From time to time I have to pull up Programs and Features (formerly known as Add and Remove Programs in obsolete versions of Windows), but I’m not an administrator. Not normally, at least. When I need to do so, I run cmd.exe using my administrative ID–I created a shortcut and pinned it to my Start Menu so I can right-click cmd.exe and select “Run As”–and then, from the command prompt, I type appwiz.cpl. Then I can make all the changes I need to make, without the hazards associated with logging in as an administrator and running everything with admin rights.
How to use the lock in your web browser’s location bar
A commenter asked me last week if I really believe the lock in a web browser means something.
I’ve configured and tested and reviewed hundreds of web servers over the years, so I certainly hope it does. I spend a lot more time looking at these connections from the server side, but it means I understand what I’m seeing when I look at it from the web browser too.
So here’s how to use it to verify your web connections are secure, if you want to go beyond the lock-good, broken-lock-bad mantra.
Lenovo’s preinstalled Superfish spyware: A post-mortem
So, if you haven’t heard by now, last year Lenovo experimented with preloading its cheapest laptops with spyware that subverts HTTPS, allowing a third party to inject ads on any web page, and providing a convenient place for an attacker to hide behind while messing with your secure transactions.
By the end of the day yesterday, Lenovo had apologized, sort of, and after several sites had provided removal instructions, Lenovo provided its own. After spending much of the day downplaying the security concerns, by the end of the day they were at least reluctantly acknowledging them.
This was really bad, and I’ll explain why in a second, and I’ll also try to explain why Lenovo did it.
Initial upgrade reports on the HP Stream and Pavilion Mini
Earlier this year at CES, HP introduced its HP Stream Mini ($180) and Pavilion Mini ($320 and $450) mini-desktops. They’re small, inexpensive, and in the case of the Stream, silent. They turn out to be surprisingly upgradeable as well. Ars Technica has details and benchmarks (link removed in retaliation for Conde Nast’s 11/3/2025 layoffs, sorry not sorry) but of course I have my own priorities based on their discoveries.
Yes, we need to run vulnerability scans inside the firewall
I got an innocent question last week. We’d been scanning an AIX server with Nexpose, a vulnerability scanner made by Rapid7, and ran into some issues. The system owner then asked a question: The server is behind a firewall and has no direct connection to the Internet and no data itself, it’s just a front-end to two other servers. Is there any reason to scan a server like that?
In my sysadmin days, I asked a similar question. Nobody could give me an answer that was any better than “because reasons.” So I’ll answer the question and give the reasons.
You’re telling me someone gave a stranger his password?
I was talking breaches last week when a very high-up joined the conversation in mid-stream.
“Start over, Dave.”
“OK. I’m talking about breaches.”
“I know what you’re talking about,” he said, knowingly and very clearly interested.
We lost a St. Louis original over the weekend
I don’t think any of this will be in the newspapers, but I hope I’m wrong. Probably the most unusual man I will ever meet died over the weekend. His name was Otis Woodard. He ran a women’s shelter and food pantry in north St. Louis for decades. In many ways, it seems to me he represented everything that was right in the midst of all the things that are so wrong.
Commodore hardware viruses–yes, they were possible
The conventional wisdom is that computer viruses can wipe out your data, but they can’t do physical damage. The exception to that rule was, of course, Commodore, the king of cheap 1980s computers. Commodore’s earliest computer, the PET, had an infamous “poke of death” (POKE 59458,62) that could damage its video display, but the Commodore 64’s sidekick, the 1541 disk drive, had a couple of little-known vulnerabilities as well. Read more
Tinkering isn’t dead, but it is changing
When Radio Shack announced its bankruptcy, I read more fears that the age of tinkering is dead than I read laments for the store.
I follow the logic, because Radio Shack was the only national store chain that ever tried to cater to tinkerers. But I don’t think people abandoning Radio Shack means tinkering is necessarily dead. I have plenty of indications that it’s still very much alive, but it’s also very different from how it used to be.
How to become an Info Assurance Analyst
So, CNN/Money ran a story on the best 100 jobs in the United States, based on pay, projected job growth over the next 10 years, and quality of life ratings. And there was my job title, at #9. I think you should want to become one, so here’s how to become an Info Assurance Analyst.
The field desperately needs more of us, so I’m happy to share with you how to become someone like me. Read more