Please Use Protection

Last week we did this thing at work called “Tech Check” (or TekChek, or TechCzech, or something hip-but-actually-not) and I got to help a lot of new students try to get their systems to a minimum standard of functionality for their school year.

This was eye-opening. Viciously eye-opening.

The quantity of people who should be computer literate who were running wildly out of date systems with no anti-virus and no admin password was astounding. It was a combination of not knowing that they should and not knowing how to do so. I am not going to go into details about why these things are important, just quick, easy instructions on how to do it.

So, for anyone who’s reading this, I’m asking you to now, please, for the love of all that’s holy (or not), install A/V and updates and make sure that your user account has at least something for a password. Even if you’re using a Mac, you need to keep your system up to date and have a password.

Windows Instructions

1. Open Internet Explorer and go here: http://update.microsoft.com/windowsupdate. Follow the prompts to install all available updates. Go there over, and over, and over until it says there are no updates left to install. Reboot as many times as necessary. Then go there again, just to make sure.
2. Get anti-virus. If you want great protection, you have to buy it and this is the one I recommend: Eset NOD32. Purchasing a good A/V solution is extremely important if you are using your computer for business at all, and Eset NOD32 provides discounts for multiple computers or multiple years. Please do this right now. If you were unwilling to pay the “extra” money for a Mac, this is one of the costs you chose to bear. If you are unable to shell out $40 / year for a great solution, here’s an adequate, free solution: Avast! Home Edition. It’s not perfect, but it’s better than nothing. Note: lots of businesses and schools will provide anti-virus to their employees, students, etc. Often this will be pre-configured to download updates, run in the background, etc., and may never require you to purchase a license. Check with your employer or school.
   
3. Give yourself a password: Press Ctrl + Alt + Delete and click the button that says “Change password”. It is important that you remember what this password is, so make it memorable. Make it your drivers license number, or your license plate number, or your insurance policy number, or something else that you can have written down that doesn’t look like your password. Here’s an idea: pick something in your wallet that expires regularly, and use something from that (your insurance policy expiration date, for example). Then, every time that expires and you have to get a new one, change your password to reflect the new information.

Mac Instructions

1. Click the Apple logo in the upper left corner and choose “Software Update…” Install all available updates, reboot if necessary, and keep checking until there are no updates left to install.
2. Give yourself a password. Click the Apple logo and choose “System Preferences”, then click “Accounts”, your account should be highlighted with a button that says “Change Password”. It is important that you remember what this password is, so make it memorable. Make it your drivers license number, or your license plate number, or your insurance policy number, or something else that you can have written down that doesn’t look like your password. Here’s an idea: pick something in your wallet that expires regularly, and use something from that (your insurance policy expiration date, for example). Then, every time that expires and you have to get a new one, change your password to reflect the new information.

Please remember that this is just a base level of security meant only to deter the casual intrusion – kinda like wiring your bike to the bike rack. It’s not going to protect you from someone who is dedicated, but it should help you from being one of millions of people who get pwned just because it was so easy.

Also, feedback is always welcome. If you want more instructions for making your computer safe, let me know and I’ll write more documentation.

UPDATE: Eset has a free online virus scanner.

Parking is worse than driving

Some parts of Chicago are cool.

Other parts of Chicago are so insanely awful that it’s amazing anyone lives here.

One is the weather.

Another is the 400% jump in parking fares.

Seriously, Four…Hundred…Percent…in quarters.

Chicago’s Privatized Parking Meters Are An Epic Failure

Update: Newton’s third law goes into effect – Has The Parking Meter Revolt Begun?

Open Letter to Mr. Del Valle

(Miguel Del Valle, Chicago City Clerk)

I arrived at my new home in Chicago on the night of October 2nd, 2008. By the end of the very next day I had registered to vote, gotten a driver’s license, and registered and licensed my vehicle. I had my mail forwarded, my insurance changed, and was about to start my new job. I rarely drive and the majority of the time my car sits in a garage that I pay an extra $125 to use every month.

So you can understand my surprise when I was ticketed and fined $120 on the day before Thanksgiving for not having something I’d never heard of and breaking a law I had no information about. For reference, it’s ticket number 0055569370 15.

