unix

Predicting the future, circa 2003

Dave Farquhar security, Windows , , , , , , ,

In the heat of the moment, I searched my blog this weekend for quotes that could potentially be taken out of context and found something rather prophetic that I wrote in the heat of the moment 11 1/2 years ago:

Keeping up on Microsoft security patches is becoming a full-time job. I don’t know if we can afford a full-time employee who does nothing but read Microsoft security bulletins and regression-test patches to make sure they can be safely deployed. I also don’t know who would want that job.

Who ended up with that job? Me, about a year after I left that gig. It actually turned out I was pretty good at it, once I landed in a shop that realized it needed someone to do that job, and utilized that position as part of an overall IT governance model.

Read more

Bash is worse than heartbleed! Oh noes!

Dave Farquhar security , , , , , , , , , ,

A really bad remote code execution bug surfaced yesterday, in Bash–the GNU replacement for the Unix shell. If you have a webserver running, or possibly just SSH, it can be used to execute arbitrary code. It affects anything Unixy–Linux, BSD, Mac OS X, and likely many proprietary Unix flavors, since many of them have adopted the GNU toolchain.

This could be really bad. Some people are calling it potentially worse than Heartbleed. Maybe. I’m thinking it’s more along the lines of MS08-067. But there’s an important lesson we must learn from this. Read more

How to clean up a Windows server

Dave Farquhar security, Windows , , , , , ,

From time to time, Windows patches will fail to install because a server doesn’t have enough space to install them. Finding the ginormous files are that are hogging all the space on the C drive is really tedious if you do it by clicking around in Windows Explorer, but there’s a better way.

Download the free Sysinternals Du.exe utility and you can find the behemoths in minutes, if not seconds. Read more

Setting up Retropie on the Raspberry Pi

Dave Farquhar Retro Computing , , , , , , , , , , ,

I bought a Raspberry Pi over the weekend intending to turn it into a retro gaming system. I’d rather not have a mess of systems and cartridges out for my kids to tear up and to constantly have to switch around at their whims; a deck-of-cards-sized console with everything loaded on a single SD card seems much more appealing.

I followed Lifehacker’s writeup, which mostly worked. My biggest problem was my controllers. NES and SNES games would freeze seemingly at random, which I later isolated to trying to move to the left. It turned out my Playstation-USB adapter didn’t get along with the Pi at all, and was registering the select and start buttons when I tried to move certain directions, pausing the game.

When I switched to a Retrolink SNES-style pad, the random pausing went away. The precision reminded me of the really cheap aftermarket controllers of yore for the NES and SNES. I concluded my controller, which I bought used, was worn out. Ultimately I ended up switching to a Logitech controller, which worked well. Read more

Computer, how old are you?

Dave Farquhar Windows , , ,

Yesterday I wrote about finding old computers. Here’s how I determine how old a computer is.

There’s a registry key called HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate that stores the system build time in Unix format (the number of seconds since 1 January 1970) and hexadecimal. With a few mad skilz you can make that data human-readable.

Read more

The trade off of fidelity and convenience in marketing, and how it doomed my favorite company

Dave Farquhar Retro Computing , , , , , , , , , , , , , , , , , ,

I’m reading a book called Trade-Off, by former USA Today technology columnist Kevin Maney. It’s primarily a marketing book.

Maney argues that all products are a balance of fidelity and convenience, and highly favor one or the other. He additionally argues that failed products fail because they attempted to achieve both, or failed to focus on either one.

An example of a convenient product is an economy car. They’re inexpensive to buy and inexpensive to keep fueled up, but don’t have much glitz and you probably won’t fall in love with it. A high-end sports car or luxury car is a lot less practical, but you’re a lot more likely to fall in love with it, and gain prestige by driving around town in it. Read more

Why I set work aside for a while before calling it done

Dave Farquhar Writing , , ,

A former supervisor called me the other day. He’s having quality control issues at his new gig, and quality control was one of the things I did when I was working for him. He wanted my insight. And he was very direct with one question he asked me.

“You would always set work aside and then come back to it,” he said. “Why?”

He knew my tactic worked, but wanted to know why it worked. Read more

How to increase the capacity of a Log Logic appliance by 45%

Dave Farquhar security, Software , ,

My 9-5 gig revolves primarily around Tibco LogLogic (I’ll write it as Log Logic going forward, as I write in English, not C++), which is a centralized logging product. The appliances collect logs from a variety of dissimilar systems and present you with a unified, web-based interface to search them. When something goes wrong, having all of the logs in one place is invaluable for figuring it out.

That value comes at a price. I don’t know exactly what these appliances cost, but generally speaking, $100,000 is a good starting point for an estimate. So what if I told you that you could store 45% more data on these expensive appliances, and increase their performance very modestly (2-5 percent) in the process? Read on.

Read more

Hacker chasing, circa 1987

Dave Farquhar Retro Computing, security , , , , , , , , ,

I’m catching up on reading. Next on my reading list is The Cuckoo’s Egg, (Amazon link), Clifford Stoll’s memoir of chasing down a computer hacker in the late 1980s. In it, he describes a very different world, ruled by mainframes and minicomputers, where Unix was something special, IBM still made PCs, but desktop PCs and Macintoshes only received occasional mention, and academia and the military owned the Internet, almost literally. And, oh, by the way, the Cold War was still raging.

The remarkable thing about this book is that it’s an approachable spy thriller, written in 1989, that explains computer security to an audience that had never seen or heard of the Internet. You don’t have to be a security professional to appreciate it, though it’s a classic in the computer security world–many people read it in the late 1980s and early 1990s and decided to get into the field. Read more

How to get started in regulatory compliance

Dave Farquhar security , , , , , , ,

I had a search query about getting started in regulatory compliance, which I’ve written about before, but more from an organizational perspective. That won’t help you much from a career perspective.

I think most any CISSP will answer that question similarly, so I’ll take a stab at it. Read more