You are currently browsing the category archive for the ‘Computers’ category.

I didn’t do this because it’s a new year – they just happen to coincide.

I won’t mention names, but several of my parents donated some liquid funds to my account at Christmas.  Thank you, unnamed parents!

That, and a little bit of recognition money from work allowed me to browse the SSD recommendation page of my never-met friend and technical adviser Dave Farquhar.  I ordered through his links, splashing him a bit of the money that Amazon collected.

The drive came in on the last day of the year.  I let it warm up overnight (winter finally arrived – we’re in for a swing of freezing nights) and dropped it in today.

I had downloaded the Windows 10 disk image and installed it straight to the new drive.  You will need the old license key (I got mine in Cleveland) to activate it.

It went smooth.  I had worked on my church’s new Win10 computers, and I use Classic Shell, and I turned off a lot of Microsoft’s telemetry.

Downloaded a lot of programs fresh, and I know I still have some setup to do.  Overall, a nice way to spend a few hours – and get Microsoft to quit bugging me about upgrading.  That wasn’t the only reason, but now I don’t have to deal with the nags anymore.  Caving in?  Practicality?  You decide.

Advertisements

Solid state drives (SSDs) are a blessing and a curse.  So fast – so quick – so quickly filled.

Though it’s getting better, SSDs used to be microscopically tiny.  Compared to spinning rust hard drives, these things were gnats.  You can buy a desktop hard drive, size 8T, for $260 delivered.  I remember when used hard drives – used, as in been through the wringer and then taken out when something else died – cost a dollar a megabyte.  That would make the cost of this drive – if it had existed back then – $8,000,000.00.  Eight million bucks.

Of course, I have copies of PC Magazine where you can buy 10M hard drives (to turn your PC into an XT!!).  But that’s not where this ramble is going.

If I remember right, I started talking about the relative difference in drive sizes, hard drives vs. SSDs.  Those SSDs are coming down in price, just like spinning hard drives did.  Mine was purchased to maximize space at a price point – I had a dollar limit, and was able to get 128G of silicon goodness.

It filled up this week.

As Dave Ramsey says, Christmas is not an emergency.  I could have seen this coming from a long ways back.  I didn’t look – bad on me.

I deleted some big downloads, looked for and deleted some big files (using the Everything tool, looking for *, sorted by size).  Still not enough.  Look around at some tools, and found PatchCleaner.

As the PatchCleaner site says, Microsoft can leave gigabytes of unused junk in hidden folder c:\Windows\Installer.  PatchCleaner will see what is safe to remove and offers you the option to move it somewhere else (to the spinning disk where you keep your pictures and music, perhaps?) or to delete them altogether.  I used it, deleted the orphaned files it found, and was able to free up X gigabytes of SSD space.  X is unknown (or rather, unremembered).  Probably 10G to 15G.  I had deleted some other things manually, and have 20G open, when I was down to single-digit megabytes before-hand.

Recommended.  Download it, run it, and decide whether you want to copy off what it finds, or delete the extra, unused junk.  Either way, you will probably have acres more of sweet silicon emptiness, waiting on your cat videos.

Google has a new tool called Inbox.  It sits on top of your Gmail account, lets you see your mail in a different way, and offers different tools.

As my friend (whom I have never met) Dave Farquhar says, “You’re either going to read the next sentence or you aren’t.

There are advantages to Inbox.  One of the subtle ones is that this is a new product from Google.  It’s where all the kids want to go play.  Old apps from Google have a tendency, like old toys, to be left behind and discarded.  Inbox also bundles similar emails, displays pictures and details within the app (instead of within the email), letting you open attachments directly.  You can set reminders for yourself.  You can pin emails so they are visible.

There are disadvantages, also.  You can’t directly see starred emails that you had set up in Gmail.  yes, you can search for “in:starred” and see them.  Not the same as a one-click.  I guess the pinning replaces the functionality, but it doesn’t replace the stars you had in place.  Same for spam – no single-click, but rather “in:spam”.  I like going through my spam (not the content, just the headings) to see if Google places anything in the wrong place.  I see about one a month that’s falsely labeled spam.  I don’t want to miss that one.

