tag:blogger.com,1999:blog-78326615224600572952024-03-13T16:30:59.394-04:00Tinker's FollyThe universe is a Do It Yourself place.Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.comBlogger58125tag:blogger.com,1999:blog-7832661522460057295.post-17072723338966955442023-10-31T15:38:00.003-04:002023-10-31T15:41:17.742-04:00Recovering a Metamask Seed Phrase on a Mac with ChromeAfter several upgrades I discovered that I no longer had Metamask installed.
Metamask is a crypto wallet and it holds a small sum that I set to explore selling a video NFT.
<p>
Naturally, it was a Phishing email (your NFT has an offer!!!) that reminded me to check the wallet.
Losing access to the wallet means the funds are lost.
<p>
Metamask uses a secret recovery phrase, with which you can import your wallet to a new machine.
But I don't have the phrase...
<p>
So, Metamask provides a method to recover the phrase from a backup.
They note that if the extension is uninstalled from your browser, the database may be wiped out.
<p>
The file location shown in MetaMask's support article is not exactly right:
<p>
https://support.metamask.io/hc/en-us/articles/360018766351-How-to-recover-your-Secret-Recovery-Phrase
<p>
If you have a backup, you can navigate to the Library file location in your user account.
There you will find a low numbered database file, like 000005.ldb
<p>
You can load that file into the decryptor provided by Metamask, and recover the phrase.
<p>
<b>Here's what I found that differs from the support article: </b>
<b>The file location is in the user profile:</b><p>
On a Mac, the location of the folder is:
/Users/*username*/Library/Application Support/Google/Chrome/Default/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn
<p>
If the Library folder is hidden: Select your user account in the Finder window. Hold down Command-Shift-. (period) to show the hidden Library folder under your user account.
<p>
I copied the file to my desktop temporarily to make it easy to select from the Github tool.
<p>
https://metamask.github.io/vault-decryptor/
<p>
Yay!
<p>
This process took a long time because I had to find a TimeMachine backup from the old machine.
I had to figure out how to open a backup from a different machine, [Hold down the option key and select Browse Other Backup Disks] but doing that was no help because I could not access the hidden files!
So, I just navigated into the backup archive to find my files and used the CMD-Shift-. option to show the hidden folders.
Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com0tag:blogger.com,1999:blog-7832661522460057295.post-18094075270462322402022-12-30T10:54:00.006-05:002023-01-20T19:37:30.154-05:00When the lights get dim?We've got a great stove, at least in theory.
A Thermidor RDFS30 gas slide in range from the mid 90's.
For some time now they have not manufactured replacement parts.
<p/>
It turns out the LED display on the oven control module (part number 486752) is dim.
Hardly readable even in the dark. The time is readable but the oven
temperature is not.
<p/>
I see some of these modules used on <a href="https://www.ebay.com/itm/165789878047?hash=item2699d8c71f:g:hOEAAOSwFXtje9lI" target="_blank" rel="nofollow">EBay for over $600</a>. Yikes! And one post for the wrong part. Scary.
We'll need to re-do the kitchen eventually, and we've dodged a fridge
replacement so far this year. So, I'd like to get this fixed until
we have time to think about a re-do. An equivalent LG model is on sale for $1299.
<p/>
Online I see two <a href="https://www.appliancetimers.com/appliance?model=rdss30" target="_blank" rel="nofollow">companies</a> who will <a href="https://circuitboardmedics.com/00486752-oven-control-board-repair/" target="_blank" rel="nofollow">repair the unit</a> and ship it back
for about $200. Also, there is a 'repair kit' available, but the repair kit
handles other issues with the control board - not the dim LEDs.
<p/>
The deal with my partner is, if we can use the cooktop, I can disable the oven for a week.<p/>
To access the control module, first I had to turn off the power and unscrew the brass fittings under each burner.<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLC9Hrf1kdVP9fEtN56_qZ5Uj0Sv5dBKGxmmkBfhMTdLMhp9cbUaGTeeFKE4j2_W6dtw4DjsViSPDOCU9xJPlv4t0OjFXYPgCO_E0bxlifrIBDct7CZrCv52VRbm6WCis_eHlrEOX6z_pGzVD6O46-MdfvFzZ7s_2WYB_WVueJHIKGThLIgV4ig5hmKw/s4032/20230116_111228.jpg" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" height="320" data-original-height="4032" data-original-width="2268" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLC9Hrf1kdVP9fEtN56_qZ5Uj0Sv5dBKGxmmkBfhMTdLMhp9cbUaGTeeFKE4j2_W6dtw4DjsViSPDOCU9xJPlv4t0OjFXYPgCO_E0bxlifrIBDct7CZrCv52VRbm6WCis_eHlrEOX6z_pGzVD6O46-MdfvFzZ7s_2WYB_WVueJHIKGThLIgV4ig5hmKw/s320/20230116_111228.jpg"/></a></div>
Then the deck can be lifted up.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkpLJ9OQAIlZjs5oAJO8WoGNzHB1WHGkYIucNHQTMisMk-OOwckNG1jylZgGoKmwW2T-pXD6FWvsu6oYHz1tHDgOFINRCEPkxUmNZkQAxKvW4r3jzxdujtglpm6Oi8SEwC6IvHNl2FyTgrnjH4YqbrGTj6ODUEFlbj1IZ6QKYJsFHV2EM6mJzPmXWkcw/s4032/20230116_111318.jpg" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="320" data-original-height="2268" data-original-width="4032" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkpLJ9OQAIlZjs5oAJO8WoGNzHB1WHGkYIucNHQTMisMk-OOwckNG1jylZgGoKmwW2T-pXD6FWvsu6oYHz1tHDgOFINRCEPkxUmNZkQAxKvW4r3jzxdujtglpm6Oi8SEwC6IvHNl2FyTgrnjH4YqbrGTj6ODUEFlbj1IZ6QKYJsFHV2EM6mJzPmXWkcw/s320/20230116_111318.jpg"/></a></div>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkMoJNcDsAv8PF3zsSQa9uWM8NIfVv5vHuOSjVI--s2kVlp8nLXQMhStig8nitW-znAPfZ4VPZnx5uC1ipNEl4Rc57Vivxb5B9D9O6QnNWw0bTJwtH_zg_NwFNnTq9iU7y_c-2UGB02fEePNRzSeu0beuYye5eFI3m-x1qr2PnW6UEhoih2RnumqFylg/s4032/20221229_131557.jpg" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="320" data-original-height="2268" data-original-width="4032" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkMoJNcDsAv8PF3zsSQa9uWM8NIfVv5vHuOSjVI--s2kVlp8nLXQMhStig8nitW-znAPfZ4VPZnx5uC1ipNEl4Rc57Vivxb5B9D9O6QnNWw0bTJwtH_zg_NwFNnTq9iU7y_c-2UGB02fEePNRzSeu0beuYye5eFI3m-x1qr2PnW6UEhoih2RnumqFylg/s320/20221229_131557.jpg"/></a></div>
There is a cover over the top of the front panel to remove, and then screws underneath on
each side of the front panel beneath the oven door. The front panel is glass, so be careful removing the screws, as you wouldn't want to drop the panel. I was careful to take pictures and make a chart of the wiring for
the control module, so it is easy to put it all back together.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYUlVIebCOO8JCDekL4EiPfiwdReEeP-Ra0_jZLsyqRSFJ0N_tI2T9O3k4hCeokxin5MP0AiyGgidNrQtavw4nnoovcxcJ7CHuJCoGZF_s1PpxfgWi0hSwz_D9dWDK-Luw-_ISUcrxEMvc-gZtUmKu0nk5N7NAskNsPmDZ8yO_hsL9J6pF5hLXHctqVw/s4032/20221229_133015.jpg" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="320" data-original-height="2268" data-original-width="4032" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYUlVIebCOO8JCDekL4EiPfiwdReEeP-Ra0_jZLsyqRSFJ0N_tI2T9O3k4hCeokxin5MP0AiyGgidNrQtavw4nnoovcxcJ7CHuJCoGZF_s1PpxfgWi0hSwz_D9dWDK-Luw-_ISUcrxEMvc-gZtUmKu0nk5N7NAskNsPmDZ8yO_hsL9J6pF5hLXHctqVw/s320/20221229_133015.jpg"/></a></div>
<p/>
<strike>But when I take the control board out, it seems the gas does not flow to the burners.
Bummer.</strike> I was scratching my head looking at the schematic, there are two gas solenoids but four burners.
It turns out that this range has two burners that cycle off and back on to reduce the temperature on an ultra low setting. So those two burners will not work without power, but the other two will.
<p/>
On the first go-round, I disassembled the cook top and discovered that two of the ignitors were loose.
I ordered circlips ($2.50 ea.) to secure the two ignitors. I installed the clips but waited for a convenient moment to remove the control module.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgM7ufgvG77N0Z85k8TQIH59-2zMbdNv2i3eFzrNt1QFPpTjjsIPGyzOEdyFSCbkncrgbjG6SHjGsAKXNEO5wcVvrQP2w0BEEI2uJWopc7Bd3fYzQXDko2-Wp-Fx8_S5miJwvMMPjLwB2xju6LBF-PGt_Ncm5Pb1oYt789GYCe-qhGN8oCHOGdlNdSTlA/s4032/20221229_131604.jpg" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="320" data-original-height="2268" data-original-width="4032" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgM7ufgvG77N0Z85k8TQIH59-2zMbdNv2i3eFzrNt1QFPpTjjsIPGyzOEdyFSCbkncrgbjG6SHjGsAKXNEO5wcVvrQP2w0BEEI2uJWopc7Bd3fYzQXDko2-Wp-Fx8_S5miJwvMMPjLwB2xju6LBF-PGt_Ncm5Pb1oYt789GYCe-qhGN8oCHOGdlNdSTlA/s320/20221229_131604.jpg"/></a></div>
<p/>As it is MLK day in the US, we were both home and agreed to fix the oven. We started by installing some screws on the "deflector" in the oven (a plate above the oven's heating element, not the Enterprise!) Then the
control board came out, and I sent it off for a two-day turnaround repair. The repair is $219.99. I added an expediting fee and
Fedex shipping (not to inconvenience my partner!) totalling $338.04 all in, I could have saved $100 by choosing a slower service.
One of the companies is located in Canada, and prefers USPS international shipping. The other has expedited service and prefers FEDEX. As the postal service is close for the Federal holiday, I went with the US company. Hopefully - a three day turnaround rather than a week turnaround time.
<p/>
Update: The unit came back FEDEX, packaged very well, installed and it works great!
