Random thoughts

  • Google Desktop

    There are lot of people that think the new Google Desktop is great and revolutionary. However, there are several things wrong with it that make me stay away from it. Here's the short list (in no particular order): Continue reading...

  • William Gibson has a blog

    That might be old news for people out there, but it was a pleasant surprise for me to discover that William Gibson has a blog (rss here). Apparently, it's been up for the last two years or so. Oh well, I guess I can't keep an eye on everything. Although I wish I knew earlier about it. Continue reading...

  • History is happening...

    ...now. Anzari X Prize was won by SpaceShipOne. I wonder http://www.scaled.com/projects/tierone/how long before the first comercial space ship flights? Continue reading...

  • On The Road To Indigo...

    For the last few days it seems that Richard Turner's blog "On The Road To Indigo" disappeared. Let's hope this post would flow some Google juice to his new home at http://blogs.msdn.com/richardt (RSS at http://blogs.msdn.com/richardt/Rss.aspx). Continue reading...

  • PSSIR team is blogging...

    Tim Rains and Robert Hensing are members of the Microsoft Product Support Services Incident Response team. Their blogs are a must read, especially if you are interested in investigating system intrusions and compromises. Continue reading...

  • Port Reporter Parser v1.0

    If you use the PortReporter (download, KB article), there is a nice log parser for it. Go ahead and snatch a copy of Port Reporter Parser while it's hot. Continue reading...

  • Excellent LUA/non-admin resource

    Aaron Margosis has excellent set of posts on why and ho to run as LUA (non-admin). If you wander what's in it for you or have particular problem while running as non-admin, you owe it to yourself to read his blog. Continue reading...

  • This is a bad idea...

    The new FirstTech Credit Union page puts the logon dialog on an unsecured page. Their explanation [1]: Why This Is SecureUsing the Online Banking Login on the 1sttech.com pages is safe, even though you do not see the lock in your browser as your Account ID and PIN (Personal Identification Number) are not transmitted until you click on the "login" button. Upon doing so, a secure session is established between your browser and our systems. Your information is then encrypted using 40-bit or 128-bit encryption algorithm (128-bit is used if your browser supports it) and sent to our systems for authentication into Online Banking. Please note that First Tech never transmits your information without it being encrypted first. We recognize that most of the internet public has been wisely trained to look for the lock in their browser when submitting sensitive data online, this is why we created the “why this is secure” message and added the lock icon to the login button. The design of our website made it difficult to include the popular member request of offering a Home Banking login box to every page on our www.1sttech.com site. Our solution was to verify that the process was secure, then communicate this to our members via the hover text and the “why this is secure” page. It's good they have thought about the security part of the problem. It's bad that with this implementation they are training people to not rely on the browser's notification about the status of the connection security, but on a webpage icon. Once trained, people would blindly accept the same icon on another page as sign of secure transport layer, even though it might be there just because the page designer decided it's a good “Login“ pictogram. Not to mention all the phish emails that will start doing the same to lupe people to trust their links. People should never trust the web page content about the status of the connection. [1] http://www.1sttech.com/home/security/ … Continue reading...

  • "Why I run as an Admin" or A story of a Wrong Attitude

    Recently I stumbled across a posting named “Why I run as an admin”. As you can deduct from the title, it is a small rant from a guy about why he runs as an admin. There are lot of rants like this flying aroun in the blogosphere (and not only there), so what makes this one interesting? It's the attitude. Or more precisely - the wrong attitude of the post. The message that the author conveys is “Security is hard; running as regular user is hard; I won't do it”. And that is coming from somebody that is in our industry. So with this attitude, why do we even expect to get the regular users run as regular users on their computers?! Let's take a look at the complaints: “Can’t see calendar as non-admin” – This is the only legitimate complaint that really is a problem. I've been given this argument countless times, when I ask somebody “Why don't you run as non-admin?“. I would argue that this is the single most stupid reason to run as an admin. Yes, this is known limitation of the os and it should be fixed. But please, get over it and be secure! There are miriad of other ways you can see the calendar. Besides, if this is one of your critical tasks – you most probably are one of the people that have Outloook (or any other calendar application) always open anyway.(I don't want to discuss the scenario, where one doesn't use PIM and needs to see the calendar every half an hour. If one can't even remember the current date, they definitely should NOT be running as an admin) “Can’t install anything” – How often does one need to install new programs? You can always switch to admin account when you need to install a new program. But wanting to run as admin so that you can install anything at anytime? This is like wanting to run as admin because you might need to change the permissions for one of the users at any time.As for Windows Update not being able to run as limited user - this is … Continue reading...

  • What's your lifestyle?

    I'll make this one short. If you are doing all you stuff on the computer as admin - stop it now! Get through the pain and switch as a regular user once and for all. Here are the reasons why and some tips on how to ease the pain. Continue reading...

