About a year ago I dove into MS Vista with ugly results. I finally bailed completely on Vista in February of this year and blogged several different ways to remove it and replace with something else. When Windows 7 Beta released this year, I initially avoided it thinking the MS team couldn't possibly recover from the disaster known as Vista. I was wrong.
When I finally took the plunge and installed Win7 onto test box I was pleasantly surprised by the quick and clean install. Then I was even more impressed by the quick response to a restart and reconnect back into the network. After running Win7 through it's paces it appears that all the problem issues that were chronic with Vista have disappeared with this new version. In fact it is very clear that this isn't just a new version, this is a whole new ball game.
I was so impressed that I upgraded a number of systems to Win7 and have not looked back. That was a month or so ago and I have not had a single BSOD, network fail, inexplicable random restart or anything else I can really complain about. When it does break, it's completely acceptable and it does it with grace.
To put it in a nutshell, Win 7 is like all the great functional things from XP with all the cool views of Vista but all in "turbo" mode. The same box with Win7 runs considerably faster then on Vista or XP. Startup and shutdown both work faster and cleaner and applications respond faster.
I still love my Mac, but I'm not afraid to install Windows 7.
Sunday, November 29, 2009
Monday, October 19, 2009
Malware and Social Engineering
They are getting smarter, so you need to be even smarterer. You are probably used to seeing bogus emails and web pop-ups telling you that your computer is infected and you need to download and install an antivirus program. Conveniently they always have one attached that is perfect for your computer. If you are not already aware - these are all malware - virus infectected files, spyware, trojans, and generally bad stuff.
No anti-spam/virus software company will ever send you a file directly to your email address and ask you to install it. They just don't. Even if you see a message pop up on your screen, the safest course of action is to open the security software you already have (you do have some right?) and manually run updates and scans from there.
What triggered this blog post was an email I received this morning from "Microsoft" essentially accusing me of spreading viral files. It occurred to me that many, many people may be convinced to open the attachment and infect them selves unwittingly just based on the fact that it appeared to have come from Microsoft. Here is the actual message:
Dear Microsoft Customer,
Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.
To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.
Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.
Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division
Of course it is completely bogus. Microsoft does not monitor viral activity, particularly not down to an individual PC level. Even if Microsoft did see a problem, they would distribute a patch through their "update" services. However, all you have to do is to actually read it because people at Microsoft would not have let this go out with grammar and spelling mistakes.
This is typical of the growing trend in social engineering used by malware distributors. There are two common ways to infect computers - send an infected file to someone, or trick them in to infecting themselves. Don't be the later.
No anti-spam/virus software company will ever send you a file directly to your email address and ask you to install it. They just don't. Even if you see a message pop up on your screen, the safest course of action is to open the security software you already have (you do have some right?) and manually run updates and scans from there.
What triggered this blog post was an email I received this morning from "Microsoft" essentially accusing me of spreading viral files. It occurred to me that many, many people may be convinced to open the attachment and infect them selves unwittingly just based on the fact that it appeared to have come from Microsoft. Here is the actual message:
Dear Microsoft Customer,
Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.
To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.
Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.
Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division
Of course it is completely bogus. Microsoft does not monitor viral activity, particularly not down to an individual PC level. Even if Microsoft did see a problem, they would distribute a patch through their "update" services. However, all you have to do is to actually read it because people at Microsoft would not have let this go out with grammar and spelling mistakes.
This is typical of the growing trend in social engineering used by malware distributors. There are two common ways to infect computers - send an infected file to someone, or trick them in to infecting themselves. Don't be the later.
Saturday, October 17, 2009
Calgary ... favouritism is okay... really...
The Calgary City council has just awarded a $300,000 re-branding contract ... to a US company. Not only is it a complete waste of taxpayer money to replace a perfectly good logo/brand that is very under utilized, but the award went to a US based company! In what dream scape is City council living?
1) We don't need it. The current branding may be 10 years old, but is still relevant, directed, and speaks to exactly what Calgary is all about.
2) Why send money away? How does it make any sense to send $300,000 to a private company in San Fransisco when there are a plethora of graphic design companies right here in Calgary that would take on this project? Did they completely ignore the adjacent impact of spin-off business this would create? If the money had been spend here in Calgary, many other subcontractors would have benefited as well. What happened to supporting the local economy? What gives them the right to send local tax payer dollars out of the city never mind out of the country? Where is their responsibility to the local taxpayer?
3) Waste, Waste, Waste. This seems to be a theme for Bronco and his gang. The last time a decision had me this incensed was when they spent half a million dollars on office chairs. WTF? There are hundreds of homeless people in this city who will need extra help this winter. There are community programs that need bolstering. There are schools that need new roofs. Seriously - $300,000 for a new sign? Come on!
4) It's irresponsible. They are using money that came from local taxpayers who work for local businesses and support other local businesses. We faithfully pay our taxes to the city with the expectation that they will spend it wisely on programs and services to help the local community. Sending my hard earned money to California, where it will not help any one in Calgary in any way shape or form is just irresponsible. They might as well have set fire to it.
If you haven't noticed yet, I'm pissed - and you should be too. How would city council take it if we just decided not to send them any tax money at all? That is basically what they have done to us here - taken our money and tossed it over the border like it doesn't even matter. I don't know about you but I work pretty hard for my money and I pay a good chunk to city and provincial taxes. It would be nice if our elected officials had enough respect for that money to spend it were it will benefit Calgarians most - right here at home.
1) We don't need it. The current branding may be 10 years old, but is still relevant, directed, and speaks to exactly what Calgary is all about.
