Help! I do tech support for everyone I know! (Version 1.1)

Here’s an interesting dilemma: How do you avoid becoming the primary technical support contact for all of your friends and family?

(If this sounds vaguely familiar, yes, this is a revised version of something I wrote a year and a half ago.)This was a question Richard “Rich Job” Jobity asked two Christmases ago. I thought it was an unbelievably good question. I had to think about the answer for a while. That label fit me for a very long time. Sometime within the last couple of years it stopped, but I never knew exactly why. He made me think about it, and I found I’d done some interesting things on a subconscious level.

There was a time when I didn’t mind. I was 16 and still learning, I had some disposable time on my hands, and, frankly, I enjoyed the attention. You can learn a lot by fixing other people’s computers. It can also be a good way to meet lots of interesting people. And I used at least one of those friends as a reference to get my first three computer-related jobs. But over time, my desire changed.

I think a good first step is to identify exactly why it is you don’t want to be the primary technical support contact for all your friends and family.

In my case, I spend 40 hours a week setting up and fixing computers. And while I definitely spend some time off the clock thinking about computers, I also definitely want to spend some time off the clock thinking about something other than computers.

I have a life. I have a house to take care of, I have meetings to go to, and I have a social life. Not only that, I have bills to pay and errands to run, and physical needs to tend to as well, like cooking dinner and sleeping. And people get really annoyed with me for some reason if I don’t ever wash my clothes.

I’ve been in that situation. Once I had a friend calling me literally every night for a week with some new computer problem and keeping me on the phone for several hours a night while we tried to sort them out. A couple of years before that, someone in Washington was running a computer company and using me as his primary (unpaid) technical support, often taking an hour or two of my day, and getting upset if more than about 12 hours passed without me responding.

I think it’s perfectly understandable for any reasonable person to not like situations like this. So here are my tips for someone who wants to head off that kind of a problem.

Have realistic expectations on all sides. So the first step is to make sure your friends and your family understand that you have responsibilities in life other than making sure their computers work. You’ll do your best to help them, but it’s unrealistic to expect you to drop everything for a computer problem the same way you would drop everything for a death in the family.

Limit your availability. Don’t help someone with a computer problem while you’re in the middle of dinner. You’ll be able to concentrate better without your stomach growling and you won’t harbor resentment about your dinner getting cold. Have him or her step away from the computer and go for a walk and call back in half an hour. The time away from the computer will clear his or her mind and help him or her better answer your questions. Don’t waver on this; five-minute problems have ways of becoming hour-long problems.

Here’s a variant of that. I had a friend having problems with a Dell. She called Dell. She got tired of waiting on hold. “I know, I’ll call Dave,” she said. “Dave’s easier to get ahold of than this.”

She may have tried to call me, but last week I was everywhere but home, it seemed. She didn’t leave a message, so I didn’t know she’d called. The moral of the story: Don’t be easier to get ahold of than Dell. Or whoever it was that built the computer or wrote the software.

What if I’d been home? It depends. If I’d been home and playing Railroad Tycoon, I’d be under more obligation to help a friend in need than I would be if I were home but my girlfriend was over and we were in the middle of dinner or a movie. The key is to remember your other obligations and don’t compromise on them.

Sometimes that means not answering the phone. In this day and age when 50% of the population will answer their cellphone even if they’re sitting on the toilet, this is heresy. I usually make a reasonable effort to answer the phone. But if I’m in the middle of something, I won’t. At least one time when I made no effort to answer the phone when my girlfriend was over, she took it as one of the biggest compliments she ever got. (That relationship didn’t last, so maybe I should have answered the phone, but hey, at the time I didn’t feel like it.)

Whoever it was didn’t leave a message. If it’d been important, either they would have left a message or they would have called me back. (Maybe it was the friend who’d thought of using me as a substitute for Dell tech support. Who knows.)

Don’t do a company’s work for them. If someone’s having a problem with a Dell, or having a problem dialing in to the Internet, I stay away from the problem. If a Dell is having hardware problems, the user will have to call Dell eventually anyway, and the tech will have procedures to follow, and there’s no room in those procedures for a third-party diagnosis. Even if that third party is a friend’s cousin’s neighbor who supposedly wrote a computer book for O’Reilly three years ago. (For all the technician knows, it was a book about Emacs, and you can know Emacs yet know a whole lot of nothing about computer hardware, especially Dell hardware. But more likely he’ll just think the person’s lying.) For the record, when I call Dell or Gateway or HP, I jump through all the same stupid hoops. Even though I’ve written a computer book and I’ve been building and fixing computers my entire adult life.

And if someone can’t dial into an ISP, well, I may very well know more about computers than the guy at the ISP who’s going to pick up the phone. I may or may not be more intelligent and and more pleasant and more articulate than he is. But the fact is, I can only speculate about whatever problems the ISP may be having. And seeing as I don’t use modems anymore and haven’t for years, I’m not exactly in a good position to troubleshoot the things. Someone who does tech support for an ISP does it every day. He’s going to do a better job than me, even if he’s not as smart as I am.

Know your limits. A year ago, a friend was having problems with OS X. She asked if I’d look at it. I politely turned her down. There are ideal circumstances under which to try to solve a problem, but the moment you’re seeing the OS for the first time isn’t it. She called Apple and eventually they got it worked out. It’s a year later now. Her computer works fine, we’re still on speaking terms, and I still haven’t ever seen OS X.

Around the same time, another friend toasted her hard drive. I took on that challenge, because it was PC hardware and she was running an operating system I’d written a book about. It took me a while to solve the problem, but I solved it. It was a growth opportunity for me, and she’s happy.

And this is related to the next point: If you’re not certain about something, say so. It’s much better to say, “This is what I would do, but I’m really not sure it’s the best thing to do” than it is to give some bad advice and pretend that it’s gospel. Get your ego out of the way. There’s no need to try to look good all the time. No matter what you do, you’ll be wrong sometime. And one of the easiest ways to be wrong is to run your mouth when you don’t know what you’re talking about.

