Thursday, March 29, 2007

Hacked by an MCSE!

The 1977 edition of the Websters Collegiate Dictionary lists many definitions of the word hack. Taxi is one definition. Taxi driver is another. Its (principal?) meaning nowadays, "to gain access to a computer illegally" wasn't even on the list in 1977 (the year Apple was founded). Times change.

Microsoft Certified Systems Engineers (MCSEs) design and implement infrastructure solutions based on the Windows operating system and Microsoft Windows Server System software. It is not a trivial matter (or expense) to obtain this certification, and it used to be worth something. Times change.

On a recent trip out of town, I took a taxi to the airport. Instead of a recent immigrant from the third world with limited knowledge of English, my driver looked and sounded a lot like me. After some pleasant chit-chat, I discovered that he was an MCSE, driving a taxi after being laid off from work at a government contracting firm. Once we crossed the Potomac into Virginia, he got lost, and I had to tell him where to go. Out of pity, I gave him a nice tip ("There, but for the grace of God, go I...").

On my return, my experience was more typical. When I got into a taxi at the airport, my driver was in a turban and flowing robe. He was from Karachi, Pakistan. His English was enthusiastic and hard to understand. But even though he was a stranger in a strange land, he knew the fastest way to get me home, which is no mean feat even for a DC native like me.

<jokes>
Question: What is the difference between an MCSE hack and a Pakistani hack?
Answer #1: A Pakistani hack knows how to get where I want to go today.
Answer #2: A Pakistani hack is climbing the ladder of success.
Answer #3: By taking a job from a third-worlder, each MCSE hack helps restore the balance lost by the movement of technology jobs offshore.
</jokes>

Times change.

Tuesday, March 20, 2007

Tips on Housework

Confession is good for the soul, so I want to come clean. I don’t do housework… I prefer to talk about it. My wife’s reaction is, “Let’s talk about sex, then” emphasis on the word talk… not sex.

See, I used to have these things compartmentalized. Housekeeping is in a little box here, next to cooking and taking care of the kids while sex is in another box waaay over here – completely separate.

But, I have learned that you compartmentalize these matters at your peril. Good housekeeping is a team effort; it is not good if one spouse has to do all the work …Remember this box over here called sex? It is a lot easier to carry with two people. You can do it alone, but let’s not go there.

God created us from dust and unto dust we shall return soon enough. In the mean time though, unburden yourself of the dust and clutter in your lives.

Come clean, and transform your lives from confusion and drudgery to excitement and fulfillment. It will take some time and practice, but as you get things under control, your life will start to flow, and you will have more time to do things you want to do.

If you cannot pick up the house, wash the dishes, get your clothes clean, or put away the groceries, you don’t belong in the real world, you belong in college.

How did I learn about the link between cleanliness and enlightenment? There was nothing divine or mystical about it. I learned the hard way from burglars in Manhattan, where I used to live.

I had a car in New York City, and, periodically, burglars would unburden me of whatever was in it. This goes for the radio, because while you may think it is built in, a burglar does not.

After you’ve been robbed, then you spend a lot of time and money getting the car fixed, which is drudgery and confusion of the worst sort in NY. After the third or fourth break-in, I had a revelation (I am a slow learner). Only by keeping a spotlessly clean and empty car could I keep the burglars at bay and get on with living.

God knows, I am not against material possessions. But many of us find our material needs have been more than met. More is not always better.

For example, my sister-in-law drives a Chevy Suburban. But it is so big, she needs a ladder to climb into it, and she is afraid to drive it downtown in traffic. She has to fold in the outside mirrors to get it in and out of her garage at home and more than once, she has scraped the side backing out of the garage because the mirrors are folded in and she cannot see.

Once you make up your mind to do it, it is not as hard to come clean as you may think. There are just a two simple rules you need to live by to become the Tiger Woods of housework.

  1. Less is more
    • Everything in your home has a proper place known by everyone in your house. The trash is the default.
    • Sell, give away or throw out anything in your house you have not used or worn in the past one year. I bet some of you have stuff going back years and years in your closet.
    • Never acquire anything without having a plan to dispose of it.
  2. Replace your divots.
    • Clean up your messes right away.
    • Every time you use something put it back.
    • Don’t let messes and clutter become the trademark of your style.