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjh9s3knX8HMWaA12Q-kea38ijXUw1P3e3jPUgBI9n5m16u59__DKPX-45DUrWjIoxBK-jO4sDvWmaJz6QPwRz490CMq6LEZZ_6Rzli2FFS0swl2pq94rB4aDWji5XILyU_w4Vcvij63_20Qwv62Pho7bzUnrtvuMApTDF57YU6J8CLZY6xxPRNX7xQZQ/s4032/20230119_214425.jpg" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="320" data-original-height="2268" data-original-width="4032" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjh9s3knX8HMWaA12Q-kea38ijXUw1P3e3jPUgBI9n5m16u59__DKPX-45DUrWjIoxBK-jO4sDvWmaJz6QPwRz490CMq6LEZZ_6Rzli2FFS0swl2pq94rB4aDWji5XILyU_w4Vcvij63_20Qwv62Pho7bzUnrtvuMApTDF57YU6J8CLZY6xxPRNX7xQZQ/s320/20230119_214425.jpg"/></a></div>
Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com0tag:blogger.com,1999:blog-7832661522460057295.post-82798834793801412382021-09-03T20:29:00.000-04:002021-09-03T20:29:06.982-04:00Locast.org Taken Offline<iframe src="https://www.facebook.com/plugins/post.php?href=https%3A%2F%2Fwww.facebook.com%2Frichard.snow.58%2Fposts%2F10223018164460122&show_text=true&width=500" width="500" height="444" style="border:none;overflow:hidden" scrolling="no" frameborder="0" allowfullscreen="true" allow="autoplay; clipboard-write; encrypted-media; picture-in-picture; web-share"></iframe>Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com0tag:blogger.com,1999:blog-7832661522460057295.post-43662424071615894882020-01-10T09:13:00.000-05:002020-01-10T10:08:04.854-05:00Drinking Coffee, Lacking MotivationWhat to do when technical achievements simply become boredom?<br />
Or worse, when even listening to people talk mindlessly becomes painful?<br />
Drink coffee. Maybe cultivate the ability to rock back and forth, standing, with a cup of coffee.<br /><br />
Like this guy. "How are those TPS reports coming?"<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-4beXdlNdYP8/XhiGYasH99I/AAAAAAAAQwU/Frc9_eOpskMsaxhFhwpWkgahiC5FTZENwCLcBGAsYHQ/s1600/images.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="168" data-original-width="299" src="https://1.bp.blogspot.com/-4beXdlNdYP8/XhiGYasH99I/AAAAAAAAQwU/Frc9_eOpskMsaxhFhwpWkgahiC5FTZENwCLcBGAsYHQ/s1600/images.gif" /></a></div>
<br />
<b>Check out this article on office design:</b> "<a href="https://www.gq.com/story/10-step-office-upgrade" target="_blank">Uninspired Setting? Uninspired Work</a>." - GQ<br />
<br />
Perhaps this is a call to clean the office? That helps when I am feeling uninspired!<br />
But first, coffee...<br />
<br />
<br />
<br />Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com0tag:blogger.com,1999:blog-7832661522460057295.post-50484886548729096402019-04-09T09:41:00.001-04:002019-04-09T09:49:47.992-04:00Don't be EVIL<h2 style="text-align: justify;">
EVIL is removing the home page option from Google Chrome on mobile browsers.</h2>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.commondreams.org/news/2018/05/21/evil-fine-now-google-ditches-dont-be-evil-company-code-conduct" target="_blank"><img border="0" data-original-height="419" data-original-width="800" height="209" src="https://www.commondreams.org/sites/default/files/styles/cd_large/public/headlines/google-logo-devil.jpg?itok=ELoUPwRD" width="400" /></a></div>
<div>
<br /></div>
Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com0tag:blogger.com,1999:blog-7832661522460057295.post-16520601420266615742016-10-13T10:36:00.000-04:002016-10-13T12:51:48.936-04:0073 Words - Is Technical Writing a Dying Art?As a Technologist, I rely on technical writing for my training, product evaluation and selection. When I see a video describing a new technology, I skip to the text.<br />
<div>
<h4>
Reasons to skip the video?</h4>
</div>
<div>
<ul>
<li>The video is bound to simplify the important details that are fundamental building blocks in any product.</li>
<li>The video is produced by marketing people, who all too often do not understand the product.</li>
<li>If I am coming to you for information, I already have specific questions to answer about how your product will work in my business environment.</li>
<li>I can read the text much faster and skip to the important parts rather than watch the video.</li>
</ul>
<div>
<h4>
How can marketers and educators help me?</h4>
</div>
</div>
<div>
<ul>
<li>Focus on the text.</li>
<li>Hire technical writers.</li>
<li>Focus on the technology.</li>
<li>Eliminate "market-speak", a technical manual is not a place to blather on about innovation.</li>
<li>Avoid appropriating terms from other technologies that have a similar meaning.</li>
<li>Write declarative sentences.</li>
</ul>
<div>
<h4>
Example: "Introduction to Microsoft Windows Server 2016" Microsoft Books</h4>
</div>
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-RFFZCKB7Byo/V_-RtlDiwwI/AAAAAAAAHWI/9Juc7T6kvec8NuzvI6tRkLjo7XowiQl8QCLcB/s1600/2016-10-13_0948.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="80" src="https://1.bp.blogspot.com/-RFFZCKB7Byo/V_-RtlDiwwI/AAAAAAAAHWI/9Juc7T6kvec8NuzvI6tRkLjo7XowiQl8QCLcB/s400/2016-10-13_0948.png" width="550" /></a></div>
<div>
<br /></div>
<div>
73 words, one period. A bit of a bad cut and paste job there in the middle: "software-defined datacenter features that can were born in..." I am glad they didn’t use the phrase “legacy” anywhere in this run-on sentence! "Legacy" describes <u>me</u> pretty well...</div>
<div>
<br /></div>
<div>
Anyone who survived the 90's in technology remembers <a href="https://en.wikipedia.org/wiki/Buzzword_bingo" target="_blank">Buzzword Bingo</a> so here's a shot on that sentence/paragraph:<br />
<br />
<br /></div>
<div>
<table align="center" border="1" cellpadding="5" cellspacing="0">
<tbody>
<tr>
<td><b>Market-speak</b></td>
<td><b>Buzzwords</b></td>
<td><b>“Self-Improvement”</b></td>
</tr>
<tr>
<td>Pillars</td>
<td>Security</td>
<td>Are clear about</td>
</tr>
<tr>
<td>Commitment</td>
<td>Software-defined datacenter</td>
<td>Choice</td>
</tr>
<tr>
<td>Platform of choice</td>
<td>On-premises</td>
<td>Now-exist</td>
</tr>
<tr>
<td>Frameworks</td>
<td>Application platform</td>
<td>Necessary</td>
</tr>
<tr>
<td>Traditional applications</td>
<td>Application</td>
<td>Allow</td>
</tr>
<tr>
<td>Azure</td>
<td>Cloud</td>
<td>Prepare</td>
</tr>
</tbody></table>
<br /></div>
<div>
Join my Twitter poll - <a href="https://twitter.com/p9ng/status/786577868276969472" target="_blank">Is Technical Writing Dead?</a><br />
<br />
See the <a href="https://community.spiceworks.com/topic/1872795-73-words-one-period-is-technical-writing-a-dying-art" target="_blank">discussion on SpiceWorks</a></div>
Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com1tag:blogger.com,1999:blog-7832661522460057295.post-26280904441378332112016-06-02T12:49:00.001-04:002016-06-02T13:03:12.940-04:00Windows Holographic?<p dir="ltr">Will VR and mixed reality take off?  Microsoft touted Windows Holographic today in an email to Windows Insiders - members of its beta community. </p>
<p dir="ltr">Perhaps as much of a misnomer as 'four channel stereo?' Or just a way to say that we support interactive 3D media?</p>
<p dir="ltr">I'll have to reserve judgement on the 'Holographic' tag, as that implies vastly more information storage than 3D interactive. </p>
<p dir="ltr"><a href="https://www.google.com/url?sa=t&source=web&rct=j&url=http://www.theverge.com/2016/6/1/11827180/microsoft-windows-holographic-vr-headsets&ved=0ahUKEwieqI-95onNAhVr4YMKHWzZDfIQFghcMBI&usg=AFQjCNHmJxfGh7Zwk-rou-u7_Btpuz1WAQ&sig2=s8M6Sr--kz-KtsWFx17aAQ">The Verge</a></p>
<p dir="ltr"><a href="https://blogs.windows.com/windowsexperience/2016/06/01/opening-windows-holographic-to-partners-for-a-new-era-of-mixed-reality/
">Microsoft Blog</a></p>
<p dir="ltr"><a href="
https://en.m.wikipedia.org/wiki/Quadraphonic_sound
">Quadraphonic_sound</a><br>
</p>
Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com0tag:blogger.com,1999:blog-7832661522460057295.post-3371261502152553412016-03-31T15:03:00.001-04:002016-03-31T15:03:03.537-04:00Tay it ain't tso!Microsoft's experiment with an online Bot named 'Tay' was quickly ended when the bot began posting racist and even fascist messages.<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><span style="margin-left: auto; margin-right: auto;"><a href="https://www.blogger.com/goog_1275168322"><img border="0" height="208" src="https://2.bp.blogspot.com/-7XMthtLPmsQ/Vv1yMVSpYBI/AAAAAAAAD9o/c2YZcheLdngzsjO2Ob8HqSnf5xuMbSXDg/s400/Tay-2016-03-31_1447.png" width="400" /></a></span></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><a href="http://www.nytimes.com/aponline/2016/03/24/us/ap-us-microsoft-twitter-chatbot-deleted.html?ref=news">http://www.nytimes.com/aponline/2016/03/24/us/ap-us-microsoft-twitter-chatbot-deleted.html?ref=news</a></td></tr>
</tbody></table>
The initial response in the Twitterverse was that the Bot was 'trained' to become 'racist', but as the <a href="http://www.nytimes.com/aponline/2016/03/24/us/ap-us-microsoft-twitter-chatbot-deleted.html?ref=news" target="_blank">New York Times article</a> reveals - the system was not filtering the type of responses that it came out with, so people tried to get it to say crazy stuff. It worked. Oops!<div>
<br /></div>
<div>
After brief experiences with <a href="https://en.wikipedia.org/wiki/Chatroulette" target="_blank">Chatroulette</a>, I have to agree that this was to be expected if the 'Bot was programmed to respond with no filters. Other systems, such as Siri, or Amazon Echo do not respond to 'inappropriate content'.</div>
<div>
<br /></div>
<div>
We were experimenting recently on a long tech support call, because it has been said that swearing while waiting on hold will result in the call being bumped up in the queue. I can verify that playing a video of swearing Parrots into the phone did not cause any reduction on on-hold time with <a href="http://www.sage.com/" target="_blank">Sage Software</a>. (I hung up after two hours.)</div>
Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com0tag:blogger.com,1999:blog-7832661522460057295.post-37638968133952082872015-11-17T11:19:00.000-05:002015-11-17T11:20:08.199-05:00Old cell phones make a nice webcamNeed a webcam in my computer room. Old smart phone and free
<a href='https://play.google.com/store/apps/details?id=com.pas.webcam&hl=en'> IP Webcam </a> software. Poof!
