Month: April 2005

It’s tax day

In honor of April 15, some light reading:

Even NFL players have to pay income tax:

Kendrell Bell, a Pittsburgh Steelers linebacker, tells of his great awakening to the verities of income tax: ”I got a million-dollar signing bonus. But then I got the check, and it was only $624,000. I thought, Oh, well, I’ll get the other half later. Then I found out that’s all there was. I thought, They can’t do this to me. Then I got on the Internet and I found out they can.”

Steve_martin_77Prof. Froomkin says there comes a point where Steve Martin’s tax advice starts to seem attractive:

You.. can be a millionaire.. and never pay taxes! You can be a millionaire.. and never pay taxes! You say.. “Steve.. how can I be a millionaire.. and never pay taxes?” First.. get a million dollars. Now.. you say, “Steve.. what do I say to the tax man when he comes to my door and says, ‘You.. have never paid taxes’?” Two simple words. Two simple words in the English language: “I forgot!” How many times do we let ourselves get into terrible situations because we don’t say “I forgot”? Let’s say you’re on trial for armed robbery. You say to the judge, “I forgot armed robbery was illegal.” Let’s suppose he says back to you, “You have committed a foul crime. you have stolen hundreds and thousands of dollars from people at random, and you say, ‘I forgot’?” Two simple words: Excuuuuuse me!!”

Alas, he reports, it doesn’t work.

New MexiKen recalls the words of Will Rogers: “The income tax has made more liars out of the American people than golf.”

If you’ve run out of ways to procrastinate, try these helpful techniques from sz at World O’Crap:

Well, this year I was going to do them early, so in February I took all of the forms and receipts and stuff from the file where I throw tax stuff, and put everything on the kitchen table, so it would be right there, guilting me about my taxes every time I walked into the kitchen.  And I did feel guilty, and vowed frequently to do taxes the very next day.  However, after a few weeks of this, I had to hurriedly clean the kitchen because company was coming, and I scooped up everything and put it … somewhere. 

I didn’t think about taxes again until yesterday, when I saw some reference to the 15th being tax day and panicked.  So, I watched “CSI” and “Missing” to help me focus.  Then I arranged my calculator, stapler, pencils, and such on the table, and got out the file that’s supposed to contain all my tax stuff — and saw that it was empty.  And then I remembered that I had put everything on the kitchen table, where it had sat for months, until I needed to clean up, and had put it all  … somewhere.

I interrogated all of the usual suspects (drawers, magazine racks, the china cupboard, etc.), taking out their contents and demanding that they show me the tax stuff.  And, in order to send a message to the clutter about the consequences of harboring fugatives, I threw away a bunch of old periodicals, expired coupons, Christmas cards, and requests for donations from my college.  But the missing tax stuff remained hidden.  Finally, in desperation, I tried looking in the hamster/guest/junk room.  And there, under a stack of books, was the tax stuff.

There’s also amusing advice on what to do if you’re a blogger who puts up a tip jar. Not necessarily sound advice, but amusing.

And finally, courtesy of J-Walk, is a link to Presidential Tax Returns. I had no idea that Richard and Patricia Nixon made $73,648.86 in wages, salaries, and tips in 1969. 

Overclocking is bad for your PC’s health

Microsoft’s Raymond Chen (whose epitaph will no doubt include the words, “developer of the original Tweak UI utility for Windows”) put up a fascinating post earlier this week. It’s worth reading for two reasons. First, it details how Microsoft engineers really do use the data you submit when your Windows computer crashes. Second, it highlights a problem that might be affecting you right now:

Since the failure rate for this particular error was comparatively high (certainly higher than the one or two I was getting for the failures I was looking at), he requested that the next ten people to encounter this error be given the opportunity to leave their email address and telephone number so that he could call them and ask follow-up questions. Some time later, he got word that ten people took him up on this offer, and he sent each of them e-mail asking them various questions about their hardware configurations, including whether they were overclocking.

Five people responded saying, “Oh, yes, I’m overclocking. Is that a problem?”

The other half said, “What’s overclocking?” He called them and walked them through some configuration information and was able to conclude that they were indeed all overclocked. But these people were not overclocking on purpose. The computer was already overclocked when they bought it. These “stealth overclocked” computers came from small, independent “Bob’s Computer Store”-type shops, not from one of the major computer manufacturers or retailers.

For both groups, he suggested that they stop overclocking or at least not overclock as aggressively. And in all cases, the people reported that their computer that used to crash regularly now runs smoothly.

I’ve done my fair share of overclocking through the years, but currently I’m running every single computer I own (five, at the moment) at its rated speed. It helps that I’m not a gamer – that’s the group that, in my experience, is most fanatical about squeezing performance out of a PC, even at the expense of stability. And most online communities dedicated to hardware tweaks for hardcore gamers spend a lot of time explaining how to overclock to the point where your computer doesn’t crash. You can push it up a notch at a time until it fails, and then back off. Or you can start high, crash, and back down a notch at a time until the crashes stop.

