tell the world about your experiences. They have a detailed registration process for accountability so that people don't fraudulently make claims. ______________________________________________________________________ 5. Tips, Tricks, Do's and Don't Do's ------ If you're a space freak like me, then you'll like this tip. Reboot to DOS mode (you can't do this in a DOS window), and type "SCANREG /OPT" (without the quotes) to compact your Windows registry manually. Windows is supposed to do this automagically when the wasted space reached 500K. ------ In issue #15 of VBOK, I told you how to maximize your taskbar under Win98 or Win95 w/IE4. I even took a snapshot of it so you could see exactly what I was talking about. Well, here's another tip to even further maximize it. While looking at the image of my taskbar, you can see the word "Address" to the right of the drive icons, and to the left of the URL. You can get rid of that useless text by right clicking on the word "Address" (on your own taskbar of course), and de-selecting the "Show Title" option. ------ One of the biggest snags that I run into with my computer, is that I'm always resizing my desktop resolution to do different things (that's why I love QuickRES), and I invariably get one window which opens up way off screen and I can't grab the title bar to move it back to center. Here's a great way to fix this: 1. Move your mouse down to the task bar. 2. Click on the icon/button in the taskbar for the window to move. 3. Press ALT+SPACE. 4. Press the 'M' key. 5. Move the window around with your arrow keys. ______________________________________________________________________ 6. That's the news! ------ Once again, parents of slain students claim that the Internet, computers, movies and porn were responsible for duping a perfectly innocent, perfectly balanced, and perfectly normal child into becoming a walking slaughterhouse. Did anybody look to see if the parents of this technological demon taught him reality from make believe, right from wrong, truth from lies??? Check out the list of defendants in the $100 million dollar lawsuit: Id Software, New Line Cinema, Sony, Meow Media, Nintendo, Time Warner, Interplay Entertainment and Sega. **NOTE: I actually had written almost another full page of text here, which was heavily opinionated on this subject. I decided to move it to a web page on my server for those of you who wish to read it. This is a newsletter about computers and the Internet, not a soapbox for myself. It's available for your reading at: If you agree, disagree or anything else in between, please e-mail me. If I get enough comments (both good and bad), I'll stick it all up on a page and post the URL in the next newsletter. ------ More on the privacy front, Deja News is under attack because their HTML pages keep a log of who replied to who while using their services. Here's a simple fix! If you don't want them to track who you sent it to, then don't use their services. Cut the text you need from the message you wish to reply to, cut their e-mail address and send it through your private (encrypted if you even wish) e-mail. Here's an interesting privacy issue for you to mull over. I've used Deja News extensively to track down public postings made by people I occasionally correspond with, to see what kind of person they are. Oftentimes, it's made clear the intentions of these people that I wouldn't have known otherwise. The first link is the story, the second link is the URL for Deja news in which you can just type in someone's name or e-mail address to find out what messages they post in public areas. ------ Step right up, step right up... Pay Microsoft $59.95 to find the bugs in their new Windows 2000 operating system. Of course your sixty dollars will only get you a time limited use, but come on, isn't it worth it to see all of the new ways Microsoft can crash your rig?!? ______________________________________________________________________ 7. Security Issues, Hoaxes, Viruses and Other Urban Legends ------ Before we begin, let me define these for you: Security Issues: These are issues affecting your privacy and security while on the Internet. Most security risks that will be mentioned here are ones concerning holes in software which leaks information or allow people to gain access to private information. Viruses/Trojans/Worms: These will be *real* warnings about new viruses. If I'm warning you of a virus, then you can take it to the bank that I've fully checked it's validity first. Hoaxes: The most memorable in all your minds was the Good Times Virus hoax. These are warnings about some new fangled virus that will wreck your life. The difference between this and other virus warnings is that they aren't for real. Their entire purpose is to scare people and bog down mail servers with all the forwarding going on. The reason I'll be telling you about them is so that you'll be in the know and won't forward them to your entire address book. Urban Legends: These are stories that will be computer related, but aren't necessarily virus related. A warning/story moves out of the hoaxes category when it keeps making a comeback. An example of an urban legend would be the one about the FCC allowing phone companies to charge for local access to the ISP in which the cost would be passed onto us as users. ------ Name: ICQ99a Security Advisory Category: Security Issue What it does: It was recently brought to my attention by Eli Allen, a very intelligent VBOK trooper, that ICQ99a has a massive security hole. For those of you who do not use ICQ99a or are not planning to, then this alert does not apply to you. For the rest, you should probably read this. This security hole is only present when you have an activated homepage enabled under ICQ99a. To see if this is the case, click the "Services" button on the ICQ main window, go to "My ICQ Page", and see if there is a checkmark next to "Activate Homepage". First, let me explain what this is, and then I'll get to the security hole. ICQ99a let's you create a web site on *your* machine in which people can access your computer via a basic web page server to see it. For this to happen, you must be on-line (because it is stored on your computer.) and you must have the ICQ homepage activated. The security hole allows someone who has your IP address, to actually pull files from your hard drive and save them to their computer. To get your IP is a relatively simple matter, and can be done in a plethora of ways. Some of these include: 1. You having the IP publishing option enabled under the security preferences. 