2) Why send money away? How does it make any sense to send $300,000 to a private company in San Fransisco when there are a plethora of graphic design companies right here in Calgary that would take on this project? Did they completely ignore the adjacent impact of spin-off business this would create? If the money had been spend here in Calgary, many other subcontractors would have benefited as well. What happened to supporting the local economy? What gives them the right to send local tax payer dollars out of the city never mind out of the country? Where is their responsibility to the local taxpayer?
3) Waste, Waste, Waste. This seems to be a theme for Bronco and his gang. The last time a decision had me this incensed was when they spent half a million dollars on office chairs. WTF? There are hundreds of homeless people in this city who will need extra help this winter. There are community programs that need bolstering. There are schools that need new roofs. Seriously - $300,000 for a new sign? Come on!
4) It's irresponsible. They are using money that came from local taxpayers who work for local businesses and support other local businesses. We faithfully pay our taxes to the city with the expectation that they will spend it wisely on programs and services to help the local community. Sending my hard earned money to California, where it will not help any one in Calgary in any way shape or form is just irresponsible. They might as well have set fire to it.
If you haven't noticed yet, I'm pissed - and you should be too. How would city council take it if we just decided not to send them any tax money at all? That is basically what they have done to us here - taken our money and tossed it over the border like it doesn't even matter. I don't know about you but I work pretty hard for my money and I pay a good chunk to city and provincial taxes. It would be nice if our elected officials had enough respect for that money to spend it were it will benefit Calgarians most - right here at home.
Saturday, September 26, 2009
Exposing spammers
As a follow up to my last post on scripting firewall changes to drop spammer addresses.... here is a current list of all the IP addresses I have identified as spam sources. Feel free to use these in what ever way you like to block these evil bastards. All of the following addresses have been blocked from any access to my networks:
UPDATE!!!
I originally posted a list here but in the week after I wrote the script, the list grew to over 10,000 IP addresses - obviously too long a list to post in the blog. This list appears to be mostly "Zombies" so if you are having any difficulty accessing my website (mairs.ca or aasland.com) then it is very likely your IP has been blocked through this list and your PC may have been turned into a zombie mailer - and you may not even know it. If your public IP appears on this list, please let me know.
The current list is posted at http://www.mairs.ca/zombies.txt
UPDATE!!!
I originally posted a list here but in the week after I wrote the script, the list grew to over 10,000 IP addresses - obviously too long a list to post in the blog. This list appears to be mostly "Zombies" so if you are having any difficulty accessing my website (mairs.ca or aasland.com) then it is very likely your IP has been blocked through this list and your PC may have been turned into a zombie mailer - and you may not even know it. If your public IP appears on this list, please let me know.
The current list is posted at http://www.mairs.ca/zombies.txt
Thursday, September 24, 2009
Hitting back at spammers
I manage a network of servers that include mail servers, web services, and file sharing and I have been doing so for a number of years. One of the most prevalent maintenance issues for me has always been dealing with spammers. These guys have no respect for the general rules and will insist on sending their crap to you even if you are very specific about not wanting it. The thing with spam is that it is not just an email problem. When a spammer slams an email server with millions of bogus messages, often to bogus accounts, it takes a huge toll on the firewall, spam and antivirus processors, and can seriously degrade overall network performance. Simply sending back a "550 - no such mailbox" message only adds to the network traffic and encourages them to try a different mix of fake addresses.
So say goodbye to "Mr. Nice Guy", I am taking the gloves off and delivering an uppercut right to the jaw. I recently wrote a chunk of batch script to identify the hard core spammers who waste all my system resources and just drop their connections cold. This way they will still hit my firewall for a while, but when they realize the server effectively no longer exists, they will take my IP off their list and I will be free of the annoyance.
How does it work? It's really pretty simple. Here is an an example from a Sendmail server I am still using. When one of those annoying people connect to my server, one of the first things they do is check to see if I'll relay mail so it can turn me into a zombie mailer... not gonna happen bud. What ends up happening is that my logs fill up with this garbage:
Sep 24 21:37:20 mairs sendmail[17608]: ruleset=check_relay, arg1=[114.238.85.247], arg2=114.238.85.247, relay=[114.238.85.247], reject=550 5.7.1 Fix reverse DNS for 114.238.85.247,or use your ISP server
Sep 24 21:37:37 mairs sendmail[17610]: ruleset=check_relay, arg1=[190.213.91.165], arg2=190.213.91.165, relay=[190.213.91.165], reject=550 5.7.1 Fix reverse DNS for 190.213.91.165,or use your ISP server
Sep 24 21:38:34 mairs sendmail[17612]: ruleset=check_relay, arg1=[123.17.228.211], arg2=123.17.228.211, relay=[123.17.228.211], reject=550 5.7.1 Fix reverse DNS for 123.17.228.211,or use your ISP server
The cool think about this is that regardless of what hostname they are trying to spoof, the originating IP address is right there for me to grab and use against them. So that is exactly what I did... I wrote a script to pass through my daily logs, pick out the IP addresses on these offending lines, and add them to my firewall rules with a silent "DROP". They never get any feedback, not even a ping response, so to them, the server is dead - a non existent IP.
In the first day, it dropped my spam volume to about a quarter and now it is virtually non-existent. The 30 or 40 spam messages a day I get now are nothing compared to the hundreds of thousands that were filling my logs 2 weeks ago.
Here is the actual script in case you want to run it on your own server. This was built for a CentOS 5.3 i386 server - make the appropriate adjustments for your platform. This should be run on a cron daily just before the log rotation. Alternately you could run it just after log rotation and alter the script to read maillog.1.
