SporkBomb

George Carlin has died from heart failure. The man who made famous the “seven words you can never say on television” passed away at 5:55 p.m. Sunday at Saint John’s Hospital in Santa Monica, his longtime publicist said. He was 71.

My only regret is that I passed on a chance to see him live.

He’s in a better place now-playing cards with Joe Pesci.

If thoughts could write blog posts, this blog would be updated every 15 minutes with relevant technological goodness. Unfortunately for me, this isn’t the case; at least not yet. I have to find time, sit down in front of my MacBook Pro (which I got off of eBay and am very happy with except for the fact that I overpaid), and try to recall what happened to me during the day. This kind of situation is not very common for me.

So what do I do? In general, I want to keep this blog updated and yet I can’t ever get into a specific situation where this is the case. I don’t have a solution to this dilemma yet. Perhaps I’ll also post about this issue on this blog.

When I run backups on SharePoint, I do both database backups and individual site backups via a script utilizing the stsadm.exe tool. This gives me the opportunity to both be able to be granular in my restores and also be ready for a disaster scenario.

Today I had to restore a whole site from a .dat file. Simple enough, right? Fire up stsadm and type:

stsadm -o restore -url http://path/to/site -filename e:\backup\path\of\file.dat -overwrite

At first everything seemed like it will be fine. Since this is a command line utility, I didn’t have a progress bar to give me hope, but I was sure of the process and of the outcome; or so I thought…

After 4-5 hours of waiting for the restore to finish, the SharePoint portal went down. The reason was a complete re-crawl of the ENTIRE portal and non-portal data. This kind of thing is done at night and on weekends for a reason! Why did I wait 5 hours? Well, the site in question was 10GB in size. The biggest restore I did up to that point was during off hours and of a 500MB site.

There is no clear cut answer to this on SharePoint 2003. I tried stopping the search service, but this didn’t stop the re-crawl. The solution ended up being desperate–a reboot. I had backups for all the data in case the worst happened. So I rebooted and I waited. The server came back online and after taking around 45 minutes to recheck the databases, it finally settled down and became accessible to everyone. In addition to this, the site restore I was doing also turned out to be successful.

The moral of the story in my case is not to trust SharePoint 2003 with anything. It’s a decent piece of software and 2007 is even better. It just always seems to do things just a bit off of what a person would expect–enough to get you in hot water.

If you have a SharePoint 2.0 server and you have installed SharePoint Services 2.0 SP3, you may have notices a few issues. Among the several issues with the service part there are two which stand out.

1. Data view web parts cause users with access to SharePoint sites to be denied access. When users attempt to access sites, they receive an authentication prompt, which fails after being filled out with correct information. The quick workaround for this issue is adding users to the local Administrators group. This was the best (so to speak) solution to this problem before a hotfix was released.

2. The edit in datasheet View feature in lists does not work correctly. It redirects the users back to the standard view. The fix for this issue was quickly released by the community, and later corrected by Microsoft via a hotfix.

The above issues are addressed in hotfixes 948919 and 941412. You will need to fill out a request for these hotfixes.

IMPORTANT: When you apply the fix for issue 1, an immediate rebuild of your portal and non-portal content will follow. On some setups this is known to slow down normal SharePoint access to a crawl. Always backup your SharePoint database before applying hotfixes.

The new theme of Firefox 3 beta 5 looks terrible to my humble eyes. I remember reading Slashdot few weeks ago. Someone posted a link to a thread on MozillaZine where Firefox developers and designers received feedback on the new themes for Mac, Windows, and Linux. The feedback to Linux was the most favorable. Mac and Windows feedback was an entirely different matter. As I read several pages of the thread, one thing became clear-they didn’t really “want” the feedback. Most of the designers’ and developers’ replies were something along the lines of: thanks for the feedback but we like it the way it is. Whatever, it’s their application and they can do with it as they wish ^{(I mean no offense by this. Just venting.)} Luckily for everyone, it’s also our choice to use a custom theme. In fact, this sort of thing is encouraged.

Let’s take a look at Safari, which is the gold standard for a decent integrated browser on the Mac.

Pretty! The Apple user in me loves the minimalism and the feeling that Safari belongs with the rest of the operating system.