I see a book in this; a whole line of books, in fact. I want to be the guru of clean – another Deepak Chopra or Martha Stewart, dispensing “wisdom” and “truths” to millions of scared and unhappy people.

For example, “Come Clean the Kitchen.” I’ll tell you how feng shui, the Chinese art of placement, can help you stash the cookie jar so you don’t eat a dozen Oreos every day.

“Come Clean the Yard” could be about controlling weeds and training your dog to do his business in the ivy, not on the lawn.

“Come Clean your Teenager” could be about steering them away from sex, drugs and rock and roll.

Come clean is a prescription for a happy and fulfilled life. If you follow my advice and come clean, you won’t know how to thank me. Here’s how you can thank me, you can come clean my house. It is a mess.

Guess Who Is Reading YOUR Email

The Authorities: If you watch the TV series 24, you know that CTU monitors all electronic communications around the world -- telephones, cell phones, email, IM and SMS.
"Jack, we're picking up chatter on the Internet. A nuclear explosion is planned for today in LA!"

The stories, characters, action, etc. involved in 24 are fiction. But read this, and you will see that the show's portrayal of our government's surveillance capabilities is realistic. www.answers.com.

In the interests of national security, most of us are happy to sacrifice a measure of privacy and freedom. Ditto to catch sexual predators. But where do you draw the line? What if they use surveillance to try and identify tax evaders, car thieves or adulterers?

It may surprise you to know many businesses are required to inspect and save email, IM and SMS traffic to prevent unlawful use and disclosure of confidential customer/client information. Many more organizations believe it is their duty to monitor employee communications to protect trade secrets and to insure compliance with the organization's policies and procedures.

In many cases, employees are unaware that their communications are being monitored by their employers. In one case, a woman found out when her boss questioned why she posted her resume on CareerBuilder.com.

You would be wise to assume that your boss is reading your email; even if he/she is not, others (inside and outside your organization) probably are.

Internet Service Providers: Internet communications are routinely "read" by Internet service providers at various points on the Internet. Most of us like the idea of spam filters and anti-virus programs reading our incoming mail since somewhere around 90% of email is spam, and none of us wants to catch a virus.

Most of us are comfortable with the idea of email service providers using advertising to obtain compensation for free services. All the major free email services work this way (Microsoft's Hotmail, Google's Gmail, Yahoo! Mail, etc.). Google now "reads" your incoming messages in order to present ads that are "relevant" to the content of the messages displayed (emails about your car will be shown in Gmail along side ads about car repair and new cars). Other providers are likely to follow Google's lead in this.

Privacy experts are concerned about the potential for Google to know all about us and use that knowledge against us in the future. Google assures us that no human reads Gmail messages (with certain significant caveats). Note that Google's assurances do not address the concerns of privacy experts directly.

How can you protect your Internet communications from prying eyes and ears? How can you reduce the chances of something you say coming back to bite you?

  • Be careful what you say.
    • Anything you say may be taken out of context and used against you at some point in the future -- in a law suit, criminal matter,or performance review, perhaps.
  • Know who you are communicating with.
    • You have varying degrees of trust with your coworkers, clients, family, et al. Don't trust a reporter or someone you don't know.
    • Be skeptical if you are contacted by someone claiming your trust and seeking information from you. Trust but verify.
  • Encrypt your communications.
    • This is not hard to do, but it requires the parties to exchange keys or use a service that handles the key exchange transparently to the users.
    • You can find information on how encrypt Internet communications using your particular email and messaging client software (Outlook, Outlook Express, Mail, Thunderbird, AIM, ICQ, Windows Live Messenger, etc.) on the Internet.
    • The major free email service providers such as Hotmail, Yahoo! Mail, Gmail, et al., do not support email encryption. Providers such as Hushmail, S-mail, et al. do provide free encrypted email services.
  • Use Skype.
    • Skype has user (sender and receiver) authentication so you know who you are communicating with.
    • Skype has encryption built-in, so your messages cannot be intercepted.
    • You can use Skype to make phone calls, leave voice messages and chat. Unfortunately, they don't do emails.

