Happy 2009 everybody! Best of luck in the new year!
Wednesday, December 31, 2008
Tuesday, December 23, 2008
Merry Christmas
I'll be in and out of Internet contact until around 12/27. Have a fun, safe holiday and I'll see you later...
Sunday, December 21, 2008
Industry: ABit to exit the motherboard market?
TweakTown is reporting that ABit is leaving the motherboard market on 12/31/2008. Things have been bleak for the once beloved motherboard maker for quite some time, but with a lack of products shipping and all signs pointing towards failed product launches, the best outlooks are all pretty bleak. Perhaps ABit will be able to reorganize itself as a company hawking more consumer-oriented wares like Soyo... But with just a few weeks to go, the death watch awaits the news.
Unless things change, this will count for my eulogy. The recent boards were pretty much fine, but the fondness I have for the NF7-S v2.0 and BP6 does not fade with time. Of course, your capacitors did, but to be fair you were not alone...
Saturday, December 20, 2008
Another Out Of Band MS08-078
This is going to be short as it's already covered well elsewhere and this is late... Microsoft has another out-of-band patch as of 12/17, MS08-078 affecting all versions of IE on all supported OSes except Server 2008 for IA-32/x64. Zero-day exploits are already going on. Get this one patched ASAP.
I'd normally say "use Firefox" or some other browser whenever possible, but Firefox and Opera are also currently suffering vulnerabilities. Firefox 3.0.5 resolves the issues. While not quite as sever as the zero-day exploit on IE, these are noteworthy as cross-platform.
I'd normally say "use Firefox" or some other browser whenever possible, but Firefox and Opera are also currently suffering vulnerabilities. Firefox 3.0.5 resolves the issues. While not quite as sever as the zero-day exploit on IE, these are noteworthy as cross-platform.
Sunday, December 14, 2008
Dust Bunnies are Evil
I know this seems like a mundane task that most of us are admonished to do on a regular basis, but it really does need to be repeated: Blow your computers cases out once in a while, especially if they get dusty.
We all know that heat sinks and fans lose their effectiveness when dusty leading to potential overheating, but there's a worse possibility. I ran into a system last week that had dust bunnies in it-- nothing out of the ordinary, except that one of them had lodged itself into the video card's tiny fan. The user reported a blue screen indicating video driver failure. I was busy and asked him to reboot since this was a first time thing. He came back shortly after reporting that it happened again, and now the system couldn't POST. A single dust bunny had lodged in a tight fan, causing the fan to jam, burning out the motor. The video card (a Quadra, unfortunately) then overheated to the point of death. Odd stuff like this can absolutely happen, without showing general signs of overheating.
To be fair, the opposite is true. It's possible you might dislodge some conductive dust which might land in an inopportune spot, causing problems. That can typically be fixed pretty easily with a second cleaning. A burnt out video card, northbridge, etc. can be a lot more costly.
We all know that heat sinks and fans lose their effectiveness when dusty leading to potential overheating, but there's a worse possibility. I ran into a system last week that had dust bunnies in it-- nothing out of the ordinary, except that one of them had lodged itself into the video card's tiny fan. The user reported a blue screen indicating video driver failure. I was busy and asked him to reboot since this was a first time thing. He came back shortly after reporting that it happened again, and now the system couldn't POST. A single dust bunny had lodged in a tight fan, causing the fan to jam, burning out the motor. The video card (a Quadra, unfortunately) then overheated to the point of death. Odd stuff like this can absolutely happen, without showing general signs of overheating.
To be fair, the opposite is true. It's possible you might dislodge some conductive dust which might land in an inopportune spot, causing problems. That can typically be fixed pretty easily with a second cleaning. A burnt out video card, northbridge, etc. can be a lot more costly.
Thursday, December 4, 2008
Windows XP domain migration tip: Overwrite the Default User profile
For all of you guys out there tasked with migrating users from a previous authentication domain (or workgroup) to a new domain know that when a user logs in with the new credentials, a new profile will be created and all of the user's previous settings and files will remain in the old profile.
You can go in after the fact and clean this up or use some other tricks (like using the FAST wizard, treating the old profile as the old computer and new profile as the new) but I've found something faster. I'm probably boneheaded for not hearing of this sooner, but I did a 7k workstation migration at an old job and they never tried anything this simple and relatively foolproof.
Go into Documents and Settings (typically on c:) and locate the Default User profile. It's hidden with stock XP settings, so you need to turn on the option to show hidden files and folders. Under normal circumstances, this profile gets stamped out as a template for new users. You can twiddle with this to make bulk changes to new users, but we'll use it for a slightly more nefarious purpose.
Go ahead and back up Default User, as we'll be replacing the entire profile. You never know-- you might want it later.
Take the user's existing profile and copy it, renaming it as... you guessed it, Default User.
Now go ahead and perform your domain migration. Upon first login, the user's old, familiar profile will 'stamp' itself into the new one. The only 'gotchas' are that you can only do this for one account per computer and if your users have limited drive space and large profiles, you might run short on hard drive space with essentially 3 copies of the profile hanging out there. Still, this is a very easy migration method, and you can remove the old copies once you're sure the user is happy with the migration.
This should work just fine on Windows 2000, and I assume Vista as well. I just haven't tested it.
You can go in after the fact and clean this up or use some other tricks (like using the FAST wizard, treating the old profile as the old computer and new profile as the new) but I've found something faster. I'm probably boneheaded for not hearing of this sooner, but I did a 7k workstation migration at an old job and they never tried anything this simple and relatively foolproof.
Go into Documents and Settings (typically on c:) and locate the Default User profile. It's hidden with stock XP settings, so you need to turn on the option to show hidden files and folders. Under normal circumstances, this profile gets stamped out as a template for new users. You can twiddle with this to make bulk changes to new users, but we'll use it for a slightly more nefarious purpose.
Go ahead and back up Default User, as we'll be replacing the entire profile. You never know-- you might want it later.
Take the user's existing profile and copy it, renaming it as... you guessed it, Default User.
Now go ahead and perform your domain migration. Upon first login, the user's old, familiar profile will 'stamp' itself into the new one. The only 'gotchas' are that you can only do this for one account per computer and if your users have limited drive space and large profiles, you might run short on hard drive space with essentially 3 copies of the profile hanging out there. Still, this is a very easy migration method, and you can remove the old copies once you're sure the user is happy with the migration.
This should work just fine on Windows 2000, and I assume Vista as well. I just haven't tested it.
Windows 7 Rumors and "Teaser"
GeekSmack has apparently found somebody willing to brave the wrath of Microsoft's lawyers, and broken cover with a video of Windows 7's boot screen. This doesn't really show much besides a slicker animation than Vista, but it does indicate serious progress if they're already tweaking the "nice to haves" vs. the core changes and updates.
Betas of Windows 7 are likely to be released in January, so a 2009 timetable for Windows 7 is starting to look a lot more likely.
Betas of Windows 7 are likely to be released in January, so a 2009 timetable for Windows 7 is starting to look a lot more likely.
Wednesday, December 3, 2008
Dezombiefication
OK, I'll admit the blog has been quiet of late. 2+ weeks without an update is inexcusable, so I might as well give the excuse. I was finally able to get an early Christmas present of a new Xbox 360. There's a tremendous back-catalog I'm going through now. Combine that with a fervor to finish out the last few PS2 games before the platform quiesces in January and a few other fun projects on the side, I would be busy enough...
But alas, I've been sick twice in the last month and on top of that slammed at work. I'll try to do better in future. In more fun news, Core i7 has been overclocked to 5510 MHz!!
But alas, I've been sick twice in the last month and on top of that slammed at work. I'll try to do better in future. In more fun news, Core i7 has been overclocked to 5510 MHz!!
Monday, November 17, 2008
Big Week: Core i7 and NXE
This is a big week-- I've been tremendously busy with work and being sick lately, but stuff is happening with or without me. Core i7 released today, although motherboard and RAM prices will keep it from the mainstream for now. Tomorrow is the grand re-launch of the XBox360 with the New Xbox Experience.
Exciting times!
Exciting times!
Thursday, November 6, 2008
WPA Encyrption hacked, 15 minutes to heaven
PC World is reporting that a "mathematical breakthrough" combined with a method for forcing a router to give you lots of good samples of encrypted data allows for a non-dictionary attack against the TKIP encryption algorithm behind WPA. Researchers expect that WPA encryption can be cracked in 12-15 minutes given modern hardware. Combine that with a high power antenna, and you should be very concerned if you have routers and systems using WPA to carry sensitive data.