Limit your responsibility. If your uncle has a six-year-old PC running Windows 95 and ran out and bought a USB-only printer because it was on sale at Kmart and now he’s having problems getting it running and he never asked you about any of this, how much responsibility should you be willing to shoulder to get that printer running?

I’m inclined to say very little. It’s one thing to give some bad advice. It’s another to be dragged into a bad decision. If the only good way to get the peripheral running is to buy Windows XP and wipe the hard drive and install it clean, don’t let that be your problem.

Don’t allow yourself to be dragged into giving support for free software downloaded off the ‘Net, supercheap peripherals bought from who-knows-where, or anything else you can’t control.

You can take this to an extreme if you want: Partition the hard drive, move My Documents over to the second partition, and then create an image of the operating system and applications (installed on the first partition, of course). Any time you install something new, create a new image. When your friend or relative runs into trouble, have him or her re-image the computer. He or she can reinstall Kazaa or whatever notorious app probably caused the problem if desired, but you can disclaim responsibility for it.

Which brings me to:

Disclaim all responsibility for poor computer habits. Gatermann and I have a friend whose brother repeatedly does everything I’d do if I wanted to set out to mess up someone’s computer. He downloads and installs every gimmicky piece of free-with-strings-attached software he can find, turning his computer into a bevy of spyware. He runs around on Kazaa and other file-sharing networks, acquiring a busload of who-knows-what. He opens every e-mail attachment anybody sends to him, amassing a large collection of viruses. He probably does things I’ve never thought of.

Gatermann installed antivirus software on the computer, and we’ve both run Ad-Aware on it (if I recall, one time I ran it I found 284 instances of spyware). Both of us have rebuilt the system from scratch numerous times. The kid never learns. Why should he? Whatever he does, one of Tim’s friends will come over and fix it. (I guarantee it won’t be me though. I got sick of doing it.)

Some good rules to make people follow if they expect help from you:
1. Run antivirus software and keep it current. This is a non-negotiable if you’re running Windows.
2. Stay off P2P networks entirely. Their clients install spyware, and you know about the MP3 buffer overflow vulnerability in WinXP, don’t you? Buy the record and make your own MP3s. Can’t afford $17 CDs? Buy them used on Half.com then.
3. Never open an unexpected e-mail attachment. Even from your best friend. It’s trivially easy to make e-mail look like it came from someone else. If someone who knows both of you got a virus, you can get virus-infected e-mail that looks like it’s from that friend.
4. If you don’t need it, don’t install it. Most free Windows software comes with strings attached in the form of spyware, these days. If you don’t want to pay for software, run Linux.
5. If you must violate rule 4, run Ad-Aware religiously.

Don’t take responsibility when someone asks your advice and then refuses to follow it. That unpaid gig doing tech support for a computer company in Washington ended when he had a computer that wouldn’t boot. He sent me the relevant files. I told him how to fix the problem. The next day he complained it didn’t help, and sent me the files again. It was obvious from looking at the files that he didn’t do what I told him to do. I called him on it. He got defensive. He caught me on a bad day and I really didn’t want to hear it. The next day he sent me a long list of questions. I answered the first two or three, then said, “Sorry, I’m out of time.”

I never heard from him again. But at that point it was just as well. Why help someone who doesn’t respect you enough to follow your advice?

A less extreme example was when an ex-girlfriend’s younger brother refused to give up Kazaa. Every time I fixed the computer, he reinstalled Kazaa and one problem or another came back. Finally I told him, her, and their parents that I’d fixed the problems, but they were going to keep coming back as long as he used Kazaa. Ultimately they decided that free music was more important than a stable computer and staying within the law, but that was their decision.

Have other interests besides computers. My former high school computer science teacher took me aside a few years ago and asked me if it wouldn’t be great if someday people asked me as many questions about God as they were asking me then about computers.

I have relatives who know I’m into Genealogy, and they know that I’ve traced one branch of my family through William the Conqueror and all the way back to before the time of Christ. But some of them don’t know I fix computers for a living.

Some nights when I come home from work, I don’t even turn a computer on. I go straight to the basement, plug in my transformers, and watch a Lionel train run around in circles. I might stay down there all night except for when the phone rings (there are no phone outlets in my basement) or for dinner. Ronald Reagan used to do that. He said it helped him relax and take his mind off things. My dad did too. It works. And no, there’s no computer hooked up to it and there won’t be. This is where I go to escape from computers.

So I don’t find I have the problem anymore where people only want to talk to me about computers. Balance is important. Don’t let your computer knowledge keep you from pursuing your other interests.

Charge money. I don’t charge my family members, but with very few exceptions, I don’t do free technical support. I do make sure I give friends, acquaintances, and neighbors a good deal for their money. But if helping them is going to keep me from mowing my lawn, or if it’s going to force me to cancel plans with my girlfriend, then I need to be compensated enough to be able to pay someone else to mow my lawn, or to take my girlfriend out for a nice dinner that more than makes up for the cancellation.

It’s all about balance. So what if your entire block has the most stable computers in the world, if your grass is three feet tall and you have no friends and no significant other because you can’t make time to meet anyone for dinner?

I’ve had employers bill me out at anywhere from $50 to $75 per hour. Under ideal conditions, where they drop the computer off with the expectation of getting it back within 2 weeks, I bill myself out at significantly less than that. But for on-site service at odd hours, I believe it’s perfectly appropriate for a computer professional to bill at those kinds of rates.

Even if you’re a hobbyist, you need to be fair to yourself. Computer repair is a skill that takes longer to learn than mowing lawns, and the tools required are every bit as specialized and every bit as expensive. In St. Louis, many people charge what amounts to $25 an hour to mow a lawn.

And? This doesn’t mean I never get computer-related phone calls. One Sunday when a family member called me with a noisy fan in a power supply, I found him a cheap replacement. I’ve fixed girlfriends’ computers before. The last computer I built was a birthday present for my current girlfriend.

