Monroe

I found some additional information regarding Win XP and SHA-2 ... the article says that Win XP SP3 should be OK, if I understand this. Anything lower than SP3 will not work ... "Support for SHA-2 has improved over the last few years. Most browsers, platforms, mail clients, and mobile devices already support SHA-2. However, some older operating systems such as Windows XP pre-SP3 do not support SHA-2 encryption." SHA-2 Compatibility Software and Hardware that Support SHA-2 https://www.digicert.com/sha-2-compatibility.htm Support for SHA-2 has improved over the last few years. Most browsers, platforms, mail clients, and mobile devices already support SHA-2. However, some older operating systems such as Windows XP pre-SP3 do not support SHA-2 encryption. Many organizations will be able to convert to SHA-2 without running into user experience issues, and many may want to encourage users running older, less secure systems to upgrade. This page lists the minimum version required for SHA-2 as well as some exceptions. .... there is a list.

Yes ... Dibya is new with only 10 posts ... I hate to think about my first 10 posts when I joined MSFN. They were probably very stupid posts and actually may have caused some long time members to leave the forum for good. However, we improve and in my case with newer posts that may still be considered "borderline stupid" ... I am proud to now be considered an MSFN Expert ... just don't ask me any questions !!! monroe

Speaking of certificates ... this just came to my attention a few minutes ago. "Certificate authorities said they will respond by no longer issuing SHA1 certificates at midnight, January 1 2016, opting instead for SHA2 certificates. SHA2 is a significantly stronger algorithm that will last for many years to come. But there's a problem. A small but sizable portion of the internet's users don't have browsers or devices that are compatible with SHA2." As sites move to SHA2 encryption, millions face HTTPS lock-out "We're about to leave a whole chunk of the internet in the past," as millions of people remain dependent on old, insecure, but widely-used encryption. October 23, 2015 http://www.zdnet.com/article/as-sha1-winds-down-sha2-leap-will-leave-millions-stranded/?tag=nl.e589&s_cid=e589&ttag=e589&ftag=TREc64629f In 2016, tens of millions of people around the world will face trouble accessing some of the most common encrypted websites like Facebook, Google and Gmail, Twitter, and Microsoft sites. Why? Because their browser or device will be unable to read the new, more secure certificates. SHA1, the cryptographic hashing algorithm that's been at the heart of the web's security for a decade, will be retired in a little over a year. Some say it could be cracked by the end of the year, essentially making it useless and weakening security for millions of users. Certificate authorities said they will respond by no longer issuing SHA1 certificates at midnight, January 1 2016, opting instead for SHA2 certificates. SHA2 is a significantly stronger algorithm that will last for many years to come. But there's a problem. A small but sizable portion of the internet's users don't have browsers or devices that are compatible with SHA2. "We're about to leave a whole chunk of the internet in the past," said CloudFlare chief executive Matthew Prince, during a conversation in our New York newsroom earlier this month. 'One million websites' running risky crypto Encryption isn't important just for protecting your online banking, email accounts, and social networks. That green lit-up bar or padlock in your browser also verifies the integrity of a site, offering a strong level of assurance that the page has not been modified in any way. More sites nowadays are adopting encryption because it costs little to nothing to implement. In an age of daily data breaches, hacks, and mass surveillance, adopting a strong SHA2 algorithm is more important than ever. But browser makers and website owners alike thought they had more time. Prominent security researchers thought SHA1 would last until about 2018, but now they think the SHA1 algorithm may be broken by the end of 2015. The good news is that most website are already using the stronger SHA2 certificates. About 24 percent of SSL-encrypted websites still use SHA1 -- or, about 1 million websites. That figure is declining every month, so much so that by the end of the year it could fall as low as 10 percent of all websites, meaning the vast majority of encrypted websites will be safe from SHA1 collision attacks. For most people, there's nothing to worry about. The majority are already using the latest Chrome or Firefox browser, the latest operating system, or the newest smartphone with the latest software, which are compatible with the old SHA1-hashed websites and the newer SHA2-hashed websites. But many, particularly those in developing nations, who are running older software, devices, and even "dumbphones," the candy-bar cellphones that have basic mobile internet, will face a brick wall, because their devices aren't up-to-date enough to even know what SHA2 is. Mozilla's 'one million downloads' mistake There's no way to tell exactly how many will be affected until it happens, in part because there are no concrete figures on how many people are running old or unsupported browsers or devices. Ivan Ristic, head of of SSL Labs at Qualys, said in an email that users of Windows XP SP2 and earlier, and Android 2.2 and earlier, do not support SHA2 certificates. ... it's a long article ... more at the link. monroe

