January 1999 - NT Internet Goodies

by Andy Bruce

Hi, I'm Andy Bruce. Welcome to NT Internet Goodies. Much like the writer for UNIX Internet Goodies, I get paid to surf the Net at odd hours and play with interesting (and free!) software. Sound good? It is! And since I'm starting from scratch, I figure a good beginning is to scan common newsgroups to glean the chance buried diamond in the rough.

AOL Instant Messenger and Security

AIM (AOL Instant Messenger) is a free program (from AOL, duh) that enables real-time chat between registered users. Surprisingly (AOL is commercial), there is no catch for using this software. Registration is instantaneous and free, and you don't have to be an AOL subscriber to use AIM. I use it all the time to chat with coworkers--it's faster than e-mail, and easier than a telephone. Download a copy from http://www.aol.com/. And when you do download AIM, be sure to download the Version 2 beta. (If you're running on Windows, don't bother to download the "Java only" version--it doesn't work.)

However, while scanning the contents of alt.windows95, I came across the thread "Hacking via AOL Instant Messenger." Given that AIM is free and widely used (and that I just recommended it), it strikes me that some lurking security issue might be a tad dangerous. Sounds like a call to investigate.

So what was the problem? Turns out that someone's daughter was online using AIM to chat with a buddy, and the buddy started doing things to her local PC--such as opening the CD-ROM drive door. Hmm. That isn't good. When your CD-ROM isn't safe, what on earth could be?

I read each message in the thread, and got a lot of good information. First, no one could absolutely deny that AIM has a security hole. On the other hand, the most plausible explanation given for this action was that the daughter had inadvertently installed a virus onto her machine--thus, nothing to do with AIM itself. Remember that the oft-repeated advice "pick what you click" applies to all e-mail attachments. One person suspected that the daughter's buddy was using a nasty virus called "Back Orifice" to control her PC. (You can read all about this new virus, as well as how to disarm it, at http://www.techweb.com/internet/story/TWB19980807S0012.)

Another individual expressed his fear of Java--perhaps an applet was mucking with the local hardware. At which point I thought, "That's not possible--Java applets can't do that." Well--a few messages down I read a message saying "There *is* a javascript applet in circulation that *does* open the CD door. AFAIK it's harmless." (Anyone know what AFAIK means?) So--maybe Java applets aren't as safe as I thought. But, I still don't believe it. Can anyone give us the real scoop on this claim?

As often happens in threads, messages started to go further afield. While on the subject of security, one fellow said that while logged into a friend's Web site, the friend could read (and delete) files on his local C: drive. So the fellow completely disabled Java on his machine--won't touch it anymore. Turns out he was the victim of a hoax. A response said that an easy trick is to make a link to "C:\" in an HTML page. When you click on this link, you can see your own local files. However, the remote site can't see anything. It sounded interesting, so I made a file (yoho.html) that contained:

A HREF=C:\>C:<\A

I loaded the file into IE, and, presto! I saw my files on C:. I right-clicked a file--and I got the "normal" Explorer options. I deleted a file. The file was gone. And while that only works for the local browser, it's a pretty cool little trick. I certainly didn't know you could do that in HTML.

Sounds like I'm vindicated in AIM. The security concern doesn't sound like anything to do with AIM--more to do with the vagaries of e-mail, HTML, and Java! So download a free copy of AIM and start chatting up your friends--it beats long-distance charges!

A2PS--"ASCII to PostScript"

My friend Joe Berry (who happens to write UNIX Internet Goodies) turned me on to this program. Its claim to fame is that it can pretty up just about any darn ASCII text file into a very nicely formatted PostScript file. Sounded interesting--especially when Joe mentioned the two-pages-per-page option. I remember an old DOS program (lps, or lpd, or something) that I used for keeping code listings. The a2ps program sounded like a good replacement for it.

I found many Web sites listing a2ps, so I simply chose the first English-language site. (It happened to be http://gatekeep.cs.utah.edu/hppd/hpux/PostScript/a2ps-4.3/). As I expected from the URL, the site offered some HP-UX binaries, as well as the source code. I downloaded the source code (gzip'ed tar file) and installed it on my system. And, by the way, did you know that WinZIP handles gzip'ed tar files perfectly?

I have MSVC 5.0 installed on my system, so I decided to use that as the compiler. First, I checked the README file to see what compilation problems I'd run into. Strangely enough, there were very few problems. Instead of trying to do a command line compile, I created a Windows Console Application project, and set the following defines in the MSVC environment:





Additionally, I accepted the default defines created by MSVC. When I first compiled the program, I got some warnings and errors. Basically, I simply had to put in a section to handle "old-style function" names, as in the following. (The warning pragma filters the compiler output for code that I wasn't going to change, such as assigning a double value to a float.)

