Friday, December 30, 2005

i give up tonight..

I'm giving up tonight.

I noticed today that this blog had some formatting issues. I never noticed them since I always use Firefox.

Problem Numero Uno: Apparently, Microsoft IE6 has some settings that blocked some of the images in the Grand Stream Dream Blog's sidebar from loading. Firefox loaded them fine. Geesh--what's wrong with Banime and LongRangeBullet and Flickr? So to work around this, I went to an old post, re-editing it by uploading the IE offending images to blogger. Done. Now you IE folks should see the images in the sidebar just fine. I even expanded the "Claus" photo a little wider. Nice!

Problem Numero Dos: Apparently, Microsoft IE6 treats some Blogger template code wierd. I have come to learn that this is called something like the Blogger Sidebar Loading Issue. The issue is in the IE6 web-browser, but not in Firefox and Opera where the Blogger templates load the "sidebar" properly on the--well--side. However, IE6 seems to not like to handle the default code and tends to dump it at the very bottom of the page. So you IE folk who visit here may have been missing all my Friends, Links, Japan Links, etc since you probably don't go to the bottom of the blog page. Sorry 'bout that. Unfortunately, I'm not yet a L33t web coder. So I'm trying to fix it by trial and error. Nothing yet. In the meantime--if you visit this site in Internet Explorer 6, just browse to the bottom of the page and click the little "Get Firefox" button and install/use Firefox instead. You'll be glad you did, and it will same me some coding work.

You will notice I have changed the sidebar font/sizes. I also have been adding a post title. The thought was that the sidebar text was too long, causing IE to misrender it. Nope. But I kinda like the effect now anyway, so I'm leaving it be.

I'll try to fix the IE sidebar problem later.

Oh yeah! I got a 4-port router (wired) the other day and got it set up. Now I can hook Alvis's Linux box up tomorrow (hopefully) and get hers on the net as well. Oooohh. Home networking. Sweet! Took a bit of work, I had to run an ipconfig /all command and copy the values, then set the router with Static IP values since it didn't pick them up with the Dynamic IP option. That was a 10 minute detour, but turned out ok.

I was a little scammed with it (the router). The box clearly proclaimed that the router came with "firewall capabilities". Neat! Well, that turned out to be a 30-day free trial of ZoneAlarm Pro. Not cool as I already have a software firewall. So, word to the wise, look to ensure your router says that it has an embedded firmware firewall--not software...I already got that covered!

I'm beat.

See you in the skies,

Claus

Wednesday, December 28, 2005

WMF Gator Alert!

Microsoft WMF Alligator Alert!.....Something bad is lurking in the internet waters! Beware!

So there I was, cruising the internet security sites I monitor during the day today, and I came across a warning on Alex Eckelberry's Sunbelt Blog. It described in pretty good detail the WMF exploit for Windows systems. Didn't Microsoft issue a recent patch for this? Well, yes, but this is slightly different and isn't covered in that patch. (New MS advisory information HERE.)

A jump over to SANS-ISC Storm Center confirmed they also were thinking it was going to be an issue. As the day developed, they bumped their threat status up to Yellow. That's never a good sign. A couple more security sites picked up the call and Dwight Silverman made a very good summary of the issue on the Chronicle's Tech Blog.

Later Alex posted an update that gave one, then two "temporary patches" as workarounds for the exploit, until it can be fixed. Quoting Alex:
1. Unregister SHIMGVW.DLL.

This is probably your best workaround for the time being.

From the command prompt, type REGSVR32 /U SHIMGVW.DLL. A reboot is recommended. (It works post reboot as well. It is a permanent workaround).

You can also do this by going to Start, Run and then pasting in the above command.

This effectively disables your ability to view images using the Windows picture and fax viewer via IE.

However, it is not the most elegant fix. YouĂ‚’re probably going to have all kinds of problems viewing images.

But, no biggie: Once the exploit is patched, you can simply do REGSVR32 SHIMGVW.DLL to bring back the functionality.

And, it is a preventative measure. If you are already infected, it will not help. Works for IE, should work fine for Firefox users as well.

2. Change file associations for WMF files.

An equally ugly fix (but perhaps preferable) is to do the following:

1. Go to My documents, Tools, Folder Options, File Types.
2. Change WMF Image to notepad and select Always Open with this.

