Practical Technology

for practical people.

March 4, 2010
by sjvn01
0 comments

Windows: New, improved & more insecure than ever

Honest to God I don’t go around trying to pick on Windows for its security problems, but the hackers keep finding new ways to break into it. And, this time, they’ve found a doozie. Berend-Jan Wever, aka “Skylined,” a Google security software engineer has busted DEP (data execution prevention), one of the few significant security improvements Microsoft has made to Windows.

DEP, which was added to Windows back in August 2004 in XP SP2. It addressed the very common hacking technique of buffer overflows. In a buffer overflow attack, a malicious program tries to overwrite the buffer, the amount of memory a program has been allocated for running its code in. By so doing, a buffer overflow overwrites memory that may or may not have been allocated to other programs. In either case, it can then use this overwritten memory for its own purposes. Usually this means running malware or even taking over the computer itself.

While this problem isn’t unique to Windows, it can happen to almost any operating system without strict memory management controls, even with DEP, Windows has been prone to such attacks. Now, though, with DEP busted, it’s become even easier for a buffer attack to strike home.

More >

March 4, 2010
by sjvn01
1 Comment

USB 3.0 vs. eSATA: Is faster better?

Up-to-date computers now include external ports that, in theory, can handle data at rates of up to 5 Gigabits per second. But which is better?

If you’ve been in the computer business for any length of time you can probably painfully remember when serial RS-232 ports could barely handle 28 Kilobytes per second. And, adding insult to injury, the standard was loose enough that you could have ‘compatible’ devices that you could never physically connect. How things have changed! Now, eSATA can handle 300 MBps (MegaBytes per second) and USB 3.0 can wheel and deal up to 625 MBps.

So that makes USB 3.0 better right? Well, while USB 3.0 is good, it’s not as simple as “Whoever’s the fastest wins.” Let’s take a closer look at these new and improved ports on our PCs.

More >

March 3, 2010
by sjvn01
1 Comment

Elliot Associates’ worrisome Novell plans

Elliot Associates L.P., a hedge fund, which claims to already own 8.5% of Novell’s stock made an unsolicited bid to buy the Linux company lock, stock, and code for $1.8 billion on March 2nd. This move may be good for Novell stock owners, but I fear it may be death for Novell’s commercial SUSE Linux and community openSUSE distributions.

Some people in the know, like Canonical’s COO Matt Asay think this deal could work for SUSE. In his view, Elliot would do well to sell off Novell’s Linux division.

I wish I could agree with him, but I looked at Elliot Associates’ past history of taking “an activist approach to investing, frequently amassing significant but minority stakes in distressed or under performing companies and attempting to foment change,” and I don’t like what I see.

Elliot Associates is best known as a ‘vulture fund.’ They don’t make investments to turn companies around. They make investments to crush the cash out of them and then leave the picked over bones for someone else to pick up.

More >

March 2, 2010
by sjvn01
1 Comment

Linux is doing just fine on servers

My good buddy Preston Gralla would have it that “Windows doesn’t just dominate the desktop, but the server market as well.” Eh… I don’t think so.

For proof, Gralla points to the latest IDC (International Data Corporation’) Worldwide Quarterly Server Tracker. This report covers the worldwide server market’s factory revenue.

What Gralla and other people miss is that IDC is not measuring what server operating systems are being used. It’s measuring what server operating systems people are buying, which are bundled with their hardware purchases. To quote IDC, what the researchers are really measuring is “server revenue includes components that are typically sold today as a server bundle, including frame or cabinet and all cables, processors, memory, communication boards, and OS.”

So, it is time to start throwing a fit and start selling Red Hat stock for a dime on the dollar, and enroll in MCSE (Microsoft Certified Systems Engineer) night classes? No. I don’t think so.

More >

March 2, 2010
by sjvn01
2 Comments

Another day, another Internet Explorer security hole

Forgive me for sounding like a broken record, but yet another Internet Explorer security hole has been revealed. Is there no end to the ways that IE can be broken into? It doesn’t look like it!

In this latest flaw, there’s an unpatched bug in VBScript that hackers can use to drop malware on 32-bit Windows XP machines running IE 7 and 8.

According to Microsoft’s Senior Security Communications Manager Lead Jerry Bryant, an exploit “was posted publicly that could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box.”

Microsoft says that, as far as they know, no one’s using this exploit yet. Yeah, and I don’t know that anyone is playing hockey in Canada today, but I’m willing to bet someone is.

More >

March 1, 2010
by sjvn01
2 Comments

The Ultimate PC repair kit: SystemRescueCD 1.40

Like everyone who makes his living from computers, I’m always getting called on by friends and family to help them fix their PC problems. Thanks to the Gentoo Linux-based SystemRescueCD though, I’m usually able to fix most of their troubles without breaking a sweat.

SystemRescueCD, like the name suggests, is a system rescue disk. You can use it either as a bootable CD-ROM, USB stick, or even over a network connection. While you can use it as a desktop in own right, its real job is repairing crashed systems. In particular, with its disk and file system repair tools, it’s great for bring dead hard drives back to life.

With Linux disk and file tools like parted, partimage, fstools and many others and support for almost all Linux, Unix and Windows file systems, such as ext2/ext3/ext4, FAT, JFS, NTFS, ReiserFS, Reiser4, and XFS I have yet to find a hard drive that could still spin that I couldn’t at least pull data from with SystemRescueCD.

More >