More Junkmail from Bob!

Tuesday, December 4, 2001
Important Stuff

Magistr and Badtrans

What is Magistr and why is it spelled funny? It's an email virus. Badtrans is too. Well, technically Badrans is a trojan but I'll call it a virus anyway.

In the past week I've gotten more email viruses sent to me than ever before, and I've talked to several proud recipients of these two viruses who didn't get around to sending me a copy.

First, a quick note about how to be almost 100 percent safe from email viruses. Don't open any email attachment unless you know what it is. A lot of times an email virus will try to trick you into opening an attachment you consider safe by using a double file extension:  CARD.DOC.pif.  A pif extension is an executable file frequently used by virus writers because a lot of people don't know what it is.

There are lots of "unsafe" file types:

    .ade    Microsoft Access project extension
    .adp    Microsoft Access project
    .bas    Microsoft Visual Basic class module
    .bat    Batch file
    .chm    Compiled HTML Help file
    .cmd    Microsoft Windows NT Command script
    .com    Microsoft MS-DOS program
    .cpl    Control Panel extension
    .crt    Security certificate
    .exe    Program
    .hlp    Help file
    .hta    HTML program
    .inf    Setup Information
    .ins    Internet Naming Service
    .isp    Internet Communication settings
    .js     JScript file
    .jse    Jscript Encoded Script file
    .lnk    Shortcut
    .mdb    Microsoft Access program
    .mde    Microsoft Access MDE database
    .msc    Microsoft Common Console document
    .msi    Microsoft Windows Installer package
    .msp    Microsoft Windows Installer patch
    .mst    Microsoft Visual Test source files
    .pcd    Photo CD image, Microsoft Visual compiled script
    .pif    Shortcut to MS-DOS program
    .reg    Registration entries
    .scr    Screen saver
    .sct    Windows Script Component
    .shb    Shell Scrap object
    .shs    Shell Scrap object
    .url    Internet shortcut
    .vb     VBScript file
    .vbe    VBScript Encoded script file
    .vbs    VBScript file
    .wsc    Windows Script Component
    .wsf    Windows Script file
    .wsh    Windows Script Host Settings file

Notice that .jpg is not on this list. Images in .jpg format don't have executable parts, so they should be safe to open in an email. .Doc and .xls are also not on this list, but those files can be infected with viruses. This list came from Microsoft so I assume they didn't want tarnish the image of Word or Excel.

OK, let me go over this one more time. If you open an email attachment that is executable, you might get a virus. All the executable email attachments I have gotten in the past several weeks have been viruses.

My mom acquired the Magistr virus on her computer. I asked her if she'd opened any email attachments. She said, "Just one from Dewey so I knew it was OK." I've heard this or something similar lots of times. Well, it's not always Dewey that sends out the viruses, but you know what I mean.

If you use Outlook 97, Outlook 98, or Outlook 2000, you can download the Outlook Security Update from Microsoft. It's free. It keeps you from opening any of the unsafe file attachments listed above, even if you want to. Here's where to get it.;en-us;Q235309

Unfortunately, the security update does not work with Outlook Express.

Here's some information on the Badtrans and Magistr viruses. It's pretty interesting. It describes how they replicate and what they do to infected computers. They are both pretty complex programs. They both have some bugs and don't do everything they were designed to do. When you think about it, it must be pretty hard to test a virus program that destroys an operating system. You'd have to reinstall Windows every time you tested the program.


       Magistr (old)

       Magistr (new)

While email is probably the most popular place to get a virus, it's not the only place. Sega's Dreamcast
games have been including a screen saver on CD which happened to include the Kriz virus at no extra charge. I don't think it helped sales.,2101,48806,00.html

In case I haven't mentioned it, it's a bad idea to open an email attachment unless you're sure what it is.

Remember, it's only 0's and 1's.

The PC you are reading this with is a digital computer. That means all the text, data, images, programs, and instructions all consist of a bunch of 0's and 1's.  For example, this picture of the star AE Aurigae


is nothing but a bunch of zeros and ones arranged so they represent the picture.  How does it work?

In binary, 0 is 0 and 1 is 1. But 10 is 2 and 11 is 3. It goes on like that for a while:

     00000000 = 0
      00000001 = 1
      00000010 = 2
      00000011 = 3
      00000100 = 4
      00000101 = 5
      00000110 = 6
      00000111 = 7
      00001000 = 8
      00001001 = 9
      00001010 = 10
      00001011 = 11
      00001100 = 12
      00001101 = 13
      00001110 = 14
      00001111 = 15

Each 0 or 1 is a bit. 8 bits make a byte. Each byte can represent a number from 0 to 255 (or -128 to 127 if you want to use negatives.)