Black Hats: Spam filters, anti-virus programs, even G-men scanning messages all represent "white hat" surveillance activities primarily designed to protect us. However, many of us would be uncomfortable knowing our bosses, coworkers, competitors, spouses, rivals, enemies, the press, bored teenagers, et al. were spying on us. These are the men/women/kids in black hats. The tools of their trade are:

Be safe out there... Big Brother is watching.

Monday, March 12, 2007

Microsoft to Seniors and Poor: "Screw you!"

Thanks to Microsoft, the Daylight Savings Time "bug" has bitten everyone who has a PC running Windows 2000 and earlier versions of Windows.

Rather than providing an automatic patch in Windows Update to fix the "bug" before it caused problems, Microsoft asserted the following claims:

  • "Windows 2000 has passed the end of Mainstream Support and will not be receiving an update without Extended Hotfix Support."
    • Extended Hotfix Support for Windows 2000 costs $4,000. Clearly, this is an option designed for large, cash-rich organizations.
  • Windows ME, NT, 98 et al. are "no longer supported."

No matter which earlier version one is running, the fix is very simple. Microsoft does provide a tool, TZEdit, and instructions to do the job, although it is not a trivial job to find them. So here they are for Windows 2000:

  • Open TZEdit from the link here: http://download.microsoft.com/download/
    5/8/a/58a208b7-7dc7-4bc7-8357-28e29cdac52f/TZEDIT.exe
    • This will unzip and install the file to the Program Files folder on the C: drive.
  • Use Windows Explorer or My Computer to find the TZEdit application that was installed.
  • Run TZEdit and change the start date of DST in your time zone to 2nd Sunday in March and the end date to 1st Sunday in November.
  • Close out of TZEdit.
  • Open Control Panel and click the Date/Time icon.
  • Click the Time Zone tab.
  • Select or re-select the time zone you have changed.
  • Click OK.
Now the system clock will take into account the changes you have made, and it will show the correct daylight savings time.


What was Microsoft thinking!?

  • Windows Update provides automatic security updates for Windows 2000, but it did not provide a fix for the DST "bug"?
  • Windows Update automatically fixed the "bug" for pirated copies of Windows XP, but not for any instances of Windows 2000?
  • It would have been simple for Microsoft to have Windows Update fix the "bug" in Windows 2000 automatically, but they preferred not to?

Who is harmed? People who have not had the inclination or the money to upgrade their "old" equipment are the ones who are affected. The former group includes technophobes who will not be able to make the simple fix. The latter includes the poor. Seniors are disproportionately represented in both groups.

I don't begrudge Microsoft making a little more money out of large organizations. Nor do I begrudge IT professionals the work involved in deploying the solution for large organizations. However, Microsoft is not being a good corporate citizen by leaving seniors and the poor behind time-wise.

Sunday, March 11, 2007

Win 2K Server Fails to Switch to DST!

This Win 2K server is a production machine which has Internet access. Windows Update on this machine is set to receive and install all security and critical updates automatically. Manually running Windows Update now says "No high-priority updates for your computer are available." Looking at the optional updates available, there is nothing about DST.

This machine does not have Microsoft Update installed.

IMHO there must be lots of machines still running this OS. If Microsoft has failed to deliver a patch for them, this could cause major problems.

PS: The server's Windows time is set to "Eastern Time (US & Canada)". The only other GMT -0500 option is "Indiana".

Tuesday, March 06, 2007

Episode 5: Video

The continuing adventures of one man's attempt to migrate his desktop PC from MS Windows to Ubuntu/Linux.

Fortunately, Ubuntu recognized my video card and automatically installed a driver that worked. So, this episode is not about trying to find a Linux driver for a certain video card. Instead, it is about getting Internet video files to play on my Ubuntu PC. Unfortunately for me, there was plenty of work to do before I was happy with my ability to watch Internet videos.

For licensing as well as philosophical/political reasons, Ubuntu automatically installs only software that is free and unrestricted. It is up to the user to determine what other software he or she wants/needs to install.

When it comes to video, this is not a trival matter, since Internet video comes in many different file formats (mostly proprietary). Some of the software needed to play these files/formats is easy to find and install; some is not. Some web sites serve videos in a Linux-friendly fashion while others do not. What follows is a step-by-step guide (without the false starts and blind alleys) with commentary.

