That’s David L. Farquhar, Security+ now

Dave Farquhar Personal ,

I got a few letters behind my name this afternoon. I passed the CompTIA Security+ exam with flying colors. And that means two things: I get to keep my job, and I was qualified to have the job in the first place, but now I have a certificate that says a third party agrees.My personal opinion on the test: You have to approach it like any other test. Another coworker took the test at the same time I did. He was joking around with other people and talking up a storm beforehand. Meanwhile, I was pacing, counting on my fingers and not talking to anyone. I had five things I needed to remember until the clock on the test started and I could scribble them down, so I was focused solely on those five things.

My coworker said he was worried about me because I appeared to be nervous. But that’s just how I am before tests. I review a few things up until the time I’m supposed to walk in, and I take any aid the system provides. If I can carry in an index card, I do that. In the case of CompTIA tests, you can ask for a pencil and piece of paper and scribble down whatever you want on it after the test starts. So I did.

I probably would have passed without that, but I didn’t want to score a 765 on the test (passing is either 764 or 765 out of a possible 900). I wanted an 899. For what it’s worth, my score was a lot closer to 899 than 765.

My coworker and I also both believe the test is designed to frustrate you. The first 30 or so questions were pretty easy. Then my coworker missed 18 questions in a row. He knew he missed them, and there wasn’t anything he could do about it. I was pretty confident about my test, but most of my questionable questions came in bunches too. The real key is to not get bogged down in those rough stretches. It gets better.

Of the 100 questions on the test, only 85 count. The contents of the other 15 are anyone’s guess. Some are questions they’re considering to add to the test’s question pool, and based on how people answer them, they’ll decide if they’re fair or unfair. Some are just plain garbage. I had two questions, I think, that had no right answer out of the four options. I think those are control questions to thwart the companies who pay people to take the test and remember a few questions verbatim so they can build up a bank of test questions to sell. If, for example, you pay for some questions and see one asking where the password hashes are stored on a Linux system, and all four responses start with C:\, you’re going to lose confidence in that provider.

As for classes and books… CompTIA’s official class and book cover a lot of material, but there’s an awful lot of middle-management bull in the book and class that isn’t on the test. We had a manager take the test, and he knew the book forward and backward and paid attention in class, but he didn’t pass.

By the same token, every sysadmin who attended the same class and took the test has passed so far. Having lots of recent experience to draw on helps. I can harden Windows systems in my sleep because that’s been my job description for the last couple of years, and no week-long class can cover that kind of depth.

But the interesting thing is, I got very few questions about system hardening. I got a lot more questions about encryption and firewalls, where my knowledge is weaker. I don’t know if the test determines all of your questions at the start or if it uses the first few questions to figure out your weaker areas and then tries to concentrate on those, but I suspect it might be the latter.

But with Security+ out of the way, I’m thinking about other certifications. Network+ is supposed to be easy when Security+ is fresh in your mind. Given my hardware and operating systems background, A+ should be easy.

Cheap upgrades

Dave Farquhar Hardware , , , , , , ,

Yesterday, during my weekly garage sale adventures, I bought some computer equipment. Among the haul: a Biostar Socket A motherboard with an AMD Sempron 2200+ CPU and 512MB of RAM. It’s not state of the art, but can hold its own against some of the stuff still on the market, and it’s a big upgrade over the 450 MHz Pentium II that’s been powering this web site since July 2002.I swapped the board into my 266 MHz Pentium II. That first-generation P2 was a useful machine for me for a while, but mostly it’s just been taking up space. I had to do some slight modifications to get the newer board to bolt in, but it fit without too much trouble and now some of the 11-year-old hardware is useful again. It reminded me a lot of my college days, when I used to drop 486 and Pentium boards into IBM PC/ATs.

Debian installed on the upgraded system with no complaints, but I quickly found my Linux command line skills are rusty. And there have been enough changes in the last six years that I can’t just copy over /var/www and /var/lib/mysql and expect it to run like it used to.

