vector

Simple tips to prevent ransomware

Dave Farquhar security , , , , , , , , ,

Last week at work, I noticed some odd events in an event log, and when I investigated them, I found they were part of a failed ransomware attack. This got me thinking about how to prevent ransomware at home.

Ransomware, if you aren’t familiar, is an attack that encrypts your data and demands a ransom, usually around $300, in bitcoins, and you get a short deadline until it destroys your files. More often than not, paying the ransom is the only way to get the files back, so it’s much better to prevent it.

Read more

How to mitigate MS15-078 or future Microsoft font driver vulnerabilities

Dave Farquhar security , , , , , , ,

Microsoft rushed out an out-of-band patch, MS15-078, to deal with active exploits in their font driver yesterday. Since pushing out patches takes time, my boss asked me what we could do to mitigate the issue in the meantime.

The biggest threat, by far, is exploit-bearing fonts being downloaded from web sites. Ideally you only install trusted fonts from trusted sources locally on your workstations, right? If not, I suggest you start that practice as well.

You have a couple of options when it comes to blocking fonts in browsers.

Read more

Port 2381: What it is and how to manage it

Dave Farquhar security , , , , ,

I was doing some scanning with a new vulnerability scanner at work. It found something listening on a lot of servers, described only as Apache and OpenSSL listening on TCP port 2381. The versions varied.

Luckily I also had Qualys at my disposal, and scanning with Qualys solved the mystery for me quickly. It turned out to be the HP System Management Homepage, a remote administration/diagnostic tool that, as the title says, lets you manage HP server hardware. It runs on Windows, Linux, and HP-UX. Read more

If you need a vector drawing program, Microsoft Expression Design is free now

Dave Farquhar Software ,

For some reason, Microsoft decided several years ago that they needed to market a vector drawing program. It flopped. There may have been several reasons for it, but I’m sure one of the reasons was marketing.

At any rate, they decided to discontinue the product and offer it for free download. Read more

Workable two-factor authentication

Dave Farquhar security , , , , , , ,

I’m several months late to this party, but I just saw Marcel’s post on Google’s two-factor authentication with a smartphone.

He’s right. It works until someone steals your phone. Once someone steals your phone, you’re in a world of hurt. It’s just a compromise, until we find a way to do two-factor authentication the right way.

The right way is with a smartcard, issued by some sort of central authority. Read more

End of the innocence for Mac security

Dave Farquhar Macintosh, security , , , , , , , , , , , , , , , , , ,

Antivirus vendor Kapersky has identified a new trojan horse targetting Macintoshes.  It spreads a botnet based somewhere in China via an infected Microsoft Word document, typically sent as an e-mail attachment.

The spin is that if you don’t use Word on your Mac, you’re safe. That’s true–this week. But going forward, it’s going to take more than that. Read more

Was CP/M overrated?

Dave Farquhar Retro Computing , , , , , , , , , , , ,
Was CP/M overrated?

Veteran tech journalist Dan Tynan recently published a list of 10 overrated technology products, and CP/M was on his list. But was CP/M overrated? I want to dig into that question a bit.

I think everyone knows the story of how IBM almost used CP/M as the operating system for its PC, but ended up using an upstart product from a small company named Microsoft instead. We’ll probably never know exactly what happened, seeing as the author of CP/M is dead and his business partner is no longer able to recollect those events from the 1980 timeframe, and IBM and Bill Gates have no reason to embarrass themselves by revisiting the story.

But CP/M was the first and most popular operating system for early 8-bit computers, so people who used it remember it fondly, and the way Microsoft steamrolled it made Gary Kildall and his operating system folk heroes to underdog lovers everywhere. Even people who never used it and weren’t even born when Kildall’s company ceased to exist have at least a vague idea of what it was.
Read more

Graphics software for Windows revisited

Dave Farquhar Software , , ,

My girlfriend was asking me about graphics software today. She’d been trying to use Paint Shop Pro as an inexpensive alternative to Adobe Illustrator and, predictably, was disappointed.

The GPL alternatives to Illustrator still lack at least one crucial feature (bitmap pattern fills) but I remembered reading about Serif DrawPlus.Serif is a manufacturer of cheap desktop publishing/graphics software. By cheap, I mean they aim for the $99 price point for their flagship product, then they give away older versions, and, at least sometimes, when you download the older version they offer you a somewhat less-old version for $10 or $20.

So I downloaded DrawPlus 5 and played around with it. It’s a bit basic, but it has all of the fundamentals. After about five minutes of playing around I was able to do some nice effects with text–for example, I was able to add a border to the edge of the letters, add fills, and even add a transparency effect. Cool.