I called the City Clerk’s office today to find out about this “City Sticker” and was told that information about the law and the requirements could be found on the City of Chicago’s website. So I visited it, expecting to find a pretty obvious piece of critical information. I suggest you do the same.
Nowhere on the front page is there any information about “City Stickers”.
Nowhere in the “For Residents” section does it mention anything about the fact that on day thirty-one of residency I am breaking the law by not having this sticker.
Nowhere in “Traffic and Transportation” is there any mention of the fact that I can (and will) receive nearly the largest parking fine the city has to offer if I don’t act within 30 days.
Nowhere in “Parking Permits & Sites,” is there any mention of the City Sticker.
It’s not until you reach the very last item under “Parking in Chicago” that you see “City Sticker Information”.

As I did not yet have any tickets, and am explicitly paying NOT to have to try to park on Chicago’s streets, I had zero reason to think that I would ever need to visit this site, or delve so deeply into it, to find out that I am breaking the law. And, in order to comply with the law, I now must pay the $120 ticket, buy the $78 City Sticker, and pay the $40 late fee.

I am fully aware of the fact that ignorance is not the same as innocence, but by making violation of the law the only reasonable outcome, new citizens are being put in a position where instead of feeling welcome in their new city, we are receiving a nearly $250 fine. I know that a city must struggle to make ends meet, and that income from traffic violations is a large part of that revenue, but a “Welcome to Chicago! Go get a City Sticker!” postcard when I registered my car would’ve been much more pleasant than the entrapment that is currently greeting new citizens.

Another’s Shoes

I have been a systems admin for years, whether my business card said it or not. I have dealt with hundreds of users and systems.

Growing up I mostly had Windows machines. I had come to digital maturity using 95 and 98, and really came into being a sysadmin on 2000 and XP. I had learned to deal with, expect, and train others in the daily headaches of dealing with windows systems.

Then I started dealing with Macs. For the first years I was dealing with far fewer Macs than PCs, so I chalked up the lack of incodents to the smaller market share. Then I started dealing almost exclusively with them. And it wasn’t until then that I figured out that they really are that much better. And I grew accustomed to it. No longer was being an admin a daily headache, no longer was I apologizing to users because their systems crawled to a stop while it scanned for a virus, removing and reinstalling hardware so that the drivers might work, or re-installing the entire OS because I couldn’t explain why some problem couldn’t be fixed.

And now I am working in a place that is almost all Windows Vista on ThinkPads and ThinkStations. And Windows is so much worse now.

Vista is a nightmare. Vista is such a nightmare that IBM, who built the Thinkpads, will not install it on their company systems. It is what happens when committees of sheltered, brain-washed people make decisions. It is the result of “good enough”, of settling, of people accepting gruel because that is all they’ve ever had.

But people are learning. Learning that they get what they buy. Learning that their computers should be helping them get work done and enjoy their time with them.

Now, if only businesses woud stop “drinking the Microsoft Kool-Aid” I think we could make some real progress.

The only way that this is going to happen, I think, is if they try it out. See what they’re missing. See why so many people love their Macs. See why it takes half as many admins to run a network of Macs.

When your computer is a constant obstacle to getting work done, it’s time to look at new options.

Load Balancing and Static NATs

<Heady tech. mumbo-jumbo>

CheckPoint’s Safe@Office firewalls don’t handle load balanced dual ISP configurations properly if you have external IPs static NAT’d to internal machines.

When you connect your first WAN link (WAN1) and set up static NATs for external addresses to reach internal machines, everything works fine. When you set up your second WAN link (WAN2), your internal machines with NAT’d addresses will not be able to use WAN2. If you’re using WAN2 for failover only, this is not a problem (well, until WAN1 fails), but if you’re trying to use load balancing, whenever the firewall routes a NAT’d machine to WAN2, the request will fail – DNS will time out, PINGs won’t come back, etc. You’ll be able to reach anything internal, and you’ll be able to ping the firewall just fine, but traffic beyond that will fail.

If you want to see it in full effect, just disable WAN1 for a moment. Anything that doesn’t have a static NAT will work just fine, but any machine with a static NAT will lose it’s internet connection.

The solution is to set up a static route from any machine with a static NAT. So here’s how to properly set it up:

1. Connect both WAN links and make sure they’re working the way they should – including load balancing the traffic. That’s pretty easy.
2. Now add a network object for the machine you want accessible from outside. If you can find it in your list of computers (Reports > My Computers), just click the “Add” link next to it. You’re adding a single computer; It’s going to have a fixed IP address and you’re going to Perform Static NAT. I gave mine an external IP address from the pool connected to WAN2, but I don’t think it matters. Then just give it a descriptive name.
3. Now click Network > Network Objects and make sure it appears in that list with the correct Static NAT address.
4. Now click Routes at the top and hit the New Route button. For Source, select Specified Network, the network will be the IP address of the Network Object you just created and the Netmask will be 255.255.255.255. Destination is “ANY” and Service is “ANY“. In the next window, for Next Hop IP, choose the WAN link that includes the external IP address that you selected in step 2. Metric doesn’t really matter for something this simple, you can leave the default.
5. Now just test it. Make sure that you have internet access from the Network Object created in step 2. Disable one connection, test again, enable it, disable the other one, test again, etc.

