Foxtrot Systems Blog

Latvian Hackers Target Star Tribune

2011-07-05T08:09:00.003-06:00

Turns out one of our local papers, The Star Tribune got hacked via classified ad - from Latvia (with love?)! Read this FBI press release, including:

According to the indictment, the defendants created a phony advertising agency and claimed that they represented a hotel chain that wanted to purchase online advertising space on the Minneapolis Star Tribune’s news website, startribune.com. The defendants provided an electronic version of the advertisement for the hotel chain to the Star Tribune, and technical staff at startribune.com tested the advertising and found it to operate normally.
According to court documents, after the advertisement began running on the website, the defendants changed the computer code in the ad so that the computers of visitors to the startribune.com were infected with a malicious software program that launched scareware on their systems. The scareware caused users’ computers to “freeze up” and then generate a series of pop-up warnings in an attempt to trick users into purchasing purported “antivirus” software, which was in fact fake.

I’m going to bookmark this one so I can refer people back to it when they ask, “how could I have gotten infected with this? I didn't open any e-mail or go on any weird sites!” Malware is everywhere . . . eternal vigilance!

The Laser Printer Game

2010-11-01T08:42:00.004-06:00

Most people are aware of the game that printer manufacturers play - that they basically give away their printers in the hope of snagging a consumables (ink/ toner, etc.) customer "annuity" for years to come.

The following is a response to a customer whose 1-year-old Dell color laser printer (which was super-cheap) is getting more expensive to supply and maintain.

Customer: (Dell order update attached, stating the fuser part that they need to get their printer back running, is no longer available and the order will be cancelled.) Hey Pete, just an FYI on the printer parts issue. See email below - I guess we’re stuck with a useless printer. I’ll contact “spare parts” but looks like we may need to start looking for a new printer – and not a Dell.

Me: (I found another source for the part, and provided a sub-$200 quote for the fuser assembly.)

Customer: Thanks for contacting them about the part. The printer itself was less than the cost of that part. It’s an okay printer, not all that great, beside the toner is expensive, the drum was expensive, and now this part…I think we may need to look at a new printer. I think we can get a new one for less if not the same as the cost of that part. HP’s are reliable and ink/toner is usually reasonably priced. Do you have any suggestions?

Me: Color laser is still very expensive, pretty much no matter how you slice it – between 10 and 15 cents per page for consumables, versus 2 to 4 cents per page for B/W. We have a moderately-priced color Ricoh in our office and the four color toner drums for it cost around $500.

In fact, you’ll almost always find that printer mfr’s will sell their printers at-cost or even at a loss, then give you a small-capacity (~2,000 pages) “starter toner.” A few months into your use (or sooner, if you print a lot), you’ll find you need to pony up for the ~$500 set of toner carts . . . and that’s when the mfr’s get their profit out of you. They make little (or lose) on the printer, but then they have an annuity stream for a long time on the consumables.

Sometimes the math seems to work out such that you can just buy a new color laser printer rather than buying their toners again. But the mfr’s know that, so that’s why they only give you a small-capacity set of “starter toner.” Take this into account when deciding on what to do here. If you can spend $200 on a new fuser now and get to use the $500 worth of toner that’s sitting in that printer, it could last you another year or so. Or, you could plunk down a few hundred bucks for a new cheap-o color laser, burn through the starter toner in a few months, and spend another $500 for a full supply of toner.

Anyway, I agree that HP is good stuff, though they do clearly play some of the same games with initial pricing, and actually their ongoing toner costs are not that great. For instance, you can buy an HP CP2025X for about $500 plus shipping, which is a pretty decent deal. But it’s only got two 250-sheet trays, not a big 500-sheeter (not sure why they did that), and the toner is still 4 (Cyan, Magenta, Yellow and Black) x $120ea . . . about $500 for consumables! And those are only good for 3,500 pages. So, $500 divided by 3,500 impressions = $.14 per page.

Or, we’ve had very good luck with Ricoh. The C311N, for instance, goes for about $700 and the toner cartridges are about $150ea, but they yield 6,000 pages per set. So, $600 divided by 6,000 = $.10 per page.