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-PusezXlde6U/VktRKU9K3QI/AAAAAAAACM8/e1D4TLMyim4/s1600/photoaf.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-PusezXlde6U/VktRKU9K3QI/AAAAAAAACM8/e1D4TLMyim4/s320/photoaf.jpg" /></a></div>
Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com0tag:blogger.com,1999:blog-7832661522460057295.post-47974456269533873002015-03-06T15:43:00.001-05:002015-03-06T15:43:00.391-05:00Standing Desk in use<div class="separator" style="clear: both; text-align: center;"> <a href="http://lh3.ggpht.com/-S7XtJZC-9Go/VPoRUFg0vpI/AAAAAAAAByA/uY8-TH8BWfo/s1600/1425674473557.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"> <img border="0" src="http://lh3.ggpht.com/-S7XtJZC-9Go/VPoRUFg0vpI/AAAAAAAAByA/uY8-TH8BWfo/s640/1425674473557.jpg"> </a> </div>Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com0tag:blogger.com,1999:blog-7832661522460057295.post-91355839805571255892015-03-06T15:25:00.001-05:002015-03-06T16:23:37.588-05:00Standing Desk, Read Only Friday<div dir="ltr">
Thought I would try out a standing desk, with a treadmill. For me standing in one place is no better than sitting all day! Here is the result.</div>
<div dir="ltr">
<br /></div>
<div dir="ltr">
First I had to find a cheap treadmill. Craig's list didn't work out so I opted for the Confidence Plus treadmill (about $200 online with free shipping).</div>
<div dir="ltr">
<br /></div>
<div dir="ltr">
Preparing the treadmill involved removing the arms from the Confidence Plus treadmill (about $200 online with free shipping). <a href="http://www.treadmilldeskdiary.com/setting-up-my-confidence-power-plus-treadmill-for-a-desk/" target="_blank">See details here...</a></div>
<div dir="ltr">
<br /></div>
<div dir="ltr">
The second challenge is that Standing Desks are expensive. Ikea is out of stock on the Bekant standing desk which is around $500. Others ramp up in price quickly.</div>
<div dir="ltr">
<br /></div>
<div dir="ltr">
For a quick experiment, <a href="http://www.homedepot.com/p/HDX-36-in-W-x-72-in-H-x-24-in-D-5-Shelf-Plastic-Ventilated-Storage-Shelving-Unit-128974/100006678?N=5yc1vZc89eZ1z0tupo" target="_blank">this plastic shelving</a> from Home Depot does the trick.</div>
<div dir="ltr">
To get the right height, just cut down the plastic spacers. We're using four of the five shelves, and the treadmill is resting on the lowest shelf. (The feet are not used.)</div>
<div dir="ltr">
<br /></div>
<div dir="ltr">
Works ok for a test. Next thing is to stabilize the shelving a bit more.</div><p>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://lh4.ggpht.com/-tOQryEW4CGs/VPoR73hGHDI/AAAAAAAAByI/KZZH4x-IYwo/s1600/20150306_152046.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"> <img border="0" src="http://lh4.ggpht.com/-tOQryEW4CGs/VPoR73hGHDI/AAAAAAAAByI/KZZH4x-IYwo/s640/20150306_152046.jpg" /> </a> </div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://lh3.ggpht.com/-ClXpxWuUEHQ/VPoR807Z0mI/AAAAAAAAByQ/OKPjWHOJ2w4/s1600/20150306_152059.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"> <img border="0" src="http://lh3.ggpht.com/-ClXpxWuUEHQ/VPoR807Z0mI/AAAAAAAAByQ/OKPjWHOJ2w4/s640/20150306_152059.jpg" /> </a> </div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://lh6.ggpht.com/-bktUhsp76Og/VPoR9rptXCI/AAAAAAAAByU/ck0hbFLyvnQ/s1600/20150306_145741.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"> <img border="0" src="http://lh6.ggpht.com/-bktUhsp76Og/VPoR9rptXCI/AAAAAAAAByU/ck0hbFLyvnQ/s640/20150306_145741.jpg" /> </a> </div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://lh5.ggpht.com/-9PmJcVOxelg/VPoR-TmlJTI/AAAAAAAAByc/G38Unc3oFwM/s1600/20150306_145722.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"> <img border="0" src="http://lh5.ggpht.com/-9PmJcVOxelg/VPoR-TmlJTI/AAAAAAAAByc/G38Unc3oFwM/s640/20150306_145722.jpg" /> </a> </div>
Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com0Watertown, Watertown42.37093 -71.18283tag:blogger.com,1999:blog-7832661522460057295.post-31383944694486833282014-12-11T08:33:00.003-05:002014-12-11T08:33:31.472-05:00Great post on "Why Bad Software Succeeds"Came across this today - worth a read:<br />
<br />
<a href="http://pressupinc.com/blog/2014/12/bad-software-succeeds/">http://pressupinc.com/blog/2014/12/bad-software-succeeds/</a>Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com0tag:blogger.com,1999:blog-7832661522460057295.post-6047034879598909512014-11-25T08:42:00.001-05:002014-11-25T08:42:15.020-05:00Clickbait Alert: The Latest Smartphone Security Alert<span style="font-family: inherit;"><i>This is exactly the kind of security warning that trends towards "Clickbait":</i></span><br />
<span style="font-family: inherit;"><br /></span>
<h1 class="entry-title" itemprop="headline" style="background-color: white; box-sizing: border-box; color: #333333; line-height: 1; margin: 0px 0px 1.6rem;">
<span style="font-family: inherit; font-size: x-large;">Smartphone security alert: 87% of iPhone and 97% of Android top 100 apps hacked</span></h1>
<span style="font-family: inherit;">First of all, there's the number, then there's the terminology.</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">What do we mean by 'hacked'? Was there a data breach? Was the Apple or Google app store hacked?</span><br />
<b><span style="font-family: inherit;"><br /></span></b>
<b><span style="font-family: inherit;">No. </span></b><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">The report from ArXan, "State of Mobile App Security, Apps Under Attack", Volume 3 – November 2014 has this to say:</span><br />
<blockquote class="tr_bq">
<span style="background-color: white;"><span style="font-family: inherit;">The 2014 State of Mobile App Security analysis followed the same methodology as last year’s research, which included identifying and reviewing hacked versions of top iOS and Android apps from thirdparty sites outside of official Apple and Google app stores.</span></span></blockquote>
<span style="font-family: inherit;">Users know, even if they ignore, that installing apps from third party sources is risky.</span><br />
<span style="font-family: inherit;">While it is important to know that such a high percentage of apps that are distributed outside of the app store have been infected with Malware, the report does not show any compromise of the app store or these companies' infrastructure. However, other research linked in the article, <a href="https://www.arxan.com/resources/state-of-security-in-the-app-economy/" target="_blank">available here</a>, deals with those issues.</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">The Register had <a href="http://www.theregister.co.uk/2014/11/20/doctored_mobile_apps_threat_on_the_rise_report/" target="_blank">this</a> to say:</span><br />
<blockquote class="tr_bq">
<span style="background-color: white; line-height: 21px;"><span style="font-family: inherit;">As a specialist in application protection, Arxan has an obvious vested interest in talking up the threat from poorly protected mobile apps. However, that's not to say it isn't onto something. The recent discovery of the WireLurker iOS malware provides evidence that the issue of tampered apps is a real and present danger.</span></span></blockquote>
So, I guess, important to know. Perhaps this becomes a reason companies should avoid putting out branded apps, or for sectors that deal with private information - should employ technology (such as ArXan's) which helps to tamper proof the code.<br />
<br />
Bottom line: 87% of reports that the sky is falling - need to define the term "sky".<br />
<br />
<br />Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com0tag:blogger.com,1999:blog-7832661522460057295.post-28344535320940093452014-11-12T10:23:00.000-05:002014-11-12T10:23:30.790-05:00What does 'Governance' mean to you?<b>What does 'Governance' mean to you?</b><br /><br />
To me it means dealing with politicians, Red State / Blue State, and the current raft of temporary political theories. It means Fox News vs. the John Stewart show.<br /><br />
In the tech world it has come to be used to refer to having policies and procedures that support a technical infrastructure. Microsoft has elevated this usage as it has promoted SharePoint. Why? Because SharePoint is an enabler for the end user. It is among 'content management' systems which allow the end user to create information storage systems. The worry is that these systems will grow like weeds, with no control, without 'Information Architecture' being considered. It is a legitimate worry, but the greater worry is 'Adoption'.<br />
<br />
<b>What does 'Adoption' mean to you?</b><br />
<br />
To me it means children finding a new home. In the SharePoint world it means that there is a large portion of the installed base that is not using SharePoint. It could be because of missing functionality, lack of user buy-in, lack of executive support.<br />
<br />
User Adoption is a real problem. But underlying the issue is a darker reality. A lack of User Adoption may result from the executive, or most likely IT acting in a vacuum. The tail wagging the dog.<br />
<br />
Sure SharePoint is a cool thing to implement. But what does it do that we don't already have in place?<br />
<br />
<ul>
<li>Replaces file shares</li>
<li>Allows collaboration</li>
<li>Information portal</li>
<li>Replaces Exchange calendaring</li>
<li>Search Capability</li>
<li>Document Management</li>
</ul>
Most of these functionalities are in place already in many businesses, with more purpose built systems that are, as a result, more finely tuned to business activity. SharePoint is a generic Swiss Army knife of features. It doesn't have as many embedded business rules as purpose-built systems.<br />
(That is one reason why after-market products are quite important.)<br />
<br />
<b>Words Matter</b><br />By dressing up these basic requirements of our technology projects - Microsoft and IT 'elevate' the discussion. We tend to fool ourselves into thinking that we know what is best for our business. Maybe we're following the herd mentality? Maybe we are trying to stay relevant?<br /><br />Until recently the term governance was rarely seen alone - most often it would be written 'Good Governance' or 'Bad Governance'. But 'Governance' became a buzz word used by consultants, and it is now frequently seen in email marketing. And this marketing drives us to implement governance before any project begins. And sure, policies are good to have. But we need to get our community behind us before any project begins.<br />
<br />
Governance means nothing if it is a bunch of rules that the business (either explicitly, or de-facto) does not agree to. On the one hand, the IT organization writes up rules but the business management is not engaged. This is the curse of middle management! On the other hand management may be engaged but is unable to push through changes in procedure - as users will always try to find the easiest way to work - which may mean going around the system.<br /><br />
<b>User Engagement</b><br />
