Uncategorized

Rogue IT people and how to avoid hiring them

Dave Farquhar Uncategorized , , ,

Computerworld published a scare piece on rogue IT people.

Linuxplanet countered with a piece that was about equal parts substance and hand-waving. I found myself mostly agreeing with the Linuxplanet piece, but was disappointed it didn’t go deeper into the counter-arguments.

I’ve been on both sides of this.
Read more

Christmas Eve, a train that wouldn’t run, and a happy ending

Dave Farquhar Toy trains, Uncategorized , , , , , , , , , , , , ,

It was Christmas Eve. I finished playing Santa, then I plopped down in front of the computer to unwind and signed into Facebook. Internet pal John Dominik posted a status update about buying a Bachmann N-scale train set and it not working, and how he knew he should have tried it out before Christmas Eve. I offered to help. He related the epic troubleshooting he went through–OK, perhaps it wasn’t epic, but his account of the things he tried was longer than the Book of Jude and several other books of the Bible–and, frankly, there wasn’t anything I would have thought of that he hadn’t already tried. He went beyond that and even tried things I wouldn’t have tried. Or recommend, for that matter, but that’s OK. He mentioned he’d had a set of HO trains when he was younger, and that gave me an idea. I asked if he still had that power pack, because, if he was willing to do a little creative and sloppy wiring, he’d be able to get that new Bachmann set working with it. He said he did.

The temporary fix worked, and Christmas Eve was salvaged. John said he hoped Bachmann would be cooperative about the bad power pack.

Read more

How to get more blog traffic without being sleazy

Dave Farquhar Uncategorized ,

Something Steve A. wrote last week got me thinking. I’m paraphrasing, but if I’m interpreting him correctly, he’s written every day, or nearly every day, for about four years and would like to cut back, but is kinda-sorta addicted to the traffic he gets by writing every day. But there are more effective ways to get more blog traffic.

I think writing every day does increase your traffic, to a degree. But for long-term, sustainable traffic, I think it helps only indirectly. Here are seven things I’ve found that helped me get more blog traffic. Read more

Overused (and underused) resume buzzwords

Dave Farquhar Uncategorized , , , ,

This week the list of 10 most overused resume buzzwords came out. John C. “Don’t call me John Dvorak” Dvorak offers his usual snarky analysis.

Here’s mine. Read more

Sorry about that downtime

Dave Farquhar Uncategorized ,

We had some power hiccups this morning, and that led to some networking issues that I didn’t notice until tonight. Between soldering a circuit together for the article I’m working on, drawing diagrams, and rebuilding a consumer-grade HP Pavilion to possibly resell, I never noticed my webserver wasn’t up.

But we’re back now, and my soldering skills, well, pretty much look like the last time I did some soldering. Makes me wonder how much business I have trying to solder a new power jack onto my sister’s Toshiba laptop, but the replacement jack is just two connections, so four joints total.

Short takes: Ed Felten, Sparky Anderson

Dave Farquhar Uncategorized ,

Sparky Anderson died today. When I was a kid, Anderson was the manager of the Detroit Tigers and already a legend from having managed the Big Red Machine in Cincinnati in the 1970s. He was always a true gentleman in every possible regard.

He actually managed longer and won more games in Detroit, but his Tigers teams never matched the mystique of that great Reds dynasty.

A poignant quote from the article linked above: “The biggest thing that young people can learn is, do the best you can at what you do, and then when you’re through with it, don’t try to live it again. I don’t live baseball anymore.”

And in much happier news, Ed Felten got a job at the FTC. Felten is a rather outspoken computer science professor at Stanford. He famously demonstrated that Internet Explorer could be separated from Windows 98 in various ways during the Microsoft anti-trust trial in the late 1990s. He has a long history of being an advocate of allowing people to fix and modify the hardware devices they paid for, as opposed to the all-too-common-today idea that if you take something apart, you’ve violated some license agreement.

His insightful, sometimes snarky Freedom to Tinker blog is always a good read.  His series Fritz’s hit list is an Internet classic. 

Felten’s statement says his role will be an advisory role. They would do well to do whatever he says, because he understands technology much better than anyone else in Washington.

Getting bombarded with political calls tonight? Don’t hang up–hit #

Dave Farquhar Uncategorized

I read this trick today. So far, hitting # worked on the political calls I’ve been getting tonight. Or, if in doubt, hit #0* as one of those key combinations usually works to kill the call.