Aircrack-ng is already being updated to take advantage of the latest vulnerability, so this attack is in the wild now or will be shortly. (props to DownloadSquad for the info.)
As you should already know, WEP encryption is trivial to bypass, and while WPA2 isn't officially "cracked" yet, significant advancements in parallel processing using CUDA allow for much faster brute-force cracking of WPA2. That would still require a very high end system with lots of local storage over a 24+ hour period to crack, but the impractical is now possible.
So with anything below WPA2 being easily exploitable, using WiFi without additional encryption layers (SSH, VPN, etc.) is becoming too risky for any kind of sensitive data. Be careful out there...
Aircrack-ng is already being updated to take advantage of the latest vulnerability, so this attack is in the wild now or will be shortly. (props to DownloadSquad for the info.)
As you should already know, WEP encryption is trivial to bypass, and while WPA2 isn't officially "cracked" yet, significant advancements in parallel processing using CUDA allow for much faster brute-force cracking of WPA2. That would still require a very high end system with lots of local storage over a 24+ hour period to crack, but the impractical is now possible.
So with anything below WPA2 being easily exploitable, using WiFi without additional encryption layers (SSH, VPN, etc.) is becoming too risky for any kind of sensitive data. Be careful out there...
Tuesday, November 4, 2008
MS08-067 in the wild
It appears that at least two credible variants of worms based on the MS08-067 exploit have gone live.
I'm fully (and I do mean fully patched) and your organization should be too.
I'm fully (and I do mean fully patched) and your organization should be too.
Monday, November 3, 2008
Amazon: No more Wrap Rage!
OK, so maybe this isn't the most high-level IT topic I've covered, but I've got to hand it to Amazon for trying to find a serious solution for a serious problem. They're working with manufacturers to eliminate overpackaged, hard-to-open containers for merchandise!
While on some level, Mother Nature is breathing a sigh of relief, there are also tangible benefits in terms of cost and frustration as well as weight. Heck, there's a closet-industry built up around devices to open modern blister packs!
In my day toys came in a cardboard box, possibly with some assembly required and with at most a small plastic window to see some of the contents inside. The current trend of exposing as much of the toy as possible in a demo mode is so ungodly frustrating to me that it makes me want to strangle kittens. Knowing that I'll be undoing half a roll of tape and a few dozen steel twist-ties is frustrating!
Just package the stuff in an appropriate, but not overdone package. A lot of computer stuff is already very lucky in this regard, but tons of consumer-oriented gear is not. Nobody is putting their greasy mitts on an Amazon product in a retail store. You don't have to compete with other items on the shelf. It's all going to ultimately come in a plain brown wrapper no matter what, so let's save time, material, plastic, frustration, etc. and see some more sensible packaging. Good job, Amazon! Keep it up.
While on some level, Mother Nature is breathing a sigh of relief, there are also tangible benefits in terms of cost and frustration as well as weight. Heck, there's a closet-industry built up around devices to open modern blister packs!
In my day toys came in a cardboard box, possibly with some assembly required and with at most a small plastic window to see some of the contents inside. The current trend of exposing as much of the toy as possible in a demo mode is so ungodly frustrating to me that it makes me want to strangle kittens. Knowing that I'll be undoing half a roll of tape and a few dozen steel twist-ties is frustrating!
Just package the stuff in an appropriate, but not overdone package. A lot of computer stuff is already very lucky in this regard, but tons of consumer-oriented gear is not. Nobody is putting their greasy mitts on an Amazon product in a retail store. You don't have to compete with other items on the shelf. It's all going to ultimately come in a plain brown wrapper no matter what, so let's save time, material, plastic, frustration, etc. and see some more sensible packaging. Good job, Amazon! Keep it up.
Intel: i7 first benchmarks released.
I'm not going to rehash what's out there, and what's out there is still pouring in, but Core i7 is fast. Big surprise there. Here are some early reviews:
Maximum PC
TechSpot
PC Perspective
Expect mass-market acceptance by Q2-Q3 of '09, but with the Core i7 920 at around $270, that's tempting for a midrange + system now. i7 Xeon benchmarks are still MIA as far as I can tell, but expect similar performance.
Shanghai will be good, but Intel has so much breathing room now... things are looking grim over at the green camp.
Maximum PC
TechSpot
PC Perspective
Expect mass-market acceptance by Q2-Q3 of '09, but with the Core i7 920 at around $270, that's tempting for a midrange + system now. i7 Xeon benchmarks are still MIA as far as I can tell, but expect similar performance.
Shanghai will be good, but Intel has so much breathing room now... things are looking grim over at the green camp.
Thursday, October 23, 2008
Windows: Vulnerability MS08-067
I don't normally beat the dead horse with Windows patch news, but this one is bad. Microsoft released an out-of-band patch this morning with MS08-067.
This vulnerability affects all current shipping Windows versions, with worm-style propagation being a very real likelihood. Versions of Windows 2000 and XP Pre SP2 are highly vulnerable, with some XP SP2+ and Windows Server 2003 systems being exploitable under certain common/popular firewall conditions.
Vista and Server 2008 appear to be exploitable, but only in terms of a DDoS type attack. Remote Code Execution has not yet been shown on a Vista system.
As of 12:30 PM Pacific Time, Microsoft reports attacks in the wild. This could be the next Blaster/Sasser type attack, so get patching!
This vulnerability affects all current shipping Windows versions, with worm-style propagation being a very real likelihood. Versions of Windows 2000 and XP Pre SP2 are highly vulnerable, with some XP SP2+ and Windows Server 2003 systems being exploitable under certain common/popular firewall conditions.
Vista and Server 2008 appear to be exploitable, but only in terms of a DDoS type attack. Remote Code Execution has not yet been shown on a Vista system.
As of 12:30 PM Pacific Time, Microsoft reports attacks in the wild. This could be the next Blaster/Sasser type attack, so get patching!
Thursday, October 16, 2008
Apple: MacBook/Pro teardowns
iFixit has a great page showing a teardown of the new MacBook and MacBook Pro for those of us who actually and unfortunately know what the inside of a notebook should look like.
The big win? Hard drive replacement is MUCH easier on the new MacBooks Pros!
The WTF moment? Neither a DisplayPort to VGA or DisplayPort to DVI adapter is included with your $2000+ computer. It's a $29 option from Apple. I have yet to see 3rd party alternatives, but no doubt they're coming, and for a fraction of that price. (Yeah, I know DisplayPort is the New Hotness, but there aren't any monitors for it yet...)
The big win? Hard drive replacement is MUCH easier on the new MacBooks Pros!
The WTF moment? Neither a DisplayPort to VGA or DisplayPort to DVI adapter is included with your $2000+ computer. It's a $29 option from Apple. I have yet to see 3rd party alternatives, but no doubt they're coming, and for a fraction of that price. (Yeah, I know DisplayPort is the New Hotness, but there aren't any monitors for it yet...)
Tuesday, October 14, 2008
Windows 7: Hope you like the name.
Well, the product that started as Blackcomb, then codename Windows 7 will officially be called... (drum roll please)... Windows 7!
Never mind that it's a lot closer to a "6.1" version, this may mark the return to relatively sensible version naming at Microsoft.
Coincidence that Nehalem has been named i7? Windows 7 on i7? Sounds like a match made... somewhere.
Intel: Best Quarter Ever
Intel just reported their best quarter ever with a gross margin of 59% while still selling most products at very competitive prices. The worst part? They don't expect the downturn to make that much of a dent by Q4. Even if things look bleaker long term, that's a helluva war chest.
Poor AMD.
Apple: New Notebooks!
It's official. I'm not going to say anything that hasn't already been said, but Apple has refreshed its MacBook line as well as the MacBook Pro 15.4" and MacBook Air.
The old MacBook soldiers on as a slightly reduced cost base model, with rumors of an $899 model coming in below the current base model's $999 price.
The new MacBook is still in 13.3" flavor, but sports a new billet aluminum body & frame with an all-glass, no button touchpad. The touchpad is capable of up to 4-touch sensitivity and supports gestures. At least as importantly for the MacBook, Apple is going with an nVidia GeForce 9400M mobile chipset with integrated GPU. The non-legacy MacBooks now have a 'real' video solution that's acceptable for basic to moderate 3D use! Other nice features include LED backlighting and a backlit keyboad, but gone are the Firewire ports.
I'm not sure what the video output options are, but it looks like a DVI port is out, replaced by Apple's mini-DisplayPort. A breakout box here should do the DVI, VGA and possibly regular DisplayPort and HDMI connectors. We'll see as these start shipping as to what's available in the box.