Or, if you have a copier company, you may be able to get a better deal on a printer like this through them. They might be able to make a better promise than Dell with respect to the repair and maintenance parts as well. I know, lots to absorb . . . let me know what you think.

The customer ordered the replacement part, we installed it and they are working again. They've been hooked by the cheap Dell printer - for now.

Office 2010 Comes Into Focus

2010-05-13T08:29:00.003-06:00

Office 2010 has officially launched, at least for businesses. Microsoft says consumers will be waiting about another month. Important features of Office 2010 include:

There's a free online version. Or at least there will be. It has nothing to do with whether you own and pay for a full version of Office 2010 - it'll be free to anyone. Very similar to Google Apps and Zoho, Office Web Apps will allow users to use Excel, PowerPoint, Word and OneNote online, in a web browser. The apps are scaled-down for use online, perhaps a little too scaled-down for some early reviewers. Hopefully some of these issues will be addressed prior to launch. I do very much like Office Web Apps' integration with its free online storage service Skydrive, which I've blogged about previously.
Ribbons - the tabbed function buttons introduced with Office 2007 - have been enhanced. For apps that already had ribbons in 2007 (Word, Excel, PowerPoint), they are now more customizable in that you can create your own new ribbons and populate them with your own set of functions. And apps where ribbons were not deployed in 2007 (Publisher, and especially Outlook) have been given the full enhanced ribbon functionality.
Editing objects embedded in documents has been enhanced greatly. If you embed a photo, you can modify the coloration, background and other properties of the photo (a great time-saver for those who have done the modify-the-image-and-re-save-it-then-reattach-in-the-document hokey pokey). There's also the ability to modify embedded videos.
"Backstage View." I'm not sure who was asking for this or what was wrong with the old way, but Office 2010 basically re-packages the "File" menu into a whole-screen dialog called Backstage View, which controls printing and the standard File menu properties and functions. More info and screen shots of each app's Backstage View here.

All in all, Office 2010 is a nice little evolution enhancing Office 2007 and making it easier to use. While it's not compelling enough to recommend that anyone should put down hard-earned money to go from 2007 to 2010, it is one more step in the right direction for the suite.

90% of Windows 7 flaws fixed by removing admin rights

2010-04-01T08:49:00.004-06:00

Here's a quick, interesting article from Ars Technica (based on a study by BeyondTrust)regarding Windows 7 vulnerabilities and administrative rights in Windows.

It's always a delicate balancing act for us, between giving users enough rights to get their jobs done (and not having to continually ask us to install things for them), and giving every user local admin rights on their computer, allowing them to infect themselves with all manner of viruses, malware and other "unapproved applications" (unsafe screen savers, p2p file sharing apps, etc.).

I'm not surprised that admin rights are a root cause of many security vulnerabilities, but I never would have guessed 90%.

Office 2007 buyers get free upgrade to Office 2010

2010-03-08T11:20:00.007-06:00

Starting last Friday (3/5/10), anyone who buys Office 2007 will get a free upgrade to Office 2010 when it’s released. Details: http://office2010.microsoft.com/en-us/tech-guarantee/

It looks like they are changing around the contents of the suites a little bit, so they’re giving some fairly generous Office 2007-to-2010 version upgrades in the process. They’re basically giving Office Basic 2007 buyers a free upgrade to Office Home and Business 2010 (adds OneNote and PowerPoint), and they’re giving Office Small Biz 2007 buyers a free upgrade to Office Pro 2010 (adds MS Access).

Here is the table describing which 2010 version canbe upgraded from which 2010 license:

OFFICE 2007 PRODUCT ----- OFFICE 2010 UPGRADE PRODUCT
Office Ultimate 2007 ----- Office Professional 2010
Office Professional 2007 ----- Office Professional 2010
Office Small Business 2007 ----- Office Professional 2010
Office Standard 2007 ----- Office Home and Business 2010
Office Home and Student 2007 ----- Office Home and Student 2010
Office Basic 2007 ----- Office Home and Business 2010

And, if anyone's curious to see how Office 2010 looks, you can become part of the Beta program for it, for free. Remember this program is in Beta (testing!), so please don't download this program for use in a production environment.

