David L. Farquhar on technology old and new, computer security, and more
I’ve been troubleshooting a program that’s written in a combination of Java and .NET (yes, now I’ve seen everything), and the program misbehaved. It misbehaved a lot, and the vendor was confused too. About four hours in, one of us had the idea to uninstall the .NET Framework 4.0 and install the newest .NET Framework 4.5.1. The 4.5.1 framework is designed to be backwards compatible with multiple predecessors.
It turned out to be the miracle cure that had eluded us.
The bank vice president apologized for calling the police on me.
That’s neither the beginning nor the end of the story, but it seems to me that police involvement of any kind is a sign that your real estate deal isn’t going as well as it could.
It all began with a Citibank loan officer named Aaron who promised me a smooth closing. In my view, being questioned by a uniformed police officer has no place in a smooth closing. And that wasn’t even the worst part of it, which troubles me. Read more
In my younger days, I administered WSUS on a small (300 servers or so) network. Every once in a while, I ran into an issue where a server just didn’t want to talk to WSUS. These days, some companies prefer to push patches with SCCM but it uses the same mechanism to push patches.
Apparently my old problem still happens from time to time. So I did some research to come up with a solution. This mechanism is still largely a black box, but it’s a lot better documented now than it was in my day. Here’s what I came up with for troubleshooting WSUS or SCCM. Read more
I was listening to an interview between Paul Asadorian (of Pauldotcom fame) and Cigital CTO and software security expert Gary McGraw. They discussed how the target of attacks moved from Microsoft to Adobe and now that Adobe is showing signs of getting its act together, it’s going somewhere else.
“If I were Nvidia,” McGraw said, “I’d be thinking a lot about software security. Fortunately they are.”
Nvidia does sound like a juicy target. Read more
I have a Gateway FPD1975W LCD monitor with an unusual 1440×900 resolution. Intel video cards have no issues with this resolution, but Nvidia cards don’t support it by default when running under Windows.
Hack the drivers a bit and you can get this monitor to work just fine with an Nvidia adapter, though. Believe it or not, the only hacking tool you need to accomplish the deed is notepad.exe. Read more
I’ve been getting to work later than usual lately. So much later that the self-proclaimed late guy, who seems to think I normally get to work at 4am, beat me to work two days in a row.
“I’m building computers again,” I told him as we both got coffee. He nodded knowingly.
“Building for yourself? As a side business?” he asked.
“My wife asked for a computer, and that means I can’t just buy her a computer. That means tearing apart every computer in the house, mixing parts up to get the best combination of stuff running everywhere, and then she’ll have a nice computer.”
He nodded knowingly. Read more
A few months ago I bought a Gigabyte GA-Z77M-D3H to learn computer forensics on, because at the time I thought that was the direction my career was going. I dropped it into a neglected Compaq case and installed Linux on it, since most of the free forensics tools run on Linux. The current version of Debian loaded effortlessly and ran nicely, as you would expect on a dual-core CPU with 16 gigs of RAM.
Then my career went another direction. Today I analyze Windows threats and vulnerabilities for a living. That’s a better match for my experience and the pay is the same, so I’m perfectly fine with that. But my mind turned to that hotrod computer in the basement. I suppose I could still use it to learn forensics, but I probably won’t, so why not see how Windows runs on it and bring it upstairs? Read more
I wrote a few weeks ago about finding a scarce Marx windup train at an estate sale, but I actually went a good couple of years without finding a train worth buying until recently. The train that broke my slump was at a sale close to home, and I actually didn’t even set out to buy a train that day.
It was a cold and rainy morning in St. Louis. It was Friday, and I was in between jobs. The estate sale was close, so I went. Otherwise I would have had no reason to go. I don’t remember exactly what I was looking for, but I didn’t expect to find a train. Read more
Rick Broida wrote a fairly harsh piece on Cnet about why he’s ditching Microsoft Office. Our reasons differ, and while I agree with all of his reasons he may not agree with all of mine. That’s OK.
I stuck with Office 2003 because its user interface is familiar and makes sense. By using the program, you learn the keyboard shortcuts from the menu and can graduate from casual user to power user relatively quickly. That went away in Office 2007, so I never moved on. Office 2003 was the best version Microsoft ever made, but it loses security updates next month, so it’s the end of the road.
Fortunately, Libre Office has a traditional user interface and most of the same keyboard shortcuts. If you don’t use mail merge, it’s a capable replacement, and it’s free and actively maintained. It’s not as fast as Office 2003 was, but neither is anything Microsoft has made since.
Now, in corporate environments, with a recent version of Office and Sharepoint you can do some really nifty things, like automatically building Powerpoint presentations from Excel spreadsheets created by different people. You could probably approximate the same thing with other software, but what I saw a Sharepoint-literate colleague build this week with MS Office was very impressive.
But I don’t need that at home, and I don’t want to pay $100 per year for the rest of my life to use a program that I tolerate at best, so I’ll save my money and move to Libre Office.
One of my former supervisors now works for a security vendor. He told me the other day that someone asked him, “Does your company have anything so I don’t have to patch anymore?”
The answer, of course, is that there’s nothing that gets you out of ever having to patch anymore. To some degree you can mitigate, but there’s no longer any such thing as a completely friendly network. The reasoning that you’re behind a firewall doesn’t work anymore. On corporate networks, there’s always something hostile roaming around behind the firewall, and you have to protect against it. If you’re on a home network with just a computer and a router, your computer and router attack each other from time to time. That’s the hostile world we live in right now. Patching is one of the fundamental things you have to do to keep those attacks from being successful.
That said, there are things you can do to patch less. Read more