But I’m not afraid to answer the phone, I don’t find myself giving people longshot answers just to get them off the phone long enough for me to go somewhere or start screening my phone calls. And I find myself getting annoyed with people less. Those are all good things.

Dude, that Dell\’s, like, totally bent!

I fought with everything I had to get something else. So did one of my coworkers and my boss. But it was for naught. Late on Thursday afternoon, a pile of Dell servers showed up outside my office.

I did the only sensible thing to do: I ignored them until Friday morning.

I didn’t like how the box was taped. That shouldn’t make much difference. But what I really didn’t like was what happened after I pulled the PowerEdge 1750 out of the box.

It bent.OK, maybe “flex” is a more appropriate word. I’m used to working with HP servers. They have a one-piece chassis. Although their 1U offerings weigh about the same amount as these Dells, when you pick them up, they remain straight.

I think that’s a useful feature for something you want to shove into a rack.

Why, of course I suggested drugs as a possible explanation. I can’t let the obvious joke slip by.

I was happy to see that these servers, unlike the last Dell I worked on, actually use a ServerWorks chipset rather than a cheap Intel desktop chipset. The Intel stuff is cheaper, but then all you’ve really gotten is a Dell Dimension in a rackmount case. In all honesty, I’ve run Linux on Intel and Sis and Via chipsets and turned those systems loose as servers, but when you’re spending money rather than repurposing systems, you should spend the money to do the job right.

I was less happy when I went to install Linux on it. The standard Debian 3.0 wouldn’t see it. It was the first time I’d found a system that Debian 3.0 wouldn’t boot.

A Google search quickly turned up a custom Debian boot CD for Dells, which I used to do the installation. Once installed, we compiled a custom kernel so the system would work right. I used to routinely recommend that. That was before I had 125 servers to stay on top of. These days I’m more inclined to use the standard kernel whenever I can–that way, when a vulnerability shows up, I can just apt-get update and reboot, rather than having to compile a kernel and then reboot.

I’m not in love with HP’s service–that’s a story in and of itself, but the short version is that the last time I used their 4-hour-response-time service, it took a day longer than regular warranty service would have taken–but HP’s servers sure make my life less complicated than Dell’s do.

SQLSlammer takes its toll on the ‘Net

If the ‘Net was slow today, it was because of a new worm, called SQLSlammer, that infected vulnerable Windows servers running Microsoft’s SQL database.
The exploit it used was old, but it was made possible because Microsoft’s cumulative hotfixes not being cumulative, and one of the patches not included, if applied afterward, reverted the server back to its vulnerable state. This was not mentioned clearly in the documentation for the hotfixes. Probably Microsoft didn’t know–until it was too late.

But in some cases it’s not Microsoft’s fault. Try getting a pointy-haired boss to give you 15 minutes’ downtime per server so you can roll necessary security patches across your enterprise. Since many people who ultimately make IT decisions never actually administered a Windows server in their careers, a lot of bad decisions get made and servers stay unpatched, as a matter of policy, either out of fear that a patch that closes a security hole might create a new bug, or that some remote VPN user in Kenya might be trying to work during that proposed scheduled time.

Linux got a bad rap in the security press last year because it allegedly had more security vulnerabilities than Windows did last year–never mind that a vulnerability in, say, BIND would get counted several times because it’s included in every Linux distribution, so whereas a vulnerability in IIS would get counted once against Windows’ total, a vulnerability in BIND might get counted 8 times.

We’ll ignore that. Fine. Linux has a larger number of security problems and vulnerabilities than Windows does. Fact. Undeniable. Fine. Answer this question then: Has any worm affecting Linux ever had the devastating effect that SQLSlammer had? That Nimda had? The most notorious worm that affected Linux was called Slapper. Do you remember it? More than 60% of the servers on the ‘Net run on Apache. A worm affecting Apache should have been huge. It wasn’t.

Statistics are, well, statistics. Just because I can find you a set of numbers that suggests the sky is pink doesn’t make it any less blue.

Why anyone, anywhere, has a Windows server on the ‘Net with anything more than port 80 exposed is beyond me.

Trustworthy Computing? Nice buzzwords. Billy Gates has yet to put any meaning into them.

And incompetence rises. Managers didn’t learn from Nimda, so they won’t learn from this either.

Great combination. What does it mean? History will repeat itself. Something like this will happen again. Probably sooner rather than later.

Help! I do tech support for everyone I know!

Here’s an interesting dilemma: How do you avoid becoming the primary technical support contact for all of your friends and family?
Richard “Rich Job” Jobity asked a really good question, didn’t he? I had to think about it for a while. That label fit me for a very long time. In the past year, it stopped, but I never knew exactly why. He made me think about it, and I found I’d done some interesting things on a subconscious level.

There was a time when I didn’t mind. I was 16 and still learning, I had some disposable time on my hands, and, frankly, I enjoyed the attention. You can learn a lot by fixing other people’s computers. And I used at least one of those friends as a reference to get my first three computer-related jobs. But over time, my desire changed.

I think a good first step is to identify exactly why it is you don’t want to be the primary technical support contact for all your friends and family.

In my case, I spend 40 hours a week setting up and fixing computers. And while I definitely spend some time off the clock thinking about computers, I also definitely want to spend some time off the clock thinking about something other than computers.

I have a life. I have a house to take care of, I have meetings to go to, and I have a social life. Not only that, I have bills to pay and errands to run, and physical needs to tend to as well, like cooking dinner and sleeping. And people get really annoyed with me for some reason if I don’t ever wash my clothes.

So if you get into a situation like I got into a year ago, when I had a friend calling me literally every night for a week with some new computer problem and keeping me on the phone for several hours a night while we tried to sort them out, I think it’s perfectly understandable for any reasonable person to be a bit upset. So here are my tips for someone who wants to head off that kind of a problem.

Have realistic expectations on all sides. So the first step is to make sure your friends and your family understand that you have responsibilities in life other than making sure their computers work. You’ll do your best to help them, but it’s unrealistic to expect you to drop everything for a computer problem the same way you would drop everything for a death in the family.

