Dec 28, 2010

Survey from Google Docs

I have created my first survey from Google Docs. Please take a look and help out with my research!

Jiggle the Cable Survey
(Results)

Dec 27, 2010

Sysadmin Tools

50 UNIX / Linux Sysadmin Tutorials: "Merry Christmas and Happy Holidays to all TGS Readers. To wrap this year, I’ve collected 50 UNIX / Linux sysadmin related tutorials that we’ve posted so far. This is lot of reading. Bookmark this article for your future reference and read it whenever you get free time. Disk to disk backup using dd command: dd [...]

Read More: 50 UNIX / Linux Sysadmin Tutorials

Copyright © The Geek Stuff. All Rights Reserved. Support us when you shop at amazon. Thank You!


Get your copy of Vim 101 Hacks eBook.


Linux 101 Hacks eBook Password: linux-is-wonderful

Dec 23, 2010

Software Developer Advice for Sysadmins

Can't pass up great advice.  I've done my share of upgrades and have personally experienced each and every one of these situations. Here are the highlights but please take the link for the full story.

1. DO have a "silent install" option.
2. DON'T make the administrative interface a GUI.
3. DO create an API so that the system can be remotely administered.
4. DO have a configuration file that is an ASCII file, not a binary blob.
5. DO include a clearly defined method to restore all user data, a single user's data, and individual items.
6. DO instrument the system so that we can monitor more than just, "Is it up or down?"
7. DO tell us about security issues.
8. DO use the built-in system logging mechanism.
9. DON'T scribble all over the disk.
10. DO publish documentation electronically on your Web site.      

10 Dos and Don'ts To Make Sysadmins' Lives Easier: "CowboyRobot writes 'Tom Limoncelli has a piece in 'Queue' summarizing the Computer-Human Interaction for Management of Information Technology's list of how to make software that is easy to install, maintain, and upgrade. FTA: '#2. DON'T make the administrative interface a GUI. System administrators need a command-line tool for constructing repeatable processes. Procedures are best documented by providing commands that we can copy and paste from the procedure document to the command line."

Dec 20, 2010

Microsoft Security Essentials 2.0 Released

Microsoft Security Essentials 2.0 Released: "Greg writes with this excerpt from Ars Techica: 'Following a four-month beta program, Microsoft Security Essentials (MSE) 2.0 has been released. The new version significantly revamps the heuristic scanning engine, adds Windows Firewall integration as well as network traffic inspection. The update unquestionably makes MSE, which has already become very popular due to its quiet but effective ways, even more of a must-have for Windows users. MSE has always been very good at finding and removing malware, but it has relied mainly on antimalware definitions. The improved heuristic engine makes it even better at detecting threats; at the same time, we expect the number of false positives to slightly increase as well. The new Windows Firewall integration is a minor improvement: it lets you tweak Microsoft's firewall from inside MSE.'"

Dec 19, 2010

OS X Boot Key Combinations

I'm not sure where I got this but here it is for my reference.

Boot key combinations:
Everybody knows about some of these boot key combinations, but some of the more obscure combinations have been long forgotten (like how many of us have a Quadra AV and use a TV as a monitor!) – Check these out, you may need one of them someday!
  • C : Forces most Macs to boot from the CD-Rom drive instead of the internal hard drive. Only works with Apple ROM drives and with bootable CD discs.
  • D : Forces the first internal hard drive to be the startup disk.
  • N : Netboot (New World ROM machines only) – Looks for BOOTP or TFTP Server on the network to boot from.
  • R : Forces PowerBooks to reset their screen to default size (helpful if you’ve been hooked up to an external montior or projector!)
  • T : Target Disk Mode (FireWire) – Puts machines with built-in FireWire into target Disk mode so a system attached with a FireWire cable will have that device show up as a hard drive on their system. Very useful for PowerBooks!
  • Mouse Button Held Down : Ejects any mounted removable media.
  • Shift : Disables all extensions (Mac OS 7-9), or disables Login items when using Mac OS X 10.1.3 or later. Also works when booting Classic mode up just like you were using the OS natively.
  • Option : When using an Open Firmware "New World ROM" capable system, the System Picker will appear and query all mounted devices for bootable systems, returning a list of drives & what OS they have on them. On "Old World" systems the machine will simply boot into it’s default OS without any Finder windows open.
  • Space bar : Brings up Apple’s Extension Manager (or Casady & Greene’s Conflict Catcher, if installed) up at startup to allow you to modify your extension set.

  • Command-V : Boots Mac OS X into "Verbose Mode", reporting every console message generated during startup. Really shows what’s going on behind the scenes with your machine on startup!

  • Command-S : Boots Mac OS X into "Single User Mode" – helpful to fix problems with Mac OS X, if necessary.

  • Command-Option : Rebuilds the Desktop (Mac OS 7-9).

  • Command-Option-P-R : Erases PRAM if held down immediately after startup tone. Your machine will chime when it’s erased the PRAM, most people will hold this combination for a total of 3 chimes to really flush the PRAM out.

  • Command-Option-N-V : Erases NVRAM (Non-Volatile RAM). Used with later Power Macintosh systems mostly.

  • Command-Option-O-F : Boots the machine into Open Firmware (New World ROM systems only).

  • Command-Option-Shift-Delete : Forces your Mac to startup from its internal CD-ROM drive or an external hard drive. Very helpful if you have a 3rd party CD-ROM drive that is not an Apple ROM device.

  • Command-Option-Shift-Delete-#(where #= a SCSI DEVICE ID) : Boot from a specific SCSI device, if you have your 3rd party CD-ROM drive set to SCSI ID 3, you would press "3" as the # in the combination.

And, the obscure ones :>) Older computers only, on some.
  • Command-Option-I : Forces the Mac to read the disc as an ISO-9000 formatted disk
  • Command : Boots with Virtual Memory turned off.
  • Command-Option-T-V : Forces Quadra AV machines to use TV as a monitor.
  • Command-Option-X-O : Forces the Mac Classic to boot from ROM.
  • Command-Option-A-V : Forces an AV monitor to be recognized correctly.

Dec 13, 2010

Change Request Overtime Pay

Do you get paid for overtime, or compensated for non-standard work hours, when performing change requests during off-peak usage times?

I have been doing change requests and system patches and upgrades since Windows 3.1 and Netware 3.0 were common operating systems. While most previous employers have compensated me for this time, some of them just considered it part of the "other duties as assigned" clause and I went about my business working at 3am.

Nov 22, 2010

Dell knew about computer failures, hid info from customers

No way, I refuse to believe it. Give me a break. This happens every day in modern business.

Dell knew about computer failures, hid info from customers:

"Dell might have made efforts to hide problems with its machines after all, according to recently unsealed court records. The New York Times went through hundreds of documents related to the lawsuit that Advanced Internet Technologies brought against Dell, and found that Dell knew much more about its computer problems than it let on, all while continuing to sell the machines to the public. Dell settled the lawsuit earlier this year, but the revelation is troubling.