So I’ll apply my 15 minutes per day principle. My chances of finding a block of 2-3 hours to get it all done are near zero, but I should be able to find a few minutes each day. So one day I can move the databases, then I can move the HTML and PHP another day, convert to WordPress still another day, and maybe, just maybe, have a vastly improved site in about a week if it all goes well.

Adventures in flooring

Dave Farquhar Personal

My wife and I went shopping for a new kitchen floor tonight.

I think we may have found perfection.Everyone I’ve talked to who has linoleum floors loves them. They’re durable, water resistant, and easy to clean. I’ve read about linoleum floors in 100-year-old houses holding up just fine. I think 100 years sounds good to me–that’s more years than I have left. And it’s made from materials that grow in friendly countries, which is something we would do well to consider more often.

There’s even a company named Forbo making a product called Marmoleum Click, which is a linoleum floor that clicks together like laminate. So potentially I could rip out the old floor on a Saturday and spend Sunday afternoon and early evening putting down the new floor, and have it ready to go immediately. Or with some luck, I could finish the project in a day.

The problem is that Marmoleum (and linoleum in general) isn’t something you can run down to the local big-box store and buy. Forbo has exactly one dealer in St. Louis, but fortunately it’s a charming store not far from where my wife lived when we met. And supporting a small locally owned business appeals to me.

At $4.99 per square foot, the price is comparable to any other kind of floor worth having, if not lower. Plus I’ll save a bundle by being able to put it down myself, and it has a 25-year warranty, not to mention the track record of lasting 100 years or more. Stingy Scottish misers like me really like that aspect.

Buffer overflows explained

Dave Farquhar security , , , , , , , , , , ,

Buffer overflows are a common topic on a Security+ exam. The textbook explanation of them is confusing, perhaps even wrong. I’ve never seen buffer overflows explained well.

So I’m going to give a simplified example and explanation of a buffer overflow, similar to the one I gave to the instructor, and then to the class.

Read more

How to clean up your computer before you sell it

Dave Farquhar Hardware , , , , , , ,

I went to a huge garage sale this morning. I walked home with a 7-year-old Dell 15" LCD monitor. What I paid for it wouldn’t buy lunch for my wife and me. When I got it home and saw how well it worked, I felt guilty.

So if you’re thinking of selling some computer equipment, take my tips (as someone who attends literally thousands of garage sales every year) for getting decent money for it.The main reason I got this monitor for so little is because it looked like it sat in a dusty garage or attic for several years. It was filthy. I’ve seen identical monitors sell for 50 bucks as recently as June. Identical except for the dirt, that is.

I cleaned the monitor up using nothing more than an old dish towel and some all-surface biodegradable cleaner I buy at Costco. But dish detergent would work in a pinch. Dampen the towel, wring it out, add a bit of cleaner, and clean all the surfaces except for the screen. You’ll get more money if it looks like the unit was taken care of. You want it to look like you just bought its replacement yesterday.

You’ll also get more if you can demonstrate it works. Run an extension cable or two if necessary, and hook the stuff up so shoppers can see it in action. Many shoppers assume bargain-priced computer equipment at garage sales doesn’t work. In my experience, about half of it does. So I pay accordingly.

Finally, price realistically. These are the same people who get up at 4am the day after Thanksgiving to wait in line until Office Depot opens. I know because I do that too, and I see the same people I see every Saturday. So you’re competing with Black Friday’s prices, with used equipment.

That said, a working computer that runs Windows XP decently (and has a legal copy of XP on it) should fetch $75-$100, depending on its speed. A 1 GHz PC will run closer to $75, while a 2 GHz PC will fetch $100. And at that price, it should sell fairly quickly.

If a computer is decent but doesn’t work, it won’t sell for much. I’ve paid $10 for computers that need hard drives before, and I’ve passed on $10 computers that need hard drives. Sometimes I regret not buying that Pentium 4 that worked except for the hard drive, but my back hurt that day and I didn’t feel like lugging it home.

CRT monitors are hard to give away these days, but if you can demonstrate it works and it looks presentable, a 17-inch monitor is worth $10-$20. Your best bet for getting rid of one of those, though, is to bundle it with a working computer that runs Windows XP.