FTC recourse against spammers

2009-12-17T13:23:00.003-06:00

Through my many weird little connections, I get on a lot of these computer hardware inventory lists, where people are trying to sell me some grey-market components at a discount. We don't buy stuff like this (especially not from sources like this), so I usually request removal and they eventually comply.

I had a guy recently that just kept sending and sending and sending - daily. And his unsubscribe mechanism - which I tried no less than four times - never removed me.

What to do? I could have just blocked him at our firewall, or flagged him as junk mail, or folderized him in some semi-junk folder in my e-mail program . . . but not this time. I felt the frequency of his e-mails warranted more effort.

So, I started looking into the CAN-SPAM Act. It's an act signed in 2003, which sets rules about what can be e-mailed, requires unsubscribe capability and other things. Clearly, this guy was in violation of that, but can a lowly Average Joe like me use this law in any way?

Yes, in two ways. One is that I could send a complaint to the FTC, via their ComplaintAssist system. Hard to say where these complaints go, and surely there's only a small portion that are actually investigated, but it's something.

The other way is the threat of action. In my fifth attempt to unsubscribe-by-e-mail, I let the spammer know (and copied the admin contact for his company's domain) that I would be filing a complaint with the FTC regarding his practices if I received one more of his solicitations.

The previous four e-mails were never responded to; this fifth one threatening action got a polite and apologetic personal response from him, promising to remove me from the list. I never did place that complaint, but the threat of someone willing to follow the process and use a legal system did the trick!

iPhone becomes less business-friendly - for now?

2009-09-15T15:29:00.005-06:00

For the past 5-or-so years, Macs have been increasingly made to be more business-friendly. That is to say, more Microsoft-friendly, since Microsoft Windows Server software is such a dominant force in the user-facing server space (e-mail, remote access, file sharing, etc.).

The iPhone has been a challenge for us to get to work nicely with either of Microsoft's e-mail server juggernauts, Exchange 2003 or Exchange 2007. From synchronization issues to certificate complications, there just have not been a lot of full Exchange-on-iPhone integration projects that I would call "challenge free."

After the first generation of iPhone basically offered no support for synchronizing with Exchange, I welcomed the news that the second generation of iPhones would gain Exchange synch capability as a feature. It still wasn't perfect, but movement in the right direction nonetheless.

Today, I'm simply speechless at the news that iPhone OS 3.1 has gone the other way - it is less Exchange-friendly than before. Specifically, it no longer supports encryption that the default Exchange 2007 setup - and most corporate IT departments - require of mobile devices.

So, let me get this straight. Apple releases a "bug fix" 3.0-to-3.1 update to roll out an AppStore and ringtones enhancement, and breaks the corporate functionality of the software? Interesting priorities . . . some things don't change, I guess.

When Open Source is Less-open

2009-09-07T20:50:00.005-06:00

As a guy who's all for more competition in the marketplace, the creative free-marketeering presented by the open source movement is a welcome one. Small businesses need to really be careful, though. When a company adopts an open source solution, what are they really getting themselves into? On the face of it, it seems like a win-win situation. It's a platform that is low- or no-cost, it can be enhanced and upgraded without copyright infringement worries, the company has a competent architect (presumably) to put it all in place and there is usually a fairly robust support community behind the technology. What could go wrong?

I've seen a few situations lately where companies have been talked into an open source solution whose upkeep and administration is a complete mystery to anyone other than the original implementation team (typically just one person). You can see where this goes: the implementer and the company part ways, and now the company's actually got a system that's more proprietary than if they'd just plunked down the money and bought a retail package.

Yes, there's a support community, but it's usually online-only . . . so the company still needs to find a specific resource willing to take on the task and unravel the Gordian Knot of their open source mess.

Money spent on mainstream solutions not only buys the software. It also usually buys the assurance that there is a healthy supply of actual human beings ready to work on the solution (not just an "online community"), and/or a company willing to step in and assist (for a fee, of course) with any need a company might have with their software.

Example 1: a company had been talked into converting one of their old file servers into an advanced Linux software firewall. It worked OK even when the Linux consultant left, but when they needed some more advanced VPN functionality they failed to find anyone who could make it do what they needed. The solution was to buy a $1,500 Juniper firewall and pay Foxtrot for a half-day of configuration time.