w2k4eva ... again thanks for more information, for sure I know a lot more about root certificates than I did one week ago. Yesterday I found out about the nssckbi.dll in FFox, Pale Moon and K-Meleon. I have an older version of KM (v1.8.24) from last year and I just downloaded K-Meleon 75.1 (portable) and transfered that dll to my older KM v1.8.24 version ... all seems to be working well at various web sites ... when I tried the nssckbi.dll from the latest version of Pale Moon 25.7.3 into K-Meleon many web pages did not work ... many errors. I would like to keep using the older KM version but later today I am going to work with the newer K-Meleon 75.1 version also. At this time last week I did not know that many browsers had their own root certificates included ... I was under the impression that the MS update was also for other browsers ... which it is for some but not for others. Very good information provided by everybody ... monroe

w2k4eva ... thanks for the reply and all the information on certificates, very good reading. I never knew too much about them, since MS would supply updates every so often. A few days ago I decided to get more information ... when I found out how to locate them and I saw so many foreign certs and expired certs ... I was wondering if they were safe to still have around. After I posted that earlier post I found someone also saying what you said ... expired certs can still be needed. I also found this article ... Why do we not trust an SSL certificate that expired recently? http://security.stackexchange.com/questions/31463/why-do-we-not-trust-an-ssl-certificate-that-expired-recently So you cannot trust an expired certificate because you cannot check its revocation status. It might have been revoked months ago, and you would not know it. A good question. The simplest answer is that having an expiration date ensures that you have an "audit" every so often. If there were no expiration date, and someone stopped using a certificate (and protecting the private key), no one would ever know. However, by having an expiration date you ensure that the user goes back to the company that sold them the SSL certificate and pays them lots more money err, I mean, has an audit and is re-validated as the person or service they claim to be (I'll try to leave rants about the current internet security model out of this question). The problem then becomes: If you're going to have a grace period in which you ignore expired certificates, how long does it last? A day? A week? A month? At some point you simply have to stop trusting the certificate; if you make that point a day after the expiration, you can still ask yourself: "What could have happened between today and yesterday?" And you fall into a loop. Essentially, you're right: People don't magically stop protecting their private keys as soon as the expiration date hits (or they may have stopped protecting them a long time ago and no one knows because they didn't revoke them and they haven't expired yet). The expiration date says nothing about the security of the certificate, but if you don't have a cut off you'll never know that a certificate may be forgotten about whereas with one you at least know that much. ... well I will probably leave everything as is for now ... I need to know more about certificates. I also do not use Internet Explorer very often. I have Pale Moon (Atom-WinXP) installed and there are frequent updates ... so the certificates in that browser would be more up to date ... if I understand about browsers and certificates correctly. monroe

Just to add that the older version of Malwarebytes v1.75 still works with Windows XP SP3 ... the newer version also works but I like the older version feel and look. I'm not sure about earlier versions of XP. You don't have to upgrade when getting database updates for the older 1.75 version, you need to take out the checkmarks under the "Settings " tab. Go to "Settings" ... then go to "Updater Settings" and uncheck : Download and install program update if available ... I also uncheck: Notify me when a program update is ready for installation It should work just fine on XP SP3. ...