This lawsuit goes back to 2007, when Advanced Internet Technologies accused Dell of making efforts to conceal known defects in its desktop machines. The suit was settled in September of this year, though the companies did not disclose the terms of the agreement. A federal judge unsealed the documents on Thursday, however, revealing that much more was going on behind the scenes."

Nov 12, 2010

Facebook Mail?

Given the amount of times I've had to "re-secure" my account settings, I think I'll pass on this one. At least I think/hope the data Google makes available is anonymous. When developers have access to the data (Farmville) you can be sure it's not.

Why You'll Give Up Gmail for Facebook Mail [Facebook]:

"Get ready for a new invasion wave from Facebook: Mail. According to Techcrunch's sources, a full webmail client integrated with The One and Only Social Network will debut next Monday. This is why it may become your favorite webmail service. More »"

Nov 11, 2010

Nov 8, 2010

Sophos offers Free Anti-Virus Home Edition for Mac

Sophos offers Free Anti-Virus Home Edition for Mac: "World's first free business-strength security solution for Macs."

IPhone DST Alarm Bug

Epic Failure! You would like to think a company like Apple would learn from mistakes of the past. Apparently not.

http://support.apple.com/kb/TS3542

Nov 5, 2010

GeekDesk

GeekDesk: "geekdesk.jpeg
The GeekDesk is the best and most versatile desk I have found for my home office. It uses an electric motor to switch from sitting to standing position, and after nearly a year of using other standing desks I can say that it is one of the best investments anyone can make if they are interested in an adjustable desk.

My foray into standing desks began when I started working from home more often. I found that when I was sitting at work I would easily become distracted and more often than not lethargic. After reading several articles about the perils of sitting around all day I decided it was probably in my best interest to get a standing desk.

My first standing desk was a lectern I found on craigslist for $10. It was not adjustable, had an angled surface, and wasn't the best solution. But for the cost, it served me well. I learned how to stand all day, and the small footprint of the podium meant that I could keep my regular desk without sacrificing too much space. The difference between sitting and standing was immediately noticeable. I was much more likely to walk away from my desk and do something that needed to get done, I found that I didn't tire as much, and that my back no longer hurt from long days in a soft cushy chair. I was a standing desk convert.

Given the limitations of the lectern I then decided to replace it with a used AnthroCart desk: a solid American-made adjustable desk with an amazing life-time warranty. Seeing how it was adjustable I was able to fine-tune the height so that it made for easy typing. The desk was composed of three aluminum poles that have slots that range from 24' to 30' (and up to 48' with extensions) in height where you could screw the work surface in. It had a large 3'x3' flat surface that allowed me to add an external monitor and a printer to my setup. However, it also meant that I had to say goodbye to my chair and sitting desk. My conversion to full-time standing desk was pleasant, but there were times when I wished I could sit down to write longer pieces.

All of this explains why I am so happy to have discovered the GeekDesk. Simply put, it is a traditional two-legged desk frame that uses an electric motor to raise or lower the working surface from 26' to 46.5' and anywhere in-between. It can lift up to 175 pounds, and it rises and falls at 1' per second.

The desk itself is made up of two steel legs connected by a cross bar that contains the electric motor and rack-and-pinion lift mechanism. The top of the desk is screwed on to the legs. GeekDesk sells the legs separately for those interested in attaching their own surface.

I have the slightly smaller GeekDesk Mini. It is identical to the GeekDesk except that it comes with a shorter crossbar that is 37.75' wide compared to the standard 61.42' model. It is more than enough space for me as I have a fairly compact setup including a 15' laptop, and a 24' external monitor.

To raise or lower the desk there are controls attached to the underside of the working surface. They remain out of the way, and are very easy to use. Simply push the button to activate, and click up or down on the toggle. It is a smooth movement and you can do it with everything on your desk without a fear of spills, or toppling monitors.

While my AnthroCart desk served me well, I realized that having the versatility of being able to sit and stand at the same workspace was really valuable to me. The biggest downside of this flexibility is that the temptation to sit is ever present. Since adopting the GeekDesk I do find myself sitting down more often than I would if I didn't have the option. I am undecided about whether this is a good or bad thing, but if you find that you have low self control then it is possible this desk isn't for you.

I love being able to sit and stand at my workspace, and I believe it has improved my general well being and happiness while working from home. A word of warning: anybody interested in switching to standing all day should, as with anything bio-mechanical, take it slow and make sure not to cause too much strain. I have had friends who have made the switch too quickly complain about back strain, foot pain, and tired legs. This goes away, but can easily be avoided by slowly easing into standing all day. And I strongly believe the GeekDesk represents one of the absolute best ways to do so.

-- Oliver Hulland

GeekDesk Mini

$525 for the frame (plus $85-$180 for shipping)

$749 for the frame and top (plus $110-$310 for shipping)

GeekDesk Original

$799 for the frame and top (plus $110-$310 for shipping)"

Nov 3, 2010

WiFi Channel Problems

Recently I have been struggling with my home wifi network, at least with my laptop. It seemed that every other machine in the house didn't have a problem. However, my laptop would perform erratic, at best. It would chug along then all network activity would freeze. I few minutes later it would start to flow again. I tried everything (or so I thought). I eventually ran a network cable down the stairs and into the office and wired my laptop. It solved the problem so I was sure it was wifi related. A friend of mine suggested using a spectrum analyzer to find what was the best channel to use. I was skeptical at first until I realized what all used wifi frequencies (cordless phones). Sure enough, when I changed to channel 12, I couldn't see anything at all. Then I tried channel 1 and all was right with the world.

Just to satisfy my curiosity, I searched out a wifi channel analyzer to test the channels and find the best available. There are a number of freeware choices out there for Mac and PC. When the report came in I was not too shocked to see that the channel I was using had the most interference. Channel 1 was pretty clear but channel 3 was clean. I quickly changed my WAP to use channel 3 and my problems are solved.

Oct 27, 2010

Custom Sound Set for Mac Outlook 2011

I managed to create a custom sound set for Outlook 2011 by dragging the custom sound set from my Entourage Sound Sets folder to the Outlook Sound Sets folder in my Microsoft User Data folder.

I'll update this with more precise directions later.

*** Updated ***

Make a custom folder under:

User/Documents/Microsoft User Data/Outlook Sound Sets/

Something like "Custom.eragesoundset"

Put your wav files in there and refer to them in a soundset.plist file in the same folder. That file should look like this...

soundset.plist

Oct 26, 2010

iPhone passcode lock bypass vulnerability (again)

Doh!

iPhone passcode lock bypass vulnerability (again): "
An iPhone user has found a trivial way to bypass the four-digit passcode lock on fully patched iPhone (iOS 4.1) devices.

Oct 25, 2010

AD Resources

I've been working quite a bit with AD lately at work and someone compiled a list of great resources. Here is a reproduction of that list.

Links

Active Directory Cookbook
PowerGUI Powershell Interface
Windows Server Port Requirements
AD Library on Technet
GPO Library on Technet

Oct 15, 2010

Tech Support

I recently had someone ask me to go get a computer and turn it on so I could restart it. He refused to move further in the script until I said I had done that.