This model is almost a bridge between the current MacBook Pro and the older MacBooks. They look much more similar and are in much closer parity in terms of design and content. Pricing should reflect this, as the "new" MacBooks are a little spendy relative to the models they replaced, and the older design is already discounted.
The MacBook Pro 15.4" shares all of the features of the MacBook, adding an option for a 9600M GPU for more serious graphics and FireWire is back, but only in FW800 flavor.
The MacBook Air was all-new this year already, so the changes are less dramatic. Options for bigger hard drives, faster CPUs and a speed-reduced 9400M have been announced. A mini-display port is available as well, but the Kensington lock port appears to still be MIA.
A 24" Apple Cinema Display LCD monitor to match the MacBook was also announced. It looks slick, sporting an LED backlight. Unfortunately, it's a bit rich for the current 24" market, coming in at $899.
What wasn't announced was a replacement (or price adjustment) for the current 17" MacBook Pro. For now, it soldiers on. A replacement is sure to be imminent.
Unsaid in all of this is what matters most to me: manageability! Easy replacement for hard drives, RAM, etc. remains up in the air. I suspect the new cases will still be a bitch to open and work with; the current MBPs are the bane of techs everywhere. The lack of Firewire leaves the Migration Assistant and Firewire Target mode in doubt. The Migration Assistant can work via other means, but I'm curious to see what 10.5.6 and beyond will offer to mitigate the loss of Firewire as a management and recovery tool.
Samung: Now with Notebooks!
OK, well this isn't news for anybody outside the US, but it is for us. Samsung has been competitive in the world notebook market for a while now, but back in the dim mists of time, they had agreed to be an OEM for Dell, and as such, left the US market alone. Engadget reports that the times, they are a changin'. The last Samsung-made Dell of any note was the Latitude X1, and before that, most of the small form factor Latitudes at least as far back as the Latitude LS. We haven't been able to even sample their larger offerings, and this is all-around good news for consumers.
Sammy is entering the U.S. Netbook market at the same time with the NC10. This should open up some competition among "premium" netbooks.
Sammy is entering the U.S. Netbook market at the same time with the NC10. This should open up some competition among "premium" netbooks.
Wednesday, October 8, 2008
Intel Strikes Back: the poison pill edition
It looks like Intel is trying to block the AMD/Foundry deal-- AMD and Intel cross license each others' Intellectual Property very heavily and they object. This would transition some Intel IP to probably be used by Foundry, and Intel and Foundry do not cross-license. I expect this to get a little legally ugly here, as Intel has the upper hand. If AMD pulls x86-64, that would really hurt Intel, but without x86, AMD is deader than dead.
Tuesday, October 7, 2008
AMD goes Fabless
Well, it's official. AMD is spinning this pretty hard, but they are selling all of their Fabs and will no longer be manufacturing their own CPUs. AMD sold off all of their Fabs worldwide in a deal with ATIC -- Advanced Technology Investment Corporation. ~3000 AMD employees will transition to the new company/joint venture which will be named Foundry.
The Inquirer is already dubbing the joint venture Arabian Micro Devices, and I can't say that I disagree. I'm concerned that this is funded ultimately through ATIC by the Emirate of Abu Dhabi itself. Yes, AMD will retain 45% share in stock, but if things turn sour the already troubled chipmaker is now at the mercy of the new managers of its former Fabs as well.
Obviously a lot of chipmakers operate in a fabless manner. I've had some experience with Silicon Labs-- a company that has never owned or operated a Fab, but still does OK for itself. Certainly the advantage is that you don't have to specialize in desiging, building and operating the Fab itself in a manner that recoups your huge facility investments in the most efficient manner possible. That frees you up to concentrate on design and be more agile... but it also prevents you from having any direct control of Fab outputs. Not getting enough ICs? Bad yields? They can't just shuffle production around by fiat to get the outputs they need.
If this were such a positive deal, why wouldn't AMD have gone for this 5 years ago, when Fabless started to become the new awesome thing? They were already having problems with their own fabrication processes. Chartered Semiconductor is already doing Fabrication for them as a partner, and ATI produces their chips through TSMC. This is a clear sign of desperation to be doing it now, and they're lucky to have found a suitor willing to take on ~$1.3 billion in debt along with a $700 million set of fabrication assets.
I've got to admit, I'm a little nostalgic at the news. I lived a few blocks from the K5 Fab (Fab 25) as it was spinning up in the mid 90's. I sat at the bus stop many a day and watched AMD hotshots drive past in their Lotus Esprits. Those days are not to return.
The Inquirer is already dubbing the joint venture Arabian Micro Devices, and I can't say that I disagree. I'm concerned that this is funded ultimately through ATIC by the Emirate of Abu Dhabi itself. Yes, AMD will retain 45% share in stock, but if things turn sour the already troubled chipmaker is now at the mercy of the new managers of its former Fabs as well.
Obviously a lot of chipmakers operate in a fabless manner. I've had some experience with Silicon Labs-- a company that has never owned or operated a Fab, but still does OK for itself. Certainly the advantage is that you don't have to specialize in desiging, building and operating the Fab itself in a manner that recoups your huge facility investments in the most efficient manner possible. That frees you up to concentrate on design and be more agile... but it also prevents you from having any direct control of Fab outputs. Not getting enough ICs? Bad yields? They can't just shuffle production around by fiat to get the outputs they need.
If this were such a positive deal, why wouldn't AMD have gone for this 5 years ago, when Fabless started to become the new awesome thing? They were already having problems with their own fabrication processes. Chartered Semiconductor is already doing Fabrication for them as a partner, and ATI produces their chips through TSMC. This is a clear sign of desperation to be doing it now, and they're lucky to have found a suitor willing to take on ~$1.3 billion in debt along with a $700 million set of fabrication assets.
I've got to admit, I'm a little nostalgic at the news. I lived a few blocks from the K5 Fab (Fab 25) as it was spinning up in the mid 90's. I sat at the bus stop many a day and watched AMD hotshots drive past in their Lotus Esprits. Those days are not to return.
Friday, October 3, 2008
Quote of the Day
Admin Tip: 24 Free/OSS Admin Tools
Download Squad had a great article recently listing 24 open-source, free tools for admins and technicians. I'm already sold on PuTTY, DBAN, Memtest86/Memtest86+ and 7-Zip, but there are some real gems out there that I hadn't even heard of.
WCD in particular scratches an itch I've had since giving up Norton ncd many a year ago and being spoiled by locate under *nix. You do need to know how to manually set a Path variable, but otherwise it works as advertised.
They did have one recommendation that is good, but I think you can do better... Visualization tools for data are invaluable in giving you a meaningful picture (literally) of what is and is not taking up space. They recommend a product called WinDirStat.
WinDirStat looks like a re-working of the same concept that was pioneered by SequoiaView: "Cushion Treemaps" to visualize data. The strength of this method is that it can show individual files and folders easily by size and type, and groups them together, but the weakness is that it lacks a true hierarchical view. It's also a very busy interface which makes it hard to tell usage in terms of rough percentages or amounts. Unfortunately, SequoiaView lacks any type of obvious licensing. You're probably safe to use it for any purpose, but it's not OSS. It's also rapidly aging, so WinDirStat looks like a great replacement.
There are times when it is the best tool for the job, but for a first-pass on a Windows system I prefer an application called Scanner, written buy a guy named Steffan Gerlach. The licensing is also unclear, but presumed freeware with the source supplied. This app has the strength of being able to show disk usage as a pie chart, with a hierarchical view. It lacks color coding by file and doesn't show individual files at all until you drill down into that directory. It is, however, nice and portable, so you can run it from a USB drive or a network share.
Between the two, you should have pair of complementary products that'll allow you to better manage your storage.
WCD in particular scratches an itch I've had since giving up Norton ncd many a year ago and being spoiled by locate under *nix. You do need to know how to manually set a Path variable, but otherwise it works as advertised.
They did have one recommendation that is good, but I think you can do better... Visualization tools for data are invaluable in giving you a meaningful picture (literally) of what is and is not taking up space. They recommend a product called WinDirStat.
WinDirStat looks like a re-working of the same concept that was pioneered by SequoiaView: "Cushion Treemaps" to visualize data. The strength of this method is that it can show individual files and folders easily by size and type, and groups them together, but the weakness is that it lacks a true hierarchical view. It's also a very busy interface which makes it hard to tell usage in terms of rough percentages or amounts. Unfortunately, SequoiaView lacks any type of obvious licensing. You're probably safe to use it for any purpose, but it's not OSS. It's also rapidly aging, so WinDirStat looks like a great replacement.
