Software

My first Windows 7 build

Dave Farquhar Hardware, Software, Uncategorized, Windows , , , , , , , ,

I rebuilt a friend’s Windows 7 system this week.

The system includes a 30 GB SSD to boot from, and a RAID 1 mirror of 1 TB drives for storage. Aside from the two 1 TB drives, it’s basically a collection of $100 components. $100 Asus motherboard, $100 video card, $100 CPU. It seems like right now, no matter what individual system component you’re looking at, $100 buys you something really nice without going too far over the top. I’m sure certain aristocrats might disagree, but any reasonable person ought to really like using this system. Read more

The solution to paper passwords

Dave Farquhar Software , , , , , , ,

I know your passwords are either written down or insecure. I know it just as surely as I know New Year’s Day is January 1.

I know because passwords have to be incredibly complex to be secure, and I know because the typical person has to juggle half a dozen of them, or more. Think about it. Your work account. Amazon. Ebay. Paypal. Facebook. Your bank. Your personal e-mail. Your credit card. Your online billpay service.

I know you’re not going to memorize a half dozen gibberish passwords that look like 5E%c2.3730pK$0/.

So you have them written down somewhere, which is OK, or you have them all set to the same thing (hopefully not “popcorn”), which isn’t OK. Even if you’re using 5E%c2.3730pK$0/ as your password.

A secured piece of paper works fine until you lose it, or you’re out somewhere and don’t have it.

The solution is a product called Lastpass. Software legend Steve Gibson talked about it at great length at http://www.grc.com/sn/sn-256.htm.

Basically it’s a program, which can run standalone or as a browser plug-in, that stores passwords securely. It mathematically slices and dices the data so that all that’s stored on LastPass’ servers is undecodable gibberish, but, given your e-mail address, your password, and a printable grid you can keep in your wallet, you can decode your password database from any computer, anywhere you happen to be.

There’s a lot of nasty math involved in cryptography, and I won’t pretend it’s my best subject. Gibson goes a lot further into the details than I want to get into. As someone who knows enough about cryptography to get CompTIA Security+ certification, and someone who’s read the official CISSP book chapter on cryptography twice, it sounds good to me.

An additional feature is the ability to store things you need rarely, but when you need them, you need them desperately. Things like your credit card numbers, driver’s license number, and your kids’ social security numbers.

There’s a free version of Lastpass, and a premium version that works on mobile phones and mobile software like Portable Firefox, which costs $12 per year.

The free version runs on Windows, Mac OS X, and Linux, which covers more than 99% of the computers out there today. And it runs in every major browser.

When you go to run Lastpass, it will import your stored passwords from your web browser(s). And it will give you a rating, based on how secure your passwords are and how often you re-use them. It will generate secure, random gibberish passwords for you and help you visit sites and change your passwords. Along the way it grades you, helping you to increase your security.

It can synchronize too. So if something happens and I have to change my Amazon password and I’m at work, my wife gets the changes, so if she needs to get into Amazon, she doesn’t have to do anything different.

It makes good security an awful lot less painful. I can pretty much say, without reservation, knowing nothing about you except that you use a computer, that you need this.

What to do when a Microsoft patch won’t install

Dave Farquhar Software, Windows ,

Every once in a while, when you push patches for a living, you come across a time when a Microsoft patch won’t install. This is one of those times, and what I did to fix it.

So, Microsoft KB947742, an old .NET 1.1 fix, refused to install on one of the servers at work. When I ran the executable, all it did was pop up the window showing the Windows Installer switches or parameters. Searching Google turned up a number of people having the problem, but no solutions that worked, although reinstalling the .NET 1.1 Framework and the latest version of the Windows Installer are always good ideas when you run into weird problems. .NET 1.1 is extremely fragile anyway, and reinstalling it along with all applicable hotfixes has worked for me in the past to resolve weird issues, such as permissions issues showing up in the security log. Or .NET applications just suddenly not running anymore, even though they ran just fine yesterday.

I tried everything I could think of and finally stumbled on a solution. I have absolutely no idea why this works. First, I opened a command line, changed into the directory where I had stored the patch, and I ran the following command:

NDP1.1sp1-kb947742-x86.exe /extract .\947742

This extracts the update to a directory called 947742. Inside that directory, I found a single file, named NDP1.1sp1-kb947742-x86.msp. When I double-clicked on the file from Windows Explorer, it installed.

I’ve applied this patch on more than 100 servers and I recall only having the problem on one of them. And, oddly, all other .NET patches and for that matter all other recent Microsoft updates apply to this machine just fine.

I suppose the same fix could work on other Windows updates that supply only a window full of switches instead of installing, or other weird installation issues. It’s worth a shot if nothing else works and you can’t (or would rather not) open a support case with Microsoft.