A working 15-inch LCD monitor should sell for $50 without any trouble.

Keyboards and mice are giveaways. I literally wish I had a dollar for every time someone’s tried to give me a keyboard. Anyone who wants one already has too many. The lone exception to this rule is an optical mouse. But a new, mid-range Microsoft optical mouse sells for $20-$25 on sale, so don’t expect to get more than $5-$10 for one. I paid $2 for one this year, and it didn’t work. I was willing to take a chance at that price, but no higher.

The death of Lyman Bostock

Dave Farquhar Baseball , , , , , , , , , ,
The death of Lyman Bostock

In September 1978, the death of Lyman Bostock rattled the California Angels’ heated division title race with the Kansas City Royals. The Angels’ star outfielder was murdered in Gary, Indiana at the age of 27.

ESPN has a tribute.

He’s the best baseball player you’ve never heard of, and quite possibly also the greatest human being you never heard of.

Read more

So is a Costco membership worth it?

Dave Farquhar Saving money , ,

One gift my wife and I gave ourselves after paying off our mortgage was a Costco membership. We didn’t get one before we paid off that debt, just in case it wasn’t worth it. I’d carried a Sam’s membership for years but found I didn’t use it much. So is a Costco membership worth it?

I think Costco is worth it, with caveats.My wife and I eat whole-grain bread without trans fats or high fructose corn syrup. It’s hard to find anything that meets that criteria. At grocery stores, only a couple of national brands make the grade, and they cost $4 per loaf. We go through one a week, on average. Costco’s house brand makes the grade, and two loaves cost $4. So buying bread at Costco every other week saves us $104 a year, plus about $6 in sales tax. For us, that covers the $50 membership.

I recently read some advice from Andrew Tobias. Johnny Carson asked him what the best investment for $1,000 would be, and Tobias said non-perishable consumer staples. Everyone thought he was kidding, so he clarified. Buy $1,000 of nonperishable necessities (stuff like toilet paper, toothbrushes, shampoo, soap, and the like) on sale, and the return on investment is tremendous.

And you beat inflation. Let’s say inflation continues at 10% annually for a couple of years, which seems likely. By that measure, a toothbrush that costs $3 today will cost $3.63 in 2010 if I’m doing the math right. So if I behave and use four toothbrushes a year, I automatically save $2.56 by buying them today instead of 2010.

Needless to say, I feel pretty good about getting that 10-pack of Oral B toothbrushes today for $9.99 minus a $2 coupon. I saved $20 over buying them one at a time at Kmart. And I got a 20% return on investment.

About those coupons: Costco sends out coupons every couple of weeks. They don’t make substitutions when a hot seller runs out, so get there early. Today we spent $122 and used $15 worth of coupons. We only bought things we knew we’d use: shampoo, baby wipes, coffee, toothbrushes, bar soap, and laundry detergent.

Looking at it from an investor’s viewpoint, $68 worth of the stuff we bought had coupons, so we saved 22%. Where else am I going to get a 22% return on a $68 investment?

So when the next batch of Costco coupons comes in, we’ll look them over and buy anything that we’ll be able to use. I don’t know if $15 is a typical savings over the course of two weeks, but that would be $390 a year if it is.

As for the savings of the regular prices over retail, I looked into that too. The toothbrushes cost $3 if purchased singly, but slightly less in larger quantities. The laundry detergent gives 110 loads for the price of 64 loads purchased most other places. The shampoo isn’t a great deal, basically giving you a name brand for the price of a generic on an ounce-for-ounce basis, but with a $2 coupon it’s a good deal. Coffee is in essentially the same boat, but when you can get Maxwell House for the same price per pound as Chase & Sanborn, do it. If you’ve never had it, Chase & Sanborn makes Folgers taste like your favorite $5-a-cup coffee.

I don’t remember the specifics on how baby wipes and bar soap compared, but the prices were favorable. Even without a coupon, I would have saved something.