We need to practice user engagement. In a customer service context, some have called this 'customer delight'. We could call this 'user delight'. If we're not providing a better solution than DropBox, then our users are going to use DropBox. Otherwise we are like the tail wagging the dog. It kinda works, but it's never a sure thing.<br />
<br />
User Engagement was the topic of a recent article in SharePoint Pro magazine:<br />
<a href="http://sharepointpromag.com/sharepoint-administration/launching-intranet-crucial-step-you-cannot-skip">http://sharepointpromag.com/sharepoint-administration/launching-intranet-crucial-step-you-cannot-skip</a><br />
<br />Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com0tag:blogger.com,1999:blog-7832661522460057295.post-88728106361874094472014-04-14T14:45:00.000-04:002017-07-05T12:21:59.666-04:00Sensatronics EM1 Environmental Sensor with PRTG<h4>
Monitoring the EM1 Sensor from PRTG<br />How we got here...</h4>
<div>
In the past we have had issues with the A/C in our computer room. The A/C unit was spec'd out with a consumer grade unit (Carrier) rather than a more traditional unit. Unfortunately the unit was not optioned to run in cold weather, and there were issues with charging the unit that required extra maintenance.</div>
<div>
<br /></div>
<div>
As so our locked room would occasionally have a propped-open door with a fan exhausting heat into the office. Of course we care about physical security, and the prospect of increased downtime when these failures occur on a weekend or during a vacation. So we looked around for a simple environmental monitor and came up with the <a href="http://estore.sensatronics.com/index.php?l=product_detail&p=11" target="_blank">Sensatronics EM1</a> (around $500) and Overseer software.</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://estore.sensatronics.com/images/products/detail_11_detail_13_ModelEM1LR.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://estore.sensatronics.com/images/products/detail_11_detail_13_ModelEM1LR.jpg" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Overseer is designed to run on your workstation, which means leaving the machine running all weekend. Loading it up in a VM produces inconsistent notifications. And we also need to collect syslogs.</div>
<div>
<br /></div>
<div>
So, we are evaluating <a href="http://www.paessler.com/" target="_blank">PRTG</a>. PRTG loads up on top of Windows 2012 in a VM, does an auto discovery (here I blocked it from discovering desktops lest I get notified every time someone shuts down). And there is a Beta version syslog repository. Good start...</div>
<div>
<br /></div>
<div>
There is a monitor in our APC UPS which was discovered properly. But since we bought the EM1 monitor I figure let's give it a try. The EM1 has additional sensor capacity, and I could use it in a new location.</div>
<br />
<h4>
Key Tricks</h4>
<div>
Getting started - PRTG doesn't ship with the device information for the sensor built in, so auto discovery will not work. But, PRTG does have a concept of templates for the devices. <strike>And Sensatronics has a zip file of basic device configurations <a href="http://support.sensatronics.com/index.php?_m=downloads&_a=view" target="_blank">here</a>.</strike> <i>Update 7/2017: The zip file is no longer on Sensatronics' website, best option is to call support.</i></div>
<div>
<br /></div>
<div>
Load the extracted files into the program directory for PRTG on the server, in our case:<br />
\\prtg\c$\Program Files (x86)\PRTG Network Monitor\devicetemplates</div>
<div>
<br /></div>
<div>
With the templates loaded we need to create the new device as follows:</div>
<div>
<br /></div>
<div>
In PRTG we need to do two things:</div>
<div>
<ol>
<li>Create a new group, (I called it SNMP V1) because the SNMP version is inherited from the group.</li>
<li>For SNMP set the inheritance of settings OFF, and set the version to v1</li>
</ol>
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-_Cx615A70wE/U0weektkDJI/AAAAAAAABi0/_KtnpOSqxd4/s1600/2014-04-14_1341.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="https://4.bp.blogspot.com/-_Cx615A70wE/U0weektkDJI/AAAAAAAABi0/_KtnpOSqxd4/s1600/2014-04-14_1341.png" width="400" /></a></div>
<div>
Now we create a new device in PRTG, and specify as follows:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-W0nX5PA_k4M/U0wglL8xGdI/AAAAAAAABjI/nlVy3S0nOQM/s1600/2014-04-14_1351_001.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="https://3.bp.blogspot.com/-W0nX5PA_k4M/U0wglL8xGdI/AAAAAAAABjI/nlVy3S0nOQM/s1600/2014-04-14_1351_001.png" width="400" /></a></div>
<br />
Start the discovery and you should get:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-4I6H7uNiKfU/U0wjbDhllZI/AAAAAAAABjc/BqterciMhx0/s1600/2014-04-14_1355-2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="115" src="https://3.bp.blogspot.com/-4I6H7uNiKfU/U0wjbDhllZI/AAAAAAAABjc/BqterciMhx0/s1600/2014-04-14_1355-2.png" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
Which is at least data. The temperature is the main point, it's not 8 degrees in there. The web page on the sensor shows this:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-Vs0ZhIPKz50/U0wj5msss6I/AAAAAAAABjk/1puD0URgEQ0/s1600/2014-04-14_1406.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="235" src="https://2.bp.blogspot.com/-Vs0ZhIPKz50/U0wj5msss6I/AAAAAAAABjk/1puD0URgEQ0/s1600/2014-04-14_1406.png" width="400" /></a></div>
<br />
And so here is where I call Sensatronics for Tech Support :-)<br />
And.. the answer is, the template for the device has an error. In the column 'division' the entry should be changed from '10' to '1'. Do this in all the sensors. In my case I only have three sensors active.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-6E0-rFhstPI/U0wpy95OB4I/AAAAAAAABj0/PjiO-Mpcwo4/s1600/2014-04-14_1430_001.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://3.bp.blogspot.com/-6E0-rFhstPI/U0wpy95OB4I/AAAAAAAABj0/PjiO-Mpcwo4/s1600/2014-04-14_1430_001.png" width="275" /></a></div>
<br />
And the result:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-gWnbABCso0k/U0wqyJ0FBTI/AAAAAAAABj8/FO_NYl-39PY/s1600/2014-04-14_1436.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="101" src="https://4.bp.blogspot.com/-gWnbABCso0k/U0wqyJ0FBTI/AAAAAAAABj8/FO_NYl-39PY/s1600/2014-04-14_1436.png" width="400" /></a></div>
<br />
(Yes we do run hot. Saves energy.)<br />
<br />
So there you have it. Thanks to Keith from <a href="http://www.sensatronics.com/" target="_blank">Sensatronics</a> for the final tip!</div>
Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com2tag:blogger.com,1999:blog-7832661522460057295.post-16129384701769669132014-04-12T15:11:00.000-04:002014-04-12T16:14:30.166-04:00A Password Odyssey - Two Well Liked Password Managers<h3>
About the Contendahs</h3>
The Open Source program <b><a href="http://keepass.info/" target="_blank">KeyPass</a></b> is great for generating and securely storing all sorts of information (passwords, web addresses, SSH keys, ftp logins, even combo lock codes)<br />
<br />
<b><a href="http://lastpass.com/" target="_blank">LastPass</a> </b>is a web service that securely stores your password information. It runs in the browser and there is no desktop app. There is also a mobile app if you pay the 'freemium'.<br />
<br />
Both systems can use a master password for the repository. But Keypass has other options, and one is to use the windows logon credentials to open the database. Both systems are generally secure options.<br />
<br />
Lastpass seems to be best for storing website credentials. Keypass is more general purpose and gives greater flexibility (maybe too much?), such as choosing your encryption algorithm. And I have used it as a place to store all sorts of access information, including combo lock codes, ftp logins, and encryption keys.<br />
<br />
A great feature of Lastpass is to let it choose passwords for sites, and store them, so that you don't need to remember those passwords. It helpfully reminds you when a password is duplicated between sites, to make each site's password unique. This way you are not relying on your browser or operating system to store your web site passwords. For a little more money, you can get an App on your iPad or smartphone.<br />
<br />
Keypass is more the free swiss army knife of password encryption. You need to move that encrypted password file around with you. Or save it in Dropbox and open it from wherever you are. (That feature is front and center in KeypassDroid.)<br />
<br />
In the <a href="http://mashable.com/2014/04/09/heartbleed-nightmare/" target="_blank">Heartbleed</a> story, Mashable referenced <a href="http://mashable.com/2010/10/08/password-management-tools/" target="_blank">Lastpass</a>. And so I looked into using it as a place to save and update passwords. Looking for browser integration, I decided to give it a try. Converting from Keypass2 KDBX format was not straightforward.<br />
<br />
<h3>
Converting from Keepass2 to Lastpass</h3>
Lastpass suggests using a Keypass XML format export with the Lastpass import routine.<br />
The XML import resulted in a series of notes with credentials stored in them,<br />
instead of a list of sites and the username and password stored in the correct field.<br />
<br />
The obvious thing to try is a CSV export.<br />
Save the database as a CSV.<br />
Edit the CSV to match the column format in Excel. (Yes you still need that!)<br />
<br />
Details: <a href="https://helpdesk.lastpass.com/getting-started/importing-from-other-password-managers/#Importing+from+a+Generic+CSV+File">https://helpdesk.lastpass.com/getting-started/importing-from-other-password-managers/#Importing+from+a+Generic+CSV+File</a><br />
<br />
Unfortunately, my favorite Mac Keepass port; <a href="http://www.kyuran.be/kypass-mac/">KyPass Companion</a> did not allow CSV export,
so I had to fire up a PC to convert the data.<br />
<br />
The next thing to note is that the import process un-checks entries without a URL. I always used Keepass as a reference, so I did not have a URL for each site. Without the URL, the browser integration piece is broken.<br />
<br />
So, you really want to track down the URLs and enter them in your CSV file <b><i>before</i></b> importing the CSV. In any case you will want to decide whether to check the entries for sites that would otherwise not be imported during the process.<br />
<br />
<h3>
<b>Running the import with an edited CSV</b></h3>
With a complete CSV, Lastpass complains about using Chrome during the import - so I had to open up Safari. Or install Firefox. Safari worked just fine.<br />
<br />
<h3>
Final Impressions</h3>
<div>
Both programs seem to be secure. Lastpass is only free in two ways: Free in the browser, and <a href="https://www.gnu.org/philosophy/free-sw.html" target="_blank">free as in beer</a>. Keepass is open source, and so the source code is available for review (free as in freedom); and there is no cost unless you wish to pay for a specialized version such as <a href="http://www.kyuran.be/kypass-mac/">KyPass Companion</a>.</div>