Reading the other post about rvkroots.exe and rootsupd.exe posted by heinoganda and others ... I became aware of Certificates Manager in XP. Spent a lot of time searching around on Google and have a few questions. I looked in the various folders of the Certificate Manager and see many strange foreign looking items. I was reading this in an article about maybe getting rid of items that you don't know what they are. These paragraphs are from the article ... I will also post a link to the article. I was not aware of doing this manually. I have never "cleaned" anything out the Certificates Manager. Is this a necessary thing to have been doing? "From an even broader perspective, you should keep your certificate stores clean in the same manner you limit the software installed on your systems. The same best practice applies to both scenarios: If you're not using it or don't know what it is, get rid of it! That said, consider "clean" certificate stores as being those free of any outdated, unwanted, or unneeded certificates. Outdated or unnecessary certificates can cause a lot of problems for SysAdmins. And the maintenance needs to happen both on the CA and the application hosts. Both of the reasons mentioned above can cause your applications or websites to fail; and if your customers (be they external or internal) can't access the tools they need to do business, no one in the situation will be happy." Recommendations for Cleanup The recommendation for addressing the first reason is pretty straightforward: replace any certificates with a key length of 1024 bits or less with a stronger certificate ASAP. If you can't do that this month, and you have the necessary level of control over the computers that rely on those certificates, make sure those computers are not configured to automatically deploy KB2661254 when it goes live. As for the second reason, we recommend reducing your certificate stores to about 180 certificates or less - just to play on the safe side. As you consider what certificates to remove, think of the following as "safe to delete": Expired certificates Unknown foreign certificates Certificates with a key length of 1024 bits or smaller Article link: Keep your certificate stores clean - applications could fail if you don't https://thwack.solarwinds.com/community/solarwinds-community/geek-speak_tht/blog/2012/10/01/keep-your-certificate-stores-clean--applications-could-fail-if-you-dont Maybe this has been discussed before but I seemed to have missed it ... I always thought the roots certificate from the MS monthly updates would be doing that ... but do all the old certificates or no longer used certificates just remain in the CM and keep building up. So the question from above ... should people be going into Certificates Manager to clean out what the above article talks about? I also found this article: Certificate cleanup for most personal computers http://windowssecrets.com/top-story/certificate-cleanup-for-most-personal-computers/ Manually removing the certificates from XP systems Windows XP users have the option of deleting the certificates manually or merely looking over the list of certificates installed to see whether the DigiNotar cert. is there. Here’s how: Start out by clicking on the start button and typing mmc.exe. into the Run box. You’ll see a window pop up typically labeled Console1. ... there are more steps in the article. I also found this article and someone posted a followup question: I got into Certificate Manager on my XP system by going to computer Tools, Options, then certificates. I am horrified that there's all these foreign certicates on there, are they necessary and are they bad? Like TUrkey and a bunch of other places I have no idea what they are or why they're there. I've been trying all day to speed up my computer, cleaning, etc and this is the latest thing I'm finding to question. Thanks for any help you can give me. How can I start the Certificate Manager on Windows XP? http://www.delphifaq.com/faq/windows_user/f1571.shtml Question: I know that Windows has a GUI interface to manage digital certificates. I have seen it on another computer but I cannot find a shortcut on my system at home, even though I have admin privileges. How can I start the Certificate Manager on Windows XP? Answer: The certificate manager is implemented as a Management Console Snap-in Control (MSC) file. The application can be started as certmgr.msc Below is a list of other management console Snap-in controls. They are all in \Windows\System32 You can start them from the start menu, by clicking on 'run' and then entering the desired command, e.g. certmgr.msc. ... Is there a free tool around to "clean" old or junk certificates out of an XP system or it has to be done manually? Just to add ... when looking in the Trusted Root Certification Authorities folder and Certificates folder ... I see many foreign entries from Brazil, India and other countries ... also many expired items from 2009, 2010 and so on. monroe

Good read ... Unstoppable 100-Year-Old Works 6 Days a Week October 20, 2015 - USA Today http://www.usatoday.com/story/news/inspiration-nation/2015/10/20/100-year-old-works-6-days-week/74263334/ BUFFALO, N.Y. -- Felimina Rotundo works six days a week washing clothes at a local laundromat and shows no signs of stopping anytime soon, even at the age of 100. Rotundo washes clothes and handles dry cleaning at the College Laundry Shoppe in Buffalo. She works from 7 a.m. to 6 p.m. She says that she likes being out and working because it “gives her something to do.” Rotundo said that she hasn’t considered retirement. She says she doesn't think that "old people" should be sitting idle, and doing nothing, because that is a waste of time. So when would be an acceptable age to retire? According to her, 75 would be a good age but only if health is an issue. Rotundo was born in 1915, and this past August she reached the century mark. She says she has been working for 85 years of her life. She has worked in the area for nearly 40 years. When she first started she only made about 25 cents for washes. --------------- 'Get out and do some work': NY woman, 100, still working 11 hours a day, 6 days a week October 20, 2015 Associated Press http://www.foxnews.com/us/2015/10/20/get-out-and-do-some-work-ny-woman-100-still-working-11-hours-day-6-days-week/?intcmp=hplnws BUFFALO, N.Y. – Felimina Rotundo works 11 hours day, six days a week at a Buffalo Laundromat and says she has no plans to quit working even though she turned 100 last summer. She tells WGRZ-TV that she got her first job at 15 during the Great Depression and has been working ever since. Rotundo works from 7 a.m. to 6 p.m. six days a week washing clothes and handling dry cleaning at the College Laundry Shoppe on Main Street in Buffalo. She says she hasn't considered retirement and will continue working as long as her health is good. Rotundo, who hit the century mark in August, says she likes being out and working because it "gives her something to do." She says too many people retire too soon. Her advice to her peers: "Get out and do some work."