  • w.bloggar

    I was looking around for desktop blog authoring tool. Well, not exactly loooking around; more like I've been pondering the idea for several months. I use RSS Bandit and w.bloggar was the obvious choice (read: it was in the RSS Bandit context menu :-)). So I went and installed it. Some first impressions, mostly positive: The program is very clean and has almost self-explanatory UI. It is very responsive, starts immediately and reacts blazingly fast. The initial configuration dialog was somewhat confusing, as it wasn't clear what user name/password should I enter. Besides, the initial configuration doesn't ask anything about the blog type/site. I guess if the program targets specifically Blogger users, that makes somewhat sense. Still, it might be good to have small button "Advanced blog settings..." or something like it that takes you to the blog settings. Almost all commands have associated shortcut, most of them quite logical. However, several commands don't use the de-facto standard shortcuts. Examples - the Redo usually is associated with Ctrl-Y; the alignment commands normally use Ctrl-L, Ctrl-E and Ctrl-R; F10 in most programs acts the same as single Alt press (gets you to the menu). Using these would make w.bloggar more familiar editing environment. OTOH - there are probably current users which already have learned the curent shortcuts and would be upset by any changes (oh, the joy of having to support "legacy" versions). The bugs I noticed so far (I guess I have some kind of job-inflicted mental deviation): null reference exception on the About... dialog box - shows if you start w.bloggar minimized in the taskbar notification area and choose About... from the notification icon's context menu the status bar uses non-localized font, but attempts to localize the date format and shows strange characters the post drafts are saved by default in the w.bloggar installation folder. This has two implications - if you are running as non-admin thic will cause some … Continue reading...

  • 'They shoud not be making money out of it!'

    'I have about 20 authors with twice as many blogs and I don't make money from this site. I can't afford to pay for MT.' 'I love it, it's good product, but there's no way I am paying for it.' 'They want us to pay for it? It's outrageous!' 'SixApart are evil, since they want to stop giving their work for free!'.(Ok, that last one I made up, but I wouldn't be surprised if somebody somewhere said it) By now everybody probably has heard about MT3 and the reaction from the users. Ben and Mena came up with a good product at the right time. They spent two years of their time on Movable Type. Let's say they worked two years at another paying job and they did $30K a year (and I am sure they would've made more than that, being the smart people they are). This is an investment of at least $120K between the two of them. In other words, Ben and Mena paid $120K. If you have a site and are using MT, part of these $120K have covered some of your expenses (indirectly, of course). Let's say MT didn't exist. Let's say you had to write it yourself. What's the price of all the time you would've spent on it? What's the price of two years of your life? We are not talking here about a big 'evil' software house. We are talking about two people that have a house, have to pay their bills and have to eat something. Did they not work hard? Are their efforts worth nothing? People would write a $70 check to the cable company every month without even thinking that most value they get out of it is watching reruns of old shows. That's $840 anually for things you most probably have seen at least once before. Yet these same people wouldn't even consider paying $100 for something that enables them to express themselves and reach hundreds or thousands of people. And that concludes this month's rant... Update: A lot of people complain about the pricing structure of MT. That is not what I am ranting about here. Update 2: Some of the Slashdot's comments are amuzing: “...Not … Continue reading...

  • How do your investments fare?

    A bit of statistics I got over email. If you've invested last year 1000 euro in any of the following, here's what your current capital would be: Northel Networks                 -   59 euroLucent Technologies           -   70 euroAlcatel                                  - 170 euroBeer (as in the drink)          - 380 euro (from recycling the bottles/cans) Somehow I tend to believe it... Continue reading...

  • How to use spam to "win" customers

    Here's how to use spam to win customers - the VMware solution. Two years ago I attended TechEd. There I went to VMware booth and swiped my badge. For the last two years I am trying to get VMware to stop sending me emails. I've got news updates. I've got seminar notices. I've got emails from two different account managers or sales representatives (or whatever they call tehmselves these days), that are responsible for my account, even though I don't have an account. Probably couple other emails as well, although I don't keep track. Every single time I would respond politely with request to stop _any_ emails, as my work is not related in any way to this area and I would like to keep my work email as clean as possible from non-work-related emails. Every single time I would follow their unsubscribe instructions in the email (if there were ones) and every time I would get a message indicating success. And in another month or two I would get another email. Today I got another one of these. Again I followed the unsubscribe instructions and visited the page. Imagine my amazement, when this time I got notice that tehre is no such email address. How the heck do I get emails at it then?! So I replied to the email I got and added couple of other email addressess at VMware I could think of. I asked to be removed from their email list. half an hour later I get an automated answer: Thank you for your interest in VMware.Please use the Web-based form at         http://www.vmware.com/support/sr/sr.jsp to report your problem, rather than mailing directlyto support@vmware.com I try to be a nice person, at least most of the time. So I went to their support page and here's what I find there: You must have a Personal Profile to log in. Use the Email Address and Password from your Personal Profile in the fields below. Once you've logged in, you'll need a registered product serial number to submit a support request. If you have no idea what we're … Continue reading...