SuperOneClick Roots Virtually Every Android Phone Out There [Downloads]

Click here to read SuperOneClick Roots Virtually Every Android Phone Out ThereSuperOneClick Roots Virtually Every Android Phone Out There [Downloads]: "Windows only: We recently featured Universal Androot, an app that rooted many Android phones, but had a few limitations (and Google's already killing it with a patch). Windows program SuperOneClick is the easiest, most universal rooting app we've seen yet. More »"

Oct 12, 2010

Host File Kung Fu

MVPS Custom Host File Instructions

I've been using a custom host file on my workstation for quite a while now. It works really well in blocking all sorts of undesired activity. Of course I only have 3 lines to block specific advertising sites but the potential is endless. Such a small change to my local configuration makes such a huge difference in all aspects of online activity.

If you are familiar with the NoScript or AdBlock plugins for Firefox then you are familiar with the concept of blocking certain domains, URLs or DNS names. Your host file is just an extension of how this works. Only instead of doing it at the application level, it does it at the operating system level.

Any time your machine tries to access a resource on the network, it has to translate that network address from a name to a number. If that process doesn't work (or is told to look in the wrong place) the resource isn't found. If that process is a looking for an advertisement or a nasty script, then that resource fails to load. When that resource fails to load it frees up resources on your machine to load more important stuff, like that article on how to winterize your lawn. Your host file just tells your machine to look in the wrong places for specific resources since any resource at this specific location is known to be undesired.

I use Open DNS at home to block a lot of these sites but this doesn't help when you leave the safety and comfort of your home network.

There are multiple sites out there that help with custom host files but MVPS is one of the best. Please take a look and see what they have to offer.

Myth vs. Fact: Identity theft

Myth vs. Fact: Identity theft:
Myth: Identity theft usually happens on the Internet.


Fact: Online methods accounted for only 11% of identity theft in 2009

Most identity theft happens offline. According to a 2009 study by Javelin Strategy and Research, stolen wallets and paperwork account for almost half (43%) of all identity theft.

Steps you can take to help prevent identity theft include:
  • Keep sensitive paperwork in a locked storage device and never put checks in an unlocked mailbox.
  • Shred sensitive paperwork when you no longer need it.
  • Never leave your wallet, purse, mobile phone, or laptop unattended.
You can increase your identity protection online with these steps:

Oct 4, 2010

Safe Browsing Alerts for Network Administrators

Safe Browsing Alerts for Network Administrators: "Posted by Nav Jagpal and Ke Wang, Security Team

Google has been working hard to protect its users from malicious web pages, and also to help webmasters keep their websites clean. When we find malicious content on websites, we attempt to notify their webmasters via email about the bad URLs. There is even a Webmaster Tools feature that helps webmasters identify specific malicious content that has been surreptitiously added to their sites, so that they can clean up their site and help prevent it from being compromised in the future.

Today, we’re happy to announce Google Safe Browsing Alerts for Network Administrators -- an experimental tool which allows Autonomous System (AS) owners to receive early notifications for malicious content found on their networks. A single network or ISP can host hundreds or thousands of different websites. Although network administrators may not be responsible for running the websites themselves, they have an interest in the quality of the content being hosted on their networks. We’re hoping that with this additional level of information, administrators can help make the Internet safer by working with webmasters to remove malicious content and fix security vulnerabilities.

To get started, visit safebrowsingalerts.googlelabs.com.

Sep 28, 2010

Out of Band Release to Address Microsoft Security Advisory 2416728

Out of Band Release to Address Microsoft Security Advisory 2416728:
Hello -

Today we provided advance notification to customers that we will release an out-of-band security update to address the vulnerability discussed in Security Advisory 2416728. The update is scheduled for release tomorrow, Tuesday, September 28, 2010 at approximately 10:00 AM PDT. The bulletin has a severity rating of Important and addresses a publicly disclosed vulnerability in ASP.NET that affects all versions of the .NET Framework when used on Windows Server operating systems. Windows desktop systems are listed as affected, but consumers are not vulnerable unless they are running a Web server from their computer.

Based on our comprehensive monitoring of the threat landscape, we have determined an out-of-band release is needed to protect customers as we have seen limited attacks and continued attempts to bypass current defenses and workarounds.

The security update is fully tested and ready for release, but will be made available initially only on the Microsoft Download Center. This enables us to get the update out as quickly as possible, allowing administrators with enterprise installations, or end users who want to install this security update manually, the ability to test and update their systems immediately. We strongly encourage these customers to visit the Download Center, download the update, test it in their environment and deploy it as soon as possible.

The update will also be released through Windows Update and Windows Server Update Services within the next few days as we test to make sure distribution will be successful through these channels. This approach allows us to release sooner to customers who may choose to deploy it manually without delaying for broader distribution.

For customers using Automatic Update, this Security Update will automatically be applied once it is released broadly. Once the Security Update is applied, customers are protected against known attacks related to Security Advisory 2416728.

We will also hold a special edition webcast for the bulletin release on Tuesday, September 28, 2010 at 1:00 PM PDT, where we will present information on the bulletin and take customer questions. If you are interested in attending the webcast, click here to sign up.

Thanks,


Dave Forstrom

Director, Trustworthy Computing

Sep 20, 2010

Google Authenticators -- Moving security beyond passwords

Hey look... Google Authenticators!

Moving security beyond passwords: "
Posted by Travis McCoy, Product Manager, Google Security Team

Entering your username and password on a standard website gives you access to everything from your email and bank accounts to your favorite social networking site. Your passwords possess a lot of power, so it's critical to keep them from falling into the wrong hands. Unfortunately, we often find that passwords are the weakest link in the security chain. Keeping track of many passwords is a pain, and unfortunately accounts are regularly compromised when passwords are too weak, are reused across websites, or when people are tricked into sharing their password with someone untrustworthy. These are difficult industry problems to solve, and when re-thinking the traditional username/password design, we wanted to do more.

As we explained today on our Google Enterprise Blog, we've developed an option to add two-step verification to Google Apps accounts. When signing in, Google will send a verification code to your phone, or let you generate one yourself using an application on your Android, BlackBerry or iPhone device. Entering this code, in addition to a normal password, gives us a strong indication that the person signing in is actually you. This new feature significantly improves the security of your Google Account, as it requires not only something you know: your username and password, but also something that only you should have: your phone. Even if someone has stolen your password, they'll need more than that to access your account.



Building the technology and infrastructure to support this kind of feature has taken careful thought. We wanted to develop a security feature that would be easy to use and not get in your way. Along those lines, we're offering a variety of sign in options, along with the ability to indicate when you're using a computer you trust and don't want to be asked for a verification code from that machine in the future. Making this service available to millions of users at no cost took a great deal of coordination across Google’s specialized infrastructure, from building a scalable SMS and voice call system to developing open source mobile applications for your smart phone. The result is a feature we hope you'll find simple to manage and that makes it easy to better protect your account.