The /etc/cron.d job:
45 23 * * * root /home/tmairs/spamkiller >/dev/null 2>&1
The script:
#!/bin/bash
# get list of spammer IP addresses and save to temporary file
exec cat /var/log/maillog | grep check_relay | awk '{ print $8 }' | sort | uniq > /tmp/spammerlist
fname=/tmp/spammerlist
# read file sequentially
while read line
do
# pick off the first address
badaddr=${line/,/}
badaddr1=${badaddr/arg2=/}
# add a rule to drop them at the firewall
exec /sbin/iptables -A INPUT -s ${badaddr1} -j DROP | echo
# loop till it's done.
done <$fname
# save the new IP tables config
exec /sbin/iptables-save
# kill the temp IP file
exec rm /tmp/spammerlist -f
# end
So say goodbye to "Mr. Nice Guy", I am taking the gloves off and delivering an uppercut right to the jaw. I recently wrote a chunk of batch script to identify the hard core spammers who waste all my system resources and just drop their connections cold. This way they will still hit my firewall for a while, but when they realize the server effectively no longer exists, they will take my IP off their list and I will be free of the annoyance.
How does it work? It's really pretty simple. Here is an an example from a Sendmail server I am still using. When one of those annoying people connect to my server, one of the first things they do is check to see if I'll relay mail so it can turn me into a zombie mailer... not gonna happen bud. What ends up happening is that my logs fill up with this garbage:
Sep 24 21:37:20 mairs sendmail[17608]: ruleset=check_relay, arg1=[114.238.85.247], arg2=114.238.85.247, relay=[114.238.85.247], reject=550 5.7.1 Fix reverse DNS for 114.238.85.247,or use your ISP server
Sep 24 21:37:37 mairs sendmail[17610]: ruleset=check_relay, arg1=[190.213.91.165], arg2=190.213.91.165, relay=[190.213.91.165], reject=550 5.7.1 Fix reverse DNS for 190.213.91.165,or use your ISP server
Sep 24 21:38:34 mairs sendmail[17612]: ruleset=check_relay, arg1=[123.17.228.211], arg2=123.17.228.211, relay=[123.17.228.211], reject=550 5.7.1 Fix reverse DNS for 123.17.228.211,or use your ISP server
The cool think about this is that regardless of what hostname they are trying to spoof, the originating IP address is right there for me to grab and use against them. So that is exactly what I did... I wrote a script to pass through my daily logs, pick out the IP addresses on these offending lines, and add them to my firewall rules with a silent "DROP". They never get any feedback, not even a ping response, so to them, the server is dead - a non existent IP.
In the first day, it dropped my spam volume to about a quarter and now it is virtually non-existent. The 30 or 40 spam messages a day I get now are nothing compared to the hundreds of thousands that were filling my logs 2 weeks ago.
Here is the actual script in case you want to run it on your own server. This was built for a CentOS 5.3 i386 server - make the appropriate adjustments for your platform. This should be run on a cron daily just before the log rotation. Alternately you could run it just after log rotation and alter the script to read maillog.1.
The /etc/cron.d job:
45 23 * * * root /home/tmairs/spamkiller >/dev/null 2>&1
The script:
#!/bin/bash
# get list of spammer IP addresses and save to temporary file
exec cat /var/log/maillog | grep check_relay | awk '{ print $8 }' | sort | uniq > /tmp/spammerlist
fname=/tmp/spammerlist
# read file sequentially
while read line
do
# pick off the first address
badaddr=${line/,/}
badaddr1=${badaddr/arg2=/}
# add a rule to drop them at the firewall
exec /sbin/iptables -A INPUT -s ${badaddr1} -j DROP | echo
# loop till it's done.
done <$fname
# save the new IP tables config
exec /sbin/iptables-save
# kill the temp IP file
exec rm /tmp/spammerlist -f
# end
Damned picky customers....
Maybe I am just biased because I have worked in customer service for so long, but I have a real problem with companies who claim that customer service is their first priority when it is clearly not. I have had two absolutely horrible experiences in the past few months that I just need to shout about and I figured I have this perfectly good blog that I have not ranted in for a while so....
The first one is "Courtesy Chrysler" in Calgary. They even have a friendly name to lull you into a false sense of ease with their obvious attention to courteous service. NOT. These people aren't even nice, never mind courteous. They were very friendly and helpful when we were buying our car, but even before the cheque cleared the relationship turned sour. Within an hour of driving off the lot we noticed that one of the features we had agreed to purchase was not installed and we reported it right away.
I was expecting a rational response in the form of some kind of assistance, but instead we were accused of lying, and told "too bad" there is nothing we can do. I was amazed at the refusal to even try to correct a mistake that they outright admitted to. This mistake amounted to billing us for a $1200 feature that was paid for and not included and they had no intention of giving us credit or putting the feature it. In my books, that is theft.
Enter the lawyers, and 2 months of fighting over who said what. We finally go a cheque to cover the missing component, but it is still not the vehicle we agreed to purchase, and they never apologized for lying, name calling, or the initial bait-and-switch.
My recommendation is to avoid Courtesy Chrysler in Calgary at all cost.
The second major service disappointment is Bubbles Car Wash (4715 Macleod Trail S). When I arrived, the "salesman" held out a laminated price card and said all the prices were on it, and then held onto the card - I actually had to ask for it and read the pricing myself. This is one sales person that could easily be replaced by a $5 brochure holder. I would highly recommend a solution-selling course like Sandler to help improve sales skills.
I explained to the rep that I specifically needed all the sand vacuumed out. The car is almost new (see the "Courtesy Chrysler" story above) but had been at the beach all summer and was covered in and out with beach sand. He assured me that the "Works" would be perfect because it is a complete wash with hand detailing and vacuuming the entire interior. It's a personal, hand detailing service by professionals that takes about 30 minutes and it is only $36.95 ($10 off) if I get to done while I wait. Sure, I said - do it.
