Category Archives: rant

My ix2 is EOL and doesn’t finish strong – or secure…

Disappointing finish for my Iomega StorCenter ix2. The second drive failed and it has been replaced with a Synology DiskStation DS212j with WD Red drives. (more on that later) I was doing some consolidation and cleaning of the computer room yesterday and I decided it was time to wipe some hard drives including the ix2 NAS.

The replacement WD Green and the old original 500GB Seagate spin up and after a few minutes I can login via the web interface. I go into the manage disk section and I’m excited to see there is an Erase Disks section under Manage Disks. The first message tells you that you’ll need to delete all the shares (including the built in ones?!) before using the wipe functionality. The second message talks about how securely erased your drives will be. For those of you who don’t know me – here is the setup..

iomega unsecure disk wipeSecure Erase:
All data is permanently erased and overwritten to prevent recovery, user information is removed, and the device is reset to factory defaults. Disk erase is a secure operation to ensure all data on your Iomega StorCenter device is irrecoverably deleted. The disk erase process overwrites all disks with random data to prevent recovery of existing or deleted data, users, and passwords.

…and the outcome? Well I clicked it, confirmed it, and watched as the red light came on and the drives started to chug. Just like when it gets stuck doing a rebuild, I wanted to see what it was up to. I was also curious if this would affect my ability to SSH into the machine. Not only could I still log in to the ix2, I found the program that it was running to wipe the drive:

/usr/bin/shred -v -n 1 /dev/sda2
/usr/bin/shred -v -n 1 /dev/sdb2

I looked quickly at the man page for shred. The default setting is 25 times. Older versions list the default at 3. Iomega changed it to make a single 1 time pass! πŸ™

Think you might donate or craigslist your old NAS drive? Well if it’s an Iomega – don’t rely on the built in “Secure Erase” to protect your data! A single pass (while at least random data) is going to be slightly better then a “quick format”. When it finished and re-initialized I restarted it, and I STILL had root access. (read: factory defaults) To which I ran my own shred on both /dev/sda2 and /dev/sdb2.
Ciao ix2!

iomega_shred

Content (not surprisingly) is (still) King

Long time no post? Yeah… I was off building content on other sites instead of pushing content to my own. I spent some time with twitter and facebook. I did some advertising. I did some experiments, and I’m back to where I am the decider!

Monetization; Nothing is ever really free, and recently the squeeze of the all mighty dollar has been put on social media. Twitter was used to directly push eyeballs to NBC for the Olympics this year and Facebook has been slowly filtering out your feed. Now with fresh API’s and IPO’s respectively, social media is using every trick in the bag to get advertisers and it’s audience together.

Both sites control media, content, and make filtered decisions on your behalf. Remember when you saw EVERY post from your friends on facebook? They started to slowly show more of the people you interacted with. A year ago they implemented a subscribe feature that no one can figure out and opts everyone out of your feed. Soon you were asking your friends: “When did you post that?!” because FB decided that it wasn’t important. Facebook Pages are in even worse shape. Only 30% of the people that like your page will be shown any particular update from that page. “Will be shown” as in – 70% just won’t ever see it on their feed unless they directly go to your page, or you pay for that update to be promoted. Twitter has a similar model that suggests people follow you and pushes your tweets to their page.

One of my close friends liked Verizon on facebook. Or at least facebook told me that they did. Are you kidding me? Verizon has a pretty good network, but no one actually likes them. This made me suspicious and it turns out this is just another advertisement option trick.

Third party apps suffer: What I want is an app that will broadcast my words across multiple channels and outlets. I want an app that reads and parses everything from all outlets under my control. Post to facebook, twitter, wordpress, google+, etc. Show your entire timeline, all tweets, all posts. The reality is that those apps are being crushed or filtered so badly that no one will see the content when it gets there. Nothing is ranked higher then you typing an update directly into facebook.com. Hootsuite, Seesmic, Twitter, SMS, etc. will all be ranked lower (show up on less feeds) then your eyeballs on their site and their apps – looking at their ads. Google+ doesn’t even play the game. You just can’t post on G+ if you’re not on the page or using their app.

Why are we playing this game? It’s only going to get worse. We are social creatures, but at what (Buy Coke) point is the (Doritos) interaction going to be (Target) spoiled? Twitter just feels like a bunch of people yelling on mountaintops with no engagement happening. I have evidence to suggest that facebook just makes up demographic data. For example I ran an ad targeting anyone in the US that likes “rallying” OR “WRC”. It was over 250,000 people?! I can tell you that this demographic is more like 10k to 15k people on it’s best day – and that’s if I count the 25% of the population that is NOT on facebook!

Push them to the website: I’m retreating to safe waters. I pay for the server, I have a pro flickr account, my rally blog runs some ads to cover the $90 a year, and I get to post and promote whatever I want. I’ll still be on the social networks, but my goals have changed. I just want people to visit my sites and enjoy my work. If they’re interested they can sign up for updates via email or RSS. Google search loves unique content and is more likely to find viewers then a lousy facebook ad. I’m experimenting with IFTTT.com and a microblog with microposts on rallynotes.com. Instead of content ending up there, content STARTS there, where it remains king.

WordSequence For KeePass 2 = XKCD Passwords

If you’re not familiar at all with the title, click here to check out the fabulous comic in question.