We look forward to gathering feedback about this feature and making it available to all of our users in the coming months.

If you'd like to learn more about about staying safe online, see our ongoing security blog series or visit http://www.staysafeonline.org/.

Sep 12, 2010

Google Family Safety Center

Announcing our new Family Safety Center: "posted by Kate Hammond, Marketing Manager

Helping your children use the Internet safely is similar to teaching them to navigate the offline world. There are parts of the real world that you wouldn’t let your children explore unsupervised—and that goes for the online world as well. But while most of us remember being taught to cross the road and not talk to strangers, we probably weren’t taught how much personal information we should share online or how to handle cyberbullies.

Therefore, it’s no surprise when parents and teachers tell us they want to learn more about how to help their kids use the Internet safely and responsibly.

Today, we’re launching our new Family Safety Center; a one-stop shop about staying safe online. We’ve included advice from leading child safety organizations around the world, tips and ideas from parents here at Google, as well as information on how to use the safety tools and controls built into Google products.

For day-to-day practical tips we asked some of our parents at Google to share their own ideas. Tactics they use range from limiting screen time and preventing computers in kids’ bedrooms to ad hoc checks on their browser history and social networking profiles. Everyone has different ideas and there’s no right or wrong answer, but hopefully some of these will resonate and inspire you. See more videos and let us know your own thoughts on our YouTube channel.



To answer some of the toughest questions most important to parents, such as accessing inappropriate content and meeting strangers online, we went straight to the people that know best; the organizations that advocate and promote child safety and digital literacy. Organizations that we’ve partnered with around the world include the U.S. Federal Trade Commission’s OnGuard Online initiative, the Canadian Centre for Child Protection, the Australian Communications and Media Authority, U.K.’s ChildNet, and New Zealand’s NetSafe.

The new Safety Center also provides information on the safety tools built into Google products. SafeSearch and YouTube Safety Mode can help you control what content your children stumble across. Sharing controls in YouTube, Picasa, Blogger and others ensure your videos, photos and blogs are shared only with the right people. And in response to popular requests, we’ve added a section on managing geolocation features on mobiles.

With kids growing up in an age where digital know-how is essential, it’s increasingly important to ensure that they’re developing healthy, safe and responsible online habits. And we’re thinking every day about how we can help parents and teachers to do just that.

Aug 30, 2010

Apple Updates

Apple posted a large update today. Quicktime updates among other important security patches.

Read all about them here.

Aug 24, 2010

Go Daddy Coughs Up $1 .Com Domain Names [Dealzmodo]

Go Daddy Coughs Up $1 .Com Domain Names [Dealzmodo]: "


For any aspiring website entrepreneurs/squatters out there, Go Daddy's running a promotion through August 31st that gets you one .com domain for $1 for one year. Just enter SCHOOL99 at checkout, and fartzzz.com is yours for a buck! You can't buy in bulk, but it looks like you can go back and snap up individual domains as many times as you want—a tedious but cost-effective way to carve out your own little corner of the internet. More »

Scary Apple Privacy Patent

This is getting a bit scary...

Steve Jobs Is Watching You: Apple Seeking to Patent Spyware: "It looks like Apple, Inc., is exploring a new business opportunity: spyware and what we're calling "traitorware." While users were celebrating the new jailbreaking and unlocking exemptions, Apple was quietly preparing to apply for a patent on technology that, among other things, would allow Apple to identify and punish users who take advantage of those exemptions or otherwise tinker with their devices. This patent application does nothing short of providing a roadmap for how Apple can — and presumably will — spy on its customers and control the way its customers use Apple products. As Sony-BMG learned, spying on your customers is bad for business. And the kind of spying enabled here is especially creepy — it's not just spyware, it's "traitorware," since it is designed to allow Apple to retaliate against you if you do something Apple doesn't like.

Essentially, Apple's patent provides for a device to investigate a user's identity, ostensibly to determine if and when that user is "unauthorized," or, in other words, stolen. More specifically, the technology would allow Apple to record the voice of the device's user, take a photo of the device's user's current location or even detect and record the heartbeat of the device's user."

Five awesome Automator tips

Five awesome Automator tips: "Think Apple’s built-in automation tool, Automator, is more trouble than it's worth? Think again. Not only can Automator perform wondrous feats, but with these tips it's also easy to make it happen."

Windows DLL Vulnerability Exploit In the Wild

Windows DLL Vulnerability Exploit In the Wild: "WrongSizeGlass writes 'Exploit code for the DLL loading issue that reportedly affects hundreds of Windows applications made its appearance on Monday. HD Moore, the creator of the Metasploit open-source hacking toolkit, released the exploit code along with an auditing tool that records which applications are vulnerable. 'Once it makes it into Metasploit, it doesn't take much more to execute an attack,' said Andrew Storms, director of security operations for nCircle Security. 'The hard part has already been done for [hackers].''"

Aug 21, 2010

Securing Remote Desktop Services in Windows Server 2008 R2

Securing Remote Desktop Services in Windows Server 2008 R2: "Taking a look at the security mechanisms built into RDS; how to use Group Policy and configuration settings for better security."

Aug 19, 2010

Iron Key!!!111

And there was much rejoicing.

Iron Key Store

Aug 18, 2010

HP CEO's Browsing History Used Against Him

Clear that history folks!

HP CEO's Browsing History Used Against Him: "theodp writes 'Anything you browse can and will be used against you. An investigation of ousted HP CEO Mark Hurd's surfing history reportedly convinced the HP Board that Hurd had had a personal relationship with sexual harassment accuser Jodie Fisher, even if not sexual. Just the latest example of how HP 'work[s] together to create a culture of inclusion built on trust, respect and dignity for all.' The WSJ reported a person close to the investigation said Hurd had looked at clips from racy films featuring Ms. Fisher, a former actress, while someone 'familiar with Mr. Hurd's thinking' said he merely did a Google search of 10 minutes or so. One wonders how many more 'personal relationships' with Ms. Fisher the browser histories of HP's 304,000 worldwide employees might reveal. BTW, nice to see that Hurd has made it to HP's ex-CEO-Hall-of-Fame page.'"

Jul 30, 2010

Happy Sysadmin Day

Have a beer with lunch everyone!

Happy Sysadmin Day!

Jul 29, 2010

Use a Batch Script to Keep SysInternals Utilities Updated [Batch Scripts]

Click here to read Use a Batch Script to Keep SysInternals Utilities Updated Use a Batch Script to Keep SysInternals Utilities Updated [Batch Scripts]: "Windows only: The SysInternals suite of utilities, including the excellent Process Explorer tool, are a must-have for any serious geek, but they don't come with a built-in way to keep them updated. Here's how to keep them automatically updated. More »

Millions of Android users hit by malicious data theft app

Surprised?

Millions of Android users hit by malicious data theft app: "An app distributed by Google's Android Market has collected private data from millions of users and forwarded it to servers China, validating Apple's uniquely strong stance on mobile security in the iPhone App Store."