Forty-five minutes later, I had to go hunting for my car because there was no one at the service counter (for at least 10 minutes) and no one had explained that it would be left at the far end of the building. I waited another 5 minutes for someone to take my money, and then they charged me $54.95 for a $36 service - figure that one out. When I finally located my car I noticed right away that the front bumper was still as dirty as when it came in. This amazed me as I know there were at least 4 people that *looked* like they were hand washing it. I did a walk around and noticed several places that were never touched at all. Even worse, the interior still had beach sand everywhere. In some placed it was obvious the vacuum had not even passed by. They even managed to scratch the paint on the hood.
I had to point out to the final detailers that they completely forgot to do the tire detail and that the bumpers needed to be rewashed. Even after all of that, I need to re-wash and re-vacuum it myself to get the job done properly. This is definitely not what I expected from a $50 hand detailing.
So what is the deal with companies that claim high end customer service and then fail miserably? I don't think I am being particularly picky by asking them to actually provide the service I have paid for, or to be polite, available, and respectful of my time. Is it too much to expect an honest deal with a smile, or is ignorance the standard now? Did I miss something?
I have worked with some of the largest companies in the world and some of the most demanding clients and I can tell you that providing good customer service is really not that hard to do. - It's just hard to find.
The first one is "Courtesy Chrysler" in Calgary. They even have a friendly name to lull you into a false sense of ease with their obvious attention to courteous service. NOT. These people aren't even nice, never mind courteous. They were very friendly and helpful when we were buying our car, but even before the cheque cleared the relationship turned sour. Within an hour of driving off the lot we noticed that one of the features we had agreed to purchase was not installed and we reported it right away.
I was expecting a rational response in the form of some kind of assistance, but instead we were accused of lying, and told "too bad" there is nothing we can do. I was amazed at the refusal to even try to correct a mistake that they outright admitted to. This mistake amounted to billing us for a $1200 feature that was paid for and not included and they had no intention of giving us credit or putting the feature it. In my books, that is theft.
Enter the lawyers, and 2 months of fighting over who said what. We finally go a cheque to cover the missing component, but it is still not the vehicle we agreed to purchase, and they never apologized for lying, name calling, or the initial bait-and-switch.
My recommendation is to avoid Courtesy Chrysler in Calgary at all cost.
The second major service disappointment is Bubbles Car Wash (4715 Macleod Trail S). When I arrived, the "salesman" held out a laminated price card and said all the prices were on it, and then held onto the card - I actually had to ask for it and read the pricing myself. This is one sales person that could easily be replaced by a $5 brochure holder. I would highly recommend a solution-selling course like Sandler to help improve sales skills.
I explained to the rep that I specifically needed all the sand vacuumed out. The car is almost new (see the "Courtesy Chrysler" story above) but had been at the beach all summer and was covered in and out with beach sand. He assured me that the "Works" would be perfect because it is a complete wash with hand detailing and vacuuming the entire interior. It's a personal, hand detailing service by professionals that takes about 30 minutes and it is only $36.95 ($10 off) if I get to done while I wait. Sure, I said - do it.
Forty-five minutes later, I had to go hunting for my car because there was no one at the service counter (for at least 10 minutes) and no one had explained that it would be left at the far end of the building. I waited another 5 minutes for someone to take my money, and then they charged me $54.95 for a $36 service - figure that one out. When I finally located my car I noticed right away that the front bumper was still as dirty as when it came in. This amazed me as I know there were at least 4 people that *looked* like they were hand washing it. I did a walk around and noticed several places that were never touched at all. Even worse, the interior still had beach sand everywhere. In some placed it was obvious the vacuum had not even passed by. They even managed to scratch the paint on the hood.
I had to point out to the final detailers that they completely forgot to do the tire detail and that the bumpers needed to be rewashed. Even after all of that, I need to re-wash and re-vacuum it myself to get the job done properly. This is definitely not what I expected from a $50 hand detailing.
So what is the deal with companies that claim high end customer service and then fail miserably? I don't think I am being particularly picky by asking them to actually provide the service I have paid for, or to be polite, available, and respectful of my time. Is it too much to expect an honest deal with a smile, or is ignorance the standard now? Did I miss something?
I have worked with some of the largest companies in the world and some of the most demanding clients and I can tell you that providing good customer service is really not that hard to do. - It's just hard to find.
Tuesday, August 11, 2009
I want my money back!
Dear Mr. Harper,
I want my money back.
My recent experience with government social services has convinced me that there is absolutely no service being provided to our society through the social services leg of the government. I am pretty sure that some of the money I sent to you last year was directed to that part of government and since they are obviously completely useless, I'd like my money back (please).
A member of my family was recently given a loose diagnosis of a mental health problem and the hospital psychiatrist recommended we get help from the government programs that are available for this type of situation. We were handed pamphlets and told to speak to our family doctor. We were told that hospitals could not provide that care, but *someone* in social services system would be able to help us.
Pamphlets? Referrals? "But this is an emergency!", we protested... and who is this *somebody* who can help?
We did as directed, got a referral from the family doctor and were assured we could get the emergency psychotherapy that would help. A week later we received a letter from the government informing us that we would be contacted for a group therapy appointment in approximately 4 months. So the *emergency* psychological services we were told to expect turned out to be an appointment for family counseling services in 4 months time - maybe.
