Microsoft’s Slammer pain is good for everybody

Dave Farquhar Viruses , , , , ,

SQL Slammer hit where it counts, including HP–historically, one of the biggest Microsoft supporters around–and Microsoft itself.
This is good. Really good.

Microsoft is one of its own biggest customers. Part of this is due to one of the worst cases of not-invented-here syndrome in the industry, and part of it is marketing. If Microsoft can run its enterprise on mostly its software, its argument that you ought to be able to run all of yours on it is much stronger.

When Microsoft feels our pain, that’s good. Problems generally get fixed. Not necessarily the way we want them fixed, but fixed. When Microsoft for whatever reason doesn’t feel our pain, things languish. Witness the development of Windows 9x late in its lifecycle, after Microsoft was able to run everything internally, including laptops, on Windows 2000. While Windows 98SE was fairly good, all things considered, Windows Me was so horrid that one of my magazine editors wrote me and asked me the least painful way to escape it. Windows Me was fast, but it was less stable than 98SE.

What happened? The patches were difficult to install, poorly tested, poorly documented, and it was extremely difficult to know when you needed them. Microsoft’s inability to keep its own servers sufficiently patched illustrates this.

Several things are likely to happen now. People will take non-Microsoft solutions more seriously and, in some cases, deploy them. A not-as-homogenous Internet is good for everybody. Meanwhile, Microsoft will be cleaning up its act, making it easier to ensure that their patches actually work and can be deployed with reasonable ease.

I still think we’ll have disasters like SQL Slammer again. But this is a good step in the right direction.

Update Expert is something for your NT power toolbelt

Dave Farquhar Windows

Now that most of the fun of SQL Slammer has died down, let me present you a tool that might have prevented it: Update Expert.
Basically what it does is query all the NT/2K/XP machines on your network, then query its own database, and tell you what Microsoft patches are available to you. Then it’ll help you download them and push them out. It even figures out the order to install the patches (important) and knows which ones can be installed together to minimize the number of reboots. It’s a lot better than running Windows Update on every PC on your LAN.

I have no connection with St. Bernard Software. My former boss used it and swore by it; when I changed jobs, I introduced it to my new boss. I recommend it because I use it myself.

Go back in time at open-video.org

Dave Farquhar Video

I found another source of public domain video: Open-video.org. Whereas the Prelinger Archives is a collection of industrial films, this site is a general effort to archive video of all types.
If, for example, you’re curious about Thomas Edison’s short films from the early 20th century, you can find them there.

At the moment, the site is probably of more interest to historians, die-hard film fanatics, and aspiring moviemakers than to people seeking free movies to watch instead of heading to Blockbuster. It’ll be a while before it’s practical to download It’s a Wonderful Life in its entirety, and modern viewers are spoiled by recent video technology. I’m sure that Edison’s films had plenty of ooh-ahh factor in 1905, but by modern standards, the camera was shaky, the lighting inadequate, and defects in the film media itself jump out like the pops on an old vinyl record.

Most of the films are public domain, and it’s easy to find the usage terms on the site for each film available there. I’ve already got some ideas for things I can do with some of the footage from the site.

SQLSlammer takes its toll on the ‘Net

Dave Farquhar Viruses , , , ,

If the ‘Net was slow today, it was because of a new worm, called SQLSlammer, that infected vulnerable Windows servers running Microsoft’s SQL database.
The exploit it used was old, but it was made possible because Microsoft’s cumulative hotfixes not being cumulative, and one of the patches not included, if applied afterward, reverted the server back to its vulnerable state. This was not mentioned clearly in the documentation for the hotfixes. Probably Microsoft didn’t know–until it was too late.

But in some cases it’s not Microsoft’s fault. Try getting a pointy-haired boss to give you 15 minutes’ downtime per server so you can roll necessary security patches across your enterprise. Since many people who ultimately make IT decisions never actually administered a Windows server in their careers, a lot of bad decisions get made and servers stay unpatched, as a matter of policy, either out of fear that a patch that closes a security hole might create a new bug, or that some remote VPN user in Kenya might be trying to work during that proposed scheduled time.

Linux got a bad rap in the security press last year because it allegedly had more security vulnerabilities than Windows did last year–never mind that a vulnerability in, say, BIND would get counted several times because it’s included in every Linux distribution, so whereas a vulnerability in IIS would get counted once against Windows’ total, a vulnerability in BIND might get counted 8 times.

We’ll ignore that. Fine. Linux has a larger number of security problems and vulnerabilities than Windows does. Fact. Undeniable. Fine. Answer this question then: Has any worm affecting Linux ever had the devastating effect that SQLSlammer had? That Nimda had? The most notorious worm that affected Linux was called Slapper. Do you remember it? More than 60% of the servers on the ‘Net run on Apache. A worm affecting Apache should have been huge. It wasn’t.

Statistics are, well, statistics. Just because I can find you a set of numbers that suggests the sky is pink doesn’t make it any less blue.

Why anyone, anywhere, has a Windows server on the ‘Net with anything more than port 80 exposed is beyond me.

Trustworthy Computing? Nice buzzwords. Billy Gates has yet to put any meaning into them.

And incompetence rises. Managers didn’t learn from Nimda, so they won’t learn from this either.

Great combination. What does it mean? History will repeat itself. Something like this will happen again. Probably sooner rather than later.

Quieting a noisy PC

Dave Farquhar Hardware

Just as PCs seem to (or sometimes really do) get slower as they age, PCs also tend to get louder as they age. Considering many of them are plenty loud when new, that’s not good.
When a PC is loud, it’s due to one of two types of components: hard drives or fans. The key is to isolate the noise. To do that, your best bet is to open the case, then power the computer on. Running your PC long-term with the cover off isn’t exactly good for your computer, but running it that way for a few minutes won’t hurt anything.