Your WMF files will open in Notepad. Ugly, but it is a fix.
So why the Houston Zoo alligator picture? Well, because I still am dealing with alligator issues back from when I was taking high-school driver's ed one summer and the instructor had my car drive us out to an alligator farm nearabout Wallisville, Texas. We all had to get out of the car and go look at the 'gators behind the chicken wire fence. I can't belive we did that! Somewhere in there I think was a lesson about the dangers of driving being like a skinny high-school kid in a pit of alligators. I'm not really sure, but I still haven't forgotten that day's lesson. Don't remember much else from high-school. Anyway...I'm digressing. Sorry.

This exploit, and others like it (.MOVQuickTimee file exploit) are sitting all over the internet, just under the water. They are waiting for naive Gazelles (you and me) to come across them by accident or plan. When we dip our heads onto those pages, they jump up and catch you (your pc) and can really wreck your system and sometimes your personal identity or bank accounts.

What's the solution? Keep your system patched with updates (though that doesn't help right now with this one), be aware of what is going on (by reading Dwight's blog or other trusted security sites), and finally be very cautious on where you go on the web. The majority of sites Alex notes are from overseas. Click your links carefully. Even Firefox can't protect you from everything. You really need to use some common pc sense--and it doesn't hurt to keep a Crocodile Hunter nearby to keep an eye on you as well! (Sorry, Steve and Terri--I couldn't resist!)

Now the Sociologist in me is curious to see how this information spreads. It is a big deal to us in the IT security field. It is a kinda big deal to programmers and other "geeks". It should be a big deal to everyone with a (Windows) pc. So far, no "public" media reports/notices except for a few online newspapers. Is this going to be a ho-hum story for everyone but the sysadmins who have to fix all these bork'ed pcs (an our parents')? Will the mass media even care? Don't know. Time will tell. I'll be watching the blog-o-sphere and the mass media very carefully for the next couple of days on this story....

Free Fun Bonus Link

Ok, with all this scarey pc exploit talk, I just have to lighten up the mood. What do you do with an eighth of a ton bulk order of Silly Putty? I'm not sure either, but the Google gang is having fun finding out!

Please keep safe in the skies.
--Claus

Monday, December 26, 2005

Last Seasonal Post


Last Christmas Season Post...and the MS User Profile Hive Cleanup Service tool .

Please don't get too disappointed. You can always link back to the pretty girls of anime Christmas in the back links! Ai Sakuraba (from Ai Yori Aoshi) is wishing everyone a very Merry Christmas. Click the pic to find additional fine work at the wallpaper artist's site, Vector Sigma Studios.

As we were riding in the car tonight, Alvis was in a reflective mood. She mentioned out loud that she wishes that it was Christmas all over again. In one of those odd parental zen moments we get from time to time I told her that instead of being sad thinking of Christmas as only one day in 364 others...that there were 364 other days to make Christmas anytime we wanted. We just needed to wake up with a spirit of unbridled excitement and wonder, wash ourselves with generosity and giving, and find joy in discovery of something new. She conceded that point, but then in the zen thinking of a child reminded me that some years (of the leap-kind) we actually have 365 days to make Christmas.

Lavie held her tongue. Suddenly I was singing Walt Disney's Alice in Wonderland A Very Merry Unbirthday song...

I won't bore you with the typical lists of Christmas day loot. I will say that this was the most Japanese-theamed Christmas our family has enjoyed--ever. Even extended family joined in. I have a lot of reading to do and the girls will be watching the tele quite a lot as well.

Last week was a banner week. During the week I was able to eat Vietnamese Pho noodles twice. Once a month is usually great for me depending on my work travel--but twice was too much. I usually get the number #13 bowl (large) and two spring rolls and peanut dipping sauce. It was awesome. I don't read Vietnamese at all, but the menus are pretty consistent from shop to shop: lots of pictures with numbers along side. There is an Engrish description underneath, but I just remember the numbers--no relation to The Numbers. I prefer to eat them with chopsticks--somehow and am not too messy anymore. I love Pho noodles because they really fill me up but don't leave me feeling grossed out from too much food. Especially at wintertime, nothing is more satisfying than wrapping my hands around the base of the large bowl and breathing in the beef-stock aromas. Yummy. We don't have any Pho shops around our area of town, but I did find one less than 20 min away from the house which isn't bad for us. Well worth a trip.

Speaking of eating with chopsticks, here are some handy links for how to dine:

Chopstick (Ohashi) Etiquette over at Whitehouse and Company
Chopsticks article over at the Wikipedia.

Not directly chopstick related, but yummy: visit Blue Lotus blog and see some of the most beautiful pictures of food (Japanese and otherwise) that have ever been taken. Great stuff. Man, I wish I could cook like that....