If you want to use zeros and ones to make an image like you get from a digital camera, you can use three bytes for each dot or pixel in the image. One byte will be red, one will be green, and one will be blue. If you have an image with 1024x768 resolution, it will take 2,359,296 bytes to hold the image. For reference, that is about 1.6 floppy disks, and about 16,000 of these images would fit on a 40 gigabyte hard drive, uncompressed. There are other ways to represent images, but most .jpg files use 24-bit color like this.

If it sounds kind of complicated, that's because it is. Luckily we've got really fast computers to mess with all these zeros and ones.

You can also do math with zeros and ones. It's a lot easier if you use a computer for it. You can take a byte (8 zeros and ones) and add it to another byte. You can also do other operations like subtraction, multiplication, and constipation. The one-byte math operations have limited utility because a lot of times you need numbers outside the range -128 to 127.

Someone figured this out back in the Mesozoic period of computing, and 16-bit and 32-bit mathematical computations came into being. Some of these were done using software, which is a lot slower than doing it in the CPU. The CPU is the central processing unit of the computer. Probably the CPU you're using to read this is either an Intel Pentium or is compatible with a Pentium.

A 16-bit signed integer can go from -32,768 to 32,767. A 32-bit integer ranges from about -2.1 billion to +2.1 billion. However, the early computerists figured out that even these were not big enough when it came to working with very large numbers like the astronomical distances and the national debt, or very small numbers between zero and one. In fact, the integers don't even have fractional parts. That's why they call them integers.

They figured out that you can use a number and an exponent to represent a small or large value, kind of like scientific notation. For example, 4.2 * 10^3 is 4,200, and 4.2 * 10^30 is 4,200,000,000,000,000,000,000,000,000,000. The ^ sign is an exponent operator, and is pronounced tootha if you're from Oklahoma. The * is a multiplication operator, kind of like the x. So 4.2 * 10^3 is 4.2 times 1000 or 4200.

Since computers prefer binary numbers instead of decimal, you can take replace the 10^ with a 2^, and use binary values on each side. The part on the right of the 2^ is called the exponent because it is an exponent. The part on the left of the 2^ is called the mantissa because "mantissa" sounds cool. You can use 8 bits for the exponent and 24 bits for the mantissa. That's called a single precision floating point number. It's called single precision because 64-bits makes a double precision number. It's called floating point because the variable exponent part of the number makes it seem like the decimal point can float back and forth.

A single precision floating point number can hold values from really small to really big, with a lot of accuracy. A double precision floating point number can hold values from really, really, really, small to really, really, really big with a whole lot more accuracy. Here's a pretty neat example of what you can accomplish when you use numbers with exponents:

So we have 8, 16 and 32-bit integers, and 32 and 64-bit floating point numbers. As you might guess, it's more complicated to do arithmetic with a 32-bit integer than a 16-bit integer. It's a whole lot more complicated doing math with a floating point number than an integer. In early PC's the floating point math had to be done in software. Later PCs had math coprocessors, and for the past 10 or 15 years the floating point capability has been built into the CPU.

As I mentioned before, doing math in hardware is a lot faster than doing it in software. Modern computers have a lot of math capability built-in to the hardware, so the math is fast now. Really fast.

I was wondering the other day how much faster 16-bit integer arithmetic is than 32-bit integer arithmetic is than 64-bit floating point arithmetic. So I write a program to test it and see. I was pretty surprised at the results.

Using Visual Basic, compiled with most of the optimization, 16-bit integer arithmetic was the same speed as 32-bit integer arithmetic. 64-bit floating point arithmetic was almost as fast (98%) as 32-bit integer arithmetic.

This surprised me. But sometimes compilers do funny things with the math. For example, I thought maybe Visual Basic always does 32-bit integer arithmetic and throws away the extra 16-bits when it doesn't need it. I also thought Windows might somehow be a factor, but I ran the program several times to make sure some background tasks weren't confusing the issue.