Limit your availability. Don’t help someone with a computer problem while you’re in the middle of dinner. You’ll be able to concentrate better without your stomach growling and you won’t harbor resentment about your dinner getting cold. Have him or her step away from the computer and go for a walk and call back in half an hour. The time away from the computer will clear his or her mind and help him or her better answer your questions. Don’t waver on this; five-minute problems have ways of becoming hour-long problems.

Here’s a variant of that. I had a friend having problems with a Dell. She called Dell. She got tired of waiting on hold. “I know, I’ll call Dave,” she said. “Dave’s easier to get ahold of than this.”

She may have tried to call me, but last week I was everywhere but home, it seemed. She didn’t leave a message, so I didn’t know she’d called. The moral of the story: Don’t be easier to get ahold of than Dell. Or whoever it was that built the computer or wrote the software.

What if I’d been home? It depends. If I’d been home and playing Railroad Tycoon, I’d be under more obligation to help a friend in need than I would be if I were home but my girlfriend was over and I was fixing her dinner or watching a movie with her. The key is to remember your other obligations and don’t compromise on them.

I remember a week or two ago, I was sitting on my futon with my girlfriend, watching a movie, arms entangled in the weird way the way they tend to do when you want to be close to someone. The phone rang. I didn’t move. “You’re not going to answer that?” she asked. “No,” I said. Since when is it rude not to answer your phone? They didn’t know I was home. If I don’t want to talk at that instant, I’m not obligated to. Besides, both of us would have had to move for me to pick up the phone. So I ignored it. She looked at me like I’d paid her some kind of compliment, that I’d rather stay there with her than yak on the phone. Call me old-fashioned, but that used to go without saying.

Whoever it was didn’t leave a message. If it’d been important, either they would have or they would have called me back. (Maybe it was the friend who’d thought of using me as a substitute for Dell tech support. Who knows.)

Don’t do a company’s work for them. If someone’s having a problem with a Dell, or having a problem dialing in to the Internet, I stay away from the problem. If a Dell is having hardware problems, the user will have to call Dell eventually anyway, and the tech will have procedures to follow, and there’s no room in those procedures for a third-party diagnosis. Even if that third party is a friend’s cousin’s neighbor who supposedly wrote a computer book for O’Reilly three years ago. (For all the technician knows, it was a book about Emacs, and you can know Emacs yet know a whole lot of nothing about computer hardware, especially Dell hardware. But more likely he’ll just think the person’s lying.)

And if someone can’t dial into an ISP, well, I may very well know more about computers than the guy at the ISP who’s going to pick up the phone. I may or may not be more intelligent and and more pleasant and more articulate than he is. But the fact is, I can only speculate about whatever problems the ISP may be having. And seeing as I don’t use modems anymore and haven’t for years, I’m not exactly in a good position to troubleshoot the things. Someone who does tech support for an ISP does it every day. He’s going to do a better job than me, even if he’s not as smart as I am.

Know your limits. A year ago, a friend was having problems with OS X. She asked if I’d look at it. I politely turned her down. There are ideal circumstances under which to try to solve a problem, but seeing the OS for the first time isn’t it. She called Apple and eventually they got it worked out. It’s a year later now. Her computer works fine, we’re still on speaking terms, and I still haven’t ever seen OS X.

Around the same time, another friend toasted her hard drive. I took on that challenge, because it was PC hardware and she was running an operating system I’d written a book about. It took me a while to solve the problem, but I solved it. It was a growth opportunity for me, and she’s happy.

And this is related to the next point: If you’re not certain about something, say so. It’s much better to say, “This is what I would do, but I’m really not sure it’s the best thing to do” than it is to give some bad advice and pretend that it’s gospel. Get your ego out of the way. There’s no need to try to look good all the time (you won’t).

Limit your responsibility. If your uncle has a six-year-old PC running Windows 95 and ran out and bought a USB-only printer because it was on sale at Kmart and now he’s having problems getting it running and he never asked you about any of this, how much responsibility should you be willing to shoulder to get that printer running?

I’m inclined to say very little. It’s one thing to give some bad advice. It’s another to be dragged into a bad decision. If the only good way to get the peripheral running is to buy Windows XP and wipe the hard drive and install it clean, don’t let that be your problem.

Don’t allow yourself to be dragged into giving support for free software downloaded off the ‘Net, supercheap peripherals bought from who-knows-where, or anything else you can’t control.

You can take this to an extreme if you want: Partition the hard drive, move My Documents over to the second partition, and then create an image of the operating system and applications (installed on the first partition, of course). Any time you install something new, create a new image. When your friend or relative runs into trouble, have him or her re-image the computer. He or she can reinstall Kazaa or whatever notorious app probably caused the problem if desired, but you can disclaim responsibility for it.

Which brings me to:

Disclaim all responsibility for poor computer habits. Gatermann and I have a friend whose brother repeatedly does everything I’d do if I wanted to set out to mess up someone’s computer. He downloads and installs every gimmicky piece of free-with-strings-attached software he can find, turning his computer into a cocktail of spyware. He runs around on Kazaa and other file-sharing networks, acquiring a cocktail of who-knows-what. He opens every e-mail attachment anybody sends to him, acquiring a cocktail of viruses. He probably does things I’ve never thought of.

Gatermann installed antivirus software on the computer, and we’ve both run Ad-Aware on it (if I recall, one time I ran it I found 284 instances of spyware). Both of us have rebuilt the system from scratch numerous times. The kid never learns. Why should he? Whatever he does, one of Tim’s friends will come over and fix it. (I guarantee it won’t be me though. I got sick of doing it.)

Some good rules to make people follow if they expect help from you:
1. Run antivirus software and keep it current. This is a non-negotiable if you’re running Windows.
2. Stay off P2P networks entirely. Their clients install spyware, and you know about the MP3 buffer overflow vulnerability in WinXP, don’t you? Buy the record and make your own MP3s. Half.com is your friend.
3. Never open an unexpected e-mail attachment. Even from your best friend.
4. If you don’t need it, don’t install it. Most free Windows software comes with strings attached in the form of spyware, these days. If you don’t want to pay for software, run Linux.
5. If you must violate rule 4, run Ad-Aware religiously.