Jul 28, 2010

Data Storage Capacity Mostly Wasted In Data Center

Data Storage Capacity Mostly Wasted In Data Center: "Lucas123 writes 'Even after the introduction of technologies such as thin provisioning, capacity reclamation and storage monitoring and reporting software, 60% to 70% of data capacity remains unused in data centers due to over provisioning for applications and misconfiguring data storage systems. While the price of storage resource management software can be high, the cost of wasted storage is even higher with 100TB equalling $1 million when human resources, floor space, and electricity is figured in. 'It's a bit of a paradox. Users don't seem to be willing to spend the money to see what they have,' said Andrew Reichman, an analyst at Forrester Research.'"

Jul 26, 2010

Monitoring Software

I have added a box of links on the left for "Monitoring Software". I have experience with Nagios and Zenoss and find them both to be adequate. As with anything IT related you get out whatever you put into it.

If you expect to have a quick easy fix for all your monitoring needs it just won't happen with any package you choose. You have to take time to study it and deploy it correctly. You have to configure all devices the same and keep them up to date. You have to make sure you follow procedures. Above all else you have to document the whole process and refer back to the documentation when you have a question.

Another big problem is making sure to investigate each and every problem created. You have to find out why something was reported and if it was legitimate or not. If not, you have to make sure it doesn't happen again.

False positives will kill months and months of preparation done on any monitoring system. If you can't trust what it tells you, you shouldn't be wasting your time figuring it out.

Jul 21, 2010

Microsoft Zero-Day: Malformed Shortcut Vulnerability

Microsoft Zero-Day: Malformed Shortcut Vulnerability:
"Today Microsoft updated the security advisory that was initially published last Friday (July 16), stating that they’re working on issuing a security patch for this vulnerability. Earlier, malware exploiting this issue was found in the wild. Researchers at McAfee Labs have been busy tracking this issue over the weekend and we have come up with some more quick Q&A’s.

1. What is the issue with .LNK files and how can it be exploited?

A. McAfee Labs researchers analyzed malware that was exploiting a design flaw in parsing shortcut (.LNK) files. This issue gets triggered because the Windows Shell component does not validate parameters sent out in the shortcut. This issue can be exploited via any mechanism that makes the user load the icon of the .LNK file.

2. Does the malware need a payload (shellcode) to exploit this flaw?

A. Since this is a design issue in the way shortcuts are parsed, no malicious payload (shellcode) is required to exploit this flaw. The .LNK file needs to point to a malicious file, the path of which needs to be hardcoded in the shortcut.

3. What are the requirements to successfully exploit this flaw?

A. This flaw can be triggered when Windows Explorer or Internet Explorer tries to render a malformed .LNK file that points to a malicious executable. The user need not double-click on the .LNK file to trigger the vulnerability; just opening the folder containing the malicious shortcut is enough to get infected.

4. What are the most likely attack vectors used to exploit this vulnerability?

A. USB drives are likely to be affected the most. The malware discovered in the wild was exploiting this issue via a USB drive. File sharing over SMB is another likely vector to exploit this flaw and this can lead to widespread malware infections over internal networks. WebDAV shares are equally susceptible to exploitation.

5. What are the affected platforms?

A. Microsoft has acknowledged that all supported platforms are affected. More details are available in the Microsoft security advisory. Windows XP SP2 is not listed in the list of affected platforms from Microsoft, so there is a chance of Windows XP SP2 users might remain vulnerable.

6. How widely is the issue being exploited?

A. The issue is known to be exploited by malware in the wild. Initial attacks were limited. However, an exploit module in metasploit was published today that uses WebDAV shares as an exploit vector. We expect wider exploitation of this issue. Users should keep their anti-virus software updated with the latest DATs (signatures).

We’ll keep our readers updated on this issue as we analyze more malware and techniques used by malware writers to exploit this flaw."

Dell ships motherboard with malicious code

Apparently this is for the R410 replacement motherboards.

Dell ships motherboard with malicious code:
"Dell has confirmed that some of its PowerEdge server motherboards were shipped to customers with malware code on the embedded server management firmware."

Jul 20, 2010

Keep All Facebook Applications from Ever Bothering You Again

And there was much rejoicing...

Keep All Facebook Applications from Ever Bothering You Again [Facebook]:

There are subtle, precise controls for getting your Facebook privacy back the way you like inside the social network's settings. If you want the nuclear option—no Facebook app messages or pings forever—tech blog Digital Inspiration shows you the switch. More »

Jul 19, 2010

Scan to email is usually a bad idea

Criminals pushing Rogue anti-Virus disguised as scanned documents: "Email messages masquerading as scanned documents are the latest attack vector being adopted by criminals to push Rogue anti-Virus Malware to the masses. The messages, which appear to have been sent from a Xerox WorkCentre Pro, come with a Zip file that will immediately infect the host system if accessed.

Update:
Since running this story on Friday, we’ve seen more examples of this attack."

Jul 8, 2010

Phone Disk Mounts iPhone, iPod Touch, and iPad as USB Disks in Finder [Downloads]

Click here to read Phone Disk Mounts iPhone, iPod Touch, and iPad as USB Disks in FinderPhone Disk Mounts iPhone, iPod Touch, and iPad as USB Disks in Finder [Downloads]:

Mac only: iPhone users have been able to browse the contents of their device using apps like previously mentioned iPhone Explorer for awhile, but Phone Disk integrates it with OS X, mounting your iPhone in the Finder instead of a separate app. More »

Blackboard to Buy Two Education-Software Companies—Elluminate and Wimba

Blackboard to Buy Two Education-Software Companies—Elluminate and Wimba:
Blackboard has a habit of acquiring an education-technology company every year, but this year it bought two—both of which offer similar services.

Jul 1, 2010

Airport Express joining DD-WRT wireless using WPA2

Okay, I've been hammering away at this for hours so I am posting something about it.

This afternoon something hosed my wireless router, big time. Not sure what happened but it wasn't acting right. I managed to get it reset back to defaults and it worked fine. This is good because I thought it was burned up or something.

I managed to get all my settings and DHCP reservations back but I couldn't get my Airport Express to join the WPA2 Personal network. Eventually I loaded the old firmware image and took some screen shots before it failed again.

Apparently the Airport Express will NOT use TKIP WPA Algorithms. It must use AES. As soon as I set it to AES the Airport Express turned green and I had my music. I haven't tried TKIP+AES. Perhaps that will work too. I'm too tired to test it.

I searched high and low but all I could find was information on using WDS in this environment. I found nothing relating to what WPA Algorithms the Airport Express should use. So, here it is.

Jun 23, 2010

Andriod App FAIL

Nice... I'll take my "locked down" iPhone any day.


Fifth of Android Apps Expose Private Data: "WrongSizeGlass writes 'CNet is reporting that a fifth of Android apps expose private data. The Android market threat report details the security issues uncovered. Dozens of apps were found to have the same type of access to sensitive information as known spyware does, including access to the content of e-mails and text messages, phone call information, and device location. 5% of the apps were found to have the ability to make calls, and 2% can send text messages, without the mobile user doing anything.'

