Curious conspiracies… or maybe just progress all at once

In the wake of Truecrypt’s sudden implosion, someone sent me a link to this curious blog post. I can see why many people might find the timing interesting, but there are a number of details this particular blog post doesn’t get correct, and it actually spends most of its time talking about stuff that has little or nothing to do with Truecrypt.

What’s unclear to me is whether he’s trying to say the industry is deliberately sabotaging Truecrypt, or if he’s simply trying to make a list of things that are making life difficult for Truecrypt. His post bothers me a lot less if it’s just a laundry list of challenges, but either way, the inaccuracies remain. Read more

An SSD data loss issue–and how to prevent it

An SSD data loss issue–and how to prevent it

Longtime reader Dan Bowman–probably my very first reader, come to think of it–sent in this article from Infoworld regarding SSDs and data loss in power failure.

It’s not theoretical. I’ve seen it. I also know how to prevent it.

Read more

Remembering Michelangelo

Yesterday was the 20th anniversary of the Michelangelo virus. If you don’t remember, on March 6, 1992, Michelangelo was programmed to overwrite the first 100 sectors of a hard drive–not quite as destructive as formatting a drive, but to the average user, the effect is the same. It was a huge scare–John McAfee predicted five million computers would be affected–but largely was a non-event.

Those of you studying for security certifications would do well to remember that Michelangelo is a prime example of a virus and a logic bomb. Viruses replicate; logic bombs do something when an event triggers. Malware doesn’t always fit neatly into specific categories–crossovers are common.
Read more

Beware the Mebromi, my son: BIOS infections

Symantec has identified Mebromi. a piece of malware that not only infects the MBR, but also infects the Award BIOS. BIOS infections are very difficult to detect and eradicate.

By hooking into the BIOS, Mebromi can easily re-infect a system the next time you reboot. Which is exactly what it does. Read more

How to clean an MBR and recover drive partitions

Sometimes it’s necessary to recover drive partitions because you accidentally repartitioned a drive you didn’t mean to, or because your MBR got infected or otherwise trashed. Here’s how to recover them, for free.

Infecting MBRs with malware is popular with virus writers again. And I fully expect chaos to ensue, because that’s what happened the last time there was more than one virus floating around that infected MBRs. They quit doing it for a good reason.

So here’s how to clean up the mess when an MBR gets infected, or when multiple infections blitzes the MBR and the hard drive loses the ability to boot, just displaying a message like Missing Operating System or Operating System Not Found.

We’ll be using the Gparted Live CD. Many Linux live CDs have the proper tools, but GParted works well and it’s a small download. You can try to use another Linux live CD, and it will work fine, but the icons might not all be where I say they are.

Read more

MBR rootkits don’t mean you have to wipe the drive

There’s a nasty rumor going around that if your computer gets infected with the Popureb rootkit, your only recourse is to wipe your MBR, reformat your hard drive, and reinstall (or run your factory recovery disk, which is essentially the same thing).

Not so fast.

Read more

A free SSD alignment tool

We’ve talked recently about the importance of aligning your partitions on your SSD or your RAID array. What if I told you you could align an SSD or RAID array for free? Here’s where to find a free SSD alignment tool–it’s just not normally billed as such.

Alignment helps performance, sometimes tremendously, and it also dramatically improves your SSD’s life expectancy. Newer versions of Windows automatically align their partitions, but only if you do a clean installation to an empty drive. Older versions of Windows created their partitions starting at sector 63, for tradition’s sake. Maybe moving off sector 63 made dual-booting with Windows 9x harder.

Two readers, Jim and Xrocode, suggested utilities to do the job. One costs $30 and seems fairly automatic. One is free and requires a small amount of work. Grab the freebie here. It’s a 274 MB download, so it doesn’t even take all that long.

Read more

Operating System Not Found, Missing Operating System, and friends

So the PC that stored my resume got kicked (as in the foot of a passer-by hitting it) and died, and the backup that I thought I had… Well, it wasn’t where I thought it was.

Time for some amateur home data recovery. Here’s how I brought it back.This machine ran Windows 2000. The first trick to try on any machine running any flavor of Windows is to boot from a DOS boot disk containing FDISK.EXE and issue the command FDISK /MBR. This replaces the master boot record. A corrupt MBR is the most common malady that causes these dreaded error messages, and this is the easiest fix for it.

That didn’t work for me.

The second trick is to use MBRWork. Have it back up the first sector, then have it delete the boot record. Then it gives you an option to recover partitions. Run that, then run the option that installs the standard MBR code. I can’t tell you how many times this tool has made me look like I can walk on water.

No dice this time either.

Next I tried grabbing the Windows 2000 CD and doing a recovery install. This has brought systems back to life for me too. Not this time. As happens all too often, it couldn’t find the Windows 2000, so it couldn’t repair it.

The drive seemed to work, yet it couldn’t boot or anything. I could have and probably should have put it in another PC to make sure it was readable. But I didn’t have a suitable donor handy. Had there been such a system, I would have put the drive in, checked to see if it was readable, and probably would have run CHKDSK against it.

Lacking a suitable donor, instead I located an unused hard drive and put it in the system. I booted off the drive just to make sure it wasn’t a hardware problem. It wasn’t–an old copy of Windows 98 booted and dutifully spent 20 minutes installing device drivers for the new motherboard hardware. So I powered down, installed both drives, and broke out a copy of Ghost.

