The Silicon Underground

Home » Page 238

How long it takes to paint a room with a Graco 360DS paint sprayer

Dave Farquhar Landlording September 25, 2015April 23, 2017

It takes about an hour to paint a room with a Graco 360DS paint sprayer. Here’s why I know that. I had to paint a house this month for the first time in about five years. I don’t particularly enjoy painting and I’m not particularly good at it.

An old high school friend helped me out with the exterior, and after seeing his paint sprayer, I had to get one myself. Mine’s less expensive and less fancy than his: I bought a handheld Graco 360DS. While it has some limitations, I’m very glad I bought it.

Cleaning a PC when fdisk-format-reinstall isn’t an option

Dave Farquhar Uncategorized September 24, 2015September 19, 2015antivirus, chrome, defragmenter, malware, malwarebytes, psi, ublock

There are any number of pie-in-the-sky pundits who will tell you when a computer starts to get slow, to format the hard drive, reinstall Windows, and go on your merry way.

Unfortunately it’s not always realistic. I don’t clean up PCs all that often anymore, but here’s what I do when I need to.

The difference between a vulnerability scanner and a SIEM

Dave Farquhar security September 23, 2015November 21, 2018excel, nessus, retina, splunk, vulnerability

I heard an interesting question the other day: What’s the difference between a vulnerability scanner and a SIEM? Qualys and Nessus are examples of vulnerability scanners. Arcsight and Splunk are examples of SIEMs.

To a security practitioner, the tools couldn’t be much more different, but not everyone is a security practitioner.

On a basic, fundamental level, a vulnerability scanner deals in what’s missing in the environment and what could happen as a result of those things that are missing. A SIEM deals in what actually has happened and is happening.

Dual screen Citrix, or dual monitor Citrix

Dave Farquhar Software September 22, 2015October 17, 2018citrix, excel, windows 7

At my current and immediately previous job, we made heavy use of Citrix. Citrix makes remote access and administration really convenient. But you don’t get dual screen Citrix by default, and that’s a shame.

A few more WordPress security tips

Dave Farquhar security September 21, 2015November 3, 2025malware, PHP, vulnerability

There’s some nasty WordPress malware (Link removed in retaliation for Conde Nast’s 11/3/2025 layoffs. Sorry not sorry.) circulating right now. I haven’t fallen victim to that one, but I caught the very early stages of infection myself all too recently. WordPress itself was just updated to close some vulnerabilities, but the biggest problem is the plugins. Unfortunately, the plugins are the main reason to run WordPress.

At my day job, I’ve had the pleasure of working with a very security-conscious webmaster for the last couple of months, and he and I talk about WordPress security frequently and look into what we, or anyone for that matter, can do to make the best of the situation. Here’s what he and I have found in the last week or so.

Easy model corrugated or wooden fences for train layouts

Dave Farquhar Toy trains September 18, 2015November 26, 2016HO, ho scale, home improvement, o scale, s scale, Tacky Wax, train layout

If you want model fence for your train layout, there’s an affordable solution sitting in your hardware or home improvement store for providing easy model corrugated or wooden fences for train layouts.

New password advice from GCHQ

Dave Farquhar security September 17, 2015April 24, 2017breach, NSA, password database, passwords

The GCHQ is the British equivalent of the NSA. They recently published a new document containing the GCHQ’s new password advice in light of the things we’ve learned in the last few years. It’s worthwhile reading, whether you’re a sysadmin or a web developer or just an end user who wants to stay secure online.

Some of the advice may be surprising.

Windows 7 spies on you like Windows 10 now

Dave Farquhar security, Windows September 16, 2015September 13, 2015PR, Windows 10, windows 7

This is a few days old now but needs to be addressed–a lot of people were planning on staying on Windows 7 because they don’t like Windows 10’s new privacy settings, but unless you uninstall some stealthy updates, Windows 7 spies on you too.

Microsoft used to call this “scroogling,” and launched a massive PR campaign against Google, but now they’re doing exactly the things they blasted Google for doing, only they’re collecting money to do it.

So basically Microsoft is trying to have it both ways now–charge for the OS, but treat the consumer as a product. Windows 7, of course, was a paid upgrade, and Windows 10 is only free under special circumstances–businesses and OEMs still pay for it.

To make Windows 7 and 8 stop scroogling you, uninstall KB3068708, KB3075249, and KB3080149, all of which have the word “telemetry” in their description.

The workstation events you want to be logging in Splunk

Dave Farquhar security September 15, 2015September 15, 2016breach, chrome, excel, firefox, NSA, splunk

Every once in a while the NSA or another government agency releases a whitepaper with a lot of really good security advice. This paper on spotting adversaries with Windows event logs is a fantastic example. It’s vendor-neutral, just talking about Windows logs and how to set up event forwarding, so you can use the advice with any log aggregation system or SEIM. I just happen to use and recommend Splunk. But whatever you use, these are the workstation events you want to be logging.

I want to call your attention to a couple of items in the paper. Most breaches begin on workstations, and this paper has the cure.

Security flaws in security tools are all too common

Dave Farquhar security September 14, 2015November 3, 20251990s, dell, Log Logic, mysql, passwords, splunk

Fireeye runs a bunch of its processes as root, a practice that’s been a no-no since the late 1990s, and they’re more interested in litigation than they are in working with the guy who discovered it.

The attitude is all too common.