Example 2: a company had a Linux-based file server which was installed by a former employee. Nobody knew how or why it worked, and when it failed they had no idea what to do. They have a few people who are tech savvy enough to take care of some issues, but because none of their people are familiar with Linux, this problem was unsolvable for them. They asked us to come in and install a Windows Small Business Server, and now their people can at least have the familiar Windows desktop to deal with . . . and they've got Foxtrot and the rest of the Microsoft consultant community ready to fall back on.

FTC delivers major blow to spam facilitator ISP

2009-06-04T15:35:00.013-06:00

A company, most prominently operating as Triple Fiber Networks (3fn.net), got a rude awakening from the FTC last Tuesday. http://www.ftc.gov/opa/2009/06/3fn.shtm. The data center was not shut down; their bandwidth providers were petitioned to turn off the "internet spigot," effectively leaving the servers running with no way to get to the rest of the digital world.

Turns out, the company is not only allowing/tolerating spam bots, child porn hosts and online scammers to operate from its datacenter, 3FN has been actively positioning and advertising themselves as a premium solution for such dirtbags. Their ads have been spotted on several identity theft and other community sites where "high-risk hosting" services may be sought. These guys were pretty seriously nasty, and it's nice to have them out of the game.

Here's the government filing PDF. Actually, not too heavy reading, and some very interesting little tidbits of information collected to get the court order to shut down. http://www.ftc.gov/os/caselist/0923148/0906043fncmpt.pdf

The other side of the coin is that this move seems to have shut down many legitimate sites. One example I can cite is: http://www.freesoftwaremagazine.com/columns/free_software_magazine_caught_3fn_shutdown_crossfire. Thankfully, it looks like they landed on their feet OK. I know of other companies, and indeed entire web hosting companies (legit ones - yes) whose sites were hosted through 3FN. Some of these legit business sites have been dark since Tuesday, as their owners seek to retrieve their data and quickly move the sites over to another host.

I'm not sure what the alternative was, and certainly "the perps" needed to be taken down suddenly and without detection, but I must wonder whether another substitute/temporary host could have been arranged beforehand to avoid the downtime for legit operators. The ingenuity and creative thinking involved in web sites these days always amazes me; seems like it could have been employed to help alleviate some of the pain.

The ne'er-do-wells will of course also move their sites, but if this move sends a message about what the US will tolerate to happen on our turf, this is a victory for the good guys. Overall, I think we've done more good than harm here.

9 Tips for running a better webinar

2009-06-03T14:09:00.002-06:00

I'm on so many technical and business webinars, I thought I'd give my little Top 9 list of do's and don'ts for delivering one.

Callers muted!! I cannot tell you how many times some goofball talking in the background, combined with the host's inability to isolate and/or remove that line has led to a completely ruined webinar.
No phone bridge if you don't need one. If you don't need to have people talking, don't force them to call a phone number - deliver the audio online with the video and don't make people take that extra step. Some webinars I've been on will offer the phone bridge, but it's only for people who want to comment - fine. People can give themselves the option of calling in if they think they might need to chat, versus people like me who are always listeners-only with questions afterward offline. Unnecessarily requiring a phone bridge will lose some participants.
Communicate beforehand. Remind them at least twice (one of which being within 2-4 hours of the start of the webinar). Can't tell you how many webinars I've casually signed up for and then never attended because I forgot and was never reminded, or only reminded once, days in advance and forgot the day-of.
Communicate during. A good alternative to phone bridges is to just allow viewers to comment-and-question in a little chat box right in the viewer. The talker needs to have someone monitor this while they're speaking, otherwise they will miss questions.
Communicate afterward. Webinars also *must* publish a replay. Basic stuff, but some do not. I missed the webinar, and now I get no info? We're all losers in that equation. Publish the replay, and make it easy to get to (no convoluted logins, please!).
Keep the thread going. Either on the replay page (via a comments section), or in an actual billboard/forum-type posting area, allow people to anonymously (again - without &$%^#%# login requirements) comment on the webinar and discuss the topics. This gives the moderators the ability to easily publish answers to "I'll have to check on that" questions, and for offline-question-askers like me to ask and get answered.
Slides work and applications transfer nicely. It's awkward having to divert our eyes from someone's half-naked son on their desktop background as they close their PowerPoint deck so they can move over to the video player. It's called a hyperlink - embed it in your PowerPoint slide, test it and use it. *Click* and you're playing video. Video finishes, and you're back on the slide deck. No half-naked sons.
Time wasting. People either with their decks out of order ("This is someone else's slide deck that I'm using, so I'll skip around a little") or otherwise not able to deliver succinctly are wasting that time *multiplied by* the number of viewers on the webinar. This kind of behavior tells me this is not very important to you to get right . . . so it's probably not worth my time either!
Have I mentioned no logins? You will probably have to require some kind of login or authenticating link, but then everything else should be free to do whatever without having to jump through more security hoops. You're providing information and mainly filtering out bots, not guarding Fort Knox. If you're collecting info for marketing purposes, do it as non-invasively as possible.

