Charles Curley's Weblog

Just for the halibut I decided to look into buying a new refrigerator. The one I have is some 25 years old. It runs just fine; there's no reason to replace it, really. Except:

1. It might be nice to have a new fridge. I'm not that rich.
2. I can save lots of money on the energy expenses.

Really? So I did an experiment. Some years ago I bought a Kill a Watt energy meter from SmartHome. I think I paid $30 or $40 for it, certainly more than the current (pun intentional) price of $21.79, plus shipping.

On July 25 I plugged the refrigerator in to the energy meter. From then until today, October 28, it logged 226 kilowatt hours (kW·h). And that three months includes August. Most of the year my home is at 68℉. In summer the house is at 74℉. So 226*4=904 is a high estimate of my annual cost.

Next I sat down and waded through my (rather opaque) electricity bill to conclude that I pay about $0.046 per marginal kilowatt hour. In other words, it's costing me about $40 a year to run the thing. So assuming I could find a refrigerator that ran for free for $1,000 ($1060 after sales tax, less $30 from the power company), how long would it take me to recover the $1,000? Do the math.

This refrigerator is using some 900 kW-h. That's at the high end, but within the range of show room floor models I looked at. It's a little less than twice the most efficient models, but they are smaller and have a lot less volume. And those cost more than $1,000. Again, do the math.

Tell me again how much money I'm going to save by buying a new refrigerator. I'll pass. Oh, and that Kill a Watt meter? It now looks like one of the best investments I've ever made.

Maybe I can report my results at next year's Climate Fools Day conference.

A useful resource: nixCraft. It is a collection of tips and tricks about Unix and Linux from an administrator. See the About page for details.

It's bait and switch time in Redmond. Microsoft wants us to know that there are some 2.2 million PCs in the the US taken over by botnets. Brazil is next, at 550,000. South Korea has the highest density, at 14.6 out of every 1000 machines enslaved in botnets.

These factoids are from volume 9 of the Microsoft Security Intelligence Report (SIR), covering the first half of 2010. It is based on data returned to Microsoft from various Microsoft anti-malware tools, such as their Malicious Software Removal Tool (MSRT).

At the same time, Microsoft released its largest security update in a long time, with some 49 patches. One is aimed at a vulnerability the Stuxnet virus exploits.

One side effect of using data from Microsoft anti-malware tools is that, by definition, non-Microsoft products are excluded from the universe of discourse. Non-Microsoft operating systems can be vulnerable to email and web site attacks.

The bait and switch is, as readers of this blog have no doubt already deduced, that alternatives to Microsoft programs are left entirely out of the discussion. The words "Firefox" and "Linux" are completely absent from the report. Whether this is deliberate policy, incompetence, or simply inadvertent error is irrelevant: Microsoft does not serve its customers well if it only discusses or recommends Microsoft products.

A corollary is that an administrator who relies entirely on Microsoft for security information is not serving the best interest of her organization.

Any true hacker knows that GUIs are just another way to have lots of terminals readily available.

If you do a lot of command line work, you probably have a lot of terminals open on your display at any one time. Terminator is a Gnome application that lets you run multiple terminals in one window. I've just started using it, and find it very useful already.

Using a grid layout means you can see multiple terminals simultaneously, unlike Gnome's terminal with tabs.

Other than the fact that it will eat some keystrokes, the ones it uses for run-time configuration and operation, it appears to be quite transparent. I can fire up Terminator, ssh into another machine, and then run screen. Or I can run Emacs as an X client. An excellent product.

It is very flexible. You can launch it with some command line options or set up a configuration file with one or more profiles. Here's my first go at a config file.

# This is a comment. Time-stamp: <2010-10-10 10:28:56 ccurley config>
[global_config]
  focus = system
  window_state = maximise
  borderless = true
  close_button_on_tab = false

[profiles]
  [[default]]
    audible_bell = true
    visible_bell = true
    background_type = transparent
    background_darkness = .7

I've updated the "mkcd" article to allow users to refer to directories with spaces in their names.

Let's quarantine unhealthy PCs from the Internet. So says Scott Charney, Corporate Vice President, Trustworthy Computing. For Microsoft. Using a public health metaphor, Mr. Charney calls for not allowing computers on the Internet unless they have a "health certificate". Note that this is an inversion of the usual public health quarantine model. Usually a person or a ship is quarantined only if they are demonstrably ill with an infectious disease or there is good reason to believe the person is a carrier.

It is an intriguing idea, but it has possible problems. One obvious potential problem is, if we throw the computer off the Internet, how does the administrator get updates, including security updates?

Another one is, who issues the certs? Microsoft? Don't make me laugh. Would you trust Microsoft to certify that your computer is healthy when it runs Linux or BSD? Or OSX? Talk about conflict of interest! I think the public health model gives us a hint: only throw a computer off the Internet if it is demonstrably infected or if the owner acts maliciously. (Which proposal in turn has privacy implications.)

I won't make the usual anti-Microsoft jibes. For one thing, others have done a better job than I would, including the commenters on Mr. Charney's blog.

And for another thing, they're too easy.

A BBC article mentions several other approaches already in action in France, Japan and Australia.

There's a much simpler fix than what Mr. Charney proposes, something you can do right now, without waiting on some international bureaucracy. Save yourself a lot of hassle: go get the world's largest and most effective anti-malware program. Linux. Then learn how to use it securely.

---

Update 2010-10-09: Brad R of Goodbye, Microsoft! has this take on the story: Typhoid Mary Suggests You Be Quarantined.