The two things I don’t like about Costco is that if they run out of a product with an active coupon, they won’t substitute a similar product. I also don’t like the hard sells on the executive membership. As you wait in line at the register, an associate will hound you to upgrade to the executive membership, which costs $50 more per year. The benefit is a 5% rebate at the end of the year on your purchases. Once I heard them tell one person, “Well, you’ve already spent $3,000 here, so you would have paid for the executive membership three times over.”

I just publicly analyzed to death what I spent this week, so I guess I don’t care much if my line-mates know what I’ve spent at Costco this year, but I know some people will resent that. Personally I don’t resent that, but I do resent the tone I usually get. I’m careful with my money and I’d like to think I’m pretty good at handling it.

Right now I know we’re spending $100 a week there, but I don’t know how long that will last. This week we bought a 170-ounce bottle of laundry detergent. A couple of weeks ago we bought 250 ounces of dishwasher detergent. Once we have a Costco-sized quantity of everything like that, will we still spend $100 a week? Maybe. But it could just as easily drop to $35. I don’t think it would drop to $19, which is the point where the membership doesn’t pay for itself, but I don’t know that yet, and if I don’t know that, there’s no way a Costco employee can know that either.

What I do know is that it’s become pretty easy for us to justify the $50 membership. The key is to buy things only because you need them, not because it’s a good deal. It’s not a good deal if it spoils. And use the coupons they send you. So far, storing Costco-sized quantities of shampoo and toilet paper isn’t a problem, but maybe you should talk to me in a year about that.

SSDs come of age?

Dave Farquhar Hardware , , , , , , , ,

Intel released its first-generation SSDs this week. I haven’t seen one and I don’t plan on rushing out to buy one just yet, but what I’ve read makes it sound like this is going to be big. Not big like the release of Windows 95 was, but frankly if what people are saying is true, it should be as big of a deal. This is the first disruptive technology I’ve seen in years.The best analysis of this drive and other SSDs is this Anandtech article. It doesn’t just discuss the Intel SSD; it also goes into detail talking about earlier SSDs, and, to my amazement, it talks about what’s wrong with them and does in-depth analysis as to why.

Frankly it’s been years since I’ve seen this kind of objective analysis from a hardware site. I’m used to hardware sites being shills for vendors, so this is exceptional.

The problem with inexpensive SSDs like the Supertalent Masterdrive and OCZ Core is that they’re usually fast. Blazing fast. But under certain circumstances, they just sit there and hang. Not for milliseconds, but a full second or more. Usually the problem happens when writing small files.

So when you go to Newegg and see the customer reviews of these drives and you see people giving them either 5 stars or 0, this explains it. The people who are just using them to load game levels or Photoshop CS3 love them because they mop up the floor with even a 15K conventional drive, so they give them five stars. The people who can’t get Windows to install on them because it hangs when writing some small but critical system file give zero.

Intel seems to have solved most of these problems, mostly with buffering and command queuing. The result is a drive that beats conventional disks in performance almost all the time, and when it doesn’t win, it’s close.

The problem is price: about $600 for 80 gigs. Some enthusiasts will pay that for their video subsystems, but that’s a lot of money considering one can build an awfully nice computer these days for around $200 (using a $70 Intel Atom motherboard, 2 GB of Kingston or Crucial memory for $30, a $40 hard drive, a $40 case, and a $20 optical drive).

But I think Intel made the right bet. The people who won’t pay $159 for a 32 GB drive from OCZ won’t pay $159 for one from Intel either. So crank up the capacity to 80 GB (pretty much the minimum for any enthusiast to take seriously), crank up the performance, and market it as an enthusiast product at an enthusiast price and wait for the technology to make it cheaper. It’s the same strategy Intel has been using for CPUs for nearly 25 years (since the 80286), and it’s worked.

I see a lot of criticism about the capacity, but it’s pretty much unfounded. The people who need capacity are the people who have large collections of JPEGs, MP3s and movies. None of these uses of a computer benefits at all from the SSD. Pretty much any conventional hard drive made in the last decade can stream that kind of data faster than the software needs it. So store that mountain of data on a cheap conventional hard drive (500 GB costs $70). Meanwhile, 80 GB is enough SSD capacity to hold an operating system and a nice selection of software, which is where SSDs excel.