What does a LOST laptop cost?

2009-04-24T11:23:00.004-06:00

Much has been made in the past 3-5 years regarding the attractiveness of laptops, and dwindling purchase cost premium over desktops. Laptops are more popular than ever. What people often forget is that there are higher costs of ownership in laptops, and one of those is the "risk cost" associated with having company data out there in the world.

Laptops are more easily broken or lost/stolen, and we have certainly found that they are FAR more likely to contain data that has not been backed-up. Laptops are on the network with the server less often, and when they are the users usually want to be 100% productive (won't understand the performance hit while their data synchronizes).

This combination of fragility/lose-ability of the systems, plus the "untethered" nature of the data makes for a very dangerous combination.

Here's a great article about the cost of a lost laptop. Some of it's probably exaggerated/overblown, but the fact remains that data security and backup are the biggest challenges when dealing with a laptop-mobile workforce.

Anatomy of an IT Debacle: Norm Coleman Campaign

2009-03-13T12:36:00.004-06:00

As many in MN know, the Norm Coleman campaign had a pretty serious security breach, to the tune of exposing 40,000+ e-mail addresses and 4,500+ credit card numbers to any anonymous person on the internet.

This was not a case of a web site being forced-entry hacked. Rather, as the Mpls-based consultant who discovered it explains, the database was actually published - without any security layer at all - to their web server. It may have been a database backup and not live data, but the fact remains that irresponsible action - backing up a sensitive database in public view - by someone who (presumably) did not know what they were doing has jeopardized the personal information of tens of thousands of people.

The vulnerability was secured fairly shortly after it happened back in January, but it was open long enough for ne'er-do-wells to acquire the database and it has now been posted for download (with credit card numbers strategically scrubbed) on a site which shall remain nameless (shameless?).

This opens debate on another issue altogether. It's certainly not legal to publish an e-mail list that you gather yourself; why should posting someone else's data breach be any different? It's going to make a very bad situation into a complete nightmare for thousands of people, and it's disappointing to me that (apparently) no legal action has/can be taken to stop this posting. It's surely serving as a nice little source for a whole array of scam artists. I can't for the life of me figure out how it could be that now, almost two full days after the list was posted on the internet, the ISP of the poster has not been petitioned to take it down. I'm not on the list, but for those who are . . .

A place to park files online

2009-03-09T16:11:00.003-06:00

In troubleshooting computer issues, I'm always looking for a place to quickly, simply "park" a file or two online.

A great service for this is found at www.drop.io. The things I like the best are that it's free (of course), and there is no login required. It just gives you a randomized URL when you drop your file on their site, and you just pull it up on the other end . . . and you're good to go. There are encryption and time-to-live settings as well, which is also cool.

How to: Automatically Receive Craigslist Search Updates by E-mail

2009-02-08T22:22:00.005-06:00

Who doesn't love Craigslist . . . but it's a bit of a pain to check all the time if you're looking for something specific. Here's how to use a free service to receive the latest postings of whatever search you choose - by e-mail, automatically.

First, go to Craigslist and pull up the page of stuff that you want to be notified about. For instance, a search for "wii" in Mpls/St Paul is: http://minneapolis.craigslist.org/search/sss?query=wii. This is an RSS feed, so you can just subscribe directly to it in IE7 or Outlook 2007 if that's what you prefer.