Now, let’s see what Firefox 3 beta 5 looks like in its natural form.

What happened? What’s up with the huge navigational buttons? Is that really necessary? Why take up 10-15 more pixels of the user’s screen if you don’t have to? And what’s up with the oval reload and stop buttons? They’re not quite round and not quite square. It’s like they want to be something-they just can’t make up their mind. In order to remedy the big button situation, you can select “use small icons” in your theme options, but that will only give you two more oval buttons.

After realizing the gloomy reality of the new Firefox theme, I started quietly brooding in my office. Why Mozilla? WHY? Why hast thou forsaken me! Then suddenly I had a thought! Hey, maybe someone else is also having the same issues. Maybe someone out there has taken the time to develop a truly amazing theme for Firefox, which would allow me to believe that it’s actually Safari! So I googled and googled, and I stumbled upon GrApple! I quickly applied the Yummy theme to my Firefox install. I ask you to observe the amazing result.

Yup, this is Firefox! The only way I was able to tell the difference was by looking at the custom icons on the right side of the address bar and the status bar. Both of these differences can be eliminated if you’re a purist.

I’m sure that by now everyone and their grandmother has heard that an ex-NSA employee by the name of Charlie Miller has managed to r00t a MacBook Air after directing the machine to a website with malicious code¹.

OS X security implications aside, my first reaction was not anger or shame-it was puzzlement. I went on searching for a source which would give me more details about the actual hack. I knew that Charlie Miller signed an NDA, promising not to talk about the exploit; but what I needed to know weren’t necessarily the technical details of the exploit. I simply wanted to know what he did from an onlooker’s point of view. There was reportedly an audience of 20 people, cheering Charlie Miller on².

What did Charlie do exactly? Did he just click on a link? Did he click on a link and press to confirm the installation of [something]? Was the MacBook Air logged in and running as an administrator? Does the exploit work on a non-administrative user account, assuming that the user only surfs to the exploiting webpage without clicking anything to confirm the execution of any additional code?

I can only assume that the MacBook Air was indeed logged in as the default administrative account, where the user does have most administrative privileges, however; only after confirming his or her administrative actions via a warning dialog box, a la Vista UAC and Ubuntu.

Three operating systems were put to the test, OS X failed first. What would you expect the result of this to be? Would people attempt to figure out what really happened and then quickly distribute information about protecting from the flaw in Safari 3.1? OF COURSE NOT! This OS X hack gives the Apple/Apple user haters an excuse to unleash a torrent of abuse, ridicule, and pompous bragging about their own respective platforms. In return, the Apple “zealots” unleashed their own set of abuses, ranging from profanities, to making fun of the form factor of some unfortunate Dell laptop, and of course, bragging about the Apple experience. Go to Technorati right now and search for “CanSecWest Mac” and you’ll see exactly what I’m writing about.

Folks, is this really the best thing to be doing? I know that certain mac “zealots” tend to be very offensive to many people. I know that Steve Jobs is a bit annoying to some. I know that to some the sight alone of an Apple store causes uncontrollable convulsions and sickness. Does that mean that we should all turn into the Apple “zealots’” counter-parts and use their own tactics on them? I hope not.

Now off to find out what I can do right not in order to protect myself…

Note: I’m a very happy Mac user-a recent convert from Windows/Linux.

UPDATE: According to John Gruber of Daring Fireball, “contest-winning exploit took advantage of an overflow bug in the PCRE regex library used by WebKit’s JavaScript engine.” Gruber also stated that this issue has been fixed by WebKit developers. My advice to you is to stop using Safari for the time being and to start using the latest build of WebKit. You can also use Firefox or Camino if you’d like. And most importantly, don’t run as an administrator on your Macs, Windows machines, or Linux machines.

–
^{1, 2. http://security.itworld.com/5013/mac-hacked-first-in-contest-080327/page_1.html}

First of all, malware (i.e. viruses, worms, Trojan horses, spyware, and adware) cannot be completely thwarted by any anti-malware program. Think about it this way: you’re a single American guard in charge of protecting the whole Mexican/American border from illegal immigrants. Now, regardless of how you feel about the issue of illegal immigration, you will not be able to prevent it. The immigrants have to find a single place to cross while you have to guard everything. In the same way, the computer attackers have to find one hole in your computer, while you have to plug all the possible holes (even the ones you don’t know about). It’s not possible.