Before I saw this review, I was pretty much ready to pull the trigger on a first-generation OCZ Core. Newegg has the 32 GB model for $159 with a $60 rebate. But now I know precisely what’s wrong with the Core and similar SSDs (and pretty much all of the similarly priced SSDs are based on the same Samsung reference design and have nearly identical characteristics). I know what I do tends to generate small files from time to time, and I know those 1-second delays would be maddening because avoiding delays is precisely the reason I want an SSD in the first place.

Intel has fired its first shot. Now Samsung and anyone else who wants to play in this arena is going to have to answer. Once that happens, prices will come down. Meanwhile, performance-minded people will buy the Intel drives, and increased demand will mean increased production, and therefore driving prices down.

It’s going to take a little while for SSDs to gain mainstream acceptance, kind of like LCD monitors. But I really think in five years, we’ll wonder how we lived without them.

My hot water heater: 1984-2008

Dave Farquhar General , , , , , , , , , , ,

I think my hot water heater died today. I thought my shower seemed colder than usual today, and in the late afternoon my wife reported no hot water in the kitchen.

It could be something simple, but even if it is, it’s time.Let’s consider this. In 1984, Ronald Reagan was president. The Kansas City Royals went to the playoffs. The big name in video games was Atari. People were predicting that video game consoles had no future. The big names in personal computers were (alphabetically) Apple, Commodore, IBM, and Radio Shack. Only one is still in that business. It was the year that Chrysler popularized the minivan. It was the year Apple introduced the Macintosh, popularizing the graphical interface and the mouse. Not only did MTV still play videos, but that was all they played. Not every home had a VCR. For that matter, not every home had a microwave. It cost 20 cents to mail a letter, and on average, a gallon of gas cost $1.21. (I remember it being a lot less than that in Missouri.)

The world that built that hot water heater is a lot different from the world we live in today.

About four years ago, a plumber came out to work on it. It was giving me problems then, but under the conditions of my home warranty, he had to bubblegum it back together. I asked how long it had. He said its realistic life expectancy was about 12 years, so it was about 8 years beyond that. It could last another six months, but it could last years.

So now the question is what to replace it with. The stingy Scottish miser in me sees tankless water heaters claiming to save you $150 a year and really likes that. I went to Lowe’s this evening and tried to buy one. There were several reasons why I don’t own one right now.

First, they don’t keep very many in stock. They had exactly one, even though their website said they had two of two different models. The one they had wasn’t the model I really wanted.

Two, they don’t install them. They’ll sell one to you, but then you have to find someone to install it on your own.

Three, they cost more to install than a conventional tank heater. Sometimes as much as the heater itself.

And then I found a controversial column that did the math, and said that a tankless heater might not actually save you any money anyway. I can’t find fault with his logic.

One thing I noticed is that the tankless heaters that the big-box stores sell are 85% efficient. The tank heaters are 76% efficient. The propaganda for the tankless heaters always assumes lower efficiency than that. As best I can tell, the heater I have is 67%, a little lower than the literature assumes.

So it seems to me that if a tankless heater that’s 18% more efficient than what I have now will save me $100-$150 a year, then a conventional heater that’s 76% efficient ought to save me $50-$75 per year, right?

The tank heaters sell for around $320, and installation is about $260. By the time you pay for taxes and the nickel-and-dime extras, it’s $600-$700.

Half the savings for 1/3 the price sounds pretty good. And I can buy one pretty much anywhere and have it installed tomorrow if I make the purchase before noon.

And it will pay for itself in 8-12 years. A tankless heater would pay for itself in about 13, if all the claims are true. If I make a mistake today, either way I go I’ll be likely to be revisiting it in about 12 years anyway. By then, tankless heaters will be more common and probably cost less than they do now (adjusting for inflation of course).

I’ll call the plumber who bubblegummed my old unit back together in the morning. Depending on what he says about the cost of installing a tankless heater, I’ll make a decision. But at this point, I think I’m leaning towards buying the most energy efficient conventional heater I can find.