#ifdef _MSC_VER

# define fstat _fstat

# define stat _stat

# define fileno _fileno

# define S_ISFIFO( x ) 0

# pragma warning( disable: 4244 4305 4761 )


To test the program, I ran it on itself. I was very pleased. The default options produced a nicely formatted, two-pages-per-page listing of the file with headers, footers, and borders. I recommend this program for anyone who wants to keep nicely formatted program listings, although it should work for just about any ASCII text file.

One caveat--I compiled the program to use UNIX-style forward slashes ("/") as a path separator. (Many Windows-centric developers aren't aware that it's perfectly acceptable to use a slash when opening files via C or Java functions. Keeps the code a little cleaner, I say!) So, to get a proper file name separation, use a command line like a2ps ../src/a2ps.c rather than a2ps ..\src\a2ps.c.

The program offers several command line switches, none of which I tested. For more information, refer to a good man page on a2ps, such as http://gatekeep.cs.utah.edu/hppd/hpux/PostScript/a2ps-4.3/man.html.

Windows binaries and the original source are available on the Enterprise Solutions Web page.

PostScript Without the Printer

I wanted to print my new PostScript version of the a2ps.c ASCII text file on my HP LaserJet 5L. However, one slight problem--there was no "P" anywhere in my printer name. Ergo, I don't have a PostScript printer. So, what to do?

Naturally, we turn to the Internet and do a search for something obvious, like "free PostScript viewers for Windows." And, to our group delight, an answer comes back pointing me to the site http://mailer.fsu.edu/~lis/distance/help/PSviewer/index.html. And on this page, we find GSview, a PostScript/PDF/etc. viewer/printer application. This great program does exactly what I want: It allows me to view files in various formats and then print them. (Be prepared for a rather long download--3MB+!) I first ran the self-extracting executable that created a setup program in the directory of my choice. Then I ran the actual setup program, and installed the software into a directory of my choice.

The installation was quite nice--GSview allowed me to make it my default association for PostScript files, which was a nice touch. After installing the software, I double-clicked on the file a2ps.ps (PostScript output from running a2ps on itself), and GSview dutifully appeared. By default, the file appeared in landscape mode, but by setting the Orientation to Landscape (from the Orientation menu), I no longer had to turn my head sideways to read the file.

When I first printed the file, it had the wrong printer device selected, so I chose ljet4 (LaserJet 4), which was the closest match available in the device list. Then I simply pointed and clicked on my HP LaserJet 5L printer (in the "Queue" listbox), and selected the pages I wanted to print.

As a slight quibble, I'd suggest that the author make it easier to select the pages to print. Right now, each page number shows up in a multi-select listbox. To print particular pages, you must manually select each page (remembering to use the Shift and/or Ctrl key as appropriate). However, the file printed perfectly--which was my original goal.

This program is not a lightweight. It comes with loads of menu options (none of which I investigated). In the same download package, you also get Aladdin GhostScript. (GSView uses GhostScript to do the back-end processing.) Between the two programs, I found a powerful and easy-to-use interface for printing PostScript files to non-PostScript printers.

GSview was written by Russell Lang, and GhostScript by L. Peter Deutsch at Aladdin Enterprises. The GhostScript/GSview home page is http://www.cs.wisc.edu/~ghost/. Both programs are free for noncommercial distribution, and both programs can be licensed for commercial distribution.

No Spam Served Here

One interesting approach for handling spam is to preview your mail. (Usually, it's pretty easy to determine what mail is good and what mail is bad just from the subject, from, and to lines.) While looking for free anti-spam software, I came across a cute little program called E-mail Remover (http://home.pacific.net.sg/~thantom/eremove.htm). This small program (weighs in at only 176 Kb for the download) gets your e-mail account information and allows you to preview your mail. It doesn't offer automated spam detection, so it probably won't help users with tons of mail. However, it's a good way to handle smaller amounts of e-mail traffic without spending a lot of time or money. In many ways, this program reminds me of a graphical version of the standard UNIX mail utility.

A more sophisticated (but still free) approach is a nifty application called SpamEater (High Mountain Software, http://www.hms.com/spameater.htm)Its claim to fame is an automated spam-eating process (similar to antivirus programs; it uses a Spammers List to identify known spammers). After downloading the program, I configured it to my mail server and ran it. Sure enough, it found a piece of spam and ate it.

You can configure SpamEater to accept only a list of valid e-mail addresses in the TO: field. (Strangely enough, most spam has a different user in the TO: field!) And you can download free updates to the Spammers List to keep yourself up to date. The publisher also provides a "Pro" version that allows you to schedule background runs to keep your mailbox empty.

Andy Bruce has been writing software for various operating systems and assorted languages for more than 12 years. He is a primary author of several shrink-wrap products, including Landmark Systems' PerformanceWorks suite and Savant Corporation's Q for Oracle. He also has written many courses in computer programming for McGraw-Hill NRI. He lives and works in the Washington, D.C. area.