<div>
<br /></div>
<div>
Given that the Heartbleed OpenSSL bug was available for review for two years before it was discovered - the freedom argument is even more of a philosophical one this week.</div>
<div>
<br /></div>
<div>
Keepass is definitely the winner when it comes to a convenient file based manager.</div>
<div>
If you're OK with Dropbox, that is also a really handy way to sync Keepass files.</div>
<div>
And I think it is better as a swiss army knife, to store items other than website login information.</div>
<div>
<br /></div>
<div>
Having used Lastpass for a few minutes - it really is easy to jump onto a website with browser integration. Having looked at how they claim encryption is done in Lastpass, seeing that the passwords are encrypted before they reach the server, that is another great feature. If the server is compromised, your passwords are still encrypted.</div>
<div>
<br /></div>
<div>
When changing passwords, however, the browser integration is annoying. Unfortunately the app does not overwrite (clear out) anything that was previously entered in these 'new password' fields when it inserts the new replacement password. But you can work around this by generating a new password. Then copy and paste your generated new password into the two 'new password' fields directly before updating.<br />
<br />
Make sure the 'old' password is good. It's easy to get out of sync when generating a new password. You might want to copy down the old one before you make <i><b>any</b></i> updates. Particularly in a case where there is no easy password recovery option.</div>
<div>
<br />
<h3>
Parting Thought</h3>
</div>
<div>
I am not sure if I will be comfortable with a process where I never see the password itself. Generally I remember many dozens of passwords, so until now Keepass has really been a backup. What if Lastpass goes down?</div>
<div>
<br /></div>
<div>
<br /></div>
Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com0tag:blogger.com,1999:blog-7832661522460057295.post-80961056034482780702014-04-10T20:06:00.004-04:002014-04-10T20:08:58.192-04:00Moving a Mac iTunes library to a NAS device - the most overlooked step...<i>Moving iTunes library to a NAS device</i><br />
<br />
So, I bit the bullet and picked up a NAS device to offload AV files from my Mac.<br />
Now I want iTunes to run from the network disk drive instead of needing to keep the Mac on all the time. It takes less juice :-)<br />
<br />
I followed a couple of different walk-throughs:<br />
<br />
<a href="http://arstechnica.com/apple/2012/12/how-to-offload-your-itunes-library-to-a-nas/">http://arstechnica.com/apple/2012/12/how-to-offload-your-itunes-library-to-a-nas/</a><br />
<br />
<a href="http://www.synology.com/en-global/support/tutorials/521">http://www.synology.com/en-global/support/tutorials/521</a><br />
<h3>
<i><br />Most overlooked setup detail</i></h3>
The key point from the ARS article is this: If the drive is not mounted at boot time, iTunes will not play. It also won't sync to an iPad or other device.<br />
<br />
Key was to go into the "Users and Groups" control panel and select "Login Items".<br />
Here you can navigate to shared network resources, and set them to mount at login.<br />
<br />
The drives need to be mounted before iTunes is launched. iTunes did move my music library to the external device, and correctly updated the file location, but it just chokes when it tries to play.<br />
<br />
I had to reboot the Mac to ensure that the drives were mounted before it would work.<br />
<br />
So, now we can share iTunes to PCs wirelessly. But for other devices the story is not straightforward, the NAS device does not have iTunes' home sharing. So accessing these media resources will happen through a non-Apple app from the iPad unless it has been synced through the Mac.Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com0tag:blogger.com,1999:blog-7832661522460057295.post-44220100099775288562014-04-01T12:14:00.000-04:002014-04-12T15:12:15.399-04:00Changing the root password in VMwareOK, so its not supported. Don't do this at home folks. Or at least test it first.<br />
<i>Some days you just need to hack things into shape...</i><br />
<br />
<a href="http://notes.doodzzz.net/2012/12/30/vsphere-5-x-tip-to-toe-reset-esxi-root-user-password-lost-r00t-o_0/">http://notes.doodzzz.net/2012/12/30/vsphere-5-x-tip-to-toe-reset-esxi-root-user-password-lost-r00t-o_0/</a>Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com0tag:blogger.com,1999:blog-7832661522460057295.post-33625105357485097622013-12-20T10:01:00.000-05:002014-02-03T13:47:28.203-05:00Read Only Friday - Windows XP, Windows Update, a fatal combination?<h4>
Working Slower?</h4>
For those using Windows XP, and attempting to follow earlier guidance and best practices by running Windows Update - life has been moving veeerrryyy slooowwwwwly since September.<br />
<br />
Patch updates from Microsoft have caused certain machines running IE 6, 7 and 8 to become slow and unresponsive. Microsoft has acknowledged the problem and has tried twice to resolve it in subsequent Patch Tuesday releases. The Windows Update system consumes a high percentage of CPU in the SVCHOST process (which slows down everything else on the computer).<br />
<br />
Windows XP will be retired in April, after it's lifetime was extended due to a Microsoft customer revolt against Windows Vista.<br />
<br />
Microsoft is trying again to resolve the issue, according to this <a href="http://windowsitpro.com/windows-xp/svchost-and-windows-update-windows-xp-still-problem?NL=(News_WIN%20_WindowsVIP_121913)%20Batch&E_ID=840328&NLL=3516&elq=660fbb8c899340048671a0dd8744f746&elqCampaignId=3516" target="_blank">article</a> in Windows IT Pro.<br />
<br />
As a supporter of non-profit Windows users, this is an unfortunate turn of events. The computers behave so badly that I have reformatted one entirely (in an attempt to clear out any potential Malware) but the only resolution is to turn off Windows Update for the time being.<br />
<br />
<h4>
What can be done?</h4>
Normally I am a proponent of patch updates. But if you have to turn off updates just to use your machine... This may be a good use case for application whitelisting. Solutions like <a href="http://www.faronics.com/products/deep-freeze/" target="_blank">Faronics DeepFreeze</a> can be helpful (DeepFreeze will wipe away any changes to a system, including Malware). Be aware that preserving older software in a working state also preserves vulnerabilities that have since been patched. This could turn your computing experience into a game of <a href="http://en.wikipedia.org/wiki/Whac-A-Mole" target="_blank">whack a mole</a>...<br />
<br />
<a href="http://www.solutionary.com/index/SERT/Quarterly-Threat-Reports/Q4-2012/index.php" target="_blank">Recent research</a> indicates that Malware authors tend to hit older vulnerabilities more frequently than newer ones, so I will still be trying to patch these systems once a month from the web.<br />
<br />
See an earlier article on patch management issues here:<br />
<a href="http://www.tinkersfolly.net/2013/11/patch-management-our-silent-achilles.html">http://www.tinkersfolly.net/2013/11/patch-management-our-silent-achilles.html</a><br />
<br />
<h3>
Update (2/3/2014)</h3>
<div>
Since December I have been exploring how to run these systems in a stable way. I found that for video playback, SUSE Linux does a great job of playing video files and streaming video. Though I did have to add additional optional codec support, and install Google Chrome to play back Flash videos.</div>
<div>
<br /></div>
<div>
iTunes 11 was slowing down the machines unacceptably, so on the second laptop I installed iTunes 10, and restored an earlier library. I found that iTunes saves a copy of the library file at each upgrade.</div>
<div>
Unfortunately iTunes is not available on Linux and Linux based audio players do not seem useful. Though I have not yet experimented with Google's Cloud Payer.</div>
<br />
<br />Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com3tag:blogger.com,1999:blog-7832661522460057295.post-90192575211880452222013-11-07T10:46:00.002-05:002013-12-20T10:01:19.588-05:00Read Only Friday - Patch Management - our Silent "Achilles Heel"<h4>
Patch Management is held to be a key part of operational security</h4>
<div>
The drill is "keep everything up to date to handle known vulnerabilities in commonly used software". Sometimes it seems the software vendor does not have the needs of IT at heart. Why is that?</div>
<div>
<br /></div>
<div>
The software vendor:</div>
<div>
<ol>
<li>Responds to market conditions and targets the consumer more often than not</li>
<li>Is constrained by marketing, budgeting and massaging the quarterly earnings reports when responding to reported vulnerabilities</li>
<li>Companies' primary responsibility is to their shareholders, and not to the security of the user</li>
</ol>
</div>
<h4>
Eliminate Admin rights for users</h4>
<div>
The other commonly spoken mantra is to <i><a href="http://www.esecurityplanet.com/news/article.php/3873356/Want-PC-Security-Remove-Admin-Rights.htm" target="_blank">eliminate admin rights</a></i> for users (and administrators as well.)</div>
<div>
This way any Malware executeables delivered via email, and some of them delivered via a browser will fail to install. <a href="http://en.wikipedia.org/wiki/User_Account_Control%E2%80%8E" target="_blank">UAC</a> will prompt the user even if they do have admin rights.</div>
<h4>
Eliminating Admin rights is working well</h4>
<div>
Eliminating Admin rights is working great in my environment, but it is not a universal solution.<br />
Some software, notably Java, can easily compromise a machine even when the user has no admin rights. Java <u>needs to be constantly</u> upgraded. But embedded systems and back end software often rely on specific Java versions. That means that the vulnerable version of Java can't easily be upgraded, or resides on a machine that the vendor views as an appliance (which <i>should not</i> be upgraded.)</div>
<div>
<br />
Some users actually use Java, for example to look up information on many State and local Government websites. For the most part I can just uninstall it, but not everywhere.</div>
<h4>
Software companies respond to user concerns about security</h4>
<div>
There are differences in how software companies respond to user concerns about security. User concerns affect the shareholder value in a company very directly. Microsoft, to its credit, has provided an entire infrastructure to maintain patches on our MS based systems. Adobe and Oracle have provided update mechanisms in their products - but these update mechanisms are directed at users <i>with admin rights.</i></div>
<div>
<i><br /></i></div>
<div>
<i>Most users don't know what to do when presented with an 'update now' prompt that fails due to the lack of admin rights.</i></div>
<h4>
There's a Gap for smaller companies who need to patch Acrobat, Flash and Java</h4>