The most important thing to keep in mind when trying to avoid malware on the Internet is behavior. Most malware nowadays depends on you doing something (i.e. visiting a site, opening an e-mail attachment, etc.). If you never do the wrong things, you will greatly minimize the chances of being compromised.

The second most important thing when trying to avoid malware is your computing platform. If you’re using Windows, don’t be surprised when the bad guys start time sharing your computer behind your back. (I am aware that you can keep a perfectly safe Windows box, but can your grandmother?) If you want to truly be safe, you need to ensure that your platform is secure. If you need to be using windows, you can use software like VMware in order to browse the internet and read e-mails. And after you’re done, you just reload your VMware image and it is like nothing has happened. It is the operating systems equivalent of an etch-a-sketch. Another thing you may consider doing is moving to a Mac or installing a Linux distribution. Historically there have been thousands upon thousands of different pieces of malware for windows and only hundreds of these things for both the Mac and all Linuxes combined. You don’t need to be a statistician in order to see which one has a lesser chance of being infected.

The third most important thing is keeping you anti-virus up to date and having a so called internet router in front of your computer, so to speak. Never, never connect your DSL modem (unless it’s also an internet router) or your cable modem directly to your computer. Doing this effectively ensures that you’ll have malware company; sometimes within minutes. There are old worms like blaster which are continually scanning the internet for new victims. Most computers when first deployed directly behind DSL or cable modems are vulnerable to recently (or not so recently) patched worms like the Blaster worm.

If you have to use Windows, make sure that you are using a good browser. It is usually your first level of defense against the bad guys. Never use Internet Explorer 6. It is just bad. Not to mention that it is hardly even supported by Microsoft anymore. If security is key for you, you will forgo Internet Explorer 7 and even Firefox and use Opera. Give Windows Vista a chance. For all its shortfalls, it’s still a fairly good platform as far as security goes.

Finally, spyware removal should not even be an option. Imagine that you live in a castle (i.e. your computer), like the ones in medieval England. One day you leave your castle to go shopping and 1,000 thieves (i.e. spyware) break in. You come back and you realize that there are intruders in your castle. You promptly call the police (i.e. anti-spyware, or spyware removal programs) who go through the castle and throw out the thieves. My question to you is: do you not feel safe to sleep at night in your castle? Are you 100% sure that all of the 1,000 thieves have been thrown out?

Once you are (or you think you are) compromised, format, learn from what you did wrong, and move on.

Originally Posted in December 2007.
–

In the past month or so, I’ve been researching which console to buy. XBOX 360 or a Playstation 3? The Wii was off the table because I am not really into the concept. I like to sit still while playing my games.

So I did what every other self-respecting geek would do–I googled xbox 360 vs playstation 3. I was hoping to get a few objective reviews based on facts and reality. No luck there. Every single review I watched was biased. Most were annoyingly biased. Next, I tried to go to YouTube and do the same thing. 10 minutes into it, I just had to quit because I was getting angry at just how ludicrous most of the videos were. I had to sit back, close my eyes and rub my temples. I was completely mind raped by the misinformation flowing from the net like a sea of poisonous radioactive waste.

Why do people hang their whole self on a gaming console?

In the end, I believe I made the right choice in my situation. I purchased the $399 PlayStation 3 with a Blu-Ray drive and a free Spiderman BR-DVD. My reasoning was simple. I knew that at some point I would like to install Linux on my console. The PS3 made that easier than the XBOX 360. I also knew that I didn’t want to spend more than $400. But I also wanted to watch some next generation DVDs. I didn’t really care whether it was the HD-DVD or Blu-Ray. As far as I was concerned, both are DRM-laden systems designed to steal and inconvenience of the consumer. But they look pretty!