Obviously, you can make it much more complex than this, but this is important information for getting load balancing and static NATs working.

</Heady tech. mumbo-jumbo>

Thanks, Bill

As you may or may not know, today is Bill Gates’ last day as a full time employee of Microsoft.

There are a lot of lists of the best and worst of Bill’s tenure, reminiscences of what he’s done (and should’ve done), and a lot of snide comments about his legacy.

Say what you will, but I can’t imagine anyone who has had a bigger impact on personal computing, business computing, and the industry in general.

Directly or indirectly, Microsoft has, I suspect, created more jobs than anyone. Besides the thousands of people that work directly for Microsoft, worldwide there are probably millions of people who have jobs because of Microsoft.

Think about it: What if Microsoft’s products worked quickly, easily, intuitively, and with little or no maintenance!? How many people do you know that would be out of jobs? How many fewer international phone calls would you have made? How much less stressed, more productive, and more happy would you be? How much less would you spend on Advil, Excedrin, Tums, stress-reduction toys, therapy, etc.? How much less would you get to spend on manuals, guides, training, certification, seminars, etc.?

What if personal computers were like tools? How many hammers do you buy in your life? One. Maybe two – if you lost the first one. Conversely, what if everything you used on a daily basis was as reliable, trustworthy, simple, and easy as your computer? Ugh.

Unfair comparison, I know.

This was actually supposed to be a sincere “Thank you,” to someone who contributed (and wil continue to contribute) a huge amount to the world around us. So, before I start ranting again: Thanks, Bill. You may be hatefully remembered, but you will certainly not be forgotten.

DNS is a Pain

I went to MacWorld this year and attended a session called “Lucid Systems Administration“. It was a pretty good, though basic, overview of how to maintain sanity as a SysAdmin. A lot of it was pretty common sense stuff – use an organizer, don’t try to memorize everything, devote time to specific goals, prioritize, etc.

I say “common sense” knowing that there are a lot of people in my profession for whom “common sense” is elusive. They’re on “the spectrum,” the saying goes.

So I could see it being helpful for some of them…Lots of them, actually.

One thing that stuck with me was her final “tip”: Check DNS.

For any readers who don’t know what DNS is, it’s the service that translates human-readable domain names (like google.com) to machine readable (number) addresses. It’s easily one of the most critical pieces of the internet. When it fails, nothing works.

So, because it’s so critical, there are a few pieces of it that are designed to provide speed and reliability.

But when you’re troubleshooting DNS problems, those pieces become a huge headache. Primarily the one where changes don’t show up immediately. Sometimes they don’t show up for days. Literally. Fixing a problem is really frustrating when you don’t know if the change you just made has had any effect until the next day.

You know when you’re on an old computer or a slow connection and the text doesn’t show up until a second or two after you’ve typed it? Imagine that delay is 24 hours.

So instead of making a change, and immediately checking to see if it worked, you read and plan and re-read and come up with a plan B, and then consult some experts, and then make the change. Then you wait a day, see if it worked, and start reading again.

I’m not an expert on DNS, but I might be soon if this keeps up.

Disposable Culture

My headphones suck. I have some of those 2.4GHz wireless ones that were popular before BlueTooth came along.

They sound terrible, they’re uncomfortable, they distort heavily (and seemingly without cause), they make that terrible noise whenever my cell phone does anything, etc. Basically, I subject myself to everything you can hate about a pair of headphones every single day

Why do I do this?

1. I don’t have better ones (yet).
2. I spent good money on these.
3. They’re better than listening to my co-workers noise.
4. I can’t bring myself to throw them away, but I wouldn’t impose them on anyone else either.

This is dumb. I know it’s dumb. I’m searching for new ones right now.

In searching for new ones, I’m reading a lot of user reviews of these and I found a bunch that said things like:

“They were good but only lasted 5 mos., so I bought another pair”

“They broke after only using them a few times, but they were only $XX, so what can you expect?”

etc.

“What can you expect?” You SHOULD expect that all the time and materials and energy that were put into making that inexpensive electronic device result in something durable.