<div>
For businesses, the patching process for these products is complicated by the consumer driven 'update' mechanism. We simply want the products to continue working. We don't want the user to have to reconfigure the product, accept a new EULA, and be presented with options to purchase additional services simply to apply a patch.</div>
<div>
<br /></div>
<div>
The answer to these questions is either to manually install every patch, which is either expensive or impossible; or alternatively to repackage the executable using tools that the manufacturers provide.</div>
<div>
Repackaging allows you to pre-select the EULA, configure any options that are available and remove weird features that confuse the user - or cause expense to the company. One of those features to remove is the <u>prompt to update the product</u> - because the end user can't complete the task!</div>
<div>
<br /></div>
<div>
In a smaller company - repackaging is out of reach due to the required technical expertise, and the constant interruptions to provide desktop support. End users can't install or update their software. And so the 'security' update feature of products like Acrobat and Java actually causes more trouble.</div>
<div>
<br /></div>
<blockquote class="tr_bq">
<a href="http://www.google.com/chrome" target="_blank">Chrome</a> does everything wrong. It installs in the user context, and doesn't respect the user's lack of admin rights. But... It updates itself every time it is used, and updated Flash is baked in. Chrome is IT's problem child, <i>Chrome is IT's "Love/Hate" relationship.</i></blockquote>
<h4>
What can be done?</h4>
<div>
There should be a place where we can get tweaked versions of Acrobat Reader and Java, packaged with all the right options. As my mom would have said "For the sake of Pete!" Why should we all have to do this work independently? For open source products this might not be an issue, but for proprietary products - even 'free' software - why is there no repository of tested corporate ready packaged applications?</div>
<div>
<br /></div>
<div>
Sites such as <a href="http://www.itninja.com/" target="_blank">IT Ninja</a>, and <a href="http://www.spiceworks.com/" target="_blank">Spiceworks</a> do provide tips on how to do the packaging, and installation options for patches. Application virtualization is another way to maintain the current versions of applications.</div>
<div>
<br /></div>
<div>
Licensing issues are the main reason that this has not happened. Also, the software vendors may want to 'offer services' to the end user that we want hidden, Adobe might want to preserve the ability to up-sell the user. IT wants to prevent the user from buying an online PDF conversion service - when the user should just ask us for the full version of Acrobat. And then there is the 'not invented here' factor. Acrobat's packaging methods are different than Oracle's, etc. An important consideration is whether the 'golden' version of the product could be infected <i>in the repository. Companies might not trust a user community to maintain safe patched installers for software.</i></div>
<h4>
A Software Repository</h4>
<div>
Here's what I want to see. Software makers and patch management vendors, for example <a href="http://www.lumension.com/" target="_blank">Lumension</a>, should work together to take a best guess at packaging corporate versions of these applications. These would be silent installs with no user intervention, that have the options set so that users can simply go about their work with no interruptions. Smaller companies can then use a patch management system to maintain the patch level of these applications without hiring someone to repackage the apps.</div>
<h4>
Patch Management - our Silent "Achilles Heel"</h4>
<div>
Patch management is a lot like running backups. Patches fail to apply, backups fail for seemingly no reason.<br />
Unless you go digging, the failure is pretty much silent. </div>
<div>
<br /></div>
<div>
As the flurry of vulnerabilities has grown exponentially it is widely acknowledged that AV is no longer keeping up, patching has to be in place as another foot of the stool. <i>Patching is essential and it needs to occur at an increasing frequency.</i></div>
<div>
<br /></div>
<div>
<a href="http://www.computerworld.com/s/article/9242593/Java_exploits_seen_as_huge_menace_so_far_this_year">http://www.computerworld.com/s/article/9242593/Java_exploits_seen_as_huge_menace_so_far_this_year</a></div>
<div>
<a href="http://www.lawfareblog.com/2013/07/the-market-in-zero-day-exploits/">http://www.lawfareblog.com/2013/07/the-market-in-zero-day-exploits/</a></div>
<div>
<a href="http://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/">http://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/</a></div>
<div>
<br /></div>
Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com0tag:blogger.com,1999:blog-7832661522460057295.post-89954752278387888732013-10-16T12:28:00.002-04:002013-10-16T12:42:08.978-04:00419 Scam Gets Past Spam Filter?<h2>
419 Scam is Fraud, but is it Spam?</h2>
<div>
Nigerian 419 spam/scam gets past the spam filter? Well not so often, but.. Take a look at this one!</div>
<div>
<blockquote class="tr_bq">
From: Mr.Paul Fletch. [<a href="mailto:lgatica@municallao.gob.pe"><span style="color: windowtext; text-decoration: none; text-underline: none;">mailto:lgatica@municallao.gob.pe</span></a>]<br />
Sent: Wednesday, October 16, 2013 7:33 AM<br />
Subject: <span style="font-family: "Times New Roman","serif";">صديقي</span>
<span style="font-family: "Times New Roman","serif";">العزيز</span> <span style="font-family: "Times New Roman","serif";">،</span><o:p> </o:p><span style="font-family: "Times New Roman","serif";">صديقي</span>
<span style="font-family: "Times New Roman","serif";">العزيز</span> <span style="font-family: "Times New Roman","serif";">،</span><o:p> </o:p><span style="font-family: "Times New Roman","serif";">هو</span>
<span style="font-family: "Times New Roman","serif";">في</span> <span style="font-family: "Times New Roman","serif";">الواقع</span> <span style="font-family: "Times New Roman","serif";">دواعي</span> <span style="font-family: "Times New Roman","serif";">سروري</span> <span style="font-family: "Times New Roman","serif";">أن</span> <span style="font-family: "Times New Roman","serif";">أكتب</span> <span style="font-family: "Times New Roman","serif";">لك</span>
<span style="font-family: "Times New Roman","serif";">هذه</span> <span style="font-family: "Times New Roman","serif";">الرسالة</span> <span style="font-family: "Times New Roman","serif";">،</span> <span style="font-family: "Times New Roman","serif";">والذي</span> <span style="font-family: "Times New Roman","serif";">أعتقد</span>
<span style="font-family: "Times New Roman","serif";">أنه</span> <span style="font-family: "Times New Roman","serif";">سيكون</span> <span style="font-family: "Times New Roman","serif";">مفاجأة</span> <span style="font-family: "Times New Roman","serif";">لكم</span> <span style="font-family: "Times New Roman","serif";">ونحن</span> <span style="font-family: "Times New Roman","serif";">لم</span> <span style="font-family: "Times New Roman","serif";">يلتقيا</span> <span style="font-family: "Times New Roman","serif";">ابدا</span>
<span style="font-family: "Times New Roman","serif";">من</span> <span style="font-family: "Times New Roman","serif";">قبل،</span> <span style="font-family: "Times New Roman","serif";">و</span> <span style="font-family: "Times New Roman","serif";">أشعر</span> <span style="font-family: "Times New Roman","serif";">بأسف</span>
<span style="font-family: "Times New Roman","serif";">بالغ</span> <span style="font-family: "Times New Roman","serif";">إذا</span> <span style="font-family: "Times New Roman","serif";">كان</span> <span style="font-family: "Times New Roman","serif";">لدي</span> <span style="font-family: "Times New Roman","serif";">بأي</span> <span style="font-family: "Times New Roman","serif";">طريقة</span> <span style="font-family: "Times New Roman","serif";">بالانزعاج</span> <span style="font-family: "Times New Roman","serif";">خصوصيتك</span> . <span style="font-family: "Times New Roman","serif";">أنا</span> <span style="font-family: "Times New Roman","serif";">السيد</span> <span style="font-family: "Times New Roman","serif";">بول</span> <span style="font-family: "Times New Roman","serif";">فليتشر</span> <span style="font-family: "Times New Roman","serif";">من</span> Harlsden <span style="font-family: "Times New Roman","serif";">،</span> <span style="font-family: "Times New Roman","serif";">شمال</span> <span style="font-family: "Times New Roman","serif";">غرب</span>
<span style="font-family: "Times New Roman","serif";">لندن</span> <span style="font-family: "Times New Roman","serif";">،</span> <span style="font-family: "Times New Roman","serif";">هنا</span> <span style="font-family: "Times New Roman","serif";">في</span>
<span style="font-family: "Times New Roman","serif";">إنجلترا</span> . <span style="font-family: "Times New Roman","serif";">أنا</span> <span style="font-family: "Times New Roman","serif";">أعمل</span> <span style="font-family: "Times New Roman","serif";">مع</span> <span style="font-family: "Times New Roman","serif";">سانتاندر</span> <span style="font-family: "Times New Roman","serif";">بنك</span>
<span style="font-family: "Times New Roman","serif";">بي</span> <span style="font-family: "Times New Roman","serif";">إل</span> <span style="font-family: "Times New Roman","serif";">سي</span> <span style="font-family: "Times New Roman","serif";">لندن</span>
. <span style="font-family: "Times New Roman","serif";">مع</span> <span style="font-family: "Times New Roman","serif";">الاحترام</span> <span style="font-family: "Times New Roman","serif";">والاعتبار</span> <span style="font-family: "Times New Roman","serif";">الواجبين</span> <span style="font-family: "Times New Roman","serif";">،</span> <span style="font-family: "Times New Roman","serif";">وأنا</span> <span style="font-family: "Times New Roman","serif";">أكتب</span>
<span style="font-family: "Times New Roman","serif";">لكم</span> <span style="font-family: "Times New Roman","serif";">من</span> <span style="font-family: "Times New Roman","serif";">مكتبي</span> <span style="font-family: "Times New Roman","serif";">من</span>
<span style="font-family: "Times New Roman","serif";">شأنها</span> <span style="font-family: "Times New Roman","serif";">أن</span> <span style="font-family: "Times New Roman","serif";">تكون</span> <span style="font-family: "Times New Roman","serif";">ذات</span>
<span style="font-family: "Times New Roman","serif";">فائدة</span> <span style="font-family: "Times New Roman","serif";">كبيرة</span> <span style="font-family: "Times New Roman","serif";">لكلا</span> <span style="font-family: "Times New Roman","serif";">منا</span> . <span style="font-family: "Times New Roman","serif";">في</span> <span style="font-family: "Times New Roman","serif";">إدارتي</span> <span style="font-family: "Times New Roman","serif";">،</span>
