Date: Wed, 13 Aug 2008 22:13:57 -0400
From: "Mike B." <omni at omniphile.com>
To: WSFA members <WSFAlist at KeithLynch.net>
Subject: [WSFA] Re: WSFA:  Alive and Well
Reply-To: WSFA members <WSFAlist at KeithLynch.net>

Keith F. Lynch wrote:
> Mike Bartman wrote:
>
>> Even if I look at the page with Lynx, the current events are
>> there...they are *seriously* ugly, pretty much unusably ugly, but
>> the data is there.
>
> I'm confused.  Do you mean the WSFA website or the Aussiecon website?

WSFA...that seemed to be the one you were talking about, since I doubt
that the Aussiecon site has WSFA journals or WSFA events on it.

> The WSFA website (wsfa.org) looks fine in Lynx, except for parts of it
> being seriously out of date.

Seems up to date to me.  Has events for this month and next at least...I
didn't look farther.

> there yet.  Does anything substantive appear there when it's viewed
> with some other browser?

Can't say... I haven't looked at it in any browser.  Since I won't be
going, it doesn't seem relevant to me.

> If you mean WSFA's calendar of upcoming events (wsfa.org/calendar.htm),
> it too looks fine in Lynx -- but contains *no* future events
> whatsoever, except WSFA meetings and Capclaves, all of which have been
> listed there since last year.  (And yes, I'm sure the May 7, 2007 date
> is wrong.  But I'm equally convinced that the Decmber 31, 2007 date is
> correct.)

The "cons and events" link from the WSFA web page takes you to
http://www.wsfa.org/webcalendar/month.php (that's the one I was looking
at that is seriously ugly in Lynx) not to wsfa.org/calendar.htm...that's
probably the problem.  You are looking at the old pre-changeover
calendar, which is most likely not maintained anymore since we went to
the new one several months back.  Where did you see the link to that?
Or did you just know it from before?

>> Keith, you might want to consider setting up a system for using the
>> internet that has ...
>
> I already have a system for using the Internet.  My finances are not
> currently in a state where I would consider spending hundreds of
> dollars just to work around other people's broken websites.  Keep in
> mind I would need not just new hardware and software, but also a new
> ISP account.  Only a small proportion of websites are broken, anyhow.
> As I said, WSFA's definitely is not broken.

I disagree that you'd need another ISP account, since how the packets
get to and from your machine isn't really relevant to whether or not
your security is in danger (unless you have some sort of unusual, very
limited ISP service?).  The risk is dependent on what data you move and
what you move it with on your end.  My suggestion reduces the amount of
security you actually need, so that the level of risk is lower, even if
the dangers are increased by less restrictive practices.

My understanding is that you are sticking with 1992 technology to avoid
the risks from things like MIME, javascript, Active-X, Flash, etc.,
etc..  These pose risks of system infection, data loss, data change,
etc., but the setup I described mitigates all such risks.  Pull the plug
and anything that infected your machine is gone, and not keeping any
useful data on that machine means there's nothing to be lost or damaged.
  What risks are left?  Only that your machine could be hijacked during
a session, and proper firewall setup, a NATing router, or other such
measures reduce that chance considerably, and if you are really worried,
run Wireshark and watch what's being sent to and from the machine.  If
it's talking when it shouldn't be, pull the plug and boot up again.

Sites that use things invented since 1990 aren't "broken", they just
don't match your preferences for technology.  They may well be
sub-optimal if enough of the people they *want* looking at the site are
put off by the chosen technologies, but that's not a problem with the
technology any more than their writing in Chinese would be if they are
trying to attract a French audience.  Dumb, but not malfunctioning.

As for the cost, you *could* spend hundreds (or even thousands) of
dollars to set up a new system, but you can achieve what I described for
far less...perhaps even for free.

Free would be a donated computer (I see them on Freecycle from time to
time...not the latest systems, but fully capable of running Linux).
Alternatively, you could open your current machine and pull the
connectors from your hard drives when you want to do something risky.  A
serious hassle, but it could be done.

Nearly free, and less hassle, would be putting your hard drives in
removable drive trays (about $20 each) so you can pull them out of the
machine when you want to go on-line using risky software or protocols.
That sort of air-gap is sufficient for the NSA, and a more paranoid
bunch it would be hard to find.  Without hard drives, and booting from a
CD-ROM, you have the machine I was describing.  I don't know what sort
of case you have...you'd need externally-accessible 5.25" bays to hold
the drive trays (which contain 3.5" HDs), one for each hard drive you
have in the machine.  I've bought cases that can be used this way for as
little as $25 at computer shows, and I dropped a couple of old ones off
at the dump a few years ago (they were AT style cases that don't work
well with current motherboards, but otherwise fine...I expect they get a
lot of that sort of stuff).

The removable trays are also very useful for doing backups...I have a
spare drive in another tray, and swap it with my data drive to backup my
system disk...a full drive copy using a partition copy program (I use
System Commander, but Partition Magic or Ghost would work fine too).
It's fast, cheap (a second system disk was $58 new), has no open file or
registry issues, and gives me a hot spare...if the drive in the machine
dies suddenly, I can swap drives in 2 minutes and be back up.

All that said, with a firewall and anti-virus software, and avoiding the
worst of the worst risky stuff (like Active-X), I didn't have a problem
for the 7 or so years I had my Windows machine directly on-line (with
it's own static IP, no NAT or other external shielding).  I turn off a
lot of things in IE when I use it (I prefer Firefox with NoScript
installed), don't open attachments from people I don't know (and am
careful with those from people I do know), keep things updated and take
other basic precautions, but I haven't had any problems.  I've been hit
by lightning that fried hardware, but not by malware from a website.

Ok, I did have my XP-running laptop infected once (Welchia Worm...a
port-scanning attack), but that was right after I bought it, first time
it went on-line, while I was downloading all the patches to close the
known security holes it came with and a copy of Zone Alarm....once I got
Zone Alarm in place, no more problems in the several years I've been
using it, whether wired ethernet or WiFi.

You can do what you like, but there are inexpensive alternatives to
staying with software that has very limited functionality.

-- Mike B.