There are times when it is the best tool for the job, but for a first-pass on a Windows system I prefer an application called Scanner, written buy a guy named Steffan Gerlach. The licensing is also unclear, but presumed freeware with the source supplied. This app has the strength of being able to show disk usage as a pie chart, with a hierarchical view. It lacks color coding by file and doesn't show individual files at all until you drill down into that directory. It is, however, nice and portable, so you can run it from a USB drive or a network share.
Between the two, you should have pair of complementary products that'll allow you to better manage your storage.
Saturday, September 27, 2008
HP - Decoding HP Notebook Codes
I'll get this out there right up front: I'm not a fan of HP notebooks. Partially, becuase I've had limited exposure and find their model lineup frustratingly complex and partially because what experience I've had has tended to be dealing with reliability/repair issues on the cheap consumer models.
Still, I've finally been able to get a good decoder for the business line:
First number
6 = mid-range business
8 = high end
2 = ultraportable
Second number:
The higher the 2nd number the better generally, it denotes a market segment.
Third number:
year
10 = 2007
30 = 2008
4th number:
0 = Intel
5 = AMD
Final position: code letters:
s = cheap/value edition - lower end screen, no docking connector except USB solutions
b = mainstream business
p = professional business e.g. 6910p, 8510p
w = mobile workstation e.g. 8510w 8710w
If somebody has a better way to decode models, I'm all ears.
Still, I've finally been able to get a good decoder for the business line:
First number
6 = mid-range business
8 = high end
2 = ultraportable
Second number:
The higher the 2nd number the better generally, it denotes a market segment.
Third number:
year
10 = 2007
30 = 2008
4th number:
0 = Intel
5 = AMD
Final position: code letters:
s = cheap/value edition - lower end screen, no docking connector except USB solutions
b = mainstream business
p = professional business e.g. 6910p, 8510p
w = mobile workstation e.g. 8510w 8710w
If somebody has a better way to decode models, I'm all ears.
Wednesday, September 24, 2008
LG 70 HDTV/Monitor
LCD prices for all types of panels have been contracting recently, but I'm very impressed with how much you can get for so little nowadays. I went shopping for a presentation display for work and brought an LG LG70 42" TV/Display. This is still a somewhat cost-reduced model when compared with flagship-style Sony products, but for $1099, I got a 42" 1080P screen that works flawlessly when hooked up to a computer via VGA. The TV detected the input immediately and asked if I wanted to "enjoy" this new connection now. The screen was set up immediately, correctly, and absolutely no waves, jaggies, dead/stuck pixels or "snow" were evident when using VGA. If I didn't know better, I would have sworn it was a digital signal.
My only beef is the dark, sparkly red stripe around the outside of the unit. It hides all of the buttons except for power and frankly looks a bit too "boy racer."
All in all, I'm very impressed at what's out there now for so little. If only I had the money for one of my own... it would make a kicking monitor.
Monday, September 22, 2008
Apple: In praise of XQuartz
As with many things Apple, The Jobs and crew like to bless a lot of common projects before distributing versions on the Mac. Recently, however, I came across some problems with the Apple distribution of X11 (an optional component on the OS disk) on 10.5.4. When launched, the App would appear in the dock, then disappear, then reappear again a few times. Checking the running processes, it started then entered a zombie state almost immediately-- before any logs get written.
The first system was a fairly modern MacBook Pro, but had a user profile that was migrated from a PPC Powerbook. Thinking this may be the problem, I uninstalled and then reinstalled X11 to no avail from the OS disk. I stepped through all kinds of diagnosis, running updates, clearing caches, checking all the config and shell profile files with no luck. I finally stumbled on a suggestion to try the XQuartz version of X11. Apple uses the XQuartz project as a basis for building their X11 distribution, but apparently don't do a good job all the time. The XQuartz version dropped right in and works great. The only downdside was that it requires a logoff.
The problem occurred the very next day for me on a PPC Mac running 10.5.4, so the problem may be something in the OS or configs we use. It doesn't appear to be platform-based. The same fix worked like a charm.
As some further notes, Apple may overwrite X11 with their point-releases of their OS, so reinstallation may be necessary at a later date. The X11 version, however, was last changed at 10.5.2, and was unchanged with the 10.5.3 and 10.5.4 releases.
The first system was a fairly modern MacBook Pro, but had a user profile that was migrated from a PPC Powerbook. Thinking this may be the problem, I uninstalled and then reinstalled X11 to no avail from the OS disk. I stepped through all kinds of diagnosis, running updates, clearing caches, checking all the config and shell profile files with no luck. I finally stumbled on a suggestion to try the XQuartz version of X11. Apple uses the XQuartz project as a basis for building their X11 distribution, but apparently don't do a good job all the time. The XQuartz version dropped right in and works great. The only downdside was that it requires a logoff.
The problem occurred the very next day for me on a PPC Mac running 10.5.4, so the problem may be something in the OS or configs we use. It doesn't appear to be platform-based. The same fix worked like a charm.
As some further notes, Apple may overwrite X11 with their point-releases of their OS, so reinstallation may be necessary at a later date. The X11 version, however, was last changed at 10.5.2, and was unchanged with the 10.5.3 and 10.5.4 releases.
Sunday, September 14, 2008
Linux - Linuxcommand.org
Just a quickie-- There are tons of Linux newbie guides on the 'net, but I found one that I like. The pages at linuxcommand.org show you not only the 'right' way to do things (starting with command line, pretty much distro-agnostic), but guide you on what you should know without a *nix basis.
Wednesday, August 20, 2008
Security: Passwords, Part III: Better, Stronger, Faster.
We looked at passwords and password strength in the context of a random password generator. That's a great tool and a wonderful ideal, but sometimes random strings can be a squeency bit hard to memorize and type.
Here are some tactics I've found for creating easily memorized passwords (with the understanding that you still need strong passwords and great security.)
I want to make one point, though, before I start: I've both been taught and seen that when you give people an example password, they will think that the example is itself a great password, and then use the example. Don't do that.
Acronyms: Take a phrase or sentence, using the first letters of each word. For example, "This password is for the backup administrator account" might become Tpiftbaa. That's not great (sufficiently random, but only 2 classes of character), but moving in the right direction.
Passcodes: Systems that will take a longer password can take a phrase or sentence in the form of a passcode. With the previous example, "This password is for the backup administrator account." could itself be the password. That's much stronger-- much longer and it adds the period as a third class of character, but remembering the little fiddly words can get tricky with these.
Patterns: Sometimes thinking outside the box is the key to a good password. Look at your keyboard and find a nice pattern. I'll use the keys on the left of a standard qwerty keyboard. Note that the keys make a cool "V" pattern-- hey, that's kinda random! "1qazse4" isnt' just a pattern on the keyboard, it's a decent password. The problem here is that somebody shoulder-surfing is much more likely to be able to pick up on your password because it makes an obvious pattern.
Transposing Characters: I hesitate to mention this one, because it's so easy to be lazy. Think you're 1337? Well, 'leet boy, you can use a "1" for an "i" or a "#" for an "H". This is a good tactic, but easy to abuse. "P@ssw0rd" is a very, very bad password- easily guessable. Use this tactic, but in conjunction with passwords that are good to begin with.
Mnemonics: Like anything memorized, attach them to other concepts or items-- or make up your own secret special meaning for your password. Pronounce it out loud in your mind-- just don't use things that are easily memorized but also guessable things about you.
Naughty Passwords: Since other mnemonics are often insecure, one trick you can use to make passwords more memorable is to use elements that are at least slightly naughty. Let's say your boss has a serious problem with rearward-facing pants bulge. Myb#aBFA would be a pretty good password! Breaking that down:
My
b(oss)
#(leet-h for has)
a
Big
Fat
Ass
Bet you won't forget that one so easily!
Here are some tactics I've found for creating easily memorized passwords (with the understanding that you still need strong passwords and great security.)
I want to make one point, though, before I start: I've both been taught and seen that when you give people an example password, they will think that the example is itself a great password, and then use the example. Don't do that.
Acronyms: Take a phrase or sentence, using the first letters of each word. For example, "This password is for the backup administrator account" might become Tpiftbaa. That's not great (sufficiently random, but only 2 classes of character), but moving in the right direction.
Passcodes: Systems that will take a longer password can take a phrase or sentence in the form of a passcode. With the previous example, "This password is for the backup administrator account." could itself be the password. That's much stronger-- much longer and it adds the period as a third class of character, but remembering the little fiddly words can get tricky with these.