<span style="font-family: "Times New Roman","serif";">كونها</span> <span style="font-family: "Times New Roman","serif";">خاصة</span> <span style="font-family: "Times New Roman","serif";">مدير</span> <span style="font-family: "Times New Roman","serif";">المصرفية</span> (<span style="font-family: "Times New Roman","serif";">المكتب</span> <span style="font-family: "Times New Roman","serif";">الإقليمي</span> <span style="font-family: "Times New Roman","serif";">لندن</span> <span style="font-family: "Times New Roman","serif";">الكبرى</span> ) . <span style="font-family: "Times New Roman","serif";">أنا</span> <span style="font-family: "Times New Roman","serif";">محاسب</span> <span style="font-family: "Times New Roman","serif";">الشخصية</span> <span style="font-family: "Times New Roman","serif";">إلى</span> <span style="font-family: "Times New Roman","serif";">التأخر</span> <span style="font-family: "Times New Roman","serif";">في</span> Mr.Ron BRAMLAGE <span style="font-family: "Times New Roman","serif";">رجل</span> <span style="font-family: "Times New Roman","serif";">أعمال</span> <span style="font-family: "Times New Roman","serif";">،</span> <span style="font-family: "Times New Roman","serif";">وهو</span> <span style="font-family: "Times New Roman","serif";">مواطن</span>
<span style="font-family: "Times New Roman","serif";">أمريكي</span> <span style="font-family: "Times New Roman","serif";">الذي</span> <span style="font-family: "Times New Roman","serif";">خسر</span> <span style="font-family: "Times New Roman","serif";">حياته</span> <span style="font-family: "Times New Roman","serif";">للأسف</span> <span style="font-family: "Times New Roman","serif";">،</span> <span style="font-family: "Times New Roman","serif";">قتل</span> <span style="font-family: "Times New Roman","serif";">زوجته</span>
<span style="font-family: "Times New Roman","serif";">و</span> <span style="font-family: "Times New Roman","serif";">أطفالهما</span> <span style="font-family: "Times New Roman","serif";">الأربعة</span> <span style="font-family: "Times New Roman","serif";">عندما</span> <span style="font-family: "Times New Roman","serif";">تحطمت</span> <span style="font-family: "Times New Roman","serif";">طائرتهم</span> <span style="font-family: "Times New Roman","serif";">الصغيرة</span> <span style="font-family: "Times New Roman","serif";">في</span> <span style="font-family: "Times New Roman","serif";">منطقة</span> <span style="font-family: "Times New Roman","serif";">مستنقعات</span>
<span style="font-family: "Times New Roman","serif";">في</span> <span style="font-family: "Times New Roman","serif";">وسط</span> <span style="font-family: "Times New Roman","serif";">فلوريدا</span> <span style="font-family: "Times New Roman","serif";">يوم</span> 7 <span style="font-family: "Times New Roman","serif";">يونيو</span> 2012 . <span style="font-family: "Times New Roman","serif";">السيد</span> <span style="font-family: "Times New Roman","serif";">رون</span> BRAMLAGE <span style="font-family: "Times New Roman","serif";">،</span> <span style="font-family: "Times New Roman","serif";">وهو</span> <span style="font-family: "Times New Roman","serif";">رجل</span>
<span style="font-family: "Times New Roman","serif";">أعمال</span> <span style="font-family: "Times New Roman","serif";">بارز</span> <span style="font-family: "Times New Roman","serif";">الذين</span> <span style="font-family: "Times New Roman","serif";">يملكون</span> <span style="font-family: "Times New Roman","serif";">المشاريع</span> <span style="font-family: "Times New Roman","serif";">على</span> <span style="font-family: "Times New Roman","serif";">الطريق</span> LLC <span style="font-family: "Times New Roman","serif";">و</span> <span style="font-family: "Times New Roman","serif";">أيضا</span> <span style="font-family: "Times New Roman","serif";">وسيط</span>
<span style="font-family: "Times New Roman","serif";">عقاري</span> <span style="font-family: "Times New Roman","serif";">،</span> <span style="font-family: "Times New Roman","serif";">كانت</span> <span style="font-family: "Times New Roman","serif";">تخطط</span>
<span style="font-family: "Times New Roman","serif";">ل</span> <span style="font-family: "Times New Roman","serif";">تأتي</span> <span style="font-family: "Times New Roman","serif";">استثمار</span> <span style="font-family: "Times New Roman","serif";">في</span> <span style="font-family: "Times New Roman","serif";">العقارات</span> <span style="font-family: "Times New Roman","serif";">وغيرها</span>
<span style="font-family: "Times New Roman","serif";">من</span> <span style="font-family: "Times New Roman","serif";">المشاريع</span> <span style="font-family: "Times New Roman","serif";">التجارية</span> <span style="font-family: "Times New Roman","serif";">المربحة</span> <span style="font-family: "Times New Roman","serif";">هنا</span> <span style="font-family: "Times New Roman","serif";">في</span> <span style="font-family: "Times New Roman","serif";">إنجلترا</span> <span style="font-family: "Times New Roman","serif";">الذي</span>
<span style="font-family: "Times New Roman","serif";">لديه</span> <span style="font-family: "Times New Roman","serif";">يودع</span> <span style="font-family: "Times New Roman","serif";">مبلغ</span> <span style="font-family: "Times New Roman","serif";">مجموعه</span> 13700000 £ GBP ( <span style="font-family: "Times New Roman","serif";">ثلاثة</span> <span style="font-family: "Times New Roman","serif";">عشر</span> <span style="font-family: "Times New Roman","serif";">مليون</span> <span style="font-family: "Times New Roman","serif";">سبعة</span> £ 100<span style="font-family: "Times New Roman","serif";">،</span>000 ) <span style="font-family: "Times New Roman","serif";">في</span> <span style="font-family: "Times New Roman","serif";">حساب</span> <span style="font-family: "Times New Roman","serif";">في</span>
<span style="font-family: "Times New Roman","serif";">بنك</span> <span style="font-family: "Times New Roman","serif";">هنا</span> <span style="font-family: "Times New Roman","serif";">لدينا</span> <span style="font-family: "Times New Roman","serif";">والتي</span> <span style="font-family: "Times New Roman","serif";">أعتقد</span> <span style="font-family: "Times New Roman","serif";">لا</span> <span style="font-family: "Times New Roman","serif";">أحد</span> <span style="font-family: "Times New Roman","serif";">يعرف</span>
<span style="font-family: "Times New Roman","serif";">عن</span> <span style="font-family: "Times New Roman","serif";">ذلك</span> .</blockquote>
Not really obvious what this is. Why would anyone send us an Arabic message? Of course the spam filter doesn't find any likely spammy phrases in Arabic... Fortunately Google translate will auto-detect the language (don't tell my Spanish teacher please!)<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-LuCL3eUGV2Y/Ul63bCWW23I/AAAAAAAABdI/uOFbDCliPYc/s1600/2013-10-16_1156.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="230" src="http://2.bp.blogspot.com/-LuCL3eUGV2Y/Ul63bCWW23I/AAAAAAAABdI/uOFbDCliPYc/s640/2013-10-16_1156.png" width="550" /></a></div>
Interesting... I'll bet that opening phrase gets a few hits in Google:<br />
<br />
<blockquote class="tr_bq">
<span title="صديقي العزيز ،">Dear friend, </span><span title="هو في الواقع دواعي سروري أن أكتب لك هذه الرسالة ، والذي أعتقد أنه سيكون مفاجأة لكم ونحن لم يلتقيا ابدا من قبل، و أشعر بأسف بالغ إذا كان لدي بأي طريقة بالانزعاج خصوصيتك .">Is indeed a pleasure to write you this letter , which I think it will surprise you and we have never met before, and I am deeply sorry if I have in any way disturbed your privacy</span></blockquote>
I see hits going back to 2006... The rest of the story changes. There must be a 'fraud template' out there!<br />
<blockquote class="tr_bq">
</blockquote>
</div>
Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com0tag:blogger.com,1999:blog-7832661522460057295.post-57879685512643129402013-10-12T21:07:00.001-04:002013-10-12T21:07:54.282-04:00Earth to Chrome...<h2>
dangerous marketing?</h2>
<div>
Chrome is now everywhere. Why?</div>
<div>
Because Chrome is lightweight, and seems agnostic to the user's choice of brand.</div>
<div>
<br /></div>
<div>
...Oops...</div>
<div>
<br /></div>
<div>
Chrome prompts me to log in?</div>
<div>
<br /></div>
<div>
Is it time to dump Chrome?</div>
Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com0tag:blogger.com,1999:blog-7832661522460057295.post-27818601804482753642013-10-11T11:27:00.003-04:002013-10-11T18:55:24.632-04:00Read Only Friday - debugging Volume Shadow Copy without rebooting a server<span style="font-size: large;">O</span>ne of the most difficult challenges for us is to debug <a href="http://www.symantec.com/business/support/index?page=content&id=DOC4045" target="_blank">Backup Exec 2010 R3</a> failures. It seems like they are very frequent and it could be a full time job just keeping backups running! And you know it's Friday - we can't break anything before the weekend, so we have to be ultra careful with the 'god switch'. <b><i>But, Backups are important to fix, even if they're hard - right?</i></b><br />
<br />
<b>Microsoft VSS</b> is a technology that powers the 'previous versions' option on Windows file servers. It's pretty much a snapshot service like what you might have seen in another product (NetApp Filers for example), but its baked into Windows. So it doesn't take a lot of work to set a server up to create a backup copy occasionally. By default these snapshots happen at 7am and 12:00pm every day. But you can add or change the schedule to fit your needs.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-leds73Cka7w/UlgZg9kTVvI/AAAAAAAABcs/_cnM8m0QpK4/s1600/previous_versions.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="http://3.bp.blogspot.com/-leds73Cka7w/UlgZg9kTVvI/AAAAAAAABcs/_cnM8m0QpK4/s200/previous_versions.png" width="163" /></a></div>
VSS copies files even if they are currently open. So it also is used when making backups. Because that way the file does not need to be locked, released, or entirely skipped during a backup. Backup Exec has the ability to use the Microsoft VSS driver, but there is also an optional Symantec one available.<br />
<br />
When backing up a system it is very helpful to have the Backup Exec Remote agent installed. Otherwise the backup just accesses the file through the usual file sharing methods. Backups with the agent can use VSS, and run much faster.<br />
<br />
Troubleshooting backups that fail is very time consuming. Troubleshooting those that fail due to VSS has been pretty challenging! Here is a great blog post on the /misc/tech/musings blog that is really sweet!<br />
<br />
<a href="http://misctechmusings.com/windows/troubleshooting-volume-shadow-copy-service-vss-errors/">http://misctechmusings.com/windows/troubleshooting-volume-shadow-copy-service-vss-errors/</a><br />
<br />
Using this information allowed me to get VSS working on a profile server without restarting the machine. Good news on a Friday before a long weekend! (With thanks to Will for pointing me to VSS yesterday!)Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com0tag:blogger.com,1999:blog-7832661522460057295.post-52785662194408887082013-10-10T11:05:00.002-04:002013-10-10T11:16:20.528-04:00Revelations about Microsoft Security Essentials, What do they Mean for Windows In-Tune?<h2>