And? This doesn’t mean I never get computer-related phone calls. A family member called me just this past Sunday with a noisy fan in a power supply. I found him a cheap replacement. I went over to my girlfriend’s family’s house Sunday afternoon and fixed their computer. (It made me wonder if the “4” in Pentium 4 stood for “486.” Its biggest problem turned out to be 255 instances of spyware. Yum.)

But I’m not afraid to answer the phone, I don’t find myself giving people longshot answers just to get them off the phone long enough for me to go somewhere or start screening my phone calls. And I find myself getting annoyed with people less. Those are all good things.

Patch your Linux distros

There’s a nasty vulnerability in recent SSL libraries that an Apache-based worm is currently exploiting. The patch is obviously the most critical on machines that are running secure Apache sites. But if you don’t like vulnerabilities, and you shouldn’t, go get your distribution’s latest updates.
This is why I like Debian; a simple apt-get update && apt-get upgrade brings me right up to speed.

CERT pointed out that Apache installations that contain the ServerTokens ProductOnly directive in their httpd.conf file aren’t affected. (I added it under the ServerName directive in my file–it’s not present at all in Debian by default.) This will hurt Linux’s standings in Netcraft, but are you more interested in security or advocacy? Increasingly, I’m more interested in security. No point in bragging that you’re more secure than Windows. Someone might make you prove it. I’d rather let someone else prove it.

While you’re making Apache volunteer as little information as possible, you might as well make the rest of your OS as quiet as possible too. You can find some information on that in an earlier post here.

Update your BIND servers

A buffer overflow vulnerability exists in a large number of versions of BIND. CERT released an advisory over the weekend. I haven’t seen this on most news sites yet. Read more

Doughnuts and the Evil Internet Exploiter Empire

Doughnuts. My phone rang last night. It was my sister.
“What are you doing?”

“Eating doughnuts.” Actually that wasn’t what I said, but it sounds better. People tell me I should label it when I write fiction. Usually they mean that as an insult. But they can get over it. Nobody makes them read me. But I took their words to heart. So that line is fiction. The rest is true. If I told you what I really said, you’d think my mind wanders, and I don’t want you to think that.

“I see.” (And probably you do too.)

“I was real tired after church. Brad told me I looked fried. So I went out and got doughnuts.”

“And what’s that have to do with being tired?”

“Nothing. I just felt like some doughnuts.”

“I see.”

“I got a dozen so I can have doughnuts for breakfast too.”

“Da-vid! You got a dozen doughnuts?”

“Yep.”

“It’ll take you a year to eat a dozen doughnuts!”

“Nuh-uh. I had two already. So I’ve got 10 left. That’s enough for breakfast. Besides, doughnuts are good for you. They have wheat, and… What else is in doughnuts that are good for you?”

“Not a thing.”

“There’s gotta be something.”

“Sugar’s not necessarily bad for you, but there’s nothing else I’d call good. I wouldn’t eat them for breakfast, lunch and dinner, but–“

“Now there’s an idea. Wait a minute. I can’t. I’ve only got 10 left. If I weigh 300 pounds next time you see me, you’ll know why.”

Internet Explorer. The word is out about Internet Explorer and why you shouldn’t use it. Because Microsoft in its infinite paranoia wisdom decreed that a Web browser is an indispensable component of an operating system (just like pinball), IE has a vulnerability that can allow it to run arbitrary code. Because no other browser on any other platform feels the need to join itself at the hip, elbow and head to an operating system, the vulnerability doesn’t exist elsewhere. I wanted to point out this problem in Optimizing Windows, but if I recall correctly, my editor’s comment to that section was, “Spare us the editorials.” Or something. That’ll teach me to insult his favorite Web browser.

So now I know that I was right, and that O’Reilly are Microsoft lackeys. But I can tell you something useful too.

You can liberate your computer from the Evil Internet Exploiter Empire. Your computer doesn’t have to be part of the Browser Wars Battlefield.

Now you’re probably expecting me to say something about Linux for the umpteenth time. But you don’t even have to run Linux to set yourself free. Head over to www.98lite.net and download IEradicator. It’ll remove IE from Windows 9x, and it’ll even remove it from Windows 2000, as long as you’re not running SP2 yet. So remove IE, then install SP2. You’ll get a faster and more secure OS. And you can run your choice of browsers. Opera’s not half bad. Mozilla’s not half bad. And if you like small and lightweight, there’s K-Meleon, which is a small, browser-only IE lookalike that uses the Mozilla engine. And there’s Offbyone, which fits on a floppy. Offbyone isn’t full-featured like the others and it’s only HTML 3.2 compliant, but it’s a great emergency browser you can use to download something better in a pinch. It’s saved me at least twice now. You’ll never find a faster browser in Windows, so if you’re in a hurry and the site you want to see renders fine in it, you can have the site up in Offbyone before one of the other browsers has finished displaying a splash screen.

And I passed the test…

They got my test results back yesterday, and according to the late Professor Emeritus Wolfe’s analysis, I have the potential to be a competent computer programmer. Of course my high school CS instructor could have told them that and charged a lot less money for it.
As for the question of what programming has to do with a sysadmin job… Well, an NT administrator does have to write logon scripts. I’ll leave the reader to come to his or her own conclusion whether such a test is necessary to determine whether you can write logon scripts or not. It’s not in my best interests to comment on that. I will say there have been a few instances in my professional career where I’ve had to sit down and write some code (besides batch files), be it a quick-and-dirty-utility in QuickBasic or C or KiXtart, or some maintenance programming in Perl. I’ll also say it hasn’t been much of a struggle.

So now I know I’m promotable without changing employers, and that feels good. There’s pressure on me from outside to change employers, and they have some valid points. I guess I like having options.