heinoganda ... no way am I angry, I usually have to ask more questions or get more information on various workings of the computer or XP ... could also be of help to someone else. I will have more time this evening to go over the information you provided. Thanks ...

I am somewhat confused and have some questions with the current "rvkroots.exe" and "rootsupd.exe". So far all I have done is install the rootsupd.exe (v6.0.6000.16386) ... I forgot to look first to see what version I had installed before I ran the update. When I check the version number of rvkroots.exe on my computer it is v6.0.6000.16386 ... and reading the last posts by dencorso ... "the version number in the registry seems not to affect the operation of the certificates in any way." and heinoganda ... "The version number "rvkroots.exe" and "rootsupd.exe" to write to the registry are unique identifiers for Windows Update or Microsoft Update and have no effect on the functionality of the certificates!" So far I have made no changes to the registry, I downloaded everything that heinoganda had posted with the links to several posts back. I have only installed the rootsupd.exe update (6.0.6000.1638). So if that's all I have to do for now and in the future ... then I have a current "working" roots certificate on my machine by just installing the update "manually"? Do I understand this correctly and there is no need for me to go through all those other steps ... with registry and inf files? ...

dencorso ... thanks for the heads up on PlainOldFavorites for Pale Moon (Atom-XP) ... like the Favorites tab better. ...

If you didn't see this, it's pretty funny. Parrot Unwinds After A Long Day With A Shower In The Kitchen Sink http://iaf.tv/2015/10/17/parrot-takes-shower-in-the-kitchen-sink/ After a vexing day of repeating other people’s words, Charlie the parrot just wanted to cool down with a nice cold shower in the kitchen sink. Charlie gave up birdbaths years ago after realizing how unsanitary they were. Sometimes he sits in the rain, but when he’s in the sink, he couldn’t be happier. He excels at rinsing, washing, and especially repeating. ...

heinoganda ... thanks for the reply and links. I am going to study all this step by step later today or tomorrow. I'd like to keep that Roots certificate updated as much as possible. monroe

Here it comes ... it was bound to happen someday with all the close encounters around airports and houses. I wonder one day if a person has a tiny insect drone ... will that also have to be registered? This is where a good flamethrower would come in handy ... it might set the whole neighborhood on fire but it should destroy the drone. U.S. Will Require Drones to Be Registered Oct 16 2015 http://www.nbcnews.com/news/us-news/u-s-will-require-drones-be-registered-n446266 The federal government will announce a new plan requiring anyone buying a drone to register the device with the U.S. Department of Transportation, NBC news has learned. The government has been concerned about the rise in close calls between unmanned drones and aircraft flying into and out of some of the nation's biggest airports. The plan is expected to be announced Monday. In July, there was a dangerously close encounter between a drone and a passenger jet with 159 people aboard setting up to land at New York's John F. Kennedy International Airport. The unmanned aerial vehicle was just 100 feet away from the passenger jet at an altitude of 1,700 feet; normal safe separation distance is between aircraft is at least 1,000 feet. Private drones were also blamed for hampering aerial firefighting efforts over a California blaze in July. Firefighting aircraft trying to attack the fast-moving blaze in the Cajon Pass had to leave the area for around 20 minutes over safety concerns, officials said. The fire swept over a busy freeway and torched 20 vehicles. Under the plan, the government would work with the drone industry to set up a structure for registering the drones, and the regulations could be in place by Christmas. Last week, the Federal Aviation Administration proposed a $1.9 million fine against Chicago drone company SkyPan, which was alleged to have flown dozens of unauthorized flights over Chicago and New York since 2012. ...

