Chasing dreams

Dave Farquhar Uncategorized ,

Lifehacker says to follow your skills rather than chasing your dreams.

There’s something to this. Two years ago I had a job writing security documentation. The CISO where I work now didn’t want to hire me because he was sure I already had my dream job and I’d just go back. On paper, it should have been my dream job, but I was beyond miserable. I was writing and editing for an audience of three people, and the environment was toxic. I woke up literally every morning thinking, “I didn’t study all day every day for three months to pass a 250-question 6-hour test to do this.”

Today I manage Windows patches. On paper it’s the most boring job in the world. But I’m happier than I’ve ever been. I’m up for the mandatory midyear review, and though I’ve only been at the job for four months, I have to provide a six-month review. I can’t fit my four months of accomplishments on a single sheet of paper. I wake up every morning ready to seize the day and accomplish something. Read more

What happens when you write a petabyte of data to an SSD

Dave Farquhar Hardware , , , , , ,

If you’re concerned about SSD reliability, Tech Report has good news for you: They attempted to write a petabyte of data to six SSDs, and three of them survived. Considering the drives were rated for a 200 TB life expectancy, that’s impressive. In fact, even the worst drives outlived their 200 TB life expectancy. And all started behaving oddly long before their demise, giving you ample warning to do something in advance–something you can’t say about evil nasty platters of spinning rust–perhaps better known as traditional hard drives.

The first drive to fail, if you’re wondering, was the Samsung 840, which uses cheaper TLC memory. But even the Samsung 840 outlived its projected life expectancy. Since other companies are undercutting the 840’s price even with MLC memory these days, I’m not sure what Samsung’s plans for the 840 are. For the time being, I doubt you’ll be buying one. One of the drives that’s still going after a petabyte of writes is a costlier Samsung MLC drive.

Read more

How to fix Firefox–really

Dave Farquhar Software , ,

I’ve been having problems with Firefox for a while now–crashes and other odd behavior. I’ve put up with it for a while, but I shouldn’t have to. It turns out the fix is very easy, but non-obvious.

Mozilla’s documentation is abysmal. When you move stuff around for no reason, change your docs to reflect the move, so people can find what you’re talking about. Or better yet, leave well enough alone.

If you actually want to fix the problem, don’t fiddle with the menus. Do this:

  • Type about:troubleshooting in the address bar
  • Click “Reset Firefox” in the upper right corner Read more

A Comcastic-ally bad idea

Dave Farquhar security , , , ,

If you haven’t heard about it, Comcast has plans to build a wifi network for its subscribers, on the back of its other subscribers’ routers. What’s worse is it’s an opt-out service. If you don’t hear about it and say something, you’re a hotspot for any other Comcast customer who happens to wander by.

I’m not a Comcast customer. I’m in Charter territory, and I’m not a Charter customer either. But I have so many problems with this it’s hard to know where to begin, so I sure hope other ISPs don’t copy this. Read more

Fixing an Asus Memopad 7 that wouldn’t power on

Dave Farquhar Android , , ,

One night my son ran down the battery on his Memopad 7 and put it away, but didn’t put it on the charger or tell me about it. The next time he went to use it, it was dead.

I tried several different tricks I found online, including plugging it in overnight to the AC adapter, plugging it in overnight to a computer’s USB port, and holding down the power button for a full minute or even a full five minutes. None of it worked–the unit just wouldn’t power on or show any signs of life whatsoever.

Finally I resigned myself to the possibility I would have to send it in for service. Read more

Curious conspiracies… or maybe just progress all at once

Dave Farquhar security , , , , , , , , , , , , , , ,

In the wake of Truecrypt’s sudden implosion, someone sent me a link to this curious blog post. I can see why many people might find the timing interesting, but there are a number of details this particular blog post doesn’t get correct, and it actually spends most of its time talking about stuff that has little or nothing to do with Truecrypt.

What’s unclear to me is whether he’s trying to say the industry is deliberately sabotaging Truecrypt, or if he’s simply trying to make a list of things that are making life difficult for Truecrypt. His post bothers me a lot less if it’s just a laundry list of challenges, but either way, the inaccuracies remain. Read more

Mr. Genius Man from “Windows Technical Support” gets nasty

Dave Farquhar scams, security, Windows , , , , , , , , ,

I got another “Windows Technical Support” call on Friday evening. My caller ID said Minneapolis, and since I have coworkers in Minneapolis, I answered. But the guy on the other end was a long way from Minneapolis and probably doesn’t know diddly about ice hockey.

I’m pretty sure it was the same criminal as last time, but over a better VOIP connection. I remember the voice pretty well, because his parting lines from last time, “Enjoy your broken computer, Mr. Genius Man!” struck me as funny. And he started the conversation with, “I’m calling you again about your Windows 7 computer.”

My conversation with him revealed a few things about why this scam is likely to be profitable.

Read more

Steve Gibson on Truecrypt

Dave Farquhar security, Software ,

Dan Bowman sent me this link to Steve Gibson’s analysis of Truecrypt, a suddenly dear departed piece of full disk encryption software.

The important thing to remember right now is that we still don’t know what’s going on.

Johns Hopkins cryptography professor Matthew Green is heading up an effort to audit the Truecrypt code. Last month he said the code could be of higher quality, but at that point he hadn’t found anything truly horrible in there either.

That said, his analysis of the cryptography itself is phase 2. Cryptography is notoriously difficult to do–even when cryptography is your specialty, you can get it wrong.

So it’s premature to declare Truecrypt 7.1 as the greatest piece of software ever written. Green did find some flaws that need to be fixed. As far as we know, right now Truecrypt is better than nothing, but the most important part of Green’s work isn’t finished yet. Green has said he is going to finish his audit of the code. He probably won’t find perfection. He may find a fatal flaw that makes it all come crashing down. More likely, he’ll find something in between. But until those findings come out, it’s all speculation.

Truecrypt’s license allowed someone else to come along, take the existing code, act on Green’s findings, and make it better. It’s called Veracrypt. But going open source doesn’t guarantee people will work on it.

Gibson’s page on Truecrypt is a good reference page, but his cheerleading is premature. Gibson is a talented software developer in his own right, but cryptography isn’t his specialty. At the company where I work, we use Truecrypt for some things, and until we know otherwise we are going to continue to use it, but we haven’t made any final decisions on it yet.

Update: Here’s an analysis by Mark Piper, a penetration tester by trade, who explains the history and the issues today.