Every time we speak to anybody in the social services and mental health arena, we are told something completely different. One social worker told us that exactly the services we needed were available and all we had to do was ask. We asked the department we were told to ask and they said - "Oh no, we don't do that", but here is a pamphlet with some information about the problem. GREAT - more pamphlets. I could wallpaper a freaking room with all the pamphlets and information circulars I have been handed by people at hospitals and social services offices. I have been given contact information for private clinics, names of books I should read, and phone numbers of support lines where very nice people will listen patiently to you but can *do* absolutely nothing. More often than not, we have been given misdirection. One person says "call here and they will help"... we call and they say " oh no, we don't do that" - often these are people in the same office!
I have a family member who has a very serious mental issue and no one in the social services or mental health has been able to offer any kind of real assistance. The only person who has done anything concrete to help at all basically just said - sorry, we can't do anything for you. At least she did not try to redirect me like everyone else.
So I want my money back. I figure at least some of the tax money I sent you should have gone into *real* programs and support that I could have counted on, but all I got was a stack of pamphlets, most of which were inaccurate and all of which was freely available on the internet. I am more than happy to pay my share into a system that provides service to our society through our social service system, but apparently all you are doing is filling a pension fund, paying people to fill desks, and generating useless paper trails.
Where the hell is the benefit for my taxes - and who is going to help my family when we need it?
I want my money back.
My recent experience with government social services has convinced me that there is absolutely no service being provided to our society through the social services leg of the government. I am pretty sure that some of the money I sent to you last year was directed to that part of government and since they are obviously completely useless, I'd like my money back (please).
A member of my family was recently given a loose diagnosis of a mental health problem and the hospital psychiatrist recommended we get help from the government programs that are available for this type of situation. We were handed pamphlets and told to speak to our family doctor. We were told that hospitals could not provide that care, but *someone* in social services system would be able to help us.
Pamphlets? Referrals? "But this is an emergency!", we protested... and who is this *somebody* who can help?
We did as directed, got a referral from the family doctor and were assured we could get the emergency psychotherapy that would help. A week later we received a letter from the government informing us that we would be contacted for a group therapy appointment in approximately 4 months. So the *emergency* psychological services we were told to expect turned out to be an appointment for family counseling services in 4 months time - maybe.
Every time we speak to anybody in the social services and mental health arena, we are told something completely different. One social worker told us that exactly the services we needed were available and all we had to do was ask. We asked the department we were told to ask and they said - "Oh no, we don't do that", but here is a pamphlet with some information about the problem. GREAT - more pamphlets. I could wallpaper a freaking room with all the pamphlets and information circulars I have been handed by people at hospitals and social services offices. I have been given contact information for private clinics, names of books I should read, and phone numbers of support lines where very nice people will listen patiently to you but can *do* absolutely nothing. More often than not, we have been given misdirection. One person says "call here and they will help"... we call and they say " oh no, we don't do that" - often these are people in the same office!
I have a family member who has a very serious mental issue and no one in the social services or mental health has been able to offer any kind of real assistance. The only person who has done anything concrete to help at all basically just said - sorry, we can't do anything for you. At least she did not try to redirect me like everyone else.
So I want my money back. I figure at least some of the tax money I sent you should have gone into *real* programs and support that I could have counted on, but all I got was a stack of pamphlets, most of which were inaccurate and all of which was freely available on the internet. I am more than happy to pay my share into a system that provides service to our society through our social service system, but apparently all you are doing is filling a pension fund, paying people to fill desks, and generating useless paper trails.
Where the hell is the benefit for my taxes - and who is going to help my family when we need it?
Saturday, June 13, 2009
Going back to the Moon
On December 7th 1972, I was only 6 years old, but I have a vivid memory in my head to this day of Apollo 17 heading to the Moon in what would be the last of our visits to the lunar surface. 37 years ago Eugene Cernan and Harrison Schmitt stepped off the lunar surface and came back to Earth and no human has set foot there since.
It's time to go back.
I grew up dreaming of the prospect of living and working in space. I was one of the first public members of the Planetary Society founded by Carl Sagan, Bruce Murray, and Louis Friedman in 1980 and the expansion of the SETI program. I wasn't one of those kids who just read about rockets, I actually built several ...and I still dream of retiring in "Luna City" - we just need to build it first.
The great news for all those like minded people out there is that NASA is actually working on it. So are the Japanese, Canadians and British along with supported efforts from a number of associated countries. NASA's "Moon and Mars" site describes a number of initiatives including the Lunar Reconnaissance Orbiter that will help us get there. With the expansion of the International Space Station comes growth opportunities and a chance for a pit stop between Earth and the Moon. The next Shuttle mission (STS 127) is scheduled to add yet more lab space to the station with the Kibo laboratory complex provided by the Japanese.
In November last year, NASA successfully extended the Internet into space and made improvements in the process. The new Disruption Tolerant Network currently only has 10 nodes, but that's quite a few when you consider there aren't a whole lot of humans out there yet. This and other efforts in space exploration centers around the globe point to a near future where many of us will live and work on the lunar surface and beyond.
I can hardly wait. I can have my bags packed and be ready to go in about 20 minutes, just give me the call! In 1972, you had to be a colonel in the US Air Force to even have a hope of stepping onto the lunar surface. In the next decade, I foresee science and commerce reaching out to build entire communities on the moon that will include a variety of professions. Where there is work, there must be play!
I have said to my wife many times - "Bury me in Mare Nubium!" I might actually get my wish.
* * * * * * * * * * * * * * * * * * * * * * *
Find out more at nava.gov, canadian space agency, Japan Space Exploration Kibo Project
It's time to go back.
I grew up dreaming of the prospect of living and working in space. I was one of the first public members of the Planetary Society founded by Carl Sagan, Bruce Murray, and Louis Friedman in 1980 and the expansion of the SETI program. I wasn't one of those kids who just read about rockets, I actually built several ...and I still dream of retiring in "Luna City" - we just need to build it first.