But before you turn the PC on, blow the dust out of it with a can of compressed air. Resist the temptation to just use a small vacuum cleaner attachment; those are static magnets. In some rare instances, just blowing the accumulated dust out will quiet the PC. In nearly all instances, it will make the PC run cooler, and it’ll make you feel better to not have all that crud accumulated inside your expensive equipment.

Loud buzzes are usually caused by failing fans; clunky noises are usually caused by a loud (and often not long for this world) hard drive.

Oiling a fan will usually quiet it and dramatically increase its life expectancy. As long as the fan hasn’t completely died, this is a good bet. It’s certainly cheaper than replacing a fan, and sometimes it’s easier. Don’t ever try to replace the fan in a power supply–oil it, very carefully, and if the noise doesn’t go away, replace the power supply. There are voltages inside power supplies that will throw you across the room, if they’re in a good mood. If they’re in a bad mood, they can potentially kill you, and I really don’t want that.

You can test a fan by stopping it with a pencil or a similarly shaped object. If the noise goes away, you’ve found your culprit.

There’s not much you can do if the hard drive is loud. I’ve heard of people taking hard drives apart and oiling them in efforts to quiet them. Don’t do that. You might well quiet the drive. You also will certainly prevent it from ever working again.

Instead, replace the drive. Modern drives run pretty quietly. Most retail-boxed drives come with free software to copy your old hard drive to the new one, making the upgrade painless. If you’ve never done this before, buy a drive at retail–an OEM drive from a clone shop or mail order outlet may be a little bit cheaper but won’t have any instructions or software–and set aside a Saturday afternoon. Even if you’ve never undertaken anything like this before, it generally doesn’t take more than a couple of hours. As of this writing, a 20 GB Maxtor drive costs $69.99 at CompUSA. The OEM version of the same drive costs $68 at Newegg.com. As you get into bigger drives, the price gap tends to increase, but for many people, 20 gigs is plenty.

Once you’ve oiled or replaced the fans and/or replaced the hard drive with a newer, faster, and quieter model, your formerly loud PC ought to run pretty quietly.

Houston is Microsoft’s problem: Alternatives to Microsoft Office

Dave Farquhar Windows , , ,

Houston had a problem. Now it’s Microsoft’s problem.
You see, Microsoft threatened Houston with the same threat they’ve been rattling around a lot of other places. Sign a multi-million-dollar, automatic-upgrade deal for Office and other Microsoft software, or face an audit. When you’re the only game in town and you suspect people have played fast and loose with your licensing agreement, you can afford to do that.

Except the Texans stared the bully down. When Microsoft said Houston needed to cough up some bucks for office software, Houston said fine, they’d buy it from someone else.

And now that Houston is using SimDesk instead of Microsoft Office, it’s making headlines.

The city of Largo, Florida, which runs itself on a thin-client environment based on Linux and KDE, is a PR coup for Linux. But Houston is the fourth-largest city in the United States. And this is turning into a PR nightmare for Microsoft–now Chicago, the third-most populous city, is also looking at SimDesk.

For less than half the money, the cities get ease of use, cross-platform compatibility, centralized offsite file storage, and longer hardware life. SimDesk stands to save Houston far more than the $7 million on paper.

But SimDesk isn’t the only other game in town. WordPerfect is still hanging on, one of the few survivors of the era when there were a dozen or more word processors, spreadsheets, and databases available for the PC. It’s still solid and capable today, and it’s a good choice if you’re looking to go a fairly traditional route. StarOffice is cheaper but still capable. The 602Suite (a.k.a. 602office) is either free or inexpensive, depending on the feature set you want.

Unfortunately, the highly regarded Gobe Productive is off the market, and efforts to raise the money to purchase the source code for the purpose of releasing it as GPL appear to have quietly failed. The good news is that the declination seem to indicate Gobe expects to have some kind of future.

If you want free, go with OpenOffice, which is StarOffice’s free, open-source twin brother. And if you’re willing to dith Office and Windows, you can run KDE and KOffice, or a variety of Gnome productivity apps, such as Evolution, AbiWord, and Gnumeric.

Most of the alternatives don’t offer all the functionality that Office includes, but few people use more than about 20% of Office’s functionality anyway. The alternatives have all of the essentials down.

The main thing tying most companies and organizations to Microsoft Office file format compatibility. An obscure piece of software called ConversionsPlus takes care of that problem. I’ve used ConversionsPlus to convert literally hundreds of files at a time to and from Microsoft Office format, and the process only takes a few minutes.

New stuff and old stuff

Dave Farquhar This weblog

New stuff. Hmm. I think I need to adopt a new stylebook
Old stuff. And, thanks to some SQL heroics by Steve DeLassus, a couple hundred vintage posts from about a six-month span in late 2000 and early 2001 are now online here. I liberated them from my ancient site at editthispage.com (which, I guess, was Silicon Underground version 2.0). This is two generations later. As old entries gain attention I’ll give them categories and proper titles. A lot of the stuff’s obsolete but I’m sure it’ll interest someone. Last I checked, the old site was getting a hundred or two hits per day consistently.

New stuff. And speaking of old site incarnations, once I’ve decided exactly what mods I want to install and use, I’ll flip the switch on the new site, based on the latest version of b2. The most obvious improvement for most readers will be the spiffy new calendar. It’ll also bring in trackbacks and pingbacks for interaction with other blogs. It also makes some changes to make search engines happier.