Then I tried the same program using Microsoft Visual C++ under Windows and Borland C++ under MSDOS. In Borland C++ the 16-bit integer arithmetic was slower than the 32-bit. In Visual C++ the 32-bit integer math was about 15% slower than the 16-bit. In both Visual C++ and Borland C++, the floating point math was 30%-40% faster than the integer arithmetic.

I ran the tests 6 times: Visual C++ release, Visual V++ debug, Visual Basic compiled with extra optimization, Visual Basic compiled normally, Visual Basic interpreted, and Borland C++ with speed optimization. I tried using max optimization with Visual C++, but a bug caused it to optimize out the calls to the timer function, so it always showed 0 milliseconds. Not even Intel can do that.

Here are the final results:

c++ release
c++ debug
vb optimized.
vb normal
vb interp
borland c++
int 2
long 2

The values are milliseconds that it took to do the math computations 10,000,000 times. The sine and cosine functions are really slow -- 10 or 12 time slower than multiplication and division. Square root calculations are about 3 times slower than multiplication and division.

Here's the "long" and "double" computation,
        y = i
        x = y * 7
        x = x + y / x + y * 37 / y

here is the "sin" computation,
        y = i
        x = y * 7
        x = x + Cos(y / x) + Sin(x * 37 / y)

... and the "sqrt" computation:
        y = i
        x = y * 7
        x = x + Sqr(y / x) + Sqr(x * 37 / y)

If I wasn't so lazy I'd check the compiled code to make sure these are doing the calculations I expect them to. Good compilers will optimize code, and if there is something being done inside a loop over and over with no change, the compiler will move the calculation outside the loop so it's only done once. This is good in most cases, but not so good when you're testing computation times.

I got curious so I checked out the execution times of Pentium math instructions. The time the instructions take to execute are in clock cycles. These tests were run on a 1.7 gigahertz computer, so there are 1.7 billion clock cycles per second. That's a lot. One clock cycle is about 588 trillionths of a second.

integer addition                      
7 and 4

integer division                      

integer multiplication        
7 and 4

floating point addition 
3 and 1

floating point multiplication 
3 and 1

floating point division       

floating point cosine         
18 to 124

floating point square root    

The "7 and 4" means that another CPU instruction can begin in 4 clock cycles, but the result of the math operation won't be ready until 7 clock cycles.

There's no difference in execution time between 16-bit and 32-bit integer math in Pentiums. There's no difference in execution time between 32-bit and 64-bit floating point instructions either. And really surprising, 64-bit floating point addition and multiplication is twice as fast as 16-bit and 32-bit integer addition and multiplication.

To put all this in perspective, light travels about 186,282 miles in one second, as long as nothing is slowing it down like air or water or black holes. In 588 trillionths of a second light travels almost 7 inches. So a medium-speed Pentium 4 can complete a 64-bit floating point multiplication in about the time it takes light to go from my monitor to my eyes.

Smaller and Faster

A few days ago, Intel announced new transistor technology that will make smaller and faster microprocessors.

I expect computers will keep getting smaller and faster for several more years. There's a guy named Gordon who said that in 1965. He said microprocessors would double in power (chip density) just about every year. Here's his paper:

Notice that this paper is on Intel's web site. Gordon was a co-founder of Intel. He last name is Moore. His projection is called Moore's Law.

Gordon's initial estimate of doubling microprocessor density every year turned out to be a little optimistic. He amended his law 1995 to doubling CPU power every two years instead of every year. It's been reasonably accurate for a lot longer than most people expected.

If automobiles doubled their speed every two years since 1965, they would be going 17 million miles per hour today. There are physical limitations that prevent this, of course. There's not enough friction on four tires to stop a car going 17 million mph in a reasonable time. There would be too much friction heat, it would take too much power to accelerate and decelerate, etc.

Eventually they will encounter physical limitations on microprocessors. Electrons can only travel at light speed. Smaller sizes allow less power, less heat, and shorter distances for electrons to travel, but there are molecular limitations on circuit sizes.

I've read before that these limits would be prevent building microprocessors anywhere near as fast and powerful as the Pentium 4, but that hasn't happened yet. I also read once that the earth would be out of oil long before the year 2000.

Here's a picture of the Intel 8088, the processor used in the original IBM PC. It was introduced in 1978 and has about 29,000 transistors.


Here's a picture of the Pentium 4. It was introduced last year and has about 42,000,000 transistors.