Patterns: Sometimes thinking outside the box is the key to a good password. Look at your keyboard and find a nice pattern. I'll use the keys on the left of a standard qwerty keyboard. Note that the keys make a cool "V" pattern-- hey, that's kinda random! "1qazse4" isnt' just a pattern on the keyboard, it's a decent password. The problem here is that somebody shoulder-surfing is much more likely to be able to pick up on your password because it makes an obvious pattern.
Transposing Characters: I hesitate to mention this one, because it's so easy to be lazy. Think you're 1337? Well, 'leet boy, you can use a "1" for an "i" or a "#" for an "H". This is a good tactic, but easy to abuse. "P@ssw0rd" is a very, very bad password- easily guessable. Use this tactic, but in conjunction with passwords that are good to begin with.
Mnemonics: Like anything memorized, attach them to other concepts or items-- or make up your own secret special meaning for your password. Pronounce it out loud in your mind-- just don't use things that are easily memorized but also guessable things about you.
Naughty Passwords: Since other mnemonics are often insecure, one trick you can use to make passwords more memorable is to use elements that are at least slightly naughty. Let's say your boss has a serious problem with rearward-facing pants bulge. Myb#aBFA would be a pretty good password! Breaking that down:
My
b(oss)
#(leet-h for has)
a
Big
Fat
Ass
Bet you won't forget that one so easily!
Intel: Plenty o' News from the IDF
A lot of info is starting to stream out of IDF (courtesy News.com as they have a concise article.) Short takes follow:
A dual-core Atom is coming, but only for the "Nettop"/thin client segment. Intel doesn't feel that it's power-efficient enough for the "Netbook" mobile market.
A 6-core Dunnington Xeon is planned as Penryn's siren song.
Roadmaps for Nehalem are starting to get fleshed out, with on-die video options and an 8-core version announced.
And this is all before next week's nVidia announcements! Biggest rumor? nVidia breaks into the x86 market...
A dual-core Atom is coming, but only for the "Nettop"/thin client segment. Intel doesn't feel that it's power-efficient enough for the "Netbook" mobile market.
A 6-core Dunnington Xeon is planned as Penryn's siren song.
Roadmaps for Nehalem are starting to get fleshed out, with on-die video options and an 8-core version announced.
And this is all before next week's nVidia announcements! Biggest rumor? nVidia breaks into the x86 market...
Tuesday, August 19, 2008
Security: Passwords part Deux: When Passwords Go Bad
It's probably worth a few minutes to talk about what constitutes a bad password.
Anything guessable is bad. Anything that's easily compromised through brute force is bad.
OK phew, that was hard! Now, on to the specifics. Users often don't really have a clue about passwords in general and see them as at best a necessary evil and at worst a horrible pain in the ass. Users will go to heroic lengths to "beat the system." Getting around these problems often involves management, but at least be vigilant for what happens.
Using really poor passwords: People use the names of their kids, their pets, their address, their kids' birthdays, their pets' birthdays, etc. These are all very easily guessable, bad passwords. The ultimate cliche is a password of "password." BAD USER! NO COOKIE! You'll see other common passwords like favorite sports teams, TV/movie characters, cities, states, brand names, etc. used. Your defense against this is setting up a password system that requires complexity and tests for dictionary words and other likely bad passwords.
Practicing Poor Password Security: Taping your password to your monitor, the underside of your keyboard, or scribbling it on the bottom of the tissue box all happen, often. No matter how complex your passwords are, writing it down in a public space removes all security. Anybody who can get to their desk can get in with their passwords. All you can do is have a policy set up such that when this is caught, the user gets their proverbial hand spanked, changes their password immediately and is informed not to do it again.
Using the Same Password in too many Places: This is another easy one, but hard if not impossible to test for. At least encourage your users to use different passwords for work than for any other use and if you have a more secure network or if they act with higher privilege than normal, ask them to use a 2nd password for that task so that a single compromise won't compromise every system.
Re-using the same passwords excessively: So if you have a password policy that the user has to change the password monthly, and can't use the same one doesn't preclude the user from just having two passwords and rotating them monthly. You can set policy such that they can't re-use more than X number of passwords (3-6 is common.) That's actually pretty reasonable. If users rotate a larger number of passwords less frequenty, it's not so terrible. The danger comes in when users combat this annoyance by just changing one character or identifier in the same base password. If "Password1" just becomes "Password2", the whole point of rotating passwords has just been invalidated. If you can, ensure that when a user changes a password that it's >1 character different from the old one.
But sometimes, admins fail as well. I've seen a production database system that contained credit card data at a major company that was just secured by a password-- not a username/password pair. Understanding that people are lazy, a co-worker sat down one slow afternoon and tried strings. About one in four turned out to be a valid password. These weren't exotic strings either-- mostly sports teams, common dictionary words, etc. Thankfully the admins realized this was a huge security hole and fixed it in short order.
If you can, ensure that passwords are as complex as possible and be vigilant for users trying to undermine your best efforts.
Anything guessable is bad. Anything that's easily compromised through brute force is bad.
OK phew, that was hard! Now, on to the specifics. Users often don't really have a clue about passwords in general and see them as at best a necessary evil and at worst a horrible pain in the ass. Users will go to heroic lengths to "beat the system." Getting around these problems often involves management, but at least be vigilant for what happens.
Using really poor passwords: People use the names of their kids, their pets, their address, their kids' birthdays, their pets' birthdays, etc. These are all very easily guessable, bad passwords. The ultimate cliche is a password of "password." BAD USER! NO COOKIE! You'll see other common passwords like favorite sports teams, TV/movie characters, cities, states, brand names, etc. used. Your defense against this is setting up a password system that requires complexity and tests for dictionary words and other likely bad passwords.
Practicing Poor Password Security: Taping your password to your monitor, the underside of your keyboard, or scribbling it on the bottom of the tissue box all happen, often. No matter how complex your passwords are, writing it down in a public space removes all security. Anybody who can get to their desk can get in with their passwords. All you can do is have a policy set up such that when this is caught, the user gets their proverbial hand spanked, changes their password immediately and is informed not to do it again.
Using the Same Password in too many Places: This is another easy one, but hard if not impossible to test for. At least encourage your users to use different passwords for work than for any other use and if you have a more secure network or if they act with higher privilege than normal, ask them to use a 2nd password for that task so that a single compromise won't compromise every system.
Re-using the same passwords excessively: So if you have a password policy that the user has to change the password monthly, and can't use the same one doesn't preclude the user from just having two passwords and rotating them monthly. You can set policy such that they can't re-use more than X number of passwords (3-6 is common.) That's actually pretty reasonable. If users rotate a larger number of passwords less frequenty, it's not so terrible. The danger comes in when users combat this annoyance by just changing one character or identifier in the same base password. If "Password1" just becomes "Password2", the whole point of rotating passwords has just been invalidated. If you can, ensure that when a user changes a password that it's >1 character different from the old one.
But sometimes, admins fail as well. I've seen a production database system that contained credit card data at a major company that was just secured by a password-- not a username/password pair. Understanding that people are lazy, a co-worker sat down one slow afternoon and tried strings. About one in four turned out to be a valid password. These weren't exotic strings either-- mostly sports teams, common dictionary words, etc. Thankfully the admins realized this was a huge security hole and fixed it in short order.
If you can, ensure that passwords are as complex as possible and be vigilant for users trying to undermine your best efforts.
Intel: i7 (Nehalem) will have a Turbo Mode
The Intel IDF Conference is going on as we speak, and Hardware-Infos.com (auf Deutsch) is reporting that Nehalems will have a mode similar to Santa Rosa Meroms where the chip will dynamically "overclock" itself on the fly on a single core when the need for high performance on a single execution thread is indicated. At this point, it's being called a Turbo-Mode, even though the Intel branding for this feature is unknown at this time. Details are still sketchy, but this is another very interesting detail about the i7/Nehalem platform.
In layman's terms, let's say you have a 4-core, 2.66 GHz CPU. If you're running something that only uses one core, but needs all the power it can get, you have no benefit over a 2.66 GHz dual-core CPU or even a theoretical single core version of the same. These are already maximum speeds, with the CPUs running at lower speeds when performance isn't needed. What this system will do is transparently to the user allow a single core to go faster than the rated maximum while reducing maximum speed on the remaining cores. No word yet on if this will work on a system that's already overclocked. I hope to have more info as this leaks out into the English language press.
Monday, August 18, 2008
Security: Passwords
There's not much to say about this one that's not common sense, but more common sense is better.