Home Network Filtering Service from OpenDNS

More great services from OpenDNS.


Click here to  read FamilyShield is a No-Setup Adult Content Blocker for Your Router
FamilyShield is a No-Setup Adult Content Blocker for Your Router [Content Filtering]: "

OpenDNS already offered a great content filtering tool that you could set up on your home Wi-Fi router. Now the DNS provider is making it easier to block impressionable eyes from adult content—and clever proxies and other work-arounds, too. More »

iOS To Make Its Desktop Debut With Next iMac Revision?

iOS To Make Its Desktop Debut With Next iMac Revision?: "iOS To Make Its Desktop Debut With Next iMac Revision?: '

IOS on the next iMac? That’s the rumor going around this morning. The deal is that Apple wants to bring touch controls to its desktop offerings, and will use the next iMac revision to test the waters a bit. So, you’ll have your standard Mac OS X installation, but then when you activate “touch screen mode,” you’ll switch over to iOS.

Jun 21, 2010

Expanding a Windows Boot Volume in VMWare

This was originally posted here. I have copied it for posterity and archival purposes =)

How to expand/grow a Windows system/boot disk under VMWare in a simple way

On several places it is written that it is somewhat problematic to expand the boot disk:
"...Windows DiskPart utility, it can extend (expand) only data volumes..."
            - VMware FAQ
But it is not hard to do it, and you don't need any disk utilities except diskpart.exe which is included in Windows.
The only guarantee I will give is that this has been working for me. ;-)
Follow this steps on your own risk:
1. Shut down the VMware Virtual Machine.
2. Make a complete Clone of the Virtual Machine. (Keep this clone as a backup if the procedure does not work for some reason.)
3. Locate the utility vmware-vdiskmanager.exe and the original disk file you want to expand. Open a command window and run the command below. Modify paths, file names and disk size as needed.
4. The VI Client can also be used to expand the disk after the clone is complete.

"C:\Program\VMware\VMware Workstation\vmware-vdiskmanager.exe" -x 8GB "C:\Documents and
Settings\userhome\My documents\My Virtual Machines\Win2k3test\Windows Server 2003, Standard
Edition.vmdk"
This takes some time to complete.
There's a lot more you can do with vmware-vdiskmanager.exe. If curious, se links on the VMware FAQ page above.
4. Edit the cloned Virtual Machine. Add the just expanded original disk to the machine.
5. Boot the clone VM. You will se the expanded drive on a new "drive letter". Open a command prompt and run diskpart.exe:
  • Run "list volume". Look for the volume number for the expanded drive.
  • Run "select volume x", where x is number for the expanded disk.
  • Run "extend".  The volume will instantly be extended.
  • Exit from diskpart.
6. Shut down the cloned machine and remove the expanded disk from the cloned machine.
7. Boot the original virtual machine. You should now have a larger volume.
You might want to run "chkdsk /f /r" and reboot to be sure the disk is ok. This Control take a long time to complete.
I hope this works for you! Please email me if this screws things up for you so that I can improve this guide or warn others!
Good luck!

Jun 16, 2010

Group Policy Resource Guide

Group Policy Resource Guide: "Providing some links and information about tools and resources that exist for free, all pertaining to Group Policy."

Jun 14, 2010

Rogue facebook application acting like a worm, (Mon, Jun 14th)

Rogue facebook application acting like a worm, (Mon, Jun 14th): "Reader Freddie showed us a Sophos report of an application that has gone rogue by spamming your cont ..."

Text Editors

Wish I knew who to credit for this image =/

I've always been a vi man myself. I'll pull out emacs for heavy lifting but I always end up in a man page or my emacs hint sheet. But notepad, bleh.

Of course XKCD has regular updates on the subject as well.

Jun 12, 2010

Ipad Classic

iPad Gets Encased in a Macintosh Classic:



There are plenty of iPad stands to choose from, but none quite like this gutted Macintosh Classic that houses the futuristic iPad in its vintage case. Although the Mac's display area is almost the same size as the iPad's, the tablet's resolution totally clobbers that of the old computer from 1990. 1990 doesn't seem like that long ago, but look how far we've come! Obviously, this modded case is not the best idea for travel, but it is perfect for watching movies, or TV shows at home, since you can sit back, relax, and not have to hold the iPad yourself.

However, this isn't the only amazing iPad case mod that we've seen. Check out a few other notables - including a few DIY iBook and Macintosh Plus mods, a healthy kitchen cabinet project, and of course, the April Fool's joke heard 'round the world - in the gallery below!

Jun 11, 2010

IT Audit Automation: Windows Baseline Audits

IT Audit Automation: Windows Baseline Audits:
"Managing the security of your Windows workstations is a fairly simple task when you leverage technologies like Group Policy. Even so, individual systems within the domain can change for a wide variety of reasons. It could be that we have users who are starting and stopping services, it may be that malware is finding its way in or any of a variety of other possibilities. How can we monitor how our workstations are changing?

I’ve long been a strong proponent of compliance automation. To this end, I’ve included a script at the end of this post that can be used as a starting point for pulling out any WMIC based information from Windows computers within your domain. In fact, the script will first pull a complete list of all of the domain computers and then work its way through that list, either creating a baseline or comparing each system to the pre-existing baseline for that system.

With a minimum of effort you can easily extend this script to send notifications to the domain administrators when changes are detected or new systems are identified. This is the perfect starting point not only for compliance management but even for early malware detection.

In a future article look forward to some tools and scripts that will allow you to perform zero day malware detection in your environment using the same scripting concepts explored here.

Download the script here: Windows_Baselines

For a comprehensive course on how to identify critical controls, validate that the correct controls are in place and validate processes, consider the SANS 6 day course, “Advanced System & Network Auditing“. David Hoelzer is the SANS IT Audit Curriculum Lead and the author of several SANS IT Audit related courses."

May 31, 2010

Home Computing Necessities

I have updated the Home Computing box on the right. It now contains links to suggested software for any home.

Firefox: For the safest browsing around. Make sure to set your history to clear on exit. See below for suggested addons.

Adblock Plus: The Web has never looked better (and safer).

Noscript: I am always stunned at the number of sites wanting to run a script on my machine. You will be too.

OpenDNS: If you have kids on the web, this is a great resource for protecting them from errant clicks. And saving you from hours of re-installing software.

The rest of the links are great resources for Home Computing. Feel free to write if you have any questions or suggestions.

May 21, 2010

Infrastructures

I really don't like posting back-to-back XKCD cartoons but this is just too good. I hate to say it but a lot of people saw this whole Facebook thing coming a mile away.

The heartfelt tune it plays is CC licensed, and you can get it from my seed on JoinDiaspora.com whenever that project gets going.

May 20, 2010

Scholarship FAIL

Got this spam the other day. Uh, maybe we won't be sending him any money.

Subject: I WONT TO WINE THIS SCHOLARSHIP

   My name is Surafel Ashenafi.i am student of Addis Ababa  university
faculity of technology in the department of chemical engineering.But this
department is not my interist.I wont to study mechnical engineering  if i
get a chance.
   I wont to know what is  your criteria for this opportunity?
   THNK YOU !!