The great news for all those like minded people out there is that NASA is actually working on it. So are the Japanese, Canadians and British along with supported efforts from a number of associated countries. NASA's "Moon and Mars" site describes a number of initiatives including the Lunar Reconnaissance Orbiter that will help us get there. With the expansion of the International Space Station comes growth opportunities and a chance for a pit stop between Earth and the Moon. The next Shuttle mission (STS 127) is scheduled to add yet more lab space to the station with the Kibo laboratory complex provided by the Japanese.
In November last year, NASA successfully extended the Internet into space and made improvements in the process. The new Disruption Tolerant Network currently only has 10 nodes, but that's quite a few when you consider there aren't a whole lot of humans out there yet. This and other efforts in space exploration centers around the globe point to a near future where many of us will live and work on the lunar surface and beyond.
I can hardly wait. I can have my bags packed and be ready to go in about 20 minutes, just give me the call! In 1972, you had to be a colonel in the US Air Force to even have a hope of stepping onto the lunar surface. In the next decade, I foresee science and commerce reaching out to build entire communities on the moon that will include a variety of professions. Where there is work, there must be play!
I have said to my wife many times - "Bury me in Mare Nubium!" I might actually get my wish.
* * * * * * * * * * * * * * * * * * * * * * *
Find out more at nava.gov, canadian space agency, Japan Space Exploration Kibo Project
Friday, May 8, 2009
Protect and Serve
Protect and Serve
Got kids? Yeah? So… you have a firewall and antivirus and some kind of content filter on their PC so they can be safe right? Good luck with that.
Here’s a dose of reality for you – every 10 year old, yes even yours, knows how to bypass ALL that protection, and most can do it with out you ever finding out. Kids trade hacking secrets like we used to trade hockey cards. They share key-tools and decrypters passed on USB drives like passing notes in math class. If all the protection you have for them is sitting on a PC that they control, well, think about that for a minute……
OK, that minute’s over, now lets do something about it. There are some fantastic tools available to give you better control in an environment that you as a parent control. The easy path is to buy some retail software for $49 and install on their PC, but we already discussed where that leads. The more difficult, but more reliable way is to build a remote caching filter. This is a combination of hardware and software that sits between your family PC(s) and the internet, it intercepts every page and only passes on the ones that pass your rules, and you can build one for almost nothing.
Step 1: If you don’t have one already, get a router. Even if you don’t follow the rest of this, do yourself a favor and install a router. Linksys and D-Link make decent residential routers in the $100 range that will do everything you need. The router connects between the Cable/DSL Modem and your PC’s. Follow the boxed instructions to set this up, they are usually pretty straight forward.
Step 2: You will need a PC to act as a filtering server. This does not have to be anything huge, in fact, the one I used was a 5 year old P4 that was headed for recycling. It should have 512Mb of RAM or more, bit otherwise nearly any relatively new PC will do.
Step 3: Install Linux. You can download a free copy of CentOS-5 Linux from http://ftp.telus.net/pub/centos/5.3/isos/i386/CentOS-5.3-i386-bin-1of6.iso
This is a 640Mb download, so make sure you have the time and speed before you start. Download this to a different PC, then use whatever CD burning tools you have to burn this iso image to a disk. Place the disk in the new “server” PC and reboot. When the firs screen appears, type ‘linux text’ and press ENTER.
You can choose the defaults, or the obvious for most of the install questions, but when asked about packages and options, de-select everything including the optional packages. If you skip this, it will ask you for a CD you don’t have. Answer all the questions to the end then reboot. After the reboot, log in and run an ‘ifconfig’ and record the IP address – you will need it later.
Step 4: Get Squid. First, make sure your system is up to date by typing ‘yum update –y’. Then ‘yum install squid –y’
Step 5: Get Dansguardian. Go to http://dansguardian.org/ and read over some of the docs so you understand what it does. Bookmark the page as you may need to come back here for configuration hints later. You can download the latest version from here: http://usmirror.dansguardian.org/downloads/2/ the instructions are pretty straight forward, follow them.
Step 6: Configure web browser proxy. Locate the communication settings for your web browser. In Internet Explorer is it in TOOLS > OPTIONS > CONNECTIONS. Find the PROXY settings and set the IP address to the address of the server you collected earlier. Set the port number to 8080. Now test your web browser with any site. If it works, then you can move on, if not, check to make sure Dansguardian is talking to Squid properly.
Step 7: Close other access with router. When you are able to connect to the internet through the proxy port, then you need to cut off all other access routes. Connect to the router and set the access rules so that the PCs you want to protect are blocked. This is usually done by IP address, so you will need to get these from the PCs you want to protect.
So now your family PC(s) connect to the content filtering Dansguardian that uses the Squid cache that gets the web pages from the internet. You can set a wide range of content filtering rules as well as control application access such as chat programs.
This may be a little more complicated than buying a $49 “nanny” program from Wal-mart, but it gives you more control over more functions with more flexibility all in a package that is separate from the PCs that need to be protected…and keeps it away from the 10 year old hackers.
Got kids? Yeah? So… you have a firewall and antivirus and some kind of content filter on their PC so they can be safe right? Good luck with that.
Here’s a dose of reality for you – every 10 year old, yes even yours, knows how to bypass ALL that protection, and most can do it with out you ever finding out. Kids trade hacking secrets like we used to trade hockey cards. They share key-tools and decrypters passed on USB drives like passing notes in math class. If all the protection you have for them is sitting on a PC that they control, well, think about that for a minute……
OK, that minute’s over, now lets do something about it. There are some fantastic tools available to give you better control in an environment that you as a parent control. The easy path is to buy some retail software for $49 and install on their PC, but we already discussed where that leads. The more difficult, but more reliable way is to build a remote caching filter. This is a combination of hardware and software that sits between your family PC(s) and the internet, it intercepts every page and only passes on the ones that pass your rules, and you can build one for almost nothing.