2. Someone goes to your ICQ active homepage 3. Using netstat to view open connections between your computer and theirs (i.e. chat sessions, messages, file transfers etc.) There are other more advanced techniques, but these are the most common. Eli demonstrated to me in painstaking clarity the contents of files on my hard drive such as: 1. Autoexec.bat 2. MSDOS.SYS 3. Win.ini 4. System.ini While these files wouldn't in and of themselves provide him with much other than the configuration of my system, he could have grabbed my .PWL (Windows password file, which is named in the System.ini) Even though the actual contents of this file are not plain text, it got me to thinking that it would be a relatively simple matter of renaming my .PWL file to match his, and then further using a program like openpass which would display in plaintext, any password that displays as asterisks. While neither of us tried this, I do not believe it to be that farfetched. Until Mirabilis addresses this problem, it would behoove you to deactivate the web page feature. One other note of interest is that the person who is attempting to pull files from your computer, must know the directory path and filename of the file they wish to get. However, this wouldn't be a relatively difficult thing to do as they could just pull your registry data which has every program you've installed and what directory it's installed in. Furthermore, the registry also contains the data for the "Recent Documents" list, in which they could get the filenames of Word/Excel etc. documents that you have recently opened. Do I think this is a serious security risk? Yes and no. Because most people don't know about this exploit yet (that's why I'm not telling how to do it here), and further most of you probably don't have the ICQ web page activated, I would say your risk is minimal. However, if someone who does know this exploit is attempting to gain access to your system, and you do have the ICQ homepage activated, then you are at very serious risk. Nothing is hidden to a person who knows a good deal about Windows and it's structure. What to look for: This one is pretty difficult to really detect. Other than looking for uncommon modem activity (such as you aren't actively using your connection, but there is a good deal of activity going on.) Another way is to run "Netstat -p tcp" from the command line to see what machines are connected to you. How to fix it: Click the "Services" button on the ICQ main window, go to "My ICQ Page", and see if there is a checkmark next to "Activate Homepage". If so, then un-check it. ______________________________________________________________________ 8. VBOK Contests and Rules ------ In a deal with Blue Squirrel Software, VBOK will be hosting three contests over the next three months. One winner will be announced at the end of each month, and that winner will have their choice of one of three registered software packages; Web Whacker, Web Seeker, or ClickBook. Just go to the above URL, click on one of the three software packages to read more about it. If you like it, download it (evaluation version at bottom), and if you are the winner, you'll receive the registration number via e-mail. Depending on your e-mail client, the above URL may have wrapped. You need to make sure that you get everything between the <> to go to the special offer page. This might entail you having to cut and paste. Sorry, but there wasn't anything I could do about it. ** NOTE - There isn't a MAC version of WebSeeker, so your choices will be limited to either Web Whacker or ClickBook. WebSeeker - Pinpoint exactly what you're looking for on the Internet. WebSeeker 98 v3.4 runs your query through more than 100+ Internet search engines and narrows the search to the EXACT information you want. In Version 3.4 you can add your own search engines. WebWhacker - The ultimate off-line browser! This powerful tool allows you to save Web pages directly to your hard drive, so you can view them off-line at highly accelerated speeds. ClickBook - An easy-to-use printing utility that transforms single-sided documents and web pages into professional booklets, brochures, greeting cards, and more. ------ The three contests and rules of engagement. 1. Random drawing for those of you who are not graphically inclined or have no friends to subscribe. :^) - Winner announcement at the end of this section. 2. Are you graphically inclined? Come up with a graphical VBOK logo. - Resizes nicely and cleanly to 145x127 - Filesize must be less than 15KB - I would like it to be cartoony (No stick figures please!) :^) - I would like the text "Virtual Book Of Knowledge" to be somewhere in the image. - You grant VBOK the exclusive license to it for use in the VBOK site, letterhead etc. (You'll get complete credit for it though in the FAQ as well as the ALT tag.) If necessary, we can work something out with this, just e-mail me at . - Deadline and winner announcement 1 Jun 1999. 3. Subscriber drive - who can get the most subscribers signed up under their name. - No spamming. I'm adamant about this. - Subscribers must be real people and not alternate e-mail accounts. Cheating will get you disqualified. - Current rankings will be posted every other night at this page: - To get credit for a subscriber, they must have your name and e-mail address somewhere in the subscribe e-mail. - The address to subscribe is: - Deadline and winner announcement 1 Jul 1999. ------ The winner of contest #1 Random Drawing is: Dot Richardson Winner decided by a psuedo-random number generator I wrote a long time ago when first learning C/C++ : void main() { srand(time(NULL)); printf("%d", 1 + rand() % 1425); } ______________________________________________________________________ Well, that concludes this issue. Have fun. Leif Gregory Copyright © 1997-99 by Leif Gregory. All rights reserved. You may share this copy of the VBOK newsletter with others as long as it is reprinted/resent in it's entirety to include this copyright notice. If you've received this edition of the VBOK newsletter from a friend or colleague and wish to start receiving your own copies, then click the below link and send the generated e-mail message. I have made every attempt to ensure that all information contained in this newsletter is accurate to the best of my ability. Due to the myriad of possible configurations in the PC platform, information and software discussed here may not always work with your particular configuration. That being said, Leif Gregory and the VBOK newsletter can not be held liable for any damages you may incur either directly or indirectly from the use of anything contained herein. VBOK does not endorse any of the products or services provided by advertisers in this newsletter. As with anything in life, please check the credibility of the advertiser as well as to use common sense. If it sounds too good to be true, then it probably is. Virtual Book Of Knowledge (VBOK) VBOK Editor VBOK Homepage Unsubscribe Back-Edition Titles