Step 1:

The first step to a robust capability to play videos in Firefox on Ubuntu is to access software sources beyond the free and unrestricted ones that Ubuntu defaults to. From the System menu in the main panel, select Administration/Software Sources. In the window that opens, make sure that all the Internet options are selected in the Ubuntu tab (including multiverse and restricted). Click Close and your machine's cache listing of available Ubuntu applications will update.

Totem is the default Ubuntu application (plugin) in Firefox for playing many multimedia files, including mp3, RealAudio, Windows Audio and Video, Quicktime, and others. But, unless you download and install the codecs for these different file types, you will get a cryptic error ("Totem could not play 'fd://0'.") when you try and play such files.

Point(s) of Confusion: An application identified as Movie Player in the Applications/Sound & Video menu is included in the base install of Ubuntu. It is familiarly known and referred to elsewhere in Ubuntu as Totem.

Movie Player/Totem is not to be confused with another application called MPlayer, which is an award winning multimedia player that many people use and like. If you install MPlayer, it will appear in the Applications/ Sound & Video menu right below Movie Player. Trying to remember which application is which will be a source of further confusion.

Step 2:

The next step toward achieving a happy ending with Internet video is to download the codecs you need. From the Applications menu on the main panel, select Add/Remove... . Select the two GStreamer plugins ("extra plugins" and "ffmpeg video plugin"), and click OK. Totem will now play Windows Media files successfully. This will solve some of your video problems, but not all of them, unfortunately.

Now we need to get some additional media players to handle situations that Totem cannot handle.

Step 3:

Shockwave Flash is used by many web sites to deliver video, most notably YouTube. The good news is that there is a Flash player that installs easily and works well in Linux/Firefox. More good news is that YouTube makes it very easy to download and install the Flash player.

If you go to YouTube, you will see an icon on the page that looks like a jigsaw puzzle piece, and the words, "Click here to download plugin." Do it and click through the EULA and the Linux Firefox plugin is correctly installed. Hurray!

Step 4:

Real Networks has proprietary audio and video file formats that Totem cannot handle, even with the GStreamer plugins installed. Fortunately there are players that can play these files.

There is a free, unrestricted, open-source Real Media player called Helix. There is also a free but restricted player from Real Networks called RealPlayer 10. I'm not sure what the practical difference is between the two players. I installed RealPlayer 10.

You find it by selecting the Applications menu, Add/Remove... . You can search All for RealPlayer to find the application. You cannot browse the Sound & Video category to find it because it currently is grouped under Graphics applications. With RealPlayer 10 installed, Firefox can play Real Media files, embedded in the browser window. Hurray!

What is CNN thinking!?: If you try to watch a CNN video before loading the Flash player, you get a pop-up message from CNN that you need to upgrade to Windows Media Player 9. WTF!? CNN tests to see if you have the Flash player installed, but not what operating system you are using.

It just goes to show that Microsoft-centric websites you visit may unknowingly create unnecessary problems for you.

If you install the Flash player and then go back to CNN and try and watch a video, the Flash player loads showing advertising and navigation links, then an error message pops up saying, "Totem could not play 'mms://wmscnn.stream.aol.com.edgestreams.net/..."

Turns out that CNN has embedded a Windows Media file in a Flash presentation. That is not elegant, but it is not the problem. The problem is that CNN is using an obscure protocol called Multimedia Messaging Service to stream the Windows Media file.

Multimedia Messaging Service (MMS) is a standard for telephony messaging systems that allows sending messages that include multimedia objects (images, audio, video, rich text) and not just text as in Short Message Service (SMS). It is mainly deployed in cellular networks along with other messaging systems like SMS, Mobile Instant Messaging and Mobile E-Mail.

Totem doesn't know how to handle the MMS protocol. The resolution is to use a different media player; one that has the stuff to handle mms://... .

Step 5:

We are almost home. The next-to-last thing to do is install at least one more all-purpose media player to deal with files the other players cannot handle (e.g., Quicktime files) and/or web sites that are not Linux/Firefox friendly (e.g., CNN). There are candidates that you can choose from.

I have read the reviews, and I have tried several different, capable media players. I went with the VLC Media Player. Select Add/Remove from the Applications menu on the main panel. Click on VLC Media Player. Then click OK. This will install VLC.