Finally, the sticker, and the one thing that caused me to write this post.  Gmail allows you to paste pictures in-line.  Inbox requires you to attach pictures, so they have to be files.  Terrible for screen shots.  I want to copy (using my still-favorite Greenshot) and paste right now.  I don’t want to have to go through the steps of saving a file and then importing it.  I want frictionless pictures in email, and Inbox doesn’t (yet) have the ability.

Of course, Google is tweaking and updating their programs daily, so there’s hope.

Urban legends have become common-place  People understand what it means when you use the phrase. There are books written about urban legends, and a dialect has grown up around them.  There are themes and categories, people doing comparative analysis, and even lingo.  One of the neatest words is an acronym: FOAF.  The friend of a friend is a non-distinct, distant source of information.  You hear it, but wouldn’t want to act on it.

Or would you?  I know of someone who is travelling to a foreign country to teach for a while, and will be staying with the friend of a friend.  Gutsy – and trusting in God.

Tonight I am looking up a computer to recommend for a friend to buy.  I am going to use a site recommended by another friend.  The purchasing person is being helped by the recommending person – a friend of a friend – and that’s a good thing.

The site is Product Chart, and they will help you decide what’s important in laptops and smart phones, as well as smaller consumer electronics.  I don’t know if they have ads – I block ads with both AdBlock and AdBlock Plus, so if you are enticed to buy an ostrich pillow or a Ministry of Silly Walks watch, I’m sorry, but it’s on you (literally).

Have fun.

Well, not exactly.  But there is free storage.

Google will bump up your normal 15G that’s available with a Google account, adding two gig if you complete their Security Checkup by Tuesday, Feb 17, 2015.  If you use Google services (anything more than the search engine), this is a good thing.

First, you are protecting your online identity.  Not everything you do – this won’t help with last week’s Anthem breach or next week’s breach at a bank or a retailer.  This will help your Google identity stay secure.  The checkup is quick and easy.  You get to see which devices are tied to your Google ID (think Gmail address).  I detached an old cell phone, just to keep tidy.  You get to see what services have access to your information, and I knocked off one or two there.  You get to check where you last logged in to your account from, physically and from what device.  If you live in Nebraska and don’t have a cell phone, then an Android login from Nigeria is probably cause for alarm.

Second, you are picking up another 2 gigabytes of space on Google Drive.  Which is shared with Gmail and Picasa, and available for whatever suits your fancy.  You can put a lot of stuff in 2G – a couple thousand pictures, or five hundred songs, or about three movies, or squillions of emails.  Use it as you wish.

Finally, there is the increased sense of awareness that this brings.  As you are doing the checkup, you start thinking about the ways that the bad guys could use something useful, like your Google account.  I understand that Google is an ad sales company more than they are a search engine.  I know that they read my email (they store it, so they have to be able to read it).  I also enjoy the support I get from an ecosystem of digital services, and I’m willing to make the privacy trade-off with Google to get the benefit of all the Google products.  Knowing search terms and browser history across machines is cool.  Something like WordLens

640px-WordLensDemo5Feb2012

is completely mindblowing when you see it running on your own phone instead of on somebody else’s video.

So I think Google is pretty cool (even inventing and making available the Go language).  I want to protect my investment with them, and to encourage others to do the same.

Regardless of your motivation – greed, higher purposes, or a utilitarian view of protecting your investment, do the Google security checkup.  You’ll thank me later.

First, I want to differentiate between hacking (seeing how something works) and cracking (doing the same thing for malicious reasons).  There can be a fuzzy line between the two.  I want to stay clearly on the good side.

As an example, I once broke into a government computer, getting root access and changing the root password.  It was by their own request – the only operator had died suddenly, and the family threw out all the documentation he had at home.  The government organization contacted the company I worked for at the time, and I got to break in, and to turn the results over to the proper authorities.  As I look back, this was almost an amplified pen test. (They failed, which was good in this case.)

