How long it takes to paint a room with a Graco 360DS paint sprayer

It takes about an hour to paint a room with a Graco 360DS paint sprayer. Here’s why I know that. I had to paint a house this month for the first time in about five years. I don’t particularly enjoy painting and I’m not particularly good at it.

An old high school friend helped me out with the exterior, and after seeing his paint sprayer, I had to get one myself. Mine’s less expensive and less fancy than his: I bought a handheld Graco 360DS. While it has some limitations, I’m very glad I bought it.

Read more

Cleaning a PC when fdisk-format-reinstall isn’t an option

There are any number of pie-in-the-sky pundits who will tell you when a computer starts to get slow, to format the hard drive, reinstall Windows, and go on your merry way.

Unfortunately it’s not always realistic. I don’t clean up PCs all that often anymore, but here’s what I do when I need to.

Read more

The difference between a vulnerability scanner and a SIEM

I heard an interesting question the other day: What’s the difference between a vulnerability scanner and a SIEM? Qualys and Nessus are examples of vulnerability scanners. Arcsight and Splunk are examples of SIEMs.

To a security practitioner, the tools couldn’t be much more different, but not everyone is a security practitioner.

On a basic, fundamental level, a vulnerability scanner deals in what’s missing in the environment and what could happen as a result of those things that are missing. A SIEM deals in what actually has happened and is happening.

Read more

Dual screen Citrix, or dual monitor Citrix

Dual screen Citrix, or dual monitor Citrix

At my current and immediately previous job, we made heavy use of Citrix. Citrix makes remote access and administration really convenient. But you don’t get dual screen Citrix by default, and that’s a shame.

Read more

A few more WordPress security tips

There’s some nasty WordPress malware (Link removed in retaliation for Conde Nast’s 11/3/2025 layoffs. Sorry not sorry.) circulating right now. I haven’t fallen victim to that one, but I caught the very early stages of infection myself all too recently. WordPress itself was just updated to close some vulnerabilities, but the biggest problem is the plugins. Unfortunately, the plugins are the main reason to run WordPress.

At my day job, I’ve had the pleasure of working with a very security-conscious webmaster for the last couple of months, and he and I talk about WordPress security frequently and look into what we, or anyone for that matter, can do to make the best of the situation. Here’s what he and I have found in the last week or so.

Read more

Easy model corrugated or wooden fences for train layouts

If you want model fence for your train layout, there’s an affordable solution sitting in your hardware or home improvement store for providing easy model corrugated or wooden fences for train layouts.

Read more

New password advice from GCHQ

New password advice from GCHQ

The GCHQ is the British equivalent of the NSA. They recently published a new document containing the GCHQ’s new password advice in light of the things we’ve learned in the last few years. It’s worthwhile reading, whether you’re a sysadmin or a web developer or just an end user who wants to stay secure online.

Some of the advice may be surprising.

Read more

Windows 7 spies on you like Windows 10 now

This is a few days old now but needs to be addressed–a lot of people were planning on staying on Windows 7 because they don’t like Windows 10’s new privacy settings, but unless you uninstall some stealthy updates, Windows 7 spies on you too.

Microsoft used to call this “scroogling,” and launched a massive PR campaign against Google, but now they’re doing exactly the things they blasted Google for doing, only they’re collecting money to do it.

So basically Microsoft is trying to have it both ways now–charge for the OS, but treat the consumer as a product. Windows 7, of course, was a paid upgrade, and Windows 10 is only free under special circumstances–businesses and OEMs still pay for it.

To make Windows 7 and 8 stop scroogling you, uninstall KB3068708,  KB3075249, and KB3080149, all of which have the word “telemetry” in their description.

The workstation events you want to be logging in Splunk

Every once in a while the NSA or another government agency releases a whitepaper with a lot of really good security advice. This paper on spotting adversaries with Windows event logs is a fantastic example. It’s vendor-neutral, just talking about Windows logs and how to set up event forwarding, so you can use the advice with any log aggregation system or SEIM. I just happen to use and recommend Splunk. But whatever you use, these are the workstation events you want to be logging.

I want to call your attention to a couple of items in the paper. Most breaches begin on workstations, and this paper has the cure.

Read more

Security flaws in security tools are all too common

Fireeye runs a bunch of its processes as root, a practice that’s been a no-no since the late 1990s, and they’re more interested in litigation than they are in working with the guy who discovered it.

The attitude is all too common.

Read more