Ghost, as I have said before, doesn’t exactly copy data–what it does is better described as reinterpreting the data. This allows you to use Ghost to lay down an image on dissimilar hard drives. It also makes Ghost a fabulous data recovery tool. Ghost complained that the NTFS log needed to be flushed. Well, that requires booting into Windows (and I think that’s all that’s necessary), but I couldn’t do that. It offered to try the copy anyway, so I chose that. So it cranked for about 15 minutes. I exited Ghost, powered down, and disconnected the bad drive. I powered back up, and it booted. Fabulous.

Now I can use Ghost to copy the now-good drive back over to the drive that was bad in the first place. I’ll do that, but sending out the resume takes much higher priority.

How to remember lots and lots of stuff

I’ve been slogging away in nostalgiaville, writing obscure stuff over at Wikipedia again (once an addict, always an addict, even if the addiction hurts you), and I started wondering about something. Why is 20 years ago easier for me to remember than last week?
I think there are two reasons for that, but if I go off exploring those, I’ll never get back on track. I stumbled across a web site today called Supermem. It extols the virtues of repetition for memory. It’s really heavy reading and not terribly eloquent, at least I don’t think. I think the author’s strategy is showing off how much stuff he can remember and trying to make you jealous, in the meantime arguing that even ordinary people, given enough knowledge, can become geniuses. And maybe the people he cites in his stories are examples of people who became geniuses through knowledge.

And I’ve mostly summed up what he spent pages and pages saying.

The basic premise is that knowledge isn’t everything but it sure can add value to anything else you have, and from the outside, sometimes knowledge can look like everything. But we forget lots of things. The key to remembering things is repetition. The hard part is coming up with a strategy for repetition that works.

Of course he has a solution. As you might have guessed, he wants to sell you something. In this case, it’s a piece of commercial software.

The only reason I didn’t scramble for the back button right then and there was because old versions of the program–specifically, the DOS and Win3.1 versions–are now public domain. And the program inspired a similar Linux program called Memaid. So you can try it out without spending any money.

So here’s how it works. Take some things you don’t want to forget, then figure out how to phrase them in the form of a question. Then you enter those things into the program. It drills you. And it figures out how often you need to repeat something in order to retain it.

The idea is to establish a pattern. Seek out things you won’t want to forget. Then figure out how to restate those things in Q&A form. Enter them into the program, then spend 30 minutes a day with the program. If you do both–learn at least one new thing every day and drill on the old stuff–you’ll accumulate a body of knowledge.

Here are a couple of examples from my job:

Q: What’s the optimal Linux command to create/write images of floppy disks? (The device name will vary in other Unix-like environments)
A: dd if=/dev/fd0 of=(filename) bs=18k
dd if=(filename) of=/dev/fd0 bs=18k

Q: What’s the DOS command to rewrite the boot record on a hard drive that won’t boot or has been corrupted by a boot-sector virus?
A: fdisk /mbr

Q: What’s the web site I can go to in order to find the geographic location of an IP address?
A: www.networldmap.com

And I would do well to add some specific questions to the list as well, such as, “What’s the primary nameserver at our Sunset Hills office?”

So if you want to sound like William F. Buckley Jr. and not come off like an idiot–like one person I know who likes to pepper the dictionary.com word of the day into everything he can, except he frequently misspells or misuses it–add that. If your goal is to lose as many coolness points as possible, put things like Vanilla Ice’s real name in there. If I’d known about this program when I was in college, I’d have put my Spanish vocabulary words and verb conjugations in there, and today I’d be able to say more than just hablo pocísimo español without embarrassing myself. (And for all I know, you’re not supposed to put the -ísimo suffix on poco and when I do it, I come off like someone who would say no sabo. OK, so I guess I do remember a little Spanish, but not enough to hold much of a conversation.)

It’s an interesting idea. I think I’m going to give it more than just a try.

Putting every question I ask Charlie (along with the answer) in there would be a good start.

Don’t try this at home

“What you got in that system?”
“An 850.”

“Oh. 850 MHz isn’t too bad these days.”

“No, the CPU’s a 750. The hard drive’s an 850.”

“Where’d you get an 850-gig drive?”

“Who said anything about gigs?”

Yeah, I put a computer together this week. I had problems with the hard drive. Bad problems. Like Windows won’t load anymore and it coughs up a hairball when I try to reformat the disk. Yeah. Bad news. So I sent in a clunky old Seagate 850-meg drive off the bench. Hey, I wanted to play Railroad Tycoon, alright?

Along the way I recalled a few tricks.

FORMAT C: /Q /U /AUTOTEST formats a hard drive as quickly as possible, no questions asked and none of that aggravating “saving unformat information” that takes a week and doesn’t work when you want to unformat the drive anyway.

FORMAT C: /U /AUTOTEST does an unconditional, no-questions-asked long format, but still faster than plain old format without switches.

But if you want to get a drive up and running really fast, use the GDISK utility that comes with Ghost (if you don’t have Ghost, you may be able to find an old version of GDISK online if you look hard enough, because at one time it was freely distributable):

GDISK 1 /MBR /WIPE will quickly delete all the partitions on a disk.
GDISK 1 /CRE /PRI /FOR /Q will create and format a single FAT32 partition so fast you’ll wonder what’s wrong with Microsoft. Reboot and you’re ready to rock’n’roll.

Well, as much as an 850 will let you rock’n’roll, that is. Which ain’t much. But I know I’ve got a decent hard drive around here somewhere. So I think I’ll go find it. I’ve had enough of this insanity.

And I still haven’t gotten in my game of Railtycoon.