Going Solo Tech Tip:

I home-built a Shuttle Computer SK41G (small form factor) a few years ago. I won't geek you out, but I am very proud of it. It is small, quiet, and beautiful. Anyway, the only "problem" I have with it is that sometimes when we turn it off, it refuses to power back on unless you mash the power/reset buttons a heck of a lot of times. The first time it happened, I never could get it back up to life so I RMA'ed the systemboard back--figuring the power supply unit or system board was bad. The new replacement worked great, but the problem came back. I've crawled through the BIOS settings, my OS load, etc. and never got it figured out. Sometimes it would happen. Most times not.

Lately, we've been having a spat of W2K user profile corruptions. The end result is that the user still keeps their stuff but the OS builds a new "recovered" profile and keeps on trucking, leaving the user's favorites, documents, cookies in a corrupted profile. We've worked out how to recover it, but that still doesn't explain why. Anyway, in doing my sysadmin work on the issue I came across two interesting bits of information about the user profiles in Windows 2000 and XP systems:

From this link at Fuzzygroup: I learned that these systems write the user's profile into memory. If it gets corrupted, it will write the corrupted profile in memory back to the hard drive files at shutdown. Now I wouldn't go so far as to always pull the power-plug on the system, like this tech suggests. That just can't be good for the drive and powersupply unit. However, the information was very illuminating to my issue.

Next a little more searching led me to Microsoft: They have a free service tool called--get this--User Profile Hive Cleanup Service. ANY time Microsoft offers a tool for a issue that isn't included in the system load, I get curious. From their site:
"The User Profile Hive Cleanup service helps to ensure user sessions are completely terminated when a user logs off. System processes and applications occasionally maintain connections to registry keys in the user profile after a user logs off. In those cases the user session is prevented from completely ending. This can result in problems when using Roaming User Profiles in a server environment or when using locked profiles as implemented through the Shared Computer Toolkit for Windows XP.

On Windows 2000 you can benefit from this service if the application event log shows event id 1000 where the message text indicates that the profile is not unloading and that the error is "Access is denied". On Windows XP and Windows Server 2003 either event ids 1517 and 1524 indicate the same profile unload problem.

To accomplish this the service monitors for logged off users that still have registry hives loaded. When that happens the service determines which application have handles opened to the hives and releases them. It logs the application name and what registry keys were left open. After this the system finishes unloading the profile."
These two things got me thinking, I realized that the system-bombs/reboot failures always occurred after shutting the system down directly from Alvis's user account. Not mine, not Lavie's but Alvis's. Now as a sysadmin doing security work, I work hard to ensure the family pc is clean an free of baddies. I am as confident as I can be that nothing malicious on Alvis's account is causing the pc to bomb. But I have installed this Microsoft profile service and will be watching things carefully. When I get a chance to take off a couple of days, I plan to save Alvis's personal files and settings and delete her account and build a new one for her fresh. Maybe that will solve the problem. That is the lead I am working on at the moment anyway.

Only thing I can't figure out still is how a corrupted profile would keep the system BIOS from booting, period. I am sure there is still something happening in the BIOS at shutdown on this Shuttle system, just can't figure it out yet. I haven't flashed the BIOS to the latest version (I generally don't do BIOS flashes unless something is bad-wrong or new hardware won't work at all), but that may need to be done now.....will keep you posted.

Enjoy the warm glow of Christmas aftermath....maybe a new quick post or two this week while Alvis visits her grandparents.

Hi Alvis! If you're reading--this link is for you! It's a big Fruit Basket! (Not this kind!) Also look at this article about a Japanese game called Fruit Basket Turnover. How about that?!

Back into the skies tomorrow morning,
--Claus

Saturday, December 24, 2005

Merry Christmas!

Merry Christmas Everyone!

We are enjoying Chistmas with our Family today.

More tomorrow!

See you in the Skies!
--Claus

Wishing you...

A "Fullmetal" Christmas....

Last night, Lavie and Alvis joined me on a Fullmetal Alchemist mini-marathon. We have been watching this anime series running on Cartoon Network for quite a long time. Since it airs after Alvis's bedtime, I tape it on the VCR (yep, no TiVo yet) old-school style. During the period from November to now, we have been quite busy and I let almost 10 episodes build up before we finally took the time to sit down and watch.

One of the premises of FMA is that of "equivalent exchange"--basically to get something, you have to give something. As the characters mature--they come to learn a deeper, and possibly more mature knowledge of this premise. Not to give away too much, but that creating things takes an element of energy from the alchemist that is never returned or recaptured.

Alvis mentioned that equivalent exchange is a lot like Christmas. Well, not really in my mind.