If you're old-fashioned like me and want to actually receive e-mail the updates to this search every single day, go to http://www.feedblitz.com/ and sign up for a free account. Once you've got an account, go to Subscriptions, select New and paste the URL you copied from Craigslist.

That's it! (I believe Feedblitz e-mails send every day in the morning sometime.) Of course, you could do this to subscribe to any kind of feed you like, such as Astronomy Picture of the day, popular Diggs page, or whatever you like. Anyone have another cool application for this?

Did PayPal get hacked?

2009-01-31T23:35:00.004-06:00

I very rarely use PayPal, especially the account I have set up for Foxtrot use. I had to get a used/old part for a server the other day, so I sucked it up and eBayed/PayPalled.

When I went in to use my PayPal account, what appeared to be a verification screen came up - IN CHINESE!

I could not figure out how to switch back to English, so I called PayPal. After quite an interesting jaunt through their phone customer service system, I finally got to a guy who was able to set my account back to English. I did indeed need to verify my account, so this was also "interesting."

I asked the customer service guy why my account would have been switched to Chinese, and without hesitation he said, "Because it was compromised." This was also the reason for the account verification. He suggested the possibility of a keylogger virus or something snagging my password as I entered it.

Then I logged in . . . and there was a balance there. This is very strange, as I rarely keep a balance. I investigated further, and saw four transactions for 10 Euros each, to Skype . . . and then four apparent refunds back into the PayPal account. This was the shyster's method for getting money out of my linked bank account and into "cash" in my Skype account, which presumably they would have wired to their e-mail address and PayPal account.

Apparently, PayPal caught wind of the shenanigans because they suspended the transactions and required a verification on the account. Once I verified the account, I was able to restore the money back to my bank account, so no money lost.

So, what happened? Was it a keylogger as the customer service guy suggested? I don't think so, because I have not logged into my PayPal account for at least 9 months, probably more like a year. Zero transactions this year up until this snafu.

Was it a good guess at my password? I just don't see it, as my password is kind of jibberish and not prone to being guessed. It should also be noted that my password was what I expected it to be, so it was not a guess at my verification info and a reset password.

It seems more likely that PayPal itself got hacked somehow. PayPal figured it out and suspended the accounts and the transactions before the ploy could unfold completely. There are lots of stories similar to this one out there on the net - most much worse. That's my theory . . . check your PayPal account.

Free Wireless . . . or Evil Twin?

2008-11-11T22:45:00.000-06:00

Just a thought, to encourage all you coffeshop surfers out there to think twice about what you're doing when connected to the Free WiFi links that you know so little about. The truth might be that you're not as secure as you think, and you may not even be connecting to the access point that you think.

With the proliferation of WiFi hotspots, there has also been an increasing incidence of techie ne'er-do-wells hijacking public WiFi sites, filtering all the traffic through their computers, passing the traffic through to the internet and stealing any snagging the "pertinent bits" (credit card numbers, bank account info, etc.) for themselves.

These so-called Evil Twins are relatively easy to set up, and sky's the limit as to what they're able to extract from the traffic that you put through them.

PC World lays out the case for basically not trusting any WiFi access points that you don't personally control. Most people would never notice the difference when attaching to an Evil Twin . . . so best to just keep the sensitive financial dealings to a non-public network that you trust!

Notebook power: hibernate, sleep, or ???

2008-10-11T20:18:00.001-06:00

More and more people are going toward notebook computers these days, it seems. With this movement comes new challenges and options that people need to be aware of. One of the most frequently misunderstood facets of notebook computing is how to tell the computer to shutdown or stop work. Here are a couple tips:

Sleep mode (standby on some computers) will park the hard drive (stop spinning) and turn off the display, fans and other larger consumers of power. The system "session" is saved (open docs and all) and will fire up immediately the next time the computer turns on. Data is retained in standard system memory (RAM), which requires a small amount of power consumption. You know your computer is in sleep/standby by the intermittant "glowing" (usually amber color) of the power light.

Hibernate mode will do exactly the same thing, but instead of keeping the session in internal RAM and continuing to use power, it actually saves the data from RAM off to a file on the hard drive, and shuts down power to all system components. It does require an extra 5-10 seconds on startup because the computer does actually need to retrieve this data from the hard drive, and to load Windows.