May 19, 2010

Campfire

Classic in the making here..
100 years later, this story remains terrifying--not because it's the local network block, but because the killer is still on IPv4.

Browser History Fail

I just wish Chrome had better History management.



76% Web Users Affected By Browser History Stealing: "An anonymous reader writes 'Web browser history detection with the CSS:visited trick has been known for the last ten years, but recently published research suggests that the problem is bigger than previously thought. A study of 243,068 users found that 76% of them were vulnerable to history detection by malicious websites. Newer browsers such as Safari and Chrome were even more affected, with 82% and 94% of users vulnerable. An average of 63 visited locations were detected per user, and for the top 10% of users the tests found over 150 visited sites. The website has a summary of the findings; the full paper (PDF) is available as well.'

May 5, 2010

How to Triple-Boot Your Mac with Windows and Linux, No Boot Camp Required [How-to]

How to Triple-Boot Your Mac with Windows and Linux, No Boot Camp Required [How-to]:
Apple has streamlined the process of dual booting Windows on your Mac, but when it comes to Linux, Boot Camp isn't so friendly. Here's how to triple-boot your Mac with OS X, Windows 7, and the shiny new Ubuntu 10.04. More »

Apr 23, 2010

Blippy Exposes Credit Card Numbers Through Simple Google Search

Anyone who didn't see this coming a mile away shouldn't be allowed to have a credit card.

Blippy Exposes Credit Card Numbers Through Simple Google Search: "An anonymous reader writes "In an unfortunate data breach, social media site Blippy has left credit card numbers in clear text, searchable via a simple Google query. The results show the amount spent on a transaction, the location, and the full card number. As of this submission, the issue still hasn't been resolved."
The company's co-founder, Philip Kaplan, told the NY Times, "... when people link their credit cards to Blippy, merchants pass along their raw transaction data – including some credit card numbers – and the site scrubs that information to present just the merchant and the dollar amount spent. But several months ago, when Blippy was being publicly tested, that raw transaction data was present in the site's HTML code, where it was retrieved by Google. Mr. Kaplan said that early on, Blippy started disguising the raw transaction data behind the scenes, but it did not know about the breach until today."

Apr 22, 2010

I hate computers: confessions of a sysadmin

Bingo.



I hate computers: confessions of a sysadmin:


I often wonder if plumbers reach a point in their career, after cleaning clogged drain after clogged drain, that they begin to hate plumbing. They hate pipes. They hate plumber’s putty. They hate all the tricks they’ve learned over the years, and they hate the need to have to learn tricks. It’s plumbing, for goodness sake: pipes fitting together and substances flowing through them. How complicated can it be?

I hate computers. No, really, I hate them. I love the communications they facilitate, I love the conveniences they provide to my life, and I love the escapism they sometimes afford; but I actually hate the computers themselves. Computers are fragile, unintuitive things — a hodge-podge of brittle, hardware and opaque, restrictive software. Why?



I provide computer support all day every day to “users”. I am not one of these snotty IT guys who looks with scorn and derision on people who don’t know what an IRQ is. I recognize that users don’t care about computers. The computer is a means to an end for them: a presentation to solicit more grant money, or a program to investigate a new computational method, or just simply sending a nice note to their family. They don’t want to “use the computer” so much as do something that the computer itself facilitates. I’m the same with with cars: I don’t want to know how an internal combustion engine works or know how to change my oil or in any other way become an automotive expert — I just want to drive to the grocery store!

But the damned computers get in the way of all the things the computers help us do. There’s this whole artificial paradigm about administrator accounts, and security, and permissions, and all other manner of things that people don’t care about. A host of ancillary software is required just to keep your computer running, but that software introduces more complexity and more points of failure, and ends up causing as much grief as it’s intended to resolve.

Computer error messages are worthless.



What sparked this current round of ire was a user’s inability to check for Windows Updates. Windows Update, the program, starts up just fine. But clicking on “Check for Updates” results in an unhelpful message that Windows Update could not check for updates. A meaningless error code is presented to the user, as if he’ll know what to do with that. There’s even a helpful link that says “Learn more about common Windows Update problems”. The list of suggested problems includes a variety of other meaningless error codes, but not the one that this user received. The Windows Event Log, which I know how to access but the user does not, contains nothing instructive. For a normal user, this would be a dead-end with one of two options: ignore the problem and hope nothing bad happens in consequence; or try to repair the operating system using some half-baked recovery method provided by the computer manufacturer or the Windows install disk (assuming they have one).

Another user I support has had nothing but trouble with Adobe Acrobat. Trying to open PDFs from within his browser fails spectacularly. Either the links simply never open, or they open a completely blank page, or Internet Explorer renders an error page suggesting that there’s a network problem! The user can right-click and “Save As” the links to get the PDFs, and I’m thankful that this user understand how to right-click at all, such that he has a viable workaround to the problem until I can find the root cause. But many, many users do not know what the right mouse button is for.



I pick on Microsoft a lot, because I think they do a lot of things fundamentally wrong. But plenty of other companies are just as guilty of bad design, bad implementation, and bad communication with their users. Google’s Chrome browser is cute when it says “Aw snap!”, but that leans the other way in terms of uselessness: it doesn’t give the user any better idea of what might be wrong, and users are left to feel helpless, powerless, and stupid.

Even when things go right, users are left to feel powerless and stupid. Installing almost any program on a Windows based system involves an inordinate number of clicks, all of them just saying “Okay” “Okay” “Okay”. No one reads the click-through EULAs, no one changes the default installation location, and no one selects specific installation options. They just keep clicking “Okay” because that’s what they’ve been trained to do. And then they end up with four extra toolbars in their browser and a bunch of “helper” programs that don’t actually help the user in any way and which they user doesn’t actually want. And they don’t know how to get rid of them.

Computers don’t make sense.



There’s an awful lot to be said about the simplicity and usefulness of installing software on Mac or Linux. In the latter case, you simply drag a file to your Applications folder, and you’re done. Linux package managers do all the heavy lifting without any user intervention. If a Linux program requires additional libraries, the package manager finds them and installs them automatically. In both instances, I can install new applications in a fraction of the time it takes to install something on Windows.

Removing software is another cause of much consternation for users. Again, Mac and Linux make it pretty easy most of the time. Heck, on any Linux system I can enumerate all of the packages installed in seconds with a single command from the package manager (or click of the appropriate button using a GUI for the package manager). But in any Windows machine — even a brand new one with top-of-the-line hardware — it requires long minutes to enumerate and display the installed software; and to make things worse the “Add and Remove Software” control panel item doesn’t actually show you all the installed applications. And removing any particular piece of software is not always a clean operation: cruft is left behind in the filesystem and the registry (don’t even get me started on my loathing of the Windows registry!).