Dan Bowman sent me a link, which is currently 120 miles from me (I’m in Columbia), which he speculated was a response to what I wrote yesterday. I read it and I concur. The argument there was that you shouldn’t necessarily look for fulfillment in your job when you can find fulfillment in what’s staring you square in the face when you get home: your wife and kids.

There absolutely was a time when I believed that, and there may come a time when I’ll believe it again. My gut reaction to Dan was my standard gut reaction to everything: “Why, that reminds me of a story…”

I had a late dinner a week ago with a buddy and some of his buddies. Technically it was his bachelor party, though some people might argue that a preseason hockey game followed by dinner doesn’t count as a real bachelor party. His 21-year-old future brother-in-law was there. And at one point, the subject of relationships came up. I argued that if you’re alone until you’re 40 when the right relationship comes along, that’s better than bouncing around from wrong relationship to wrong relationship until you finally find the right one. He disagreed.

“Nothing’s worse than being alone,” he said. “I know. I’ve been alone a long time.”

I told him I’ve dated exactly three girls since I turned 18. The first of the three was much worse than being alone. At one point I wouldn’t answer the phone, just in case it was her, for fear of what she’d say. She was always mad at me about some piddly little thing or another. It was cool for about a month. The last two months, forget it. We broke up and I was a whole lot better for it.

The second of the three was always mad at me for some piddly little thing or another too, but at least she didn’t nag. We broke up twice. A few months after the second breakup, she started talking to me again out of the blue. Another female friend asked why we didn’t get back together. All of a sudden it hit me. She had no respect for me. When I told my friend that, her attitude changed 180 degrees. “Forget that,” she said. “Everybody deserves respect.”

The third of the three was worse than being alone too. She was always mad at me because I only e-mailed her every second or third time she e-mailed me, and my messages were always shorter than hers. She only called me once or twice, so I wasn’t afraid to answer my phone, but I was afraid to check my e-mail. She prompted me to write my first-ever mail filter. For some reason I wouldn’t stand up to her. I never understood the relationship, because we never had long conversations, there was no emotion whatsoever, and we never laughed. She didn’t get my sense of humor, and I certainly didn’t get hers. All we could do was talk about baseball. Of course, I could talk about baseball with my guy friends, and they never nagged me.

That lasted roughly six months, if I remember right. I wanted to find out whether being with her was better or worse than being alone. Finally I decided I liked being alone better.

Along the way, I’ve met The One several times. I’m sure everyone knows what I’m talking about. You meet the world’s most beautiful woman, and she turns out to be really nice, and funny, and has several other qualities about her too. But I always ran into a problem. I could never talk to The One. Well, I could talk, but the words never came out right.

So, at best, The One and I would become very casual friends. And that was it.

Then a few months ago I read something that sounded wise. I don’t remember where I read it, but it sounded like it was directed at me. If you’ve met The One several times and you keep blowing it, you’re probably putting too much pressure on yourself. You’re trying to say the one line or one word that’ll win her heart for good, and you’ll never do it, so you’re fighting a losing battle. The article said to forget that approach. Get used to talking to women, it said. If there’s a woman around, talk to her. Not even if you’re not interested in her–especially if you’re not interested in her. Do that, and you accomplish two things. You learn what women think about and what they like to talk about, and you eventually quit putting pressure on yourself, so when you finally do talk to a woman you’re interested in, you sound natural.

So a few months ago I started doing that, to a degree. It’s not like I walked up to every woman I passed in the grocery store and started talking, but since I work with a lot of women, I had that opportunity at work. I talked to a moderately attractive intern at work. I struck out hard. Then I ran into someone who reminded me of someone I used to know, but I couldn’t place her. I walked up to her. “I feel really stupid asking, but you look really familiar,” I told her. I told her my name, and asked if it meant anything to her. Turned out I went to high school with her. We had a couple of long, pleasant conversations, and she didn’t run and hide! I was on a roll!

So I kept on. One thing I learned I should have known all along. There’s a girl at work who’s still in college, working part-time, who was getting some help on a project from someone else. I happened to be in Someone Else’s cube fixing her computer at the time. At one point, Someone Else asked me how you’d adjust the leading in Microsoft Word. I gave her the bad news: You can’t, which was why I wrote a lot of my papers in college in QuarkXPress–I could finely adjust leading and tracking all I wanted, to make a paper whatever length the professor was looking for. At one point, Someone Else went upstairs for coffee, leaving the part-timer and I alone in her cube. She and I talked, mostly about my job. It was pleasant.

The next day, I was in her area, so I stopped in. I asked how her project was coming along. She was completely floored. “It’s almost done. Every second it gets closer and closer,” she said. “Thanks for asking. That’s so sweet!”

Lesson #1: Take an interest in what girls are doing. Especially The One. Judging from this girl’s reaction, she doesn’t get that from guys her age very often. Lesson #2: I already knew Lesson #1, but rarely expressed it. So if you’re interested in what she’s doing, make sure you ask.

So now I’m sure you’re wondering what I’ve accomplished. I’ve talked to all these girls but haven’t found The One lately, right? Wrong. I don’t know if she’s The One, necessarily, but she’s a good prospect. We talk a lot and she doesn’t run away. I know her well enough to know there’s a joke hidden somewhere in almost everything she says, but I don’t know her well enough to catch it every time yet. She understands. I don’t fret when I talk to her, and I don’t dread hearing from her. We seem to understand one another. Good signs, definitely. So what am I doing about it?

I didn’t look for a smooth way to ask her out. I brought it up. She saw it coming. I wasn’t visibly nervous, but I got choked up for a minute. You can’t control your subconscious, after all. “I’ve been thinking,” I said. She saw it coming and seemed to enjoy it–here’s a guy who’s confident, yet vulnerable. My vocal chords betrayed that. (Girls seem to like confidence spiked with vulnerability.)

Then I asked her out.

She said yes. She left herself a small door for escape. Then she closed that door.

And that’s the end of the story, for now.

Now, if I were in the mode of relying on wife and kids for my self-fulfillment, I’d be a basket case right about now. What if she cancels? What if it doesn’t go well? What if it does go really well, but then when I propose to her she says no? What if I never find another girl like her?