Just a crazy question with how this works with XP ... without the newer updates? I am not applying the POS updates at this time. I got this from the MS link you posted. With the October 13, 2015 revision of this advisory, Microsoft is announcing the availability of an update for all supported releases of Windows that modifies the Code Integrity component in Windows to extend trust removal for the certificates to also preclude kernel-mode code signing. then ... WindowsXP-KB3080446-x86-XXX.exe 10/12/2015 WindowsXP-KB3093983-x86-XXX.exe 10/12/2015 (cumulativ) IE7-WindowsXP-KB3093983-x86-XXX.exe 10/12/2015 (cumulativ) IE8-WindowsXP-KB3093983-x86-XXX.exe 10/12/2015 (cumulativ) WindowsXP-KB3094996-x86-XXX.exe 10/12/2015 so I guess those XP updates are for an XP setup with POSReady updates applied or maybe also for an XP setup with no newer upates installed after April 2014? Thanks, just not sure if I understand this correctly. ...

I don't know if this is a hoax or for real ... there are several pictures. Weird Animal with 'Body of Buffalo and Head of Crocodile' Baffles Everyone http://www.mirror.co.uk/news/weird-news/weird-animal-body-buffalo-head-6577508 05 Oct 2015 By Kirstie McCrum Confusing genetic creations happen all the time, but this is one of the most unusual animals seen in a long time. Images have been shared of a most unusual creature spotted in a remote village - and it's the stuff of sci-fi movies. The strange animal appears to have the scaly, rough head and skin of a reptile such as a crocodile. However, on closer inspection, it's also got the body, limbs and hooves of a mammal such as a calf. The creature appears to have been born of a buffalo, but is clearly not a normal-looking creature. According to the site, the animal died soon after birth, but "It is surprising and is believed to bring good luck to the family and the village." ...

Wow ... you are really going back. I didn't think there was anyone still alive from the days of the Pony Express ! Don't forget the Supermoon lunar eclipse tomorrow ... monroe

vinifera ... you don't have to upgrade when getting database updates for the older version, you need to take out the checkmarks under the "Settings " tab. Go to "Settings" ... then go to "Updater Settings" and uncheck : Download and install program update if available ... I also uncheck: Notify me when a program update is ready for installation I can get database updates for the older version and no "program updates" are downloaded ... nothing is changed except for the newer database updates. monroe

Probably not much help but I'm still using the older version 1.75 with Windows XP SP3 ... I just didn't like the new version look and there was something else that the newer version was lacking over the older version ... but I can't think of it at this moment. Someone had mentioned it in another forum. The older version still seems to work very well with XP. Maybe others will have more to say on the subject. ...

Just to briefly mention about the IE 9 spoof provided by dencorso and the fact that he uses it with XPSP3 ... just caught this today. I have IE 8 on the computer for XP ... I was concerned that the registry change might mess up using the MS Update request under Tools ... I still run it every month and only get MS Office 2007 updates these days. I installed the IE9 Spoof and then ran the Update tool and everything seemed to work OK ... the same as it did before I installed the IE9 Spoof. I never use IE anymore, just for the updates. I use K-Meleon and Pale Moon (Atom/XP) mostly. Thought I would mention this for anyone else thinking about MS Updates. ...

I thought this was interesting ... this is all done by one person once they are launched. 50 Drones Controlled at Once in a Record-Breaking Swarm https://www.newscientist.com/article/dn28173-watch-50-drones-controlled-at-once-in-a-record-breaking-swarm/ Daily News - 15 September 2015 Up, up and away. A team at the Naval Postgraduate School in Monterey, California, has succeeded in launching 50 drones that were all controlled by a single person. “To our knowledge, this is a world record for the number of UAVs under single operator control, by quite a long way,” says project lead Kevin Jones. The team aims to develop swarming behaviours that give the benefits of having multiple drones without the need for a large number of operators. The Zephyr drones they used are custom-made, largely from hobby parts, and cost about $2000 each. Getting so many into the air at once was challenging because they cannot be hand-launched like some smaller drones. “For larger flying wings the hand-launch process posed a significant risk to the hand launching it,” says Jones. After experimenting with bungee power, students developed a chain-driven launcher that can fire off the drones in quick succession. At present, the pre-flight safety checks limit launches to one every 30 seconds, but Jones thinks that they should be able to cut that to 10 seconds or less. He says that they may also build a second launcher, as there is no reason why the swarm has to be launched one at a time. Swarm signals Once in the air, the drones communicated with each other via a system that uses high-powered Wi-Fi rather than conventional drone-communication systems, which would be swamped by the overlapping signals. The launch also gave an opportunity to test swarming algorithms with real drones rather than simulations. “Most of the swarming operations are things like ‘follow-me’ mode, where one or more UAVs follow a leader around the sky,” says Jones. This allows the whole swarm to be moved without directing the aircraft individually. There are also algorithms for search-and-rescue operations, in which the flight pattern resembles that of foraging bees. “The swarm behaviour looks quite random as the aircraft move around the sky trying to optimally search an area in the shortest amount of time,” says Jones. ...