So, the difference probably depends on how much you'll be starting up and shutting down. I myself prefer the zero-battery-drain so I always train my notebooks to use hibernate by default.

Another thing to think about (and that I always train on my notebooks) is the behavior when the power button is pressed, and when the lid is closed. These settings are in Control Panel - Power Management in Windows. I usually have the computer shut down when the power button is pressed, and to hibernate when the lid is closed. Then, when I'm done working I usually just shut the lid and know my battery will not run down and my session will be saved exactly where I am.

If you're finding that your computer is depleting its battery and/or is losing the place where you were, you're probably using sleep/standby. Consider switching to hibernate.

Speed Up Your Broadband

2008-10-04T11:45:00.006-06:00

Here's a nice article from MSN on helping to speed your broadband connection. Most of the suggestions are throw-aways, but #1 and #2 definitely highlight some real potential for improvement.

Most DSL customers in the Mpls/St Paul area are given/sold a DSL modem (usually Actiontec) by Qwest, and I have found instances where upgrading the device's firmware has indeed yielded better speeds. This step is not for the tech newbie, however, as firmware upgrades are not quite as simple as downloading and running a program. There are also cases (usually cable) where the customer is not given access to their device, so it's not an option for those situations.

I do highly recommend speedtest.net for testing connection speeds. Always seems in line with what it should be.

Is Your Printer Lying To You?

2008-08-25T11:58:00.003-06:00

I just wanted to quickly share an article from slate.com that examines how and why printers lie about their toner levels . . . and what to do about it. FixYourOwnPrinter.com is a helpful web site (cited in the story as well) . . . though it appears to be down at the time of this posting!

Use Your Idle Computer To Help Find a Cure

2008-08-17T10:48:00.003-06:00

Distributed computing is the process of solving very complex computing projects through the use of many, geographically-dispersed computers. Basically, the "problem" is split up into sub-tasks scaled for execution on almost any hardware platform, and the results are then transmitted back to a central system that incorporates the sub-task results into the ongoing solution.

You load software on your computer, and it processes for one of these organizations that are seeking "big answers to big questions." You can turn it on and off as you please (e.g. I turn it off when I'm working with video editing), and you can throttle it to only use a certain percentage of your CPU. And, you can usually login to a web portal to allow you to see how many "work units" you have processed.

My first encounter came in Berkeley's SetiAtHome initiative, in which individuals can load a program to help process data from radio telescopes to search for signs of alien life.

I never got fired up enough about that to actually try it, but now I've found something much more compelling: Stanford University's FoldingAtHome. It's a human biology project, seeking the causes and cures for protein mutation-related illnesses such as cancer, Parkinson's, Huntinton's, Alzheimers and ALS.

I've got plenty of experience in the past few years (as I'm sure most reading this have) with these diseases, and this is such a miniscule amount of effort that it's embarrassing to even call it a "sacrifice".

If you decide to do FoldingAtHome, you can join my "team" (143189) and track your individual results, and our collective team results. Comments encouraged!

Alert: UPS E-mail Virus

2008-07-24T13:06:00.004-06:00

Whew! It's been a while. Sorry for the little summer hiatus!

We've had a few customers fall prey to a "UPS virus" lately. The virus code has been out for a few months now, but the fake UPS e-mail wrapper is new. The victim will receive an e-mail something like this:

From: United Parcel Service [some spoofed return e-mail address]
Sent:
To:
Subject: UPS Tracking Number 4126976729

Unfortunately we were not able to deliver postal package you sent on July the 1st in time because the recipient's address is not correct.
Please print out the invoice copy attached and collect the package at our office

Your UPS

There's an attached zip file that will launch a virus if clicked.

I have not yet figured out why or how, but both AVG and Symantec only seem to partially detect and clean the virus. It's a relatively harmless virus, as I have not seen it re-sending itself or anything like that. It does produce some phony Windows XP Security errors (red X in the Taskbar, with a message about being infected and "click here to fix"). Following the link leads to a phony virus removal application for sale.