Step 1: If you don’t have one already, get a router. Even if you don’t follow the rest of this, do yourself a favor and install a router. Linksys and D-Link make decent residential routers in the $100 range that will do everything you need. The router connects between the Cable/DSL Modem and your PC’s. Follow the boxed instructions to set this up, they are usually pretty straight forward.
Step 2: You will need a PC to act as a filtering server. This does not have to be anything huge, in fact, the one I used was a 5 year old P4 that was headed for recycling. It should have 512Mb of RAM or more, bit otherwise nearly any relatively new PC will do.
Step 3: Install Linux. You can download a free copy of CentOS-5 Linux from http://ftp.telus.net/pub/centos/5.3/isos/i386/CentOS-5.3-i386-bin-1of6.iso
This is a 640Mb download, so make sure you have the time and speed before you start. Download this to a different PC, then use whatever CD burning tools you have to burn this iso image to a disk. Place the disk in the new “server” PC and reboot. When the firs screen appears, type ‘linux text’ and press ENTER.
You can choose the defaults, or the obvious for most of the install questions, but when asked about packages and options, de-select everything including the optional packages. If you skip this, it will ask you for a CD you don’t have. Answer all the questions to the end then reboot. After the reboot, log in and run an ‘ifconfig’ and record the IP address – you will need it later.
Step 4: Get Squid. First, make sure your system is up to date by typing ‘yum update –y’
Step 5: Get Dansguardian. Go to http://dansguardian.org/ and read over some of the docs so you understand what it does. Bookmark the page as you may need to come back here for configuration hints later. You can download the latest version from here: http://usmirror.dansguardian.org/downloads/2/ the instructions are pretty straight forward, follow them.
Step 6: Configure web browser proxy. Locate the communication settings for your web browser. In Internet Explorer is it in TOOLS > OPTIONS > CONNECTIONS. Find the PROXY settings and set the IP address to the address of the server you collected earlier. Set the port number to 8080. Now test your web browser with any site. If it works, then you can move on, if not, check to make sure Dansguardian is talking to Squid properly.
Step 7: Close other access with router. When you are able to connect to the internet through the proxy port, then you need to cut off all other access routes. Connect to the router and set the access rules so that the PCs you want to protect are blocked. This is usually done by IP address, so you will need to get these from the PCs you want to protect.
So now your family PC(s) connect to the content filtering Dansguardian that uses the Squid cache that gets the web pages from the internet. You can set a wide range of content filtering rules as well as control application access such as chat programs.
This may be a little more complicated than buying a $49 “nanny” program from Wal-mart, but it gives you more control over more functions with more flexibility all in a package that is separate from the PCs that need to be protected…and keeps it away from the 10 year old hackers.
Tuesday, February 24, 2009
La vida con Vista (part 4) - “Ciao baby!”
My “Life with Vista” series ends here with a “good bye” and some helpful instructions for anyone else feeling like abandoning the Vista ship. I’ve written two how-to documents giving step by step instructions for replacing Vista with Windows XP or Ubuntu, a Linux distribution intended for desktop users. These are available at http://mairs.ca/tom/papers/VistatoXP.html and http://mairs.ca/tom/papers/VistatoUbuntu.html respectively.
This does come with a caveat or two, however. MS Vista is the current operating systems offering from Microsoft and as such they no longer support anything with Windows XP. Going back to XP means the possibility of not being able to find drivers for new hardware. It also means that the 17 year old “tech” at future shop won’t know how to help you if you ask questions because they may have never actually used it before. On the other hand, it also means faster operation, less cryptic weirdness and familiar (yet still useless) error messages.
Moving to a Linux based operating system (Ubuntu) is not for the faint of heart either. This is a community supported, open source set of packages and as a result, not everything… well, actually nothing… is guaranteed to work. What is available has been built by geeks who built their own drivers and interfaces and made them public for you to use as you see fit. This has the benefit of variety, but also there is the lack of quality assurance. For instance, there may be 5 different drivers for your video card and you will need to pick which one is best based on research. People who are used to Linux are okay with this because it only takes a few minutes to do the research and most Linux users are gear heads or programmers anyway. Ubuntu does a pretty good job of picking the best driver for your hardware, but some things are still hard to find – like the finger print reader on my Dell Studio 1735 notebook.
Which way you choose to go depends on how comfortable you are with computers. If you are a geek or wanna-be geek, then try out Ubuntu, you may be surprised at how good a Linux desktop OS can be. If you are a typical user specifically looking for MSN Messenger, Media Player, and other Microsoft specific tools, then you should probably follow the XP path. Either way, don’t dive in without being prepared.
I’ve done both routes and I personally prefer Ubuntu. My wife preferred the XP route. In either case, MS Vista got the boot – “Ciao Baby!”
I hope you get value out of the how-to documents posted here, even if it is to make the decision to keep working with Vista - someone has to keep Microsoft in business.
Sunday, February 22, 2009
I left my heart in San Francisco
I recently had an opportunity to travel to San Francisco on business. Well, I flew into San Francisco Airport, but that’s about as close as I got to SF Proper. I did, however get to visit pretty much every other place between there and San Jose in three days.
If you've never been there, the San Francisco Airport (SFO) is not actually in San Francisco, it's in San Bruno - just south of the Airport's namesake. If you are planning a trip the Bay Area and Silicon Valley, I recommend a stay at the SFO Marriott Courtyard in San Bruno. It's about 5 minutes from the airport, the rooms are clean, people are nice and they serve a wicked omelet for breakfast.