“Lolz” right? Well I completely agree with it – and I’m finding that my passwords are getting longer and longer and you really have no hope of remembering them. Take at look at this monster: !J$?e04uGh=eDP (89 Bits) You have no choice but to store this in a program like KeePass, never actually look at it, and hope that your password database stays backed up. πŸ™

Password enforcement has gotten better, and worse at exactly the same rate. Here’s an example excerpt from Cal Poly’s password document. (This was discovered when my sister in-law tried 15 times to make a password that she could actually remember for her access):

Passwords must contain at least one character from three of the following lists:
1. Uppercase Alphabetic (A‐Z) 2. Numbers (0‐9) 3. Lower case Alphabetic (a‐z) 4. These Special Characters are allowed:Β ! $ % & , ( ) * + ‐ . / ; : < = > ? [ \ ] ^ _ { | } ~ These special characters are not permitted: # " @ and the space character

Passwords must not contain any of the following:
1. Your previous passwords used within the last two (2) years 2. Passwords less than 16 characters must not contain any of the following: a. Any words of three or more characters, including non‐English words b. Any groups of three or more characters of the same character type c. Any names, person, places, or things found in a common dictionary d. Any of your names (first, middle, last), any current Cal Poly username e. Repetitive characters (sequences)

The second part ensures that no password can be easily memorized. This string has to be written down. Once it’s written down, the whole reason for having passwords fails everyone, and after staring at the logic for 5 minutes I came up with something like this: 50Fu40Yo (42 Bits)

If you network admins are listening, you need to get over trying to corner users into crazy strings of letters and numbers. Dictionary words are easy to guess, but strings of dictionary words with random characters in there are just as good, if not infinitely better for users to actually remember. Lets look at this example: Wool+BladeFriction5 (105 Bits) A brute force attack is just going to go through every possible character in every possible position, and there’s 19 of them. Now for our ‘easy to remember’ Cal Poly password, the length is only 8 because I would never actually want to make it more then the minimum. Do you want a short useless password that gets written down? Or a long somewhat complex one that is memorized?

The challenge is to make a complex password that is easy to remember. The password should also satisfy usual requirements for length, capitalization, and numbers or uncommon characters. Here’s what I use:
KeePass 2 & WordSequence

Search the web and drop a couple thousand words (I used nouns and prepositions) into the window. I came up with some common substitutions (like @ for a, etc. – ‘b@ke m0re p1e’) and created complex easier to remember passwords like: Cheese4TigerDinner! (88 Bits) Most normal websites would accept this as a excellent password for the length and the special characters, and most humans could remember the phrase: Cheese for tiger dinner!

mcafeesecure password security fail

I’ve been using KeePass at the office and have really started letting it manage the hundreds of passwords I need to keep track of as a systems admin. Out of all of the sites I use, this one surprised me. The default 20 character KeePass password has failed mcafeesucure.com. Really? Too long? For a website security company 16 characters is all you need apparently. Even their giant text box html can handle 40 characters! πŸ™

Gap-less play in Winamp – really?!

File this under:Things I should have figured out in 1997.” Today I was listening to The Police – Zenyatta Mondatta very loudly. Between track 2 and 3 there was a dramatic gap that I could fit a truck into. Out of nowhere this made me think: It’s 2010 and I can’t listen to an album in mp3 without half second gaps? I know I tried to solve this problem once in Winamp and probably just gave up on it. Probably because it’s not THAT big of a deal, I missed the right buttons to get it working, or I should have stopped using Winamp 5 years ago. 😐

Well, I still use good’ole Winamp 5.0.5. Why? Because it plays MP3’s. It’s not a: download manager, media database, video player, encoder, weather bug, malware, virus, and it uses 1 process on my PC – not 5 and 3 applications plus 2 services that stay resident in memory should I decide to plug in my portable music player. /rant When it installs by default the gap-less play is not enabled. No time like 13 years later to fix something.

Fix this by going to Preferences (Ctrl + P) / Output / DirectSound / Configure
Set buffer ahead on track change to something more then ZERO. Five hundred worked for me.
Check ‘remove silence at the beginning – end of track’.

Games for Windows LIVE gets me over a barrel.

Last night my friends and I wanted to play some Dawn of War II. I bought the game sometime last year and it’s been installed and running perfectly on my PC. I start the game on Steam and it tells me that a Windows LIVE update needs to be downloaded. I wait for the blue bar to finish and I get a message that says I “may” need to restart when finished. Dawn of War II closes and I get dropped to desktop with no further explanation. I repeated this update process about 5 times with the same results. I then tried to install GFWL (Games for Windows LIVE) gfwlivesetup.exe

Games for Windows LIVE needs SP3

Oh I see. So now I can’t play a game that I paid $50 for – on my stable SP2 XP machine. The machine that played this game perfectly fine a few months ago now needs SP3 or else. There is no work-around and no way to bypass the service pack check. (Although I would bet money that if the SP check were removed from the installer, it would function fine.) No, I see this for what it is: Microsoft forcing their OS upgrades down your throat. I have two choices: Upgrade to SP3 for the next 3 hours and figure out what it broke over the next two weeks, or uninstall Dawn of War II, and play it on my new Windows 7 PC I’m planning to build in a month. OR MAYBE I’ll never re-install it and never buy another “Games for Windows LIVE” game again.

Either way, instead of a fun game night, Microsoft has ruined it and made me think twice about their product offerings. Thanks Games for Windows! πŸ˜€