We've seen at least two variations of the virus. Here are a couple of Symantec posts on the variations, with cleaning instructions: http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2008-051910-0118-99&tabid=3

http://www.symantec.com/security_response/writeup.jsp?docid=2008-050916-1055-99&tabid=1

A Few Thoughts on Battery Backups

2008-05-22T09:56:00.012-06:00

It's important to have good battery backup, especially for business servers, as a sudden power loss means sudden crash of the operating system. We've seen our share of corrupt Windows and other files, as well as physical hard drive damage, as a result of power failures. The solutions to such issues are rarely cheap, so battery backups can be thought of as an insurance policy against such events.

Something a little bothersome that I've seen lately, even in very knowledgeable technicians, is a penchant for under-powering their power backup solutions. Part of the confusion comes from the fact that UPSes (battery backup units, to the non-techie) are usually rated on VA (volt-amps), whereas computer products only list consumption of Watts. In my experience, it's best to multiply by 1.2 the total wattage of the systems being plugged into a UPS, to determine the number of VA the devices will consume.

So, for a basic server with a 500 watt power supply, many people would purchase a 500 VA UPS . . . and then wonder why their server still crashes violently every time the power goes out. 600VA would be a minimum size for protecting such a machine; I'd even size it a bit bigger at 750 or 850VA to allow enough time to make sure everything shuts down and/or to allow for other low-voltage peripherals (monitor, network switch, etc.).

APC, one of my favorite UPS manufacturers, has some nice resources, including an online UPS selector tool. It really helps think about issues like Watts-to-VA conversion and continuous uptime after the power goes out.

APC also has a nice computer power FAQ section on their web site. Here's one tip I found interesting and useful, regarding chaining surge suppressors off of UPSes. Interesting things to think about.

Microsoft Skydrive Online Storage: Free and Useful

2008-05-13T09:19:00.007-06:00

Have you ever wanted to just put some files "online somewhere," either to have later or to share with someone? Google's got its offering, and if your company has a server there are always tools like FTP, but Microsoft's new Skydrive online file storage service might fill the need better than either of those.

The Pros:

Clientless - just uses an internet browser - and works across OSes (not limited to Windows).
5GB of data, which is more than Google offers, and probably more than enough for most
Sub-folder capability, to help separate and organize your files
Shareability allows you to invite other people to retrieve the files, or even upload their own files. This is on a folder-by-folder level, and you can launch invitations to people for access to specific folders.
Public Folder capability, to allow anonymous users to access files you designate as Public.

The Cons:

You can only upload or download 5 files at a time, and no files bigger than 50MB. (I assume these rules are to attempt to thwart P2P music and movie sharing.)
Transfer rates are fairly slow.
You and your users must have a Windows Live login (except for folders made Public). No big deal for me, as it's free and pretty easy to sign up, and I've not seen a deluge of MS-related spam as a result.
This is not a "corporate" solution, in that there is no guarantee that your data will be there tomorrow, there is no way to ensure/verify privacy and intrusion protection is not very strong.

In short, Skydrive is good for non-critical data that needs to be available quickly and easily, and perhaps even shared with mutliple users. It's definitely not a corporate solution, and is far from being compliant with standards like HIPAA . . . but it fills the "casual sharing" need very well.

Worldwide Free Calling - Coming

2008-04-25T13:33:00.005-06:00

I think most people reading this already know about Skype and the wonderful - and free - things possible using Skype.

Coming soon (the makers say May 15th) is a new hardware device that has a new angle: internet speakerphones that allow free international calling over the web. The device is the Snap Personal Internet Communicator. Worth checking out if you're spending a bunch of money on standard international long-distance fees.

Photoshop for Free - Kind of

2008-04-04T08:51:00.006-06:00

Just a quick note for any shutterbugs out there. If you've been looking for some good photo manipulation software and don't want to pay the full-boat price (~$900) for Adobe Photoshop, Adobe recently announced their online Photoshop Express version.

I'm definitely going to try it out. This sounds interesting: "Do what you want with your photos. Give them cartoon colors. Distort them . . . Pop Color, Sketch, Hue, Black & White, Tint, and more."

I normally use MS Picture Manager, which is a great-but-little-known utility included with Microsoft Office Suites. If you own either Office 2003 or 2007, you might need to dig for it on the CD (doesn't install automatically), but it is there . . . and it doesn't cost any extra.