That’s thinking way too far ahead. That’s too much pressure. It’s not fair to her. She’s got too many other things to think about to have to deal with all that. Every worthwhile girl does.

I’ve said a few things to her that seemed to really make her feel good. So yes, I get some fulfillment from that. I get some fulfillment from work. I get some fulfillment from this site, though it’s been months since I’ve checked my logs so I have no idea how big my readership is now. I get some fulfillment from the things I do at church. And I get some fulfillment whenever a friend calls up and asks for advice or a favor.

If I’ve learned anything, it’s that fulfillment shouldn’t come from one place. All of those things will let you down at one point or another. But if you’ve got enough other things, when one thing lets you down the others can still buoy you up.

Worst practices for e-mail

If you want to wreck your computer with a virus and put your neighbors’ computers at serious risk, there’s a really easy way to do it. Just be really cavalier with your e-mail habits. Approach e-mail with reckless abandon, and you’ll quickly receive your just reward.
But if you like having a computer that works well, and you kind of like your neighbors, there are things you can do to minimize your risk. If, on the other hand, you want to leave your mark on the world in a negative way, do the opposite of the things I suggest here.

1. Acquire good anti-virus software and keep it up to date. I’ve been configuring Norton AntiVirus to update itself every day. It’s excessive, but since it’s impossible to guess when the next big thing will come out, and it might hit you before you know about it, it’s the only safe way. Update every day, and keep autoprotect on, so that files are scanned as they’re created. That way, if you get a virus, it won’t get far. I also set NAV to scan the entire computer–all files, not just executable files–at least once a week.

While sweeping the network at work, I found copies of Nimda, but I also found old friends like SirCam, Happy99, PrettyPark, and Kak. Obviously people were aborting the scheduled updates and scans.

2. If you do get infected, don’t count on your antivirus package to completely clean up the mess. Visit www.sarc.com or www.antivirus.com/vinfo/virusencyclo to download a specialized removal tool for the virus your antivirus package caught. Run it to remove any residual damage your antivirus package may have missed.

3. Don’t take e-mail attachments from strangers. I take an even stronger stance than that. Frankly, when someone sends me e-mail with an attachment, the first thing I do is delete the message. I don’t even open it. I don’t care if I’ve known the guy who sent it for 10 years. Some attachments can execute without you even opening the message, so the only safe thing to do is delete it.

The only exception I make is when someone e-mails me and tells me something’s coming. Sure, I’ll look at my friend’s resume, as long as he lets me know ahead of time that it’s coming and I should look for it.

Yes, I miss some good jokes and fun games that way. But you know what? I’d rather be accused of having no sense of humor than to have to rebuild my computer. I don’t have time to rebuild my computer. I’m already too busy rebuilding the computers that belong to people who open each and every e-mail attachment they get.

The virus of the week is W32.Vote.A, which masquerades as a chance to vote for peace or war between the United States and the Middle East. It doesn’t actually let you vote; it e-mails itself to your contacts and deletes files off your drive.

4. Don’t be the first on your block with the newest Microsoft software. Microsoft continues to refuse to take security seriously. No one in his right mind should be running Internet Explorer and Outlook Express 6.0 right now. Every single dot-oh release from Microsoft in recent memory has been an atrocity. Get Internet Explorer 5.5SP2 and stick with it. It’s fast, it’s as stable as anything Microsoft has written, and all the known holes that viruses exploit have been patched. Is the same true for 6.0? Who knows?

5. Don’t use a Microsoft e-mail client if you can help it. Microsoft’s the biggest kid on the block, so their mail clients are the most frequent targets. They also have more security holes in them than a vacant building in East St. Louis. There are a number of competent alternatives out there, including Pegasus, Netscape Messenger, and Qualcomm Eudora. (Just watch out for Euroda’s spyware–run Ad-Aware from www.lavasoftusa.com after you install Eudora.)

6. If you must use a Microsoft e-mail client, turn off the preview pane. Also, go to the client’s security options and put it in the Restricted Sites zone. That way when some idiot forwards you a message with hostile ActiveX code in it to automatically execute an attachment that e-mails itself to everyone in your inbox and address book and then low-level formats your hard drive, you won’t be affected. There is absolutely no legitimate reason for HTML e-mail to contain any ActiveX, Java, or JavaScript.

7. Don’t run any Microsoft software if you can help it. A Mac doesn’t count–the most popular Mac application is (drum roll please) Microsoft Office. Besides, there are plenty of Mac viruses out there to get you too. I’m writing this on a cheap PC running Linux. I use a tiny, lightning-fast mail client called Sylpheed. It takes up 733K on my hard drive. Outrageous, isn’t it? I use a tiny, lightning-fast Web browser called Dillo. It’s secure as a rock because it doesn’t do Java, JavaScript, or ActiveX. It renders pages instantly. It’s 240K in size. They’re both in alpha testing, but they crash less for me than Internet Explorer 5.5 and Outlook 2000SP2. And don’t be fooled by the tiny size: I compiled them for speed, not size. If I’d used size optimizations they’d be a lot smaller.

8. Don’t run your Web site on IIS. Even the Gartner Group is recommending everyone abandon IIS ASAP. It’s impossible to keep up with the patches well enough to prevent outbreaks like Nimda. Nimda knows about 16(!) security holes in IIS that it can exploit in order to send itself to people who visit your Web page. Yes, people try to hack Apache. Of course they do–70% of the Web uses it. But I hear of one Apache vulnerability a year. That compares to one IIS vulnerability a week. It is fiscally and socially irresponsible to bank your business on such an insecure, poorly written piece of software. (This site runs on Apache, and its only downtime in five months has been from a power failure. Zero crashes, no having to take it down to apply a patch. My system uptime reads 112 days.)