Either way, you’ve created an environment in which some degree of instability is practically guaranteed. If you have mysterious performance problems or compatibility issues, anything short of a blue screen, can you safely say that the hardware isn’t the problem?

Oh, and if I bought a computer from someone who had overclocked it without my knowledge, I would be as mad as hell. That’s fraud, plain and simple. As Raymond says, “There’s a lot of overclocking out there, and it makes Windows look bad.” Unnecessarily, I might add.

A Longhorn insider speaks

Sean Alexander has been a great source of information on Media Center for a long time. Now he’s on the Longhorn team, and today he has his first post as a Longhorn insider:

  1. There will be a LH build given out at WinHEC.  This will not be Beta 1. This is a driver and hardware developer release to get the industry building hardware solutions for Longhorn.  Beta 1 will be this summer.
  2. I used to get really bummed by the “grouping” feature in Windows XP – r-mouse in My Documents and choose “Arrange Icons By|Show in Groups”.  Some thought it was fantastic but for me it wasn’t very compelling when I have family members who still can’t find the files they’ve just downloaded.  The ability to visualize and organize your information in Longhorn kicks ass.  It’s FAST already and going to get even better.  It goes beyond physical location of files. WinFS wasn’t required to deliver this and that’s where I think many stumbled in their perceptions.
  3. Don’t expect to see a lot of updates to or new consumer-focused features right now. Right now it’s about fundamentals- getting hardware to work great, tapping into features that are in most PCs lying dormant for 90%+ of your time, addressing how people view and organize their information. They’ll be plenty of cool new wizardry to come.

I’ve seen the “grouping” feature he mentions in item #2, and yes, it really is cool. In fact, I’d go so far as to predict that Longhorn will basically render all existing desktop search tools obsolete. Beta 1 this summer? Perfect timing!

A worm with demo files

The Mytob worm is making the rounds. In the past four days, the copy of PC-cillin on my main working PC has successfully blocked seven copies of messages containing an infected attachment, and I’ve deleted a few more copies that arrived with corrupted (and therefore harmless) attachments.

But the one that shoed up this morning was hilarious. Like most mass-mailing worms, Mytob scours the infected machine to find e-mail addresses, and it uses the addresses it finds both as the destination and to forge the From: field. So this morning I received an attachment that was, ostensibly, from stephanie@contoso.com.

Anyone who’s worked with Office through the years should recognize the company instantly. Contoso.com is a fake domain registered by Microsoft and used extensively in sample files and product demos for Office and SharePoint. It’s comforting, I suppose, to know that this worm is too stupid to tell a fake domain from the real thing.

A sneak peek at Longhorn

eWeek sat down with Microsoft VP Jim Allchin, who showed a demo of the next version of Windows (code-named Longhorn) and talked about Why Longhorn Matters. The short version? “Longhorn is going to be a heck of a lot more than just Windows XP Service Pack 3.”

I’ll be at the Windows Hardware Engineering Conference (WinHEC) in Seattle later this month, where a lot of this stuff should be demonstrated publicly for the first time. And I’m in early discussions to write at least one and probably several books about Longhorn. Stay tuned to this space for more details.

Tip of the day: Protect yourself from unwanted ActiveX controls

WARNING: The following tip contains script code that makes changes to your Windows registry. Although I have tested this script and believe it performs as described, I am not responsible for any damage that may occur to your computer if you choose to download and run this script.

The single biggest security flaw in Internet Explorer is its capability to download and run ActiveX controls. This feature is a double-edged sword. When used properly, ActiveX controls greatly expand the power of Internet Explorer. Unfortunately, the developers of spyware, adware, and other forms of crapware figured out long ago that ActiveX is a great way to sneak unwanted programs onto an unsuspecting user’s computer.

So how do you protect yourself? You could disable ActiveX programs completely. But when you do so, you cut off access to the good along with the bad. A better approach is the one that Carl Siechert and I came up with in Microsoft Windows Security Inside Out: Configure Internet Explorer so that existing ActiveX programs run as expected, but disable the ability to download new controls from any site in the Internet zone (sites in the Restricted zone are always blocked, and sites that you specifically place in the Trusted Sites zone are unaffected by this change). This configuration change makes it impossible for a Web site to push spyware/adware/crapware onto your machine. The beauty of this technique is that it doesn’t allow you (or an unsophisticated user on your computer) to be fooled into clicking Yes when you should click No. It stops new ActiveX controls cold.