<span style="font-family: inherit;">The Echo Chamber Speaks</span></h2>
Microsoft Security Essentials - It's bad! No, wait, no it's good enough!<br />
<span style="font-family: inherit;">For a few years now, security professionals such as myself have recommended to home users to run Microsoft Security Essentials as a good, basic, free anti-virus program. </span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">The internet echo chamber has made much of a recent interview with <span 19px="" line-height:="">Holly Stewart, senior program manager of the <a href="http://blogs.technet.com/b/mmpc/" target="_blank">Microsoft Malware Protection Center</a>. She indicated that the company is no longer focusing on making MSE the 'best' testing anti-virus program but rather they are focusing on providing information to the community of anti-virus and anti-malware software makers. (A rising tide lifts all boats...)</span></span><br />
<div>
<span style="border: 0px; line-height: 19px; margin: 0px; padding: 0px;"><span style="font-family: inherit;"><span style="border: 0px; line-height: 19px; margin: 0px; padding: 0px;"><br /></span></span></span></div>
<span style="border: 0px; line-height: 19px; margin: 0px; padding: 0px;"><span style="font-family: inherit;">
Thus putting out a nuanced message completely misunderstood in the wild. It seems like every tech journalist is jumping on the "dump MSE" craze. But I have to say that is just a bit too quick. </span></span><br /><br />
<div>
<span style="border: 0px; line-height: 19px; margin: 0px; padding: 0px;"><span style="font-family: inherit;"><br /></span></span></div>
<div>
<span style="border: 0px; line-height: 19px; margin: 0px; padding: 0px;"><span style="font-family: inherit;">For the home user that needs something basic that <i>doesn't break</i> when the subscription needs to be renewed, MSE is still a good solution. (With windows firewall, Secunia PSI and Malwarebytes...)</span></span></div>
<div>
<br />
<h4>
<span style="border: 0px; line-height: 19px; margin: 0px; padding: 0px;"><span style="font-family: inherit;">What others should learn from MSE</span></span></h4>
</div>
<div>
<span style="border: 0px; line-height: 19px; margin: 0px; padding: 0px;"><span style="font-family: inherit;">One thing that some other providers should learn from Microsoft is that you CAN make an antivirus product that doesn't get in your face all the time and demand attention. For example Avast's free antivirus is just bloody needy, and AVG free which I used to recommend hides the download link behind a ton of advertising (for the fee based version) - and it has a habit of forcing you to upgrade (and find that hidden link) every so often.<br /><br />The time-limited trials that come on OEM equipment are also a bad idea. I would like to know what percentage of these free trials are never updated after the trial period expires? I have seen a lot of home machines that have expired 'trial' antivirus. And worse, sometimes it is a poorly rated product to begin with! </span></span><br />
<span style="border: 0px; line-height: 19px; margin: 0px; padding: 0px;"><span style="font-family: inherit;"><br /></span></span>
<span style="border: 0px; line-height: 19px; margin: 0px; padding: 0px;"><span style="font-family: inherit;">Both of these issues lead to computers that have out of date or not functional antivirus... MSE is better than that, as a baseline.</span></span></div>
<div>
<span style="line-height: 19px;"><br /></span></div>
<div>
<span style="line-height: 19px;">And then in today's news...</span><br />
<br /><h4>
<span style="font-family: inherit;">Hear Ye! Hear Ye! "It's Good Enough"</span></h4>
<blockquote class="tr_bq">
<span style="font-family: 'Segoe UI', 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px;"><a href="http://blogs.technet.com/b/mmpc/archive/2013/10/09/our-commitment-to-microsoft-antimalware.aspx" target="_blank">We are proud of the protection capabilities we provide for well over 150 million computers worldwide with our real-time antimalware products. We believe in Microsoft antimalware products and strongly recommend them to our customers, to our friends, and to our families.</a></span></blockquote>
<span style="font-family: 'Segoe UI', 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px;"><br /></span>Here are the competing messages as reported on neowin.net:<br />
<a href="http://www.neowin.net/news/microsoft-security-essentials-provides-baseline-protection" target="_blank">No No No</a><br />
<span style="font-family: inherit;"><a href="http://www.neowin.net/news/microsoft-defends-its-commitment-to-fighting-malware-in-new-blog-post" target="_blank">Maybe Maybe Maybe</a></span><br />
<br />
To quote my old friend Robert W. Warden, <b>"Feh!"</b><br />
<br /><h4>
Greater Concern - Windows InTune</h4>
</div>
<div>
I don't have a concern about home users running MSE - if Windows Firewall is running - and patches are updated. In fact I set up systems with MSE and Secunia's wonderful <a href="http://secunia.com/vulnerability_scanning/personal/" target="_blank">PSI</a> which helps me to keep everything patched and up to date. <a href="http://www.malwarebytes.org/" target="_blank">MalwareBytes</a> free can tighten up the anti-malware side. Geeks out there can take a look at Microsoft's <a href="http://www.microsoft.com/en-us/download/details.aspx?id=29851" target="_blank">EMET</a> for other options.</div>
<div>
<br /></div>
<div>
But for businesses that use Windows In-Tune the question is how does the lack of sharpness around MSE's detection and mitigation capability affect the anti-virus offering in <a href="http://technet.microsoft.com/en-US/library/jj676575.aspx" target="_blank">Windows In-Tune</a>?<br />
We already know that we can't use another provider's anti-malware product with <a href="http://blogs.technet.com/b/uspartner_ts2team/archive/2012/03/10/windows-intune-and-3rd-party-anti-virus-management.aspx" target="_blank">Windows In-Tune</a>.</div>
<div>
<br />
Is MSE the same as EndPoint Protection?</div>
<div>
It seems that <a href="http://social.technet.microsoft.com/Forums/systemcenter/en-US/7030ea72-e6a7-4a53-bae7-31b76ef6a455/what-is-difference-between-microsoft-security-essentials-fore-front-security-end-point-security?forum=configmgradminconsole" target="_blank">Endpoint Protection</a> includes additional tools for deployment and management. That's not helping improve detection....<br />
<br />
And this from the big brother product "System Center Endpoint Protection."</div>
<div>
<blockquote class="tr_bq">
<span style="font-family: 'Segoe UI', 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px;">
Industry-leading Malware Detection</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: 'Segoe UI', 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px;">
<a href="http://www.microsoft.com/en-us/server-cloud/system-center/endpoint-protection-2012.aspx" target="_blank">System Center 2012 Endpoint Protection uses the same industry-leading antimalware engine as Microsoft Security Essentials to protect your employees against the latest malware and rootkits. The engine protects against both known and unknown threats with a combination of highly accurate signatures and behavioral detection techniques. It has been highly ranked in independent third-party tests, such as those by AV-Comparatives and VirusBulletin, with special distinction for its low false positive rate</a>.</span></blockquote>
Industry leading, until we tell you it isn't... Ooops.<br />
<br />
So, until we hear otherwise we have to assume that Windows In-Tune only provides basic protection.<br />
Oh - and forget beefing it up with an after-market product.<br />
<br />
On a strategy note - I think that Windows In-Tune would benefit from integration of different anti-malware products with something like an App Store strategy. Windows In-Tune is a great idea (one that could put me into retirement!) that needs a little more secure underpinnings...</div>
Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com0tag:blogger.com,1999:blog-7832661522460057295.post-73455625031056435692013-09-30T14:08:00.001-04:002013-10-03T10:14:15.036-04:00Generalists and generational shifts.It's always interesting to consider what makes us successful in our IT careers.<br />
<div>
<br /></div>
<div>
<a href="http://www.riverbednews.com/2013/09/secure-your-it-career-before-its-too-late/?utm_source=NPM2_FEA&utm_medium=SecureYourITCareer&utm_term=%20&utm_campaign=0913_NPM_Connections" target="_blank">Rob Whiteley</a> (formerly of Forrester) gives his impressions about specialization in the industry. He argues that we need to become more generalists than specialists, perhaps reversing a trend towards specialization in IT that has been going on for decades.</div>
<div>
But what does that mean for compensation?</div>
<div>
<br /></div>
<div>
If highly specialized jobs are being off-shored, outsourced and replaced by cloud based applications; then should we anticipate that salaries will decline for these new 'generalist' IT staffers? The story sounds a lot like going from being an electrician to manning the electrical supplies aisle at Home Depot.</div>
<div>
<br /></div>
<div>
In 2003 Nicholas Carr argued that "IT Doesn't Matter", and is essentially becoming a <a href="http://www.nicholasgcarr.com/articles/matter.html" target="_blank">commodity</a>. Others <a href="http://blogs.hbr.org/2013/08/it-doesnt-matter-to-ceos/" target="_blank">refute</a> that idea, preferring to tout the 'business advantage' of IT. (Which for us IT people means we need to step up to the plate and become full partners in bringing change to our businesses. Oh and educating mahogany row...)</div>
<div>
<br /></div>
<div>
Another side of consumerization - over time it is certainly true that our younger generation needs less basic training to work with systems. But anyone who runs a help desk will tell you that today's VPs are not yet wizards with their computers, and need a lot of help. </div>
<div>
<br /></div>
<div>
In the 80's and 90's we pushed the corner office to use their equipment to do their own typing and correspondence. It was a hard transition for many who did not have basic keyboarding skills. I can recall one sales guy for example... Well, he was a sweetheart but had a tough time with submitting reports via email!</div>
<div>
<br /></div>
<div>
As an IT generalist, I don't believe that expanding our knowledge (becoming broad in knowledge) will reduce our compensation - because the level of confusion around strategy is greater than ever. And it takes a generalist to see the forest for the trees.</div>
<div>
<br /></div>
<div>
So, here's to generalists and generational shifts!</div>
<div>
<br /></div>
Rich Snowhttp://www.blogger.com/profile/02041554682535515096noreply@blogger.com0