This is a strange case. If you’re running WSUS or (better yet) Shavlik Netchk and a patch refuses to install, try logging in, downloading and running the offending patch manually and note any error messages. Maybe, just maybe, this fix will help you. Or better yet, maybe the patch will tell you what you need to fix, but don’t count on it.

When absurdity strikes, try extracting the patch and poking around inside, like I did in this case.

How I changed servers midstream

Dave Farquhar Apache, Linux, Servers and Networking, Software , , , , , , , ,

When upgrading this site, I replaced the underlying hardware as well. The old server was just a dead end in too many regards to be worth upgrading in place, and besides, being able to run new and old side by side for a time is helpful.

This type of maneuver is routine work for a professional sysadmin. But it’s been at least two years since I’ve done a similar maneuver at all, and at least five years since I did it with Linux.

When I built the new machine, I gave it a unique IP address. Turnkey Linux makes getting an operational LAMP stack trivial, and depending on what you want to run on that stack, you may even be able to get that installed for you too.

Unfortunately for me, the Geeklog migration tool doesn’t seem to work with WordPress 3.0.1. So I had to get WordPress running on my old hardware in order to migrate. I chose WordPress 2.0.11 because the 2.0 branch appeared to be the current branch when Justdave wrote his migration tool, and 2.0.11 ran without complaint on the dated versions of PHP and MySQL that were on my old server.

After importing the content, I used mysqldump to export my databases. Specifically:

mysqldump --opt -u [mysql username] -p [database name, probably wordpress] > wordpress.sql

I should have gzipped the file, but I didn’t.

gzip wordpress.sql

I then connected to the old server via FTP and transferred the file. Use your favorite file transfer method; I happened to have FTP set up for my internal network.

Uncompress the file if you compressed it:

gunzip wordpress.sql.gz

Then restore the file:

mysql -u [mysql username] -p [database name] < wordpress.sql

Or, if the database already exists, like in my case:

mysqlimport -u [uname] -p [database name] wordpress.sql

Then I connected to the webserver via my web browser. WordPress 3.0.1 saw the WordPress 2.0.11 database and informed me that it needed to be upgraded. So I let it do its thing, and a few minutes later, I had a functioning WordPress site with 10 years’ worth of legacy entries.

I messed around with it for a while. Finally, I decided to go live. And at this point, I should have physically moved the new server into its permanent home. I didn’t do that, so now when I decide to move the server, I’m going to have some downtime.

To flip the IP addresses, you need to know where your Linux box stores its IP address. Debian and Ubuntu both store it in /etc/network/interfaces. As far as I can tell, Red Hat and derivatives like CentOS store it in /etc/sysconfig/network-scripts/ifcfg-eth0, but I haven’t used Red Hat or a derivative in a long time, perhaps 2003.

If worse comes to worse, try something like this to determine where it’s stored:

grep -r [ip address] /etc/

I edited the appropriate file on both boxes, changing the IP address while leaving all of the other parameters unchanged.

I then issued the command ifdown eth0 on both machines.

On my new production server, I then issued the command ifup eth0. Depending on the Linux distribution, it might also be necessary to re-issue a default route command. I didn’t have to do that.

Depending on how much Linux/Unix cred you have at stake, you could just do it the Windows way and reboot the box. Or both of them.

Once I was satisfied everything was working, I powered down the old server and celebrated.

Hey! I’m famous!

Dave Farquhar Personal, Software, Viruses , , , ,

I got mentioned in a post about Adblock Plus on Lifehacker.

In a comment about something else, I mentioned that you should install Adblock Plus and turn on the Malware Domains subscription to give yourself protection beyond what your antivirus software does. If intercepting bad-guy software is good, not even downloading it in the first place is better.

I guess someone liked the advice.

Make Firefox run like new

Dave Farquhar Software

This is an unbelievable trick. If you’ve been running Firefox for a long time, it gets a lot more sluggish. Here’s how to optimize its databases and give it back its youthful vigor.First, go to Tools, Error Console. Copy and paste this long and obnoxious line in:

Components.classes["@mozilla.org/browser/nav-history-service;1"].getService(Components.interfaces.nsPIPlacesDatabase).DBConnection.executeSimpleSQL("VACUUM");

Click Evaluate and wait. Firefox will appear to lock up, but fear not, when the query finishes, it’ll recover with a vengeance, loading faster, rendering pages faster, and doing just about everything faster.

The difference could be enough to cure new-computer fever, in some cases.

You can close the Error Console window after it finishes.