In response to Intel's announcement, this week AMD announced some new chip technology that makes it possible to make chips a lot faster and a lot smaller. They can make really small text in their press release, too.,,51_104_543~13001,00.html

IBM announced a double gate transistor that's also supposed to make things faster and smaller. I don't understand it all, but it must be twice as good as a single gate, right?

Moore's law might apply for a few Moore years. This is a really good thing. All this computing power will be required for the largest computational problem of modern time:  booting Windows.

New Clear Yankees

A guy named Jason from Brattleboro, Vermont is a photographer for the local newspaper, the Brattleboro Reformer. Last Wednesday Jason decided to go take some pictures of the nearby Yankee nuclear power plant for an article. Jason stayed outside the fence where he was supposed to be. The police came to see Jason. Jason went directly to jail, did not pass go, and did not collect $200.

In 1917, Vermont passed a lot that says any "person who, without permission of lawful authority, while the United States is at war or threatened with war, makes or attempts to make any map, drawing, plan, model, description, or picture of any military camp, fort, armory, arsenal, bridge, road, canal, dockyard, telephone or telegraph line or equipment, railway or property of any corporation subject to the supervision of the Public Service Board, or of any municipality or part thereof, shall be imprisoned not more than 10 years."

Lucky for Jason, the state attorney general decided Jason doesn't have to spend the next 10 years in jail.

I wonder if anybody realizes that, according to the U.S. Constitution, the United States is not at war. Attorney General John said at a press conference, "It's important to understand that we are at war now." President Dubbya said, "This is war." Congress said the president can use the military to fight terrorists. However, only Congress can declare war, and Congress has not officially done that. But it seems like they never got around to declaring war 30 or 35 years ago either.,1002,8854%257E245822,00.html

AA Airbus 587

Here are some interesting pictures of the Airbus that crashed in New York on November 12.

Here are some details:


Deep in the bowels of the executive office the Whitehouse, a brilliant bureaucrat named Jack said, "Hey, doesn't December have some religious holidays in it? Maybe some terrorists will attack in December."

Then Jack's brilliant co-worker Jim-Bob said, "I have an idea. Let's issue a national warning. That way if something happens we can say, 'I told you so.'  And if nothing happens, we'll take the credit for keeping everyone safe!"

Jack: "But can we issue a warning without knowing about any specific threat?"

Jim-Bob: "Sure we can! Haven't you seen the terrorism stuff they've got on TV now? They're starving for new material. We can make the headlines in every major newspaper in the country, and it might even help us out with that extra $30,000,000 we're trying to get into next year's budget."

Jack: "This doesn't seem right to me. Are we being unpatriotic?"

Jim-Bob: "Heck no! It's patriotic as heck to worry about terrorists whether it's unfounded or not. The more kind of stuff like this we can come up with, the better people will feel about the good ole US of A."

Jack: "It just seems kind of weird to come out with a warning that doesn't really say anything. Will the papers really print it if we just say that there could be an attack of some sort, somewhere in the U.S., any time in December? That sounds like something my 7-year old would make up. Besides, how can such a vague warning help anybody?"

Jim-Bob: "I'll tell you what. We'll try it and see. If you're right, you'll never see it in the paper. But I'd bet you a McDonalds cheeseburger that you'll find it on the front page of the Wall Street Journal tomorrow morning."

Pictures of Today!

Mount Baldy, near Breckenridge, blowing snow and under a full moon:

        IMG_2006.jpg      baldy.jpg

New snow in the mountains:

        IMG_2037.jpg      IMG_2033.jpg      IMG_2022.jpg

A sub-zero road into a steaming lake.




Snow, by moonlight


A couple of good shuttle launch pictures. I didn't take these.

        columbia_sts50_big.jpg      shuttlelaunch_sts100_big.jpg

Buffalo Mountain looked like this on November 17:


and like this on November 28:


...and last and possibly least, the grass is greener on the other side.


(@) 1965, no rites observed. Any unauthorized duplication or distribution of this Junkmail without express written permission is OK with me and will not be prosecuted to the fullest extent of Moore's law.

If you would like to sign up yourself, someone you know, or someone you'd like to know to receive Junkmail, you can do that here:

If you'd like to read other Junkmails, you can do that at this web site too.

If you'd like to stop getting Junkmail, please select one of the following:

    1. Change your email address.
    2. Install Windows XP and don't authenticate it. (This option requires a waiting period.)
    3. Click here and put remove in the subject line.

I'm Bob Webster and I reside at Have a good day!