Passwords should be "strong" -- that is, not easily guessable or hacked via brute-force. The longer it is, the better. Combining different types of characters (upper-case letters, lower-case letters, numerals and 'special characters' like punctuation) is even better. Your birthday, the name of your dog, etc. are all very, very bad passwords. They're not as good as two-factor authentication, but often they're all you get to work with.
Sometimes you have to crank out password after password (or one Really Good password) and that's a job best left to a random password generator. If you just need some passwords, I like the PCTools Random Password Generator web page.
Passwords should be "strong" -- that is, not easily guessable or hacked via brute-force. The longer it is, the better. Combining different types of characters (upper-case letters, lower-case letters, numerals and 'special characters' like punctuation) is even better. Your birthday, the name of your dog, etc. are all very, very bad passwords. They're not as good as two-factor authentication, but often they're all you get to work with.
Sometimes you have to crank out password after password (or one Really Good password) and that's a job best left to a random password generator. If you just need some passwords, I like the PCTools Random Password Generator web page.
Sunday, August 17, 2008
BoingBoing has a list of the top 101 classic computer and computer-related advertisements "of all time!!!11!eleventy-one" (OK so, I made up the last part.)
I'm not old enough to remember a few of these, but others bring back some fond (and not so fond) memories. Enjoy!
I'm not old enough to remember a few of these, but others bring back some fond (and not so fond) memories. Enjoy!
Monday, August 11, 2008
VIA to Exit Chipset Manufacturing
VIA saw the handwriting on the wall... with the "Intel Platform" being one of their big strengths along AMD acquiring ATI for their chipset design, it's getting tough for 3rd parties to compete in the chipset market. VIA is officially announcing that they're leaving the 3rd party chipset market. nVidia's already on shaky ground with respect to chipset design and manufacturing, so that only leaves SiS at the extreme budget (read: low profit margin) end of the spectrum. My only fear is that 3rd parties are good for overclocking and tweaking, serving as a great market force in that respect.
VIA will continue to design and manufacture chipsets for their Nano processor- just not for Intel or AMD CPUs.
VIA will continue to design and manufacture chipsets for their Nano processor- just not for Intel or AMD CPUs.
Intel: New CPU Releases 8/11/2008
It's official! Several new models have released today, with one oldie but goodie seeing a massive price drop. All prices listed are from Newegg.
The E7300 (Dual-core, 2.66 GHz 3MB Cache) released at an affordable $144.99, a tremendously powerful entry at this price point. The only gotcha is a lack of hardware virtualization support.
The E8600 (Dual-core, 3.33 GHz 6MB Cache w/VT) is out at $279.99, a very workable price for such a fast stock speed. This guy is going to be a serious gaming powerhouse.
The Q9550 (Quad-core, 2.83 GHz 12 MB Cache w/VT) is now down to $339.99 at the 'egg. Once the pinnacle of slightly affordable quad-cores, the price is down quite a bit from last week. Hovering around $600 previously, this is now a realistic option for a mid-high end system.
All of these CPUs are now listed in stock. Expect some moderate price drops across most of the rest of the CPU range as well.
The E5200 is still MIA, but expected soon. I'll keep you posted. The street price should be around $90 for a 2.5 GHz, 800 MHz dual-core. Not shabby for a low-mid range system, and likely a strong overclocker.
The E7300 (Dual-core, 2.66 GHz 3MB Cache) released at an affordable $144.99, a tremendously powerful entry at this price point. The only gotcha is a lack of hardware virtualization support.
The E8600 (Dual-core, 3.33 GHz 6MB Cache w/VT) is out at $279.99, a very workable price for such a fast stock speed. This guy is going to be a serious gaming powerhouse.
The Q9550 (Quad-core, 2.83 GHz 12 MB Cache w/VT) is now down to $339.99 at the 'egg. Once the pinnacle of slightly affordable quad-cores, the price is down quite a bit from last week. Hovering around $600 previously, this is now a realistic option for a mid-high end system.
All of these CPUs are now listed in stock. Expect some moderate price drops across most of the rest of the CPU range as well.
The E5200 is still MIA, but expected soon. I'll keep you posted. The street price should be around $90 for a 2.5 GHz, 800 MHz dual-core. Not shabby for a low-mid range system, and likely a strong overclocker.
Sunday, August 10, 2008
Intel: Nehalem to be Branded Core i7
It appears the rumors are true. The next-generation Intel Nehalem architecture (successor to the Core 2 family) will be branded Core i7, at least for the Bloomfield versions.The picture of release information is also getting a little clearer. Intel's original Q3 2008 promise might be a little more like very late Q3 to Q4 date for the processor being released in anything remotely approaching "volume." These will all be higher end processors with three models ranging from $284 to $999 in thousand lots. Low-end and mobile CPUs are due in Q3 2009. I'll go out on a limb and say that some price cuts/new models will introduce some sort of mid-high end CPUs around the Q1/Q2 2009 time frame, with Core 2 still being a strong low-mid contender through 1H 2009.
The Bloomfield logo is pictured at right, with the Extreme part (at the $999 price point) supposedly sporting a black/grey logo.
Monday, August 4, 2008
Industry: nVidia to Leave the Chipset Market?
Xbit Labs and the Inquirer are reporting that nVidia is set to leave the chipset market entirely, with the Inq saying it's a done deal. Digitimes is proposing a more moderate view on the rumor, while the Tech Report has an article that contains a full, apparently official rebuttal from nVidia. There seems to be more than a grain of truth here as nVidia hasn't reached a deal with Intel to be able to license QuickPath Interconnect for the upcoming Nehalem processor. With no plans in sight yet to support new Intel motherboard technologies after roughly Q3 2008, that leaves nVidia with their original market, AMD.
There's just one problem with that... AMD finally has an in-house chipset maker with the ATI acquisition and they're pushing their own ATI chipset-based products. So faced with stiff competition over the bottom 20% of the market, what's nVidia to do? Is SLI doomed? Will nVidia break the software restrictions on SLI and allow SLI in Intel or even ATI motherboards? What about some of the cool tech that's trickling out like hybrid SLI?
With the failure of mobile G84/86 chipsets and falling stock prices, things must be a bit tense over at nVidia right about now. Competing aggressively with Intel has to be in the cards for nVidia to remain relevant in the chipset market.
Sunday, August 3, 2008
Security: Security through Obscurity
Security through obsurity frankly sucks. Sometimes you can't get around using it, so it's worth understanding what it is so you can avoid it whenever you can. Simply put, making something appear to be something else, or hiding an insecure service rather than securing it is poor security.
For example, having a file out on an unsecured network share called passwords.txt that contains, say, passwords is just stupid. That's less than no security; it's a tempting target for any prying eyes.
Renaming that file to csfr4pw.txt seems like it might deter casual onlookers, but anybody interested in your data can trivially grep or search through file contents and notice that it contains sensitive passwords. Likewise, other automated tools like nmap can help attackers easily determine what services are running where.
Find a better way to secure the data. Put it behind a protected share, encrypt it, or even just alter the contents to say "the passwords are stored in a tamper-evident envelope in a locked cabinet." Though technically part of "defense in depth," this is one tactic you should avoid if at all possible.
Saturday, August 2, 2008
Games: The Wonderful End of the World mini-review
The Wonderful End of the World is a casual game from developer Dejobaan Games ("making video games for over 75 years...") I was a big enough sucker to play the demo on Steam, and was hooked enough to buy the game. What is it? In short, it's Katamari Damacy with an attitude. The plot? You're a disembodied sprit that must collect as much of the world as possible before the world ends. The mechanism? Walk into something smaller than you and it sticks to you. As you collect stuff, you get bigger and can collect larger items. Sound familiar? There's not a lot of gameplay here that hasn't already been done in the Katamari universe.
tWEotW does bring a lot of attitude and style to the table, though. The levels are far less repetitive than Katamari Damacy, with levels themed after classic video games, an Internet cafe, a wacky mall, etc. There are also several running jokes-- organgutans show up in the oddest places, and if you look around you'll see some bizarre stuff in the levels. There is a minor difference over the Katamari games in that you're graded primarily on the number of items you collect rather than the ultimate size you attain. The two are linked, but the distinction is important to understand. You're graded after each level.
There are 12 levels in all, and 11 of them are easy to unlock. The final level is only unlocked if you get an A or A+ on every single level.
There were a few problems-- the game is fixed resolution with limited setup options. Unlike most Katamari Damacy levels where the game decides what to render based on the scale of your character, tWEotW has an inefficient rendering engine that renders everything all the time. On my anemic system, I had severe slowdowns in the larger scale levels. There are plenty of cases where your character can get stuck between objects-- it's not always clear where the edges of your character get calcullated. The game will eventually move you until you're unstuck, but the time lost is a pain. There's also one minor bug in the final level where you can pass through walls in certain areas.