That’s the good side.  Here’s a bad side (that I chose not to do): I wear a Fitbit tracking device, which counts the steps I take.  Their daily goal is ten thousand steps.  My cardiologist is happy with five thousand, which I normally achieve.  When I got the device, I started looking for ways to hack it.  I’m inquisitive, that’s what I do and how I think.  I found a video where somebody hooked their Fitbit up to a hair trimmer so the device would record two steps a second.  All interesting, until you add in that my company rewards me monetarily for achieving steps.  That turns a cute prank (“Look – a hundred thousand steps today!”) into theft.  That’s wrong.

There’s nothing wrong with giving your cat a Fitbit – just don’t use that one to get points.

With that background, here’s how to do a little white-hat hacking on mysql.

We had to make major changes to the database supporting an application.  The developer was long gone, and nobody had the password to the database.  Really didn’t want to reverse engineer the whole DB and then test to see if it works – that is the wrong way to spend a couple weeks.

(aside: my favorite search tool is Google.  Bing just doesn’t cut it, though I like their image search better – I can specify what license I want the picture to have)

Googling the question led to a long list of mis-hits, and then this winner, in a reply to a longer and more complicated method.  If you’re on the machine and have root access, the anonymous tipster says that

cat /root/.mysql_history|more

is “very informative”.  Which is an understatement – the password is up at the top of the file.

Thanks, Mr. Anonymous.  You helped save the day – and contributed a tool to my hacking toolbox.

 


Footnote: yes, the commands

more /root/.mysql_history

or even

head /root/.mysql_history

are shorter.  This isn’t a code golf contest.  The value is in knowing where to look, not how to look.

I am an extremist.  I read Linux Journal, and the readers of that magazine have been labeled by the NSA as extremists.  And not only am I a reader, I subscribe to the magazine.  I’m paying to support extremism!

So, since I have been granted the label, I may as well put the tattoo on my blog.

LJ-Extremist-black-stamp

My esteemed technical cohort Dave Farquhar also has some wise words on the subject.

HP did a booboo, and left an admin ID in one of its systems.  Shame on HP.

Then they didn’t respond to the white hat guy who found it and tried to tell them.  So he went public.

Going public with these findings, after giving the company time to respond and fix them, is a good thing.  Three weeks might be fast – companies are not as nimble as individuals.

What I find interesting is that the researcher hinted at the password without providing it.  He gave the hash of it – the non-plaintext version that gets stored instead of the password itself being stored.  So the technically curious (including me) wanted to find out what this 7-character password is.  There are sites that work backward from the hash to the password – not necessarily doing the math, but using rainbow tables or something similar to do the one-way translation, so they can do the reverse search.

So I found out what the password was.  Nothing significant to me, nothing obscene, nothing outstanding – just a simple, slightly obfuscated password.

The part I find most interesting is the level of interest in the hash.  I’m seeing an awful lot of that 4c50 listed.  If I owned the system that HP sold, I’d be shaking in my boots right about now.  Even non-malicious hackers will want to get in and look around, and some of them will accidentally change something.

Last20hashes

Occasionally I get forwarded email.  Not just the junk that some people pass around, and not even the good stuff that people pass around.  This tends to be a legitimate forward of information I want or need, coming from people who are a bit technically challenged.  I can tell this because I can’t immediately see the forwarded email – it comes in as a text attachment.

eml-1

Inside, it looks messy  (yes, names, addresses, and IPs have been munged).

Read the rest of this entry »

I go through my Gmail spam every so often.  Google is pretty good at parsing what is junk and what is good, but they aren’t perfect.  So I look in the spam bucket and clean it out occasionally.

Tonight I found a subject line that made me laugh.

sails

Now my new friend Greg ought to know that I don’t live near navigable water.  I’m not a boater.  I don’t need 52% more surface area in my sails.

But boy, that Greg sure knows how to make it easy to put up a blog entry.

Thanks, Greg.