Step 6:

After installing VLC, we need to change the file associations in the Firefox browser so that Firefox knows when to use the VLC media player. If you think that you do this using Firefox's Edit/ Preferences/ Manage File Preferences, you are wrong.

You need to load a Firefox extension called MediaPlayerConnectivity (MPC). You can get it by using Firefox's Tools/ Add-ons/ Extensions and click on the Get Extensions link at the bottom of the pop-up window. This will take you to https://addons.mozilla.org/firefox/extensions/. Here you want to search for "MediaPlayerConnectivity" to find the download/install page.

After installing the extension and restarting the browser, the MPC wizard starts (if it doesn't, go to the Tools menu in Foxfire, select MediaPlayerConnectivity/Configure... , then click the Wizard button in the pop-up window). The wizard performs a scan to detect the media players you have installed, and then it lets you set the player associations for several popular file formats. Next, the wizard has you choose between Autoplay and Smartplay. I don't know what the difference is between Autoplay and Smartplay, and I couldn't find any documentation on it. (Documentation on MediaPlayerConnectivity is limited.) I went with the default, which is Smartplay.

Once the wizard is finished, your video setup is complete -- until:
  • You find a file type you cannot play or a web site that crashes your browser instead of showing you a video.
  • Upgrades come our for Firefox, MPC and the various media players.
Congratulations are in order, I think.

MPC in Action: Assuming you click a link or button in Firefox to view a video, often the link will lead to a web page with the video as an embedded stream in the page. Unless it is a file type like Flash or Real Video, MPC will replace an embedded video stream in the browser with a button in a black screen, like this: If/when you click the button, the player MPC associates with the file type is launched in a pop-up window. For example, if we go to CNN and play a video now, the Flash page loads and instead of the Totem error we got before, now there is simply a button icon as above in (black) embedded player frame. If/when we click the button, the VLC player pops up and plays the video we selected. Yippee!

During the configuration of MPC, you can elect to let MPC handle Real Media, Flash and other file types. If you do, then MPC prevents the video from embedding in the host web page and launches the RealPlayer or the Flash player in a pop-up window. This is unnecessary since the RealPlayer and the Flash player work well in Firefox, so I don't let MPC handle Real Media and Flash videos. From the Firefox Tools menu, you can change the configuration of MPC if/when you encounter troubles.

Warning: If the browser link or button clicked to play the video leads to a video file instead of a web page with a video stream embedded, quirky things happen. I don't know if this is a flaw in MCP or if it is a result of the (mis)configuration of MPC. For example, when I click on links to different .wmv files, I can get the following results:
  • Totem plays the video, full-screen, in the browser window
  • MPC puts a button like the one above in the middle of a black browser window. Clicking the button plays the video in a VLC pop-up.
  • The browser window goes to black, and the video plays in a VLC pop-up without further ado.
I suspect that these behaviors have to do with the Smartplay option selected during setup. In any case, I can live with this.


Episodes: 1, 2, 3, 4, 5, 6.

Friday, March 02, 2007

Gimme KeePass!

Following up on my recent post, OpenID Is Not For Me, here is a better solution...

If you are like most people, you have a default user name and password combination that:

  • You can easily remember
  • You use almost everywhere to log on to computers, networks and web sites.

You may also have a post-it note somewhere with user names and passwords that you cannot remember because they are different than your default combination.

Few people do what the experts recommend:

  • Use "secure" passwords (long strings made up of upper and lower-case letters, numbers, and special characters).
  • Use different passwords to access different networks, different services and different hosts.
  • Change your secure passwords regularly.

Here is a solution that I designed to get me on the path of goodness and righteousness. I have been using it for a few weeks now, and I am prepared to recommend it to you. Here's how it works for me...

  • I got a U3 USB flash drive which I keep on my key ring, so I always have it handy.
    • U3 allows a flash drive to store and, when plugged into any Windows PC, securely run applications -- without leaving a trace of data on the host computer. For more info, see http://www.u3.com/.
  • I loaded KeePass on the U3 drive.