Think about all of the work that went into harvesting the oil to make the plastic; processing the ore to make the copper; the hours spent designing and manufacturing each piece; the laborers that spend years snapping, screwing, and gluing individual pieces together, designing packaging, marketing, copywriting, screenprinting meaningless logos on the side; and all the fuel spent shipping raw materials around the world so that finished products could be shipped back around the world to land in your lap.

Now think about the workers who come to your street to pick up the broken pieces of all that energy to haul it away and bury it underground. Until, that is, we discover that we have no natural resources left because we spent millions and billions of hours using them up only to bury their product underground. Then we’ll spend millions of dollars and even more labor trying to dig up, clean up, and re-use all of it.

We talk about the high cost of energy – the price of gas, the impact of burning coal, etc.; but what we don’t pay attention to is the fact that we’re using that energy to create more problems for ourselves.

I remember reading a really good article (subscription required) about how our “economic health” is based on the total quantity of our spending (GDP) rather than the quality of our spending. The argument was basically that by dumbing down our understanding of the economy to a single number we are ignoring the most important factors of the economy. In his example, a two-pack a day smoker with cancer, astronomical credit-card debt, an unsustainable mortgage, a gas guzzling SUV, and diabetic, overweight, fast-food eating children is the best thing for the economy.

And I can’t help but think that if we truly measured the quality of our spending we’d find that almost none of the spending we do is helping us.

Ugh. Overwhelming. No wonder I don’t sleep well.

Microsoft Promotes Terrorism

I re-installed Windows XP on a beige-box this morning.

This particular beige box had been sitting in a closet for at least a year. Then sitting on a pallet rack for at least six months (because I cleaned the closet). I didn’t know what might be living in this old thing, so I decided to do a format and install. There was a shiny MS Proof of License Certificate of Authority right there on the side, so it should’ve been no problem.

You can see where this is going, I’m sure…

After a 45 minute installation, this particular product key, in all its foil-stamped, holographic glory was “invalid”. Wouldn’t activate. Tried several times to no avail.

So I called Microsoft. Like a good, responsible, not-pirating-at-all citizen, I went through their friendly voice-activated messaging system, read off my 54-digit installation ID, clicked all the right buttons and was told that this is an invalid product key and I would need to contact the manufacturer…of the non-descript, unmarked PC with a clearly valid product key sticker. Then I got hung up on. No “Would you like to try again?”, no “Press zero to talk to a CSR.” Just *click*.

Awesome. Let’s try that again.

Call back, this time I don’t go through the prompts. I just wait. It’s an old tactic, but a good one that works with lots of phone systems. Wait or press zero.

Finally I get a person. The ol’ Microsoft special: low call quality, marginally english-speaking, not helpful at all. I give her all 54 digits of my installation ID again. And again. I click all the horribly obvious buttons (if I hadn’t clicked them I couldn’t have gotten to this phone number in the first place).

“I’m sorry, I cannot help you resolve this situation. You will have to talk to our Product Key department.”

This is, apparently, a totally different department than the Activation department (that makes sense) and she can’t transfer my call there (that makes sense, too). Awesome. I’ll call ‘em myself.

More voice-prompts, more repeating myself, more repeating this horribly long installation ID, more re-clicking the same buttons, re-entering the same numbers. But this time, the guy can help me. He gives me a new product key. Another 25-character alphanumeric string. In almost english.

You’d think that’d be it – new product key, a button that says “Change Product Key”, and I’m golden. Nope.

Now I get a new 54-digit installation ID string! What’s that mean!? Another phone call to the Activation Department!

Only this time, he can quickly and easily transfer me to the Activation department. Apparently Microsoft phones only work in one direction. That saves me time, though. In a way. I guess.

Back to the friendly, voice-activated Activation department. Where I have to enter this newer, better installation ID. Which finally works. And my installation is activated. And windows will quit bugging me…at least to activate it.

So, at the end, I have spent (precisely) one hour and 27 minutes on three phone calls with Microsoft to activate a product that I had a real, valid, certifiably authentic product key for. This required three 54-digit installation IDs to be repeated twice each, two 25-digit product keys to be repeated thrice each, and a 42-digit confirmation ID to be repeated twice.

Now, you’re still wondering how this relates to terrorism. Or you should be.

After I got off the phone, just out of curiosity, I Googled “windows XP product key”, and in .18 seconds I had multiple links providing unlimited-use Windows XP product keys. By Microsofts decisions and on-going actions, piracy is cheaper (free), easier (copy, paste), and faster (by a lot), than doing it the legal way.

And, according to Michael Mukasey piracy funds terrorism.

Therefore, ipso-fatso, Microsoft Promotes Terrorism.