In the rest of this article, I explain two ways to make this change: one that requires a series of manual steps, a second that runs automatically, using a simple script file. Note that I have only tested this script with Windows XP Service Pack 2. It will probably work with other versions of Windows, but I can’t guarantee it and don’t recommend using the script on any other Windows version. Oh, and this security tip is worth following even if you normally use Firefox as your default browser. Programs like Windows Media Player can call up Internet Explorer when you least expect it. If you’ve blocked unwanted ActiveX installations, they can’t do any damage.

Continue reading “Tip of the day: Protect yourself from unwanted ActiveX controls”

A pessimistic view of CableCARD and OpenCable

Engadget’s Peter Rojas Stephen Speicher has a superb piece that explains why the CableCARD and OpenCable standards are seemingly stuck in neutral. The CableCARD eliminates the need to have a digital set-top box for your cable connection. Instead, by plugging the card into your PC or DVR or other compatible device, you get the direct digital stream from the cable company. Sounds great. Except the cable companies are fighting tooth and nail. Rojas asks the right questions:

Assuming that TiVo (due to its new relationship with Comcast) stops being the staunch advocate for advances in CableCARD technology, who will fight for the consumer?

That’s unclear – the FCC has shown no strong signs that they will be fighting for the consumer. Recently, a July 2006 deadline that would have banned cable companies from producing any new “integrated” (i.e., not OpenCable) set-top boxes was pushed back by at least another year. Many assume that the cable companies will use the delay to argue that the mandate for OpenCable is unfair and unduly regulates the cable segment of the market. Worse yet, they might be successful. After all, with the emergence of IPTV and the entry of SBC and Verizon into the subscription TV game, it’s hard to argue that only the traditional cable players should be bound by such regulations. In any case, few expect the ban to go into effect even by its delayed July 2007 deadline.

It might be easy to assume that with rumors of an OpenCable-compatible Media Center Edition in the works, Microsoft will be fighting for the consumers. However, in a recent letter to the FCC, Microsoft joined Comcast (never a good sign) in arguing that the ban on integrated set-top boxes be delayed. With Microsoft participating in so many different segments of the cable market (e.g. Comcast already runs Microsoft Foundation Edition software on many of its current boxes and Microsoft has signed deals with both SBS and Verizon regarding IPTV) it’s unclear whether Microsoft would be willing to rock the boat.

The persistent rumor is that this fall’s update to Windows XP Media Center Edition will support CableCARD-compatible hardware. Will it happen? I’m not betting on it.

Tip of the day: Manage saved passwords

Windows XP provides a secure system for storing sensitive data associated with Web pages you visit using Internet Explorer. This data store includes saved user names, passwords, and Web form data you “remember” using the AutoComplete feature in Internet Explorer. Occasionally, people ask me where this data is stored, assuming (logically) that it has to be saved somewhere and that these saved passwords could represent a security risk.

Here’s the good news: The Protected Storage service, which runs as part of the Local Security Administration subsystem (Lsass.exe) manages this data store. This data is encrypted using your logon credentials and is stored in a secure portion of the registry. For security reasons, you cannot view the hashed data directly. Instead, Windows allows programs to query for specific data. The Protected Storage service decrypts the data only when it can verify that the request is accompanied by the correct logon credentials – in other words, that whoever is making the request is currently logged on using the same account that was used to store the data.

What happens if you forget a saved password that you use to access a secure Web site? Although you can log on using the saved credentials, you can’t read the password or export it to another program. That’s especially unfortunate if you’re switching to a new PC, because the Files and Settings Transfer Wizard doesn’t migrate saved passwords either.

The solution? Download a copy of the free Protected Storage Explorer. This tool queries the Protected Storage database and dumps its contents into an Explorer-style window that you can use to browse saved passwords for e-mail accounts, FTP servers, Web sites, and other normally hidden locations. You must be logged on to a user account to view saved data for that account. Needless to say, the existence of a tool like this should inspire you to lock your computer when you step away from your desk.

[Some of the material in this tip originally appeared in Windows XP Inside Out, Second Edition.]

Pizza is now officially heart-smart

This is good news. According to the April issue of Health magazine (sadly, not available online), pizza is health food:

Italian researchers recently found evidence that people who regularly eat pizza have healthier hearts than those who don’t. … In a study of nearly 1,000 people, those who regularly ate the equivalent of 4 to 5 American slices a week were 56 percent less likely to have a heart attack than people who never ate pizza; those who had eaten half that amount lowered their risk by 36 percent. The researchers’ earlier work showed that pizza eaters get fewer digestive tract cancers.

The article goes on to mention something about not ordering “fatty extras like sausage or extra cheese.” Yeah, right. And I believe Dottore Silvano Gallus of the Istitute di Ricerche Farmacologiche Mario Negri in Milan would go all Roberto Benigni on the suggestion from the editors that you “order veggie toppings and insist on just a sprinkle of mozzarella.” That is simply not a pizza.

Slice of cold pepperoni and mushroom for breakfast, anyone?