Features of KeePass include:

    • Download the Windows Keepass 1.06.U3P file from here: http://keepass.info/download.html.
      • Save it to your hard disk.
      • It saves as KeePass-1.06.zip. Rename it to KeePass-1.06.u3p.
      • Start the U3 Launchpad from the System Tray
      • Select Add Programs, then Install from My Computer
      • Browse to find KeePass-1.06.u3p.
      • Click Open and the Windows version of KeePass is installed in the Launchpad of the U3 USB flash drive.
    • If you need access to your passwords and data on non-Windows platforms (Mac & Linux), like I do, download KeePassX from here: http://keepassx.sourceforge.net/downloads/.
      • I got the Application bundle (I need the Linux functionality only).
      • Save it to your hard disk, unpack it and copy the KeePassX folder/directory to the /media/usbdisk/ location (NOT the media/U3 System/ location).
      • To run KeePassX from the flash drive, navigate to the KeePassX folder and run the shell script.
  • Create a new database and start changing your passwords!
    • Use KeePass (i.e.,the Windows version) to initially create your password database. The default KeePass database categories were a little better for me than the default categories in KeePassX.
      • It doesn't matter which version of KeePass you use to create (or update) a database, it interoperates with both KeePass and KeePassX.
    • Different web sites, hosts and services have different conventions regarding acceptable passwords -- the allowable character set (e.g., upper and lower-case letters, numbers, and special characters), password length and password complexity. Use the random password generator, setting it to be as long as allowed and using the largest character set allowed.
    • When adding user names and passwords for web sites, put in the URI for the https: login page, so you can jump from the database entry to the place where you will paste your new password.
      • This will save you having to drill down to the log in page.
  • Here are a couple of other recommendations:
    • Don't save your KeePass database to a USB flash drive only. You need to have a backup copy to protect yourself in case the drive is lost or broken.
      • Keep a copy of the database on the hard disk of your PC and remember to update the copy periodically.
    • I selectively let my home and office PCs remember user names and passwords, so I am not always having to go to my KeePass database.
      • The issues here are the probability of unauthorized access of those machines and the potential harm that could come from anyone accessing the sites/services as me.

You are ready to go now. You can take your U3 USB flash drive to almost any Windows or Linux PC, plug it in and access your services, hosts and web sites safely and securely. All your passwords can now be random and highly secure. And you can change them frequently, like you are supposed to do.

Go forth in the path of goodness and righteousness!

Thursday, March 01, 2007

5 Reasons: OpenID Is Not For Me

You may be willing to trust your online identity to an OpenID service provider or ID broker; not me. Here are five good reasons why I want to stick with user names and passwords to identify myself to parties I deal with on the Internet.
  1. I understand user names and passwords. OpenID is an evolving open standard. It will be implemented differently by different ID brokers. It will also be implemented differently by web sites for authentication and security purpose. There is a lot I don't understand about OpenID.
  2. I don't want security to be transparent and unobtrusive (see below). I want to log in as I move about the Internet, so I know when I am more or less anonymous versus when I am a client or customer. I want to fill out a form to register on web sites so that I control what different organizations know about me. If security is transparent and unobtrusive, I won't be able to tell when security is on, and I won't know who knows what about me.
  3. The OpenID authentication process is vulnerable to man-in-the-middle phishing schemes. If one of your OpenIDs is stolen, the potential for harm to you is substantial.
  4. People are probably going to have more than a few OpenIDs, each with several profiles, with different ID brokers (AOL, Yahoo!, VeriSign, et al.). Keeping track of these ids and profiles will be no simpler than managing user names and passwords. Unless and until OpenIDs replace user names and passwords, OpenIDs will be an extra layer of complexity for users to contend with.
  5. Having users with multiple OpenIDs presents real challenges for organizations doing business on the Internet. One individual's data at a given organization may be associated with multiple OpenIDs. This will complicate that organization's data mining and customer service efforts.

Unobtrusive Security: One of the promises of OpenID is that it will make it easier for users to gain access to web sites (originally blogs). No more filling out forms to register to use a site. Just use your OpenID. Web sites may request your OpenID and check with your ID Broker to register and authenticate you. Once you log in with your ID broker, your OpenID is verified and certain authentication and demographic information that you have provided to your ID broker is passed to the requesting web site.

If you have an active session with your ID broker, all you have to do is give your OpenID, and the authentication and demographic information is passed to the web site. No login required. To further simplify the process, a web site may unobtrusively read your OpenID, register you and log you in without your involvement in the process.