Conclusions the level design is fairly well polished and wonderfully quirky. The game on the whole is pretty easy--expect to "win" in 2-5 hours with some replay value. I passed every level with at least a B on the first try. But some levels were hard to raise from a B or A- to an A in order to unlock the last level. The developer sells this game for $20, but Steam has it for $10. Is it a fun diversion at $10? Yeah, probably worth it, but I'm not sure if it's worth it at $20.
6/10
Security: Defense in Depth
Defense in Depth isn't just a military tactic anymore. This is another basic building block of IT security. In short, don't rely on one specific type of security for your valuable data and expect attacks to come from every vector possible.
Defense in depth starts with securing your systems physically. Anything that's really sensitive should be behind locked doors. Firewalls, separate sensitive networks, OS-level security, anti-virus, anti-malware, intrusion detection systems, and many other tactics can help ensure that what needs to be secure actually is.
Typically you'll want to combine multiple levels of security for additional assurance.
Wednesday, July 30, 2008
The Usual Subjects
Finding a good deal on pretty much anything is tricky nowadays. Fortunately, deal aggregators do most of the work for you. You'll often see Internet forum posts with a note to "check the Usual Suspects" for deals, coupons, etc. The big computer OEMs --Dell, Lenovo and HP in particular are noted for running big sales. These sites aren't just good for computer/electronic stuff, either. I've scored free magazine subscriptions and all sorts of cheap stuff.
Who are the usual suspects? I like to use these guys, in rough order of preference:
Got any more? Post a comment and tell me about your favorite!
Who are the usual suspects? I like to use these guys, in rough order of preference:
- Slickdeals.net
- NewEgg Daily Deals
- Dealnews.com (And affiliates, DealCoupon and DealMac)
- Dealsea.com
- Buy.com Deals
- GotApex
- FatWallet
Got any more? Post a comment and tell me about your favorite!
Monday, July 28, 2008
Gateway Ditches Direct Sales
It seem like so long ago, but once upon a time, Gateway was one of the darlings of the early direct-sales model. They were exceedingly competitive with the likes of Dell through the P2/P3 era and instrumental in the whole paradigm of ordering custom-configured computers first over the phone and later over the web.
Gateway, now a subsidiary of Acer, has floundered tremendously in the last few years. The idea of selling product directly and indirectly through Gateway Country stores floundered and they had begun selling through retail and e-tail channels.
This weekend, Gateway announced that they're giving up entirely on direct sales, and going to a 100% pre-configured, non-customized sales model. Last week, buying a pre-configured computer at 'retail' was just an option if you wanted a Gateway. Now, you get a choice of pre-configured systems and no more.
I'm going to call this one as a bad move, even if there are massive cost-savings that can be passed down to consumers. They're basically giving up on the business markets and high-end prosumer, leaving the low-margin "plain old computer" buyer.
Good luck, Gateway...
Sunday, July 27, 2008
Admin Tip: Cable Storage
You've probably accumulated a number of basic computer cables and need to keep a stock of stuff like DVI, VGA, Power, USB A-to-B, etc. Fortunately, most of these come in a standard 6'/2m size!
Get a coat rack or two-- depending on how much you need to store--and affix it to a wall or hang it behind a door at least 4'/2.5m off the ground. Loop the cables over each hook, looping halfway down the cable. Each hook gets its own type of cable. I can get between 25-50 cables per hook, but this will obviously vary with the coat rack you choose and the thickness of the cables.
If you keep Cat 5/5e/6 networking cable in bulk, you can use one hook for each length and/or color. The only problem here is that cables longer than 10' will end up being looped anyway, or they'll be too long for this method.
This is a real time saver in two ways: No more constant bundling cables for storage, and you can easily see and grab what you need when you need it.
Get a coat rack or two-- depending on how much you need to store--and affix it to a wall or hang it behind a door at least 4'/2.5m off the ground. Loop the cables over each hook, looping halfway down the cable. Each hook gets its own type of cable. I can get between 25-50 cables per hook, but this will obviously vary with the coat rack you choose and the thickness of the cables.
If you keep Cat 5/5e/6 networking cable in bulk, you can use one hook for each length and/or color. The only problem here is that cables longer than 10' will end up being looped anyway, or they'll be too long for this method.
This is a real time saver in two ways: No more constant bundling cables for storage, and you can easily see and grab what you need when you need it.
Security Basics: Authentication and Authorization
A key pair of linked concepts, Authentication and Authorization are so fundamentally important to networked computing, yet often ignored as "assumed knowledge." The fact is that most networked operating systems handle Authentication and Authorization pretty well if configured properly, but I want to cover the basics in case there are any problems. Pay attention, there will be a quiz later!
Authentication is a process by which you prove that you are who you say you are. The most common form of authentication is a user password. In this case, you provide some piece of information only you and the computer know. If you have that info, you are (as far as the computer is concerned) who you say you are.
You have probably also seen biometric authentication systems like fingerprint scanners, and some of you may have seen Handheld Authenticators like the RSA/SecurID system. In the first example of biometric data, something you know is replaced by something you have-- and in the case of your finger, something hopefully you and only you have.
Two-factor authentication builds on the previous two concepts. You need something you have plus something you know. You the basic form at an ATM machine. To make it give you money, you need your PIN code and your card. A thief would need both rather than an either-or to get access to your account. From an administrative standpoint, you may need to consider something like a SmartCard system or an RSA/SecurID system. For SecurID, you have a physical token/device (key fob usually) that generates one use-codes. You combine these one-use codes from the authentication device with a PIN number only you know. Instead of a password, you now have not only a two-factor password, but a one-time two-factor password!
The most common way for this to break down would be to share passwords or use shared accounts (accounts that aren't meant to be tied to a specific person and more than one person has the password.) For authentication to be reliable and secure, you must not have any situations where one person knows another person's password! If you just can't resolve this, realize that it's an insecure situation and work to mitigate the risk.
Authorization is the other half of this coin. Once a system can reliably tell that you are who you say that you are, now the system can give you permission to do what you should be able to do-- this is often revered to as user privilege or privs in admin-speak.
As an admin, you'll typically work within the specifics of your networked OS/system to grant and modify user privilege as required by your organization. Users should operate under the concept of least privilege. That is to say, that they should have the rights to do what they need to do, and not more than that. Granting them extra permissions is a risk that the users may engage in dangerous activities (installing spyware, snooping through HR payroll databases, etc.)
Your risk here is threefold:
- You need a strong authentication system to ensure that you know who is logging in to your systems.
- You need to be vigilant in that the IT group is setting up permissions properly, without any loopholes and obeying the principle of least privilege.
- You need to guard against outside threats which will use exploits in the system to elevate their privilege beyond what they should have.
Friday, July 25, 2008
Sysadmin Appreciation Day
Did you remember to appreciate your Sysadmin? I'll take any chance I get. For the record, I "enjoyed" the day troubleshooting graphical issues with a Red Hat Enterprise 5 box and setting up an Open Directory installation. I didn't get any cookies, though...
Friday, July 18, 2008
Happy 40th, Intel
All the best-- 40 years is a few lifetimes in the tech industry. Of course, this wish comes with a fervent request that you not repeat the debacles of Netburst, RAMBUS and the FDIV bug. I will gratefully take a nice Wolfdale off your hands if you have one to spare, though!
Thursday, July 17, 2008
Hardware: Hector Ruiz out at AMD
Tuesday, July 15, 2008
Xbox 360: The E3 Bombshell
I'll preface my first gaming post by saying this: I'm an old school PC gamer-- old school enough to go back before the original PC took the gaming marketshare crown from the Apple ][ and Commodore 64/Amiga. I tend to prefer PC gaming as it affords me a high degree of tweaking/modding, I like the keyboard/mouse interface as a minimum standard and I like the immediacy of sitting right in front of the screen. I still bear Microsoft and the Xbox franchise some minor ill will for diminishing the former glory of the PC gaming market.
With all this in mind, the Xbox has scored a slam dunk this E3. Forget the Mii-alike avatars. Forget the media content and Netflix deals. Even forget the option to run from the hard drive. Those are the icing on the cake. The real meat here is that the update will handle standard widescreen monitors from 17" through 22" at native resolution.
I no longer have to invest in a different type of setup-- I can re-use the monitors I already have. Good HDTVs are expensive, but a $250 monitor isn't a bad way to go.