What this trick does, from a technical standpoint, is dump all the empty space in the databases where it stores all of your data (bookmarks, browsing history, usernames, stuff like that), making it smaller and easier to manage, and, in turn, faster. Whenever data expires, it’s blanked out rather than truly deleted, so the databases just keep on growing over time, contributing to Firefox’s slowdown.

A better, faster Firefox for Windows

Dave Farquhar Software , , , , , ,

Compiling Firefox for modern-ish (Pentium 4 and newer) CPUs is relatively common on Linux, and presumably on Mac OS X also, but not for Windows. On Windows, Firefox assumes you have a first-generation Pentium CPU, since that’s the slowest CPU that will boot Windows XP.

Enter Pale Moon.Pale Moon is compiled to use the instruction set in newer Pentium and Athlon 64 CPUs. In layman’s terms, this results in about a 25% increase in performance, which is significant.

Also significant is that the current version is based on 3.6.3 of Firefox, before Firefox broke Farmville, people started laying eggs, and they started breaking Firefox to keep Farmville working.

I couldn’t care less about Farmville and other stupid Facebook games; I just want Google Maps to be fast.

And in my quick tests, Pale Moon is fast. It loads faster than the standard Firefox build. It renders complex pages like Google Maps faster.

I’m not ready to make it my default browser yet, but so far I like what I see. It at least narrows the performance gap with Chrome, while retaining the user interface and keyboard shortcuts I’ve been using since those pre-release versions of Netscape I was using in 1994.

Experimental, optimized Firefox builds have come and gone over the years. Hopefully this one sticks around a while.

Release Watson, IBM. Now.

Dave Farquhar Software , , , ,

Remember Deep Blue? The computer that beat Gary Kasparov? It seems IBM’s next target might be a Jeopardy-playing computer.

Whether this computer can ever beat Ken Jennings at Jeopardy is irrelevant. If it were commercialized, this thing could change everything overnight.The New York Times article goes into it. Here’s the thing. Being good at Jeopardy requires several skills, one of which is being able to retain and cross-reference information. Watson is amazing at that. Better than a human being, right now. Second is being able to understand questions. It might be better at understanding a tricky question than my two-year-old son, but not much. It’s better than any other computer I’ve seen.

When I played the demo hosted at the New York Times, I won, but it came down to the last question. Mostly it came down to the questions that included puns and, let’s face it, misuses and abuses of language.

But in the real world, we don’t ask questions like Alex Trabek does on Jeopardy. At least we don’t if we don’t want our colleagues to hit us with a broom. And in the real world, we don’t mind re-phrasing a question when we have to, if it gets us better answers.

The article in the Times cited a possible application. Feed Watson all available medical journals and textbooks. It could then dispense medical advice. But would a surgeon trust it when seconds count?

I think that’s the wrong question. In trial runs playing Jeopardy, Watson isn’t at its best when seconds count, which is why Ken Jennings will probably beat Watson every single time.

But imagine situations where there’s lots of available time. A patient is describing symptoms. Enter the symptoms into Watson. What does Watson think? But more importantly, why does Watson think that? Watson should spit out the opinion and the articles that led it to that conclusion. Let the doctor read the articles and come to a reasoned conclusion.

What about when seconds count? Run drills through Watson when seconds don’t count, so doctors can practice their imprecise science and get better. Don’t rely on the technology directly when seconds count–rely indirectly instead.

But doctors aren’t the only ones who can benefit from Watson. I once worked someplace that referenced every shred of data it had through a search engine called htdig. It was next to useless. It could give me a list of documents that contained words I was looking for, but had no way to rank them. It was marginally better than connecting to a file server and using FIND or FINDSTR or grep from a command line. Which was something that’s worked since at least 1990, possibly longer.

Today I work someplace that has a Google search appliance. It’s marginally better than htdig. But not much. When a complicated question comes across my desk, I still spend 8 hours digging through semi-relevant documents in search of an answer.

Watson provides a different approach. Ask Watson how far apart two computers have to be in order to avoid TEMPEST, by policy. Because of its ability to link related concepts, it would be able to spit out an answer, and an excerpt from each document that led it to believe that. A question that takes me hours to answer (unless I know it off the top of my head) takes minutes to answer instead.

Even when Watson is wrong, it’s still useful. It got that opinion from somewhere, right? Read those documents. It could be the problem is that the available documents contradict themselves. So Watson could expose holes in policy and/or technical documentation that nobody is aware of.

The problem with the Information Age is that humans now are burdened with information overload. There’s too much useless information out there. A technology like Watson offers the possibility of filtering through all the noise and showing us what’s relevant. And, used creatively, it could tell us what we know but forgot to write down anywhere.