I've spent quite a bit of time in Southern California in the Anaheim to San Diego area, but had not been to the Bay Area for about 30 years. It's changed since then... but then again, I was only about 10 years old. In any case, l really enjoyed my few days there.
My business meetings spanned from San Bruno to San Jose and included Redwood City, Menlo Park, Sunnyvale, and San Mateo. In fact, I covered about 9 cities in the time it normally takes me to get from home to the Calgary airport - about 40 minutes. If I had to live in Cali, I certainly would not complain about moving to any of these locations.
If you happen to be in the Bay Area and you have a hunger for a great bagel, I highly recommend hunting down a "Noah's" Bagel Shop. There is one in San Mateo on 4th that served me quite possible the best bagel I've ever tasted.
For the geeks reading this, a trip past the Oracle complex is sure to impress. This place has six towers that look ironically like old data drums placed around a huge fountain on Marine Parkway in Redwood Shores. I absolutely had to stop and take a picture or two. The Sci-Fi Museum is another must if you are at all interested in that genre of writing. As a Sci-Fi writer myself, just finding it was a thrill.
If you're looking for a quick and delicious lunch I recommend In and Out Burger. To Cali residents this comes as no surprise, but to outsiders looking for a great burger, this is a real find. They make basically two things - hamburgers and cheeseburgers - but they do it very well.
I look forward to the next trip - Maybe I'll actually make it into San Francisco next time.
Friday, February 20, 2009
Leaving Boston...
So, I’m sitting here in the Air Canada wing at Boston Logan Airport and just had to write about it. My flight was supposed to leave Boston at 6:25PM, so being the intrepid traveler that I am, I made sure I was at the airport in plenty of time. Actually my afternoon appointments cancelled so I headed to the airport a few hours early, otherwise I would just be scraping by as they loaded the plane, but in this case, I was actually early.
I’ve never been through Boston airport, so I expected it to be like any other – enter, get your ticket, find your gate then explore and find munchies. Not. On one hand the simplicity is wonderfully handy if you are prepared for it, but on the other hand, there could be at least one warning sign saying that there is virtually NOTHING past the security checkpoint going into the “wing” which cannot be more than about 2000 sq ft in total. I have friends with houses bigger than this.
I get to the airport about 3 hours early and I think, “hey, I’ll be able to explore after I find my gate.” I enter the terminal and take 5 steps to the escalator that takes me up to the second floor where ticketing is. The escalator deposits me right at the entrance to the Air Canada ticketing area – talk about convenient! So far I am blown away with the amazingly well laid out airport.
I process my ticket easily and head toward the security area so that I can enter [what I thought was] the international wing to find my gate. Security was a breeze (usually is if you know what you are doing) and I happily collected my things and carried on.
As I leave the security area, I enter what looks like one of those tiny regional airport waiting areas, but it is completely decorated in Air Canada colors, logos, flags… hey wait-a-minute….. Gate 1… Gate 2… Gate 3… that’s it.
No, really… that’s it. I turn the corner to look for more and find… a wall. There is a nice young lady standing by a till against the east wall beside a row of 2 beverage coolers with a fine selection of water, soda, fruit and either decaf or regular coffee. Period. There is a washroom (singular) and about 200 seats, which is a good thing because all 4 (yes 4) flights expected tonight are delayed and the place is wall to wall full of people.
So four and a half hours later, I am working on my 3rd coffee, 2nd muffin and have exhausted my walking options. Good time to sit and catch up on my blog.
If you do have to travel through Boston Logan Air Port heading back to Canada, don’t expect to explore the “Air Canada” wing for very long – 5 minutes should do it for you. If I had known, I would have stayed and explored downtown Boston for another 3 hours. That’s a whole other blog.
I’ve never been through Boston airport, so I expected it to be like any other – enter, get your ticket, find your gate then explore and find munchies. Not. On one hand the simplicity is wonderfully handy if you are prepared for it, but on the other hand, there could be at least one warning sign saying that there is virtually NOTHING past the security checkpoint going into the “wing” which cannot be more than about 2000 sq ft in total. I have friends with houses bigger than this.
I get to the airport about 3 hours early and I think, “hey, I’ll be able to explore after I find my gate.” I enter the terminal and take 5 steps to the escalator that takes me up to the second floor where ticketing is. The escalator deposits me right at the entrance to the Air Canada ticketing area – talk about convenient! So far I am blown away with the amazingly well laid out airport.
I process my ticket easily and head toward the security area so that I can enter [what I thought was] the international wing to find my gate. Security was a breeze (usually is if you know what you are doing) and I happily collected my things and carried on.
As I leave the security area, I enter what looks like one of those tiny regional airport waiting areas, but it is completely decorated in Air Canada colors, logos, flags… hey wait-a-minute….. Gate 1… Gate 2… Gate 3… that’s it.
No, really… that’s it. I turn the corner to look for more and find… a wall. There is a nice young lady standing by a till against the east wall beside a row of 2 beverage coolers with a fine selection of water, soda, fruit and either decaf or regular coffee. Period. There is a washroom (singular) and about 200 seats, which is a good thing because all 4 (yes 4) flights expected tonight are delayed and the place is wall to wall full of people.
So four and a half hours later, I am working on my 3rd coffee, 2nd muffin and have exhausted my walking options. Good time to sit and catch up on my blog.
If you do have to travel through Boston Logan Air Port heading back to Canada, don’t expect to explore the “Air Canada” wing for very long – 5 minutes should do it for you. If I had known, I would have stayed and explored downtown Boston for another 3 hours. That’s a whole other blog.
Subscribe to:
Posts (Atom)