And let's not forget the games. The Xbox franchise has been hammering nails in the corpse of the PC for a long time, but it's polishing the hammer for the console market too. Let's be blunt-- The Wii competes for gamer time and dollars, but isn't playing the same games as the other 3 platforms. The PC is just the Xbox's poor stepsister from Microsoft's standpoint, so that leaves Sony. Sony is quintesentially Japanese. I own a PS2 primarily for Japanese Console RPGs-- the greats from SquareEnix, Bandai Namco, Atlus and the like. These are quirky and fun and things I can't do on a PC. Final Fantasy X was the king of that generation and the FFXIII franchise looks to be the king of the current generation. The loss of the main FFXIII game's PS3 exclusivity is an Epic Fail. It means that people (like me) with limited budgets on the fence as to which console is better for Japanese games will tend to go with the non-Japanese contender.
While there is still some pretty good exclusive PS3 content (Little Big Planet arguably the biggest now), Sony now has to move units based on more games that are non-exclusive. Luckly it holds the ace of being a great BluRay player in its sleeve.
The real news here is for the PC market. With Microsoft putting more genres of content squarely into the Xbox arsenal, it gets harder to resist. The ability to use existing/inexpensive high quality monitors is the cherry on top.
With all this in mind, the Xbox has scored a slam dunk this E3. Forget the Mii-alike avatars. Forget the media content and Netflix deals. Even forget the option to run from the hard drive. Those are the icing on the cake. The real meat here is that the update will handle standard widescreen monitors from 17" through 22" at native resolution.
I no longer have to invest in a different type of setup-- I can re-use the monitors I already have. Good HDTVs are expensive, but a $250 monitor isn't a bad way to go.
And let's not forget the games. The Xbox franchise has been hammering nails in the corpse of the PC for a long time, but it's polishing the hammer for the console market too. Let's be blunt-- The Wii competes for gamer time and dollars, but isn't playing the same games as the other 3 platforms. The PC is just the Xbox's poor stepsister from Microsoft's standpoint, so that leaves Sony. Sony is quintesentially Japanese. I own a PS2 primarily for Japanese Console RPGs-- the greats from SquareEnix, Bandai Namco, Atlus and the like. These are quirky and fun and things I can't do on a PC. Final Fantasy X was the king of that generation and the FFXIII franchise looks to be the king of the current generation. The loss of the main FFXIII game's PS3 exclusivity is an Epic Fail. It means that people (like me) with limited budgets on the fence as to which console is better for Japanese games will tend to go with the non-Japanese contender.
While there is still some pretty good exclusive PS3 content (Little Big Planet arguably the biggest now), Sony now has to move units based on more games that are non-exclusive. Luckly it holds the ace of being a great BluRay player in its sleeve.
The real news here is for the PC market. With Microsoft putting more genres of content squarely into the Xbox arsenal, it gets harder to resist. The ability to use existing/inexpensive high quality monitors is the cherry on top.
Monday, July 14, 2008
Admin Tip: The Cart
A general purpose cart is tremendously helpful for moving stuff around. Here are two tips to make your life easier if you can manage to get a cart:
Get a two level cart where the top level is completely flat without a lip. That makes sliding heavy equipment on/off much easier.
Get a cart with pneumatic tires. You'll thank me when wheeling that blade chassis across the parking lot.
Get a two level cart where the top level is completely flat without a lip. That makes sliding heavy equipment on/off much easier.
Get a cart with pneumatic tires. You'll thank me when wheeling that blade chassis across the parking lot.
Wednesday, July 9, 2008
Admin Tip: Status Whiteboard
This is a nice idea I've picked up over the years: Keep an employee status board on or near the door to the IT offices. This is just a simple whiteboard with key bits of information on the IT staff: When they're planning on being out of the office, Where they are in the office/campus, and how they can be contacted. For a staff that's running around a lot, this helps in tracking down people. When somebody calls in sick, just jot that down-- and nobody wonders where they are.
This is also a nice low tech solution that works for other stuff as well. You can put other stuff like on-call rotation info, important contact/escalation procedures or a high-priority daily task list. Putting it near the door encourages people to change their status whenever they step in or out.
This is also a nice low tech solution that works for other stuff as well. You can put other stuff like on-call rotation info, important contact/escalation procedures or a high-priority daily task list. Putting it near the door encourages people to change their status whenever they step in or out.
Monday, July 7, 2008
Admin Basics: One, Some, Many
As I write this post, we're on the eve of a date Windows admins are painfully familiar with: Patch Tuesday. Microsoft releases scheduled updates on the 2nd Tuesday of each month and because of this predictable schedule, Admins can take all the actions necessary to ensure that these patches are delivered in a timely manner. I'll defer talking about patch automation until a later date, but for now I'll take this opportunity to talk about my first Admin Basics topic: One, Some, Many.
When taking any action on a computer, there's always some risk that the change you make will break something or have other unintended consequences. You can try to predict what will happen, and you can have rigorous testing, but the chances are that something may fail and that something may not be what you test for. When making larger changes, the chances of something going wrong are greater than for a trivial change.
This leads me to the concept of One, Some and Many. This ties nicely into patching, but applies to all system changes.
You know you're going to make a change. You know it might have negative consequences. You test it as best you can-- how can you limit your risk beyond that?
Simple: Push the change to a single system first and test. If it works, then the chances are reasonable that the change had no negative effects. From there, pick a representative sample of other systems and push that change to them... and wait. If none of the users report problems, you can then push out to a larger group. If you're running a very large group of systems, you may have several groups of "many" for various reasons. If you have a smaller number of systems, you can probably safely patch them all in one big group of "many." If you start to get failures, you can go back to the previous stage and test more rigorously with the new failure information.
Why do this?
1. Vendors can't test every possible scenario, and often patches, updates, and configuration changes are poorly tested.
2. While you have a responsibility to test changes, you will have a hard time testing every scenario. It's efficient to have some users test as well.
3. The risk exposure is lower: If users experience problems in the "some" phase, you've limited the number of people having problems and enhanced your ability to troubleshoot quickly. If nothing else, you can back out their updates and go back to the previous testing step.
If you execute the One, Some, Many strategy you can still make changes in a reasonable period of time but lessen the risk. It's a very bad feeling when you make a sweeping change and your users start screaming. This will help you not be that guy.
When taking any action on a computer, there's always some risk that the change you make will break something or have other unintended consequences. You can try to predict what will happen, and you can have rigorous testing, but the chances are that something may fail and that something may not be what you test for. When making larger changes, the chances of something going wrong are greater than for a trivial change.
This leads me to the concept of One, Some and Many. This ties nicely into patching, but applies to all system changes.
You know you're going to make a change. You know it might have negative consequences. You test it as best you can-- how can you limit your risk beyond that?
Simple: Push the change to a single system first and test. If it works, then the chances are reasonable that the change had no negative effects. From there, pick a representative sample of other systems and push that change to them... and wait. If none of the users report problems, you can then push out to a larger group. If you're running a very large group of systems, you may have several groups of "many" for various reasons. If you have a smaller number of systems, you can probably safely patch them all in one big group of "many." If you start to get failures, you can go back to the previous stage and test more rigorously with the new failure information.
Why do this?
1. Vendors can't test every possible scenario, and often patches, updates, and configuration changes are poorly tested.
2. While you have a responsibility to test changes, you will have a hard time testing every scenario. It's efficient to have some users test as well.
3. The risk exposure is lower: If users experience problems in the "some" phase, you've limited the number of people having problems and enhanced your ability to troubleshoot quickly. If nothing else, you can back out their updates and go back to the previous testing step.
If you execute the One, Some, Many strategy you can still make changes in a reasonable period of time but lessen the risk. It's a very bad feeling when you make a sweeping change and your users start screaming. This will help you not be that guy.
Wednesday, July 2, 2008
Welcome to Admin Anonymous
Welcome to Admin Anonymous! This blog is merely my humble attempt to chronicle, reivew and comment on technology from the experience of your humble author. I've chosen the name Admin Anonymous for a simple reason-- I'm a Systems Administrator who is passionate about technology, but for many reasons I can't comment on what I do on a day-to-day basis directly. From here, I can talk about technology trends, administration concepts, big-picture and very small picture issues. Expect my personal life to pop in from time to time as my interests are far from limited to the working side of computers.
In short-- this blog is me, and my opinions for all to read. Everything in it should be read as such. I hope you find some of it enlightening, amusing and valuable. Welcome!
In short-- this blog is me, and my opinions for all to read. Everything in it should be read as such. I hope you find some of it enlightening, amusing and valuable. Welcome!
Subscribe to:
Posts (Atom)
Posts