And if any candidate calls after 8 PM and wakes up my kids, I automatically write in the name “Fidel Castro” instead of voting for them. Not that any of them are reading this. I’m pretty sure a good percentage of them can’t read…

More later, I hope.

I got a new side gig

Dave Farquhar Uncategorized

I’ve been talking a lot with WhiteQueen at Rabbit-Hole lately, and learning a lot. It’s one thing to learn security from textbooks and learn enough to pass a test. It’s one thing to patch servers and make sure my servers pass annual security audits. It’s quite another thing to talk to someone who actively seeks out hackers to study their movements and try to keep them out. Or who stands up servers just to see how difficult it is to get in by force instead of through the logon prompt.

Both WhiteQueen and RedQueen have tons of ideas and tons of knowledge in their heads. But neither likes to write. After I banged out a 600-word article this week based on a five-minute conversation with him, WhiteQueen approached me with the idea of posting security-related articles on Rabbit-Hole. We think having quality, useful articles going up over there on a semi-regular basis will help them build a larger audience, and I’d never attract that audience working on my own. I’ll be learning as I go, and sharing what I learn in the process.

I’ll continue to write here about whatever it is I feel like writing about. I must have a half-dozen things not related to security that I’m working on right now anyway. When I post something over there, I’ll link to it from here to make it all easy to find.

My first Windows 7 build

Dave Farquhar Hardware, Software, Uncategorized, Windows , , , , , , , ,

I rebuilt a friend’s Windows 7 system this week.

The system includes a 30 GB SSD to boot from, and a RAID 1 mirror of 1 TB drives for storage. Aside from the two 1 TB drives, it’s basically a collection of $100 components. $100 Asus motherboard, $100 video card, $100 CPU. It seems like right now, no matter what individual system component you’re looking at, $100 buys you something really nice without going too far over the top. I’m sure certain aristocrats might disagree, but any reasonable person ought to really like using this system. Read more

MyDoom/Novarg Gloom

Dave Farquhar Uncategorized, Viruses , , , , ,

Just in case anybody is curious, my employer’s virus scanners filtered roughly 3,000 copies of Novarg (a.k.a. My Doom) during working hours yesteray. If that’s not a record for us, it approaches it. I know we weren’t the only one.I’ve heard Novarg/MyDoom/My Doom called the fastest spreading virus yet. I don’t have statistics on prior viruses with me, but suffice it to say, its impact certainly felt similar to the big names from the past.

Although SCO would like people to believe it was written by a Linux zealot, I’m more inclined to believe it was created by organized crime. Maybe the creators hate SCO, or maybe the anti-SCO DDoS was just an added touch to throw investigators off.

LoveLetter was the first virus outbreak to really have much impact on my professional career, and I noticed something about it. Prior to LoveLetter, I never, ever got spam at work. Not once. After LoveLetter, I started getting lots of it. I don’t believe LoveLetter’s intent was to gather e-mail addresses for spammers, but I do believe that more than one spammer, probably independently, noticed that viruses were a very efficient way to gather a large number of e-mail addresses.

I got spam before LoveLetter, and I saw viruses before LoveLetter. But I started seeing a lot more of both very soon after LoveLetter.

I don’t buy any giant conspiracy to sell anti-virus software, nor do I buy any giant conspiracy against SCO. I do believe in bored people with nothing better to do than to write viruses, and I also believe in people who can profit off their side effects.

I’ve said it once and I’ll say it again. If you run Windows, you must run anti-virus software. You can download Grisoft AVG anti-virus software for free. Don’t open unexpected e-mail attachments, even from people you know. Even if it looks safe. Don’t send unexpected e-mail attachments either–you don’t want anyone to get the idea that’s normal. Quite frankly, in this day and age, there’s no reason to open any piece of e-mail that looks suspicious for any reason. I told someone yesterday that this is war. And I think that’s pretty accurate.

If you’re an intrepid pioneer, there’s something else you can do too, in order to be part of the solution. If you join the Linux revolution, you can pretty much consider that computer immune. Macintoshes are slightly less immune, but certainly much less vulnerable than Windows. Amiga… Well, I haven’t seen the words “Amiga” and “virus” in the same sentence since 1991 or 1992. But one thing is certain: a less homogenous field is less susceptible to things like this.