How I set up Greymatter for Weblogging

How I set up Greymatter for Weblogging. First things first: I’m sure everyone’s asking how much hardware you need. I’m using a Pentium-120 with 64 megs of RAM, and it’s plenty fast most of the time. It takes a little while to regenerate all the templates, but other than that it’s mostly sitting idle. Any Pentium-class machine should be plenty. I’d be hesitant about using a 486 because the templates will take an awfully long time to rebuild. Remember, Greymatter’s written in Perl, and Perl’s an interpreted language. Interpreters are slow for the same reason emulators are slow–the translation is real-time.
But Greymatter offers advantages. You can control your destiny. You have total control over your site–it’s running on your Linux box. And you’re free from FrontPage’s tyrrany. Did I hear cheers? Most importantly for me, I set the clock. I can set the clock ahead a couple of hours, make my post at 10 p.m., and it’ll be dated the next day. That can only mean… The return of the infamous Farquhar Time Machine. I can start sleeping in again! Or go to work earlier… Hey, I can start sleeping in again!

Anyway, I had the Pentium-120 already configured with Mandrake 7.2, but I discovered Mandrake 7.2 in high security mode doesn’t seem to allow Web traffic from the outside world. So I installed Mandrake 7.2 again in low-security mode. I used a server installation. The only things I really cared about were Apache and Perl, but I didn’t feel like de-selecting everything. Both will be in there by default. I think Perl’s part of the Development group during installation. I’m not sure what group Apache is in. I don’t recommend running XFree86 on your server. Those memory resources are better used for server purposes. Oh, and one last thing: Don’t use DHCP. Give your Web server a local, static IP address.

Once I was up and running, Apache wasn’t running by default, so I dinked around with a cp /etc/rc.d/init.d/httpd /etc/rc.d/rc3.d/S45httpd so that Apache would start on boot. Then I started Apache by executing /etc/rc.d/rc3.d/S45httpd start. Of course there are plenty of other ways to accomplish the same thing. It was close to midnight and I just wanted the thing open to the world at that point.

Then I pointed my Web browser at the server’s address, and my embryonic Weblog came up.

It won’t happen that way for you, because I already had Greymatter installed and configured before I did all that. In other words, I did things bass-ackwards. You should do it differently. Get Apache working right first. It’s less frustrating that way.

With Apache installed and running, point a Web browser at it. You should see some kind of Apache welcome screen–it’ll vary based on your Linux distro, but it’ll basically be some kind of show-off screen. You see it? Great. You don’t? Get Apache working. How? I dunno. Make sure it’s running, first of all. Type the command pidof httpd. You should get a couple of numbers. Maybe a lot of numbers. If all you get is a blank line, then Apache’s not running. If it’s running but not responding, you’ve probably got a problem with the configuration file. The default configuration file for Apache, unlike the default configuration of a lot of programs, does work reasonably well. The defaults will certainly do for a Weblog. Start with the default config, get it working, then get fancy later.

Working? Great. Open up port 80 on your DSL router and point it to your server’s address. Don’t expose any other ports. This improves security immensely. Now go to www.grc.com and run Shields Up!, then Probe My Ports. Port 80 should be open. If it’s not, either your Linux box is too secure (I wish I could offer some advice there but I don’t know much about un-securing a Linux box) or your router’s not forwarding the port right.

By default, in Mandrake at least, Apache puts its HTML files in /var/www. So, first, clear out /var/www/html. Next, I put all of the Greymatter files in /var/www/cgi-bin. Then I created directories named Archives in both /var/www/cgi-bin and in /var/www/html. The documentation is pretty good about what files need permissions of 755 and what needs 777 (yuck!) and what needs more restrictive settings, like 644 or 666.

As an aside, the archives directory being chmodded to 777 makes me nervous. That means that if I install Greymatter to a server that shares space with someone else, the entire world can see that directory. They can’t manipulate anything inside there as long as the files inside have more restrictive permissions, but I always cringe every time I see anything with 777 permissions. I knew people in college who’d just chmod everything to 777 because then it meant everything just worked all the time. Unfortunately, anyone who had telnet access to the machine could then go into that directory and change anything. I’m not as concerned about that, since I don’t share this PC with anyone. But 777 still doesn’t give me warm fuzzies. Unix ain’t Christianity. In Unix, 666 is ok (but 644 is much better), and 777 is a hacker’s delight, and therefore, pure evil.

After you chmod all your files, assuming your server is at 192.168.1.2, go to http://192.168.1.2/cgi-bin/gm.cgi. Greymatter should pop up. Go to the configuration screen and run down the line:

Local log: /var/www/html
Local entries: /var/www/html/archives
Local CGI: /var/www/cgi-bin
Website log path: /
Website entries path: /archives
Website CGI path: /cgi-bin

Set the other stuff the way you want it. Now hit Save Configuration. Now, immediately run Diagnostics and Repair. This will ensure that all files are where they need to be and permissions set correctly. If it can’t find something, do what you have to to satisfy it.

Now you’re ready to start editing templates and adding entries. You’ll need to exercise your HTML skills for that, or rip off someone’s templates. I didn’t look too hard, but I’m sure there are people out there offering Greymatter templates. If you have to, use an HTML generator to draw what you want, then take the code and put it in the template. I know HTML, so I coded mine by hand. That’s why they’re still sparse. The basic layout is there; I need to flesh it out. And I haven’t entered every template yet myself.

Now, for backups and stats… Backups are easy. I use the command tar -c /var/www >/home/dave/backup.tar. It only takes a second. You can compress the tar file and throw it on a floppy with the mcopy command. Or if Samba’s also configured and running, backup to a network-accessible directory and pull the file over to another machine.

For stats, I use LiveWebStats, but I don’t like it. Any Apache log analyzer will work.

There’s one other issue with Greymatter. It sends passwords plaintext, and thus, they’ll show up in your logs. So don’t make your stats public, at least not your referrers. If you’ll have remote editors, you need to consider that vulnerability–an editor’s password can potentially be intercepted.

Setting up Greymatter is a lot of work, but it’s a one-shot deal. You make your design, then it’s content-driven. Change your design, and it applies to the whole site. Nice. And when you publish, you only publish your new stuff.

But overall, I like Greymatter an awful lot.