At first the idea of a computer capable of making decisions and beating Ken Jennings at Jeopardy scared me. And it probably should. But that’s not what Watson is. It’s not good enough right now to do either of those things, and, frankly, I think morally we shouldn’t make a machine and put it in charge of making life-or-death decisions for us.

But it’s good enough to change the world right now. So I think it needs to be commercialized, however that looks. One of the problems is cost, since it requires $1 million worth of hardware to run on.

Offer it as a $10 million box for governments and huge companies to use to untangle their mess of documents. The U.S. government should be clamoring to feed all it knows about Pakistan, Afghanistan, al Qaeda and Osama bin Laden into it, then ask where Osama bin Laden is, if only to see what answer it gives. It may not be able to answer that question, but I’ll bet it could answer lots of other important ones.

Feed the entire contents of The New York Times into it and charge a subscription to ask it questions. I’m sure Google could find a way to commercialize it by feeding the contents of Google Books into it.

For that matter, IBM could feed the documentation for all of its products into a standalone instance of Watson, and call it a technical support site. In reality it would just be the world’s foremost expert on AIX, DB2, Tivoli, Lotus Domino, and whatever else IBM owns these days. Why would I ever spec a competing product when I could ask IBM any question and get really good answers in seconds?

I hope IBM realizes what it has here. I really hope IBM realizes what it has. But I fear it may not.

Happy Patch Tuesday

Dave Farquhar Software , , , , ,

Today was the first Patch Tuesday in nearly four years that I didn’t have to worry about professionally. Since Microsoft released 13 patches today and Adobe released two, my former coworkers might be wondering if I knew something. (I didn’t.)

But I still patched my machine at home, and I recommend you do too. Macintosh owners, you’re not immune, so I have some homework for you too.The Adobe patches apply to Acrobat and to the so-called Adobe Reader (which used to be called Acrobat Reader). I recommend you launch Adobe Reader, go to the Help menu, and select Check for Updates. Unless you’re reading this site on a Commodore 64, these updates apply to you.

Mac users tend to be awfully smug about security, and that myth really needs to stop. Apple hasn’t released any security fixes this month, but they did release 9 fixes last month. The biggest one fixes flaws in 16 different applications. Microsoft probably would have released 16 different patches instead of just one. I prefer the Microsoft approach–besides being a little more honest, it also results in smaller download packages if by some chance one or more of those 16 vulnerabilities happen to not apply to a particular machine.

And now, please excuse me for a moment while I recover from the shock of having used the word “honest” to describe Microsoft.

Just out of curiosity, I looked, and Apple has released security updates every month this year except for April. Unlike Microsoft, they don’t follow a set schedule, and the month isn’t over yet, so I wouldn’t be surprised to see something from them later this month.

I won’t bore you with the details, but basically, what it comes down to is this: If I really want into your computer, all I really have to do is booby-trap a file and get you to open it. It could be a PDF file, a movie, a music file, or something else. I can embed code into that file that gives me complete control of the computer. I just have to know whether your computer runs Mac OS or Windows. And how to write the code, of course. (I don’t know how to write the code and I don’t want control of your computer, so there’s no reason to be afraid of me.)

If you’ve been installing your patches, there’s little reason to be afraid of the guy who who DOES know how to write the code and DOES want control of your computer.

Your computer may update automatically. If you don’t know for certain whether it does, I suggest you find out. Now. No matter whose name is stamped on the case.

I just downloaded Microsoft Security Essentials

Dave Farquhar Software , , , , , , ,

I just downloaded Microsoft Security Essentials, and, depending on your situation, I recommend you do it too.

MSSE is free antivirus software, from Microsoft. It’s not the best thing out there, but it’s far from the worst. If you don’t have any antivirus software, go get it.The usual suspects fell all over themselves to heap praise on MSSE. Some people never saw a Microsoft product they didn’t like, so no surprises here.

I trust PC Magazine a whole lot more. They found it was overall a decent product. Not top-tier, but much better than nothing, and it didn’t interfere much with system performance.

That’s the knock on a lot of AV software. Uninstall the preloaded Norton Antivirus from the computer you bought at Office Depot, and suddenly your $399 computer feels like a $3999 computer. And it might also, like, work or something. (My mom’s HP gave random filesystem errors until I uninstalled that scourge on humanity.)

If you can afford NOD32, I continue to believe it’s the best overall antivirus product out there. It’s fast, it’s reasonably priced, it catches more than any Symantec product does, and it slows the system down a lot less. It’s better than McAfee’s products too.

But if you can’t afford NOD32, I suggest running MSSE. And frankly, even if you paid and subscribed to a Symantec/Norton or McAfee product, I don’t think you lose much by switching. Regardless, it’s definitely better than running nothing.