As I stated last month ... I have not been installing the POSReady 2009 updates at this time. Just to confirm with others that there were only two MS Office 2007 updates for XP in September. I have Office 2000 installed and these two MS Office 2007 updates were shown when I ran the MS XP update check. MS Office 2007 Updates 09/08/2015 01 Security Update for Microsoft Office 2007 suites (KB3085546) A security vulnerability exists in Microsoft Office 2007 suites that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability. 02 Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3054993) A security vulnerability exists in Microsoft Office Compatibility Pack Service Pack 3 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability. ----------------------------------------------------------------------------------------- I also have a question about which updates to install first ... I always download the updates first to save in a folder and then I install the updates myself. I usually install the updates in numerical order ... lower KB numbers first to the higher KB numbers last ... but this isn't always the way they appear at the MS XP update listing. The updates can sometimes be in any order. As you can see above ... the 02 KB number is lower and I would usually install this update first and then the 01 KB number would be installed last. Is there any difference to which order the monthly updates are installed? I've always been curious about this. ...

rodocop ... thanks for the news and links. I will try the portable version. ...

Just a heads up, if you were planning on getting one. I want to check and see if Amazon or Walmart sells them. Every household should probably have one ... buy one now or regret it later ! Make a nice gift for the Holidays ... From the article: "There’s just one small problem: the possibility of a ban has increased sales. "Business is skyrocketing higher than ever due to the discussion of prohibition," said Chris Byars, CEO of Ion Productions Team, a Michigan-based flame-throwing company. He estimates he’s sold 350 units in the past few weeks at $900 each. ... machines that can shoot flames up to 25 feet long." Flamethrower Sales Boom on Potential Consumer Ban http://finance.yahoo.com/news/flamethrower-sales-boom-on-potential-consumer-ban--weird-business-news-182735902.html Flamethrowers are almost never a good idea, but believe it or not they’re completely legal under federal regulation. Only two states, California and Maryland have restrictions on the high-power machines. Now two companies are taking advantage of the law, offering flamethrowers to consumers that retail between $900 and $1600. One company, Ion Productions Team, used the crowd-funding site Indigogo to raise $157,485 for production of their XM42 flamethrower. That’s about four times more than the $40,000 the company initially asked for. Now some local politicians want to ban consumer sales of the machines that can shoot flames up to 25 feet long. "My concern is that flamethrowers in the wrong hands could cause catastrophic damage either to the person who is using it or more likely to the person who is being targeted," Mayor Jim Fouts of Warren, Michigan told Ars Technica. A bill in Troy, Michigan has been proposed to ban the "storage, use, and possession of flamethrowers in the city.” There’s just one small problem: the possibility of a ban has increased sales. "Business is skyrocketing higher than ever due to the discussion of prohibition," said Chris Byars, CEO of Ion Productions Team, a Michigan-based flame-throwing company. He estimates he’s sold 350 units in the past few weeks at $900 each. On their website, Ion Productions Team lists possible uses for the flamethrowers. These include: clearing snow/ice eliminating weeds between pavement cracks controlled burns/ground-clearing of foliage/agricultural insect control pyrotechnic event displays bonfire starting a fun device to enjoy with friends ...

No ... wouldn't do that ... yours is "one of a kind" ! I may use an old picture that I used about two years back ... the Library of Alexandria. What a facinating place that must have been till it more or less got destroyed. I finally found the folder today where it was stored on an old DVD of ancient XP software. ...