Please understand, no offense intended. I just stumbled into your blog from the one Aaron Margosis has on Windows XP (The easiest way to run as non-admin). Maybe I’m just intimidated by your intensity and openness? And never having thought much myself about the names of Jelly(fish) or melting bicycle tires …

BTW, thanks for the scoop on Automated Backups on Windows XP Pro (which is what got me here). Might save me a few stubbed toes wandering through the same paths.

I had started to wonder about the tradeoffs of NOT having passwords on a stand-alone XP system at home when I kept running into things I could not do that would also be good for an intruder to not be able to do when they eventually get past my firewall through some dumb/ignorant move on my part.

I had never intended to become this involved in the details of XP administration. I’m just trying to educate myself enough about security to keep the vandals from my Quicken data without having to keep it on a separate system with an air gap, now that I’m finally hooked to the web at home.

I would love to read your thoughts on system restore points — keeping them on to be able to restore an earlier version of the registry after getting cooties, vs cooties using the restore points to hide out? (Hope that name is close enough for your sensitivities.)

Hmmm. Microsoft and Dell security apps warn me about having them turned off, and Trend Micro’s PC-cillin (or was it Spy Sweeper?) tells me to turn them off when getting rid of bad stuff I have come to believe was a false positive. Can I borrow your heat sink? I thought I was having fun back when I learned Lotus 123 1.0 running on DOS 1.0, but THIS is way beyond that, huh?

It seems like the more capable my computers become, the less time I have to take advantage of it because of the ever-increasing overhead of maintenance. And I once thought it was a lot of work backing up a 20 MB hard disk to 1.44 MB floppies once a week.

There have been some comments and pointers recently on the very short piece I wrote for the June issue of Wired about the National Institute for Standards and Technology’s brilliant report on who escaped from world trade tower attacks. (Scroll down to …

But let me defend the substance of my story. I think you have probably read the study by now, and seen that the numbers I cite are from the report itself. The two types of “disobedience” I was referring to were the orders to “shelter in place” and the long-standing rule to avoid the elevators and take the stairs in case of disaster. The NIST report attempts to estimate the number of people who would have died if:

1. Nobody from the second building to be hit had begun to evacuate in the time between the first attack and the second attack.

2. Nobody had taken the elevator.

This is just an estimate of course, but I found the argument in the report plausible. The point I meant to make was not that you should always disobey authority, but that, in an emergency, authoritative commands have to be weighed against other evidence.

There is a flip side to this that applies to emergency planning. Planners who intend to warn the public of some danger and give them notice of what to do ought to expect people to seek additional information before complying. This has all kinds of practical implications. For instance, it means that emergency messages should not sacrifice too much complexity for the sake of brevity. When there is a disaster, the public enters an “information seeking” mode. Good disaster response means taking this seriously, giving them sources to confirm or extend the warnings, and expecting them to distrust authority. In fact, the cutting-edge of disaster response attempts to integrate “disobedience” into its model – even taking it as a good thing.