Speaking of filesystems, why is it that a SQL database can find a specific record in a database of millions of records in a fraction of a second, but finding a specific file on your hard drive takes minutes? I’m sure there’s some very real reason why filesystems are so unfriendly to users, but I’ll be darned if I can explain it to any of my users.

Computers are too complex to use.



Average folk might take a “computer class” which instructs them on a few specific tasks — usually application specific (How to use Microsoft Word), as opposed to task specific (How to use a word processing program) — but when experiences diverge from those presented in the class, the user is not well equipped to deal with the situation. How does one interpret this new error message? How does one deal with a recurring application fault?

The pace of change in the computer industry works against users. The whole color-coded ports initiative was a great step toward end user convenience, but that’s not enough when users now need to know the difference between VGA, DVI, and DisplayPort. A lot of the computers that are coming into my office have all three video ports, and the monitors support multiple inputs, leaving users to wonder which one(s) they should use when setting up their PC. I’ve had multiple calls from really smart graduate students who couldn’t figure out how to connect the computer to the monitor. Sure, it’s an easy joke to make fun of these situations, but it’s a damning indictment of the computer industry as a whole, if you ask me.

Like Nicholas, I’ve never had a malware infection on any computer I own; but I’ve helped lots of people — users I support professionally, and family and friends — recover from malware infections. Can you imagine your mother-in-law being able to find and follow these instructions for removing malware? Or worse, knowing about and responding to a botched antivirus update from your AV software?

Computers fail spectacularly, taking all our data with them.



Hardware and software companies know that we use our computers to store information that is important to us. And yet backing up data to keep it safe is still a gigantic pain in the ass. Lots of “enterprise” backup software exists to try to protect us from computer failures (hardware, software, and user errors), and a host of “consumer” solutions vie for our consumer dollars; but frankly they all suck. Why do we need third-party software to protect the investment we’ve made in our computers? Users don’t buy backup software because they don’t expect their computers to fail.

It’s so easy to amass a huge amount of data today — digital photo archives, MP3 collections, and video — that it’s a real pain to reliably back up. Not only is it a pain, it’s expensive. You shell out a couple hundred bucks for a fancy new camera, and you’ll need to shell out a couple hundred more bucks to get an external hard drive onto which you can duplicate all your photos for safekeeping. And then, of course, it takes a long time to actually copy your data from your computer to your external hard drive, and you just don’t have the time or patience to commit to that regularly, so you start to neglect it and them *bam* your computer blows up — hard drive failure, malware infection, whatever — and you lose weeks and months worth of irreplaceable data.

Sure, some computers come with redundant disks, but most consumer-level RAID is a fragile mix of hardware and software, further complicating the setup. Why haven’t reliable, low-cost RAID solutions reached the mainstream yet? Why don’t end users have better access to useful things like snapshots, or ZFS yet?

And what about all the little failures that end users can’t possibly begin to detect or diagnose, like bulged capacitors on their mainboard, or a faulty video card, or wonky RAM?

Computers are overwhelming.



The mind-numbing number of computers available for purchase at any retail establishment right now is enough to cow even the most stalwart bargain shopper. How is a layperson to proceed in the face of row after row of meaningless statistics? Will that extra 0.2 GHz make a demonstrable difference in their use of the computer? Will it give them an extra six months, or even a year, of useful life? Why should a normal user even care about the number of bits in their operating system?

The Laptop Hunters tried to help people find the right laptop, but Sheila’s $2,000 HP isn’t necessarily the best pick of the available options, is it? Sure, AMD is simplifying its brand. But is that enough to really help people find the best product for their need? Will their branding refresh make any difference at all when there’s still five or ten seemingly identical systems on the shelf at the big box retail computer store?

I hate computers.

I know my little rant here is like shouting at the storm: there’s a huge, lethargic industry making gobs of cash on the complexity of the computer era, and there’s little capitalistic incentive to change the status quo. These complaints aren’t new. Many of them have been made for the past quarter century. We try, in our little way, to highlight some of the deficiencies we perceive in the industry as a whole, but that’s about all we can do from here. What are you doing about these problems?

Maybe I’ll become a plumber…

Mar 30, 2010

Lawrence to become first city in Kansas to get smart electricity meters

Never thought I'd see the day. Maybe I can get some of that Google PowerMeter action now.



Lawrence to become first city in Kansas to get smart electricity meters: "Thanks to a $19 million grant from the U.S. Department of Energy, Lawrence will be the first city in Kansas hooked into the smart grid."

Mar 24, 2010

Command Line Kung Fu!

More Command Line Hints here... Looks like it's from Mr. Skoudis as well.

CommandLineKungFu.com

Mar 21, 2010

Paperless Office: It's All In Your Mind

A recent story on Slashdot talks about What is Holding back the Paperless Office? As I read through the comments I couldn't help thinking one thing: It's all in your mind. People talked about having to spread out documents on the conference table and distributing documents to the group for markup. Why can't they just bring up a copy on the laptop/netbook that everyone seems to carry to every meeting without ever using? Once people get past the mentality of having to hold onto a piece of paper we will have the paperless office.

Another person spoke about having to be able to put thoughts down on paper and how a computer would never take the place of quick drawings. There are existing tools that allow this to happen and they are improving every day. In fact, drawing or taking notes on a netbook or tablet PC is actually better in a lot of ways. How many of these drawings have you lost over the yeas? How many times have you thought, "Oh crap, where did I put that little piece of paper?" If you just train yourself to do this on your fancy netbook it wouldn't be an issue. And we would be another step closer to the paperless office.

Training people to use their minds differently isn't an easy thing to do. Old habits die hard. Especially when the new way of doing things isn't obvious. Modern office practices have been around for hundreds of years. Computers have been on the scene for just a few. It's only a matter of time but before long the only thing paper will be used for is art.

Mar 11, 2010

Save Disk Space in OS X: Monolingual

I am always amazed at how much space the Multi-Lingual files take up when installing OS X (let's not mention the print drivers). So why should I be surprised when I save so much space using this application? It managed to trim off 2.3GB in just a few minutes. That's not a lot in this era of 500GB drives but every little bit helps. That's a whole movie burned to disk!

I know I should be ashamed for using the default install in the first place. Like everyone who gets a new MacBookPro I was a little eager to start using it. The last thing I wanted to do was wait for a new install. Now if it was a new Dell it would be a different story. I have no qualms about booting right from a DVD when a new Dell shows up.

http://monolingual.sourceforge.net/

Thanks Tyler!

Mar 3, 2010

More Windows XP Problems, the F1 key?

Even though it's one of the most widely used operating systems on the planet, Windows XP has its problems. It won't be long before it goes the way of IE6 in recent news.


Microsoft Says, Don't Press the F1 Key In XP: "Ian Lamont writes 'Microsoft has issued a security advisory warning users not to press the F1 key in Windows XP, owing to an unpatched bug in VBScript discovered by Polish researcher Maurycy Prodeus. The security advisory says that the vulnerability relates to the way VBScript interacts with Windows Help files when using Internet Explorer, and could be triggered by a user pressing the F1 key after visiting a malicious Web site using a specially crafted dialog box.'