Standard polygon and circle tools are there too, and you can combine multiple shapes into more complex shapes. If you can picture something as boxes and other simple shapes, you can draw a scaleable image of it with this program.

Why yes, I do think I’ll be using this to draw buildings and such for my Lionel layout. How’d you ever guess?

It’s not as powerful as Illustrator, but for a lot of people it’ll do what they need. Someone unfamiliar with vector graphics might be more comfortable with a simpler program like this, then switching to the higher-end software after running up against the simpler program’s limitations. (For years journalism schools taught desktop publishing by teaching students Pagemaker first, then QuarkXPress, since the latter is much less intimidating once one is familiar with the basic concepts.)

Check it out at freeserifsoftware.com. Serif also offers a raster image editor (a la Photoshop) and a desktop publisher under the same plan.

A first look at Inkscape

Dave Farquhar Software

I’ve been playing with the Windows version of Inkscape, which bills itself as an open-source SVG editor. It doesn’t bill itself as an Illustrator/Corel Draw/Freehand killer, but as a simple vector drawing program, it works.

It takes getting used to. But I think I like it.I’ve talked before about free Windows graphics software but I didn’t mention Inkscape because the Windows port did not yet exist.

I don’t try to draw scaleable pictures of people. I draw objects, typically boxy objects. It works for that.

The ability to draw and finely position polygons and curves is there and obvious. The ability to do fills using patterns is there, though its use is a bit less obvious. (I did find an Inkscape pattern tutorial, but haven’t tried it yet.) The ability to group and ungroup objects is there and obvious. As is the ability to change an object’s dimensions using the keyboard, so you can get an object to be exactly 2.5 inches long if need be.

It also has the ability to simplify a shape you select. This is good if you have a shaky hand and couldn’t quite get something straight but came close. It can also bring an artsy feel to something, since simpler objects often appear more pleasing.

My biggest gripe is the grid. I don’t know what it’s measuring or where its origin is. It doesn’t line up with the ruler, so if I want something offset by a quarter-inch relative to another object, it’s difficult to do. I found myself drawing a lot of lines the length of the offset I wanted and using those to position objects, and just using the grid to get me in the right neighborhood.

But it’s a promising piece of software. I’ll use it because the price is right (free) versus the alternatives (hundreds of dollars). And if it’s anything like other pieces of open source software, it’ll steadily improve. It’s only on version 0.39 right now. Mozilla had some rough edges at version 0.3x too.

The key to drawing, which my art-teacher girlfriend told me and I’d never heard anywhere else, is not to look at the whole, but break the object you’re drawing into the simplest shapes you can. Draw and arrange those shapes, and you get a whole drawing.

If you can think like that, you can use Inkscape. If you can’t, it’ll frustrate you. (But most drawing programs probably will.)

Free graphics software for Windows

Dave Farquhar Software , , ,

Even people who use Windows exclusively have probably heard of The Gimp, which Linux and Unix users often proclaim as the “free alternative to Adobe Photoshop.” While Photoshop is in no danger of being displaced in the industry, Gimp is certainly more than adequate for most use.

But installing it in Windows has never been easy, unless you knew a well-kept secret: the URL for Installers for Gimp for Windows. (The Windows page at gimp.org is pretty intimidating.)All you need to do is download both files, the GTK+ 2 toolkit and Gimp for Windows. Install GTK+ first, then install Gimp, and you’re golden. Although the current version 2.0 is still pre-release, it’s much nicer than the “stable” 1.2 release–it has more features and a better user interface, and frankly, I don’t find it any less stable.

You’ll almost definitely want to keep the link to Grokking The Gimp handy. It’s a professionally written book that’s freely distributable, or, if you prefer, you can buy a print copy. Gimp is easy enough to understand if you have a guide, but you need a guide. Given that book, even a drawing klutz like me was able to do some drawings that turned heads. (Paper buildings on a model railroad layout, in my case.)

The copy of GTK+ on the Installers for Gimp for Windows site is also the secret to getting the Win32 port of Sodipodi up and running. Sodipodi is a free vector drawing program, similar in function to Adobe Illustrator, Macromedia Freehand, or Corel Draw. While not as full featured as the current version of any of them, again, it’s good enough for most casual use. Don’t be put off by its low version number; its primary author is a perfectionist. It’s at least as stable as most of the commercial low-end graphics programs I’ve seen for Windows.

There is no equivalent to Grokking The Gimp yet for Sodipodi. This Sodipodi Guide will get you started.

If you want to play around with graphic design and can’t afford to buy Photoshop and Illustrator (even the educational prices can be a bit high for some people), playing with Gimp and Sodipodi is a good way to learn the basics in order to see if you even want to learn more about drawing with a computer. Who knows, the current or some future version may even prove to be all you need–saving you from ever having to buy the commercial software.