Another factor for my decision was the upgrade ability of the hard drive in my gaming console. I found out that I would grab any 2.5 SATA drive and put it in a PS3 without too much tinkering.With the XBOX 360, the process was more convoluted and involved voiding the warranty. For the price I was willing to pay, I could only get a 20 GB drive with my XBOX 360. I would also need to pay $150 for an add-on HD-DVD. The price point of the XBOX 360 was out of my range.

The final nail in XBOX 360’s coffin was the fail rate of the system. In the past it was as high as 30%. Now with the new Falcon chipset, the rate is supposed to go down due to the decrease in heat output, but in general it doesn’t seem like Microsoft made any structural change to remedy the situation. Even if the fail rate fell to 5%-10%, that’s still too high for my liking.

In the end, this was a very hard decision to make. Microsoft’s XBOX division has really outdone themselves in developing (minus the fail issue) and promoting this next generation console. In my case, however, the cons simply outweighed the pros and the PS3 won.

Note: This post is very time sensitive. Don’t rely on information within this post to make your decision about which console you purchase. Buy what’s best for you. Or don’t buy at all and support two arguably “evil” companies.

Three months after my decision to go with a PlayStation 3, I still feed that I made the right decision. Blu-Ray recently won the war of formats. XBox 360 has stopped shipping the HD-DVD add-on, and has also recently declined to ship a Blu-Ray add-on; leading me to ask a simple question about future games–what about them? The Xbox 360 console needs a high capacity disk in order to ship high content games. Dual layer DVDs won’t cut it for long. Some people say that Microsoft’s gaming division will focus on online delivery, but has the time to do this come yet? I’ll be eagerly awaiting what happens next.

To be frank, I have attempted this whole blogging thing before, but I could never stick with it. In the past I have used WordPress (WP) exclusively as my blog publishing platform. I was reasonably happy with it. Everything worked reasonably well and the community was second to none. The only (sort of) negative thing in my view were the frequent updates. Now, don’t get me wrong; I like my software secure and fresh as much as the next guy, but the vulnerabilities kept being discovered and patches kept being made. I’m not really complaining, just noticing. I assume that some people may perceive frequent updates to be a bother.

After my most recent hiatus from blogging was over, I decided to give MovableType (MT) a shot. The installation was not a problem for me. It was just as easy as the WP installation. As long as you know how to upload files, create a database and set permissions on your web host, you too will have no problems. Once the install was complete, I was awe struck by how robust MT seemed. Plus, the features which came with the default install were wonderful. I was thoroughly impressed by everything in my new MT isntall… except for one thing-themes. I’m not a very visually creative guy. While I know my way around CSS and DHTML, I cannot for the life of me put a decent looking webpage together. Unfortunately, none of the templates I could find for MT did do it for me, even after some tweaking. The stock templates in MT are pretty abysmal. I was left with this nagging issue, eating away at me like a worm larvae eats an apple.

I thought about it long and hard and I finally decided to go back to my old faithful WP. I realize that WP is harder to secure, but so what? I am a technophile after all! I enjoy hardening my web apps. Also, my template issue was resolved when I found the wonderful Journalist template by the very talented Lucian Marin. I’m not going to go in detail about the kinds of things I did to secure my WP install because that would make it too easy for some of the more nefarious people. Let’s just say that I have a recent backup and I’m hoping for the best.

So, in conclusion, WP vs. MT-which is better? If you want an easy way to manage multiple blogs on a single installation and you enjoy the feeling of seemingly robust software, go with MT. If you’re the casual writer who enjoys tinkering with software and wonderful support every step of the way, definitely go with WP and its community. If you stop by the #wordpress channel on the Freenode network, I may even be able to assist you myself (nickname: jas01).

While this wasn’t very surprising on the grand scheme of things, I was still a bit put off by the news when I read it in my favorite RSS software–NewsFire (Mac only).

That’s right, WordPress 2.5 is out and all the 2.5 RC2 testing I did was all for nothing but the fun of it. Great, I don’t mind!

Anyway, everything in yesterday’s post still applies. Keep in mind that wp-content is not to be deleted. In fact, if you somehow manage to delete it, make sure you restore it from backup before attempting the upgrade. If you accidentally delete your default theme, you will be greeted by the “white screen of death.” In order to remedy this, simply go into http://yourblog/wp-admin and select a different theme.