I don't see it directly applying to Christmas, either in a secular or religious sense. Christians celebrate Christmas as the rememberance of the birth of Jesus--who would later become the Savior of mankind when he gave his life on the cross. One of our former pastors would always point out during the Christmas Eve service that you couldn't look in the manger without seeing the cross as well. So in that case, Christ's birth led to his death, and sacrifice for all mankind's sin. Even stepping away into the secular holiday of Christmas, I would think that people give their gifts without any thought of reciprocation or gain. Gifts given out of love and charity to people who are treasured, loved, appreciated and cared for. Of course, the realist in me has seen it happen all too often that gifts are given at Christmas time to impress and obligate. That the gift giving becomes the focus of the season and overshadows even what began as the purest motives. I've been guilty of that.

Well, off the seasonal soap-box...

At the Valca home, we are prepping for the annual Christmas Eve traditional countdown. This involves making sure all gifts are tucked under the tree, all ribbons, name-cards, bows and wrapping paper is stored away. We let Alvis open up one gift (traditionally her new Christams pj's). Lavie makes "homemade" hot-chocolate. I pop some popcorn. We spread out on the couch and watch whatever Christmas movie we find. Tonight it will most likely be "It's A Wonderful Life". Then it's off to bed. Before turning in we will probably take a break from the regular "Harry Potter-chapter-a-night" fare we usually do nightly while piled in the parental bedroom: on the reading list tonight will be The Small One (Lavie's favorite), O'Henry's The Gift of the Magi (my favorite) and The Night Before Christmas (Alvis's favorite). Then it will be off to bed for Alvis while Claus patters around by the fireplace later that night.

Claus's Christmas observations this year:
  • Does anybody else seem to collect more and more Christmas wrapping paper each year? I just can't throw it out. I know I can wrap something next year with that last little bit, darn it!
  • We ran out of gift name cards, those to/from things. Lavie had some card-stock from her scrapbooking supplies and Alvis cut triangles out to tape on the top corner of the gifts. She even did some custom artistry work on each one! I did one better. I found Alvis's fancy pattern-cut scissors and trimmed the edges of my square ones. Lavie wasn't impressed I didn't suggest that to her earlier...
  • When your family members (or you) cut wrapping paper off the roll in odd-sizes for those smaller gifts, do they (or you) cut the whole section off the roll first, or do they (or you) cut off only what you need from the wrapping paper roll and leave the odd-size section still on the roll for the next person to find?
  • Does your wife look at you funny when you suggest that it would be nice to have a single theme (different colors are fine) of wrapping paper for the presents to better match the tree? Or is it better to have a mix of fancy ($$) paper, cartoon character christmas paper, and syles than run the mix from retro-cool to simple and plain?
  • Did you buy one of those fancy rolling paper cutters for your wrapping paper earlier in the year, only to forget or eschew it for the old scissors again?
  • Speaking of wrapping, did you wish you knew how to correctly wrap any gift to begin with?
Time for the sleigh-ride....

Tips for the Bloggers....

I've decided that I still like this blog's template. I've been tweaking it a little here and there but overall, like the simplicity of the design. That doesn't keep me from looking at others, just in case....who knows. There are a lot of Blogger templates, beyond those default ones they offer you when you create your blog for the first time. So for you, here's some linkage to dress up your blog.
  • Noipo.org: These are really classy. I really like the floating images behind the blog articles.
  • Blogger Templates: These are top-notch as well. As a bonus, there are links on the side to do some clever "Tips, Hacks and Tools" for your blog. These alone are worth the visit.
  • How to Back up your Blog, #1
  • How to Back up your Blog, #2
  • How to Back up your Blog, #3 (Blogspot)
  • HTTrack: A freeware website copier program for Windows. Download your blog and archive it. I'm going to be trying this one out over the weekend.
  • RSS Feed Icons--Vectorized. Pretty and practical! Nice work Matt. We love people who share!
  • StopDesign: They have a stunning website and do design work. I like looking at their site pages for inspiration. By the way, they are they outfit that did the Blogger site redesign.
  • Anime Blog Muyo!: Included here because I really am inspired by the header image. Try clicking off the site and back. Notice how it rotates some really beautiful images? Cool! I gotta figure out how they do that!
  • Lorem Ipsum: Lavie asked me once when she was learning Adobe Illustrator, what the language the text they were using was. It looked Latin to her. Nope. It was Lorem Ipsum. Learn it, get it, and use it. It's nice when working with brochure layouts, documents, and writing. Or just generate some and email it to a friend just for fun.
Shortbread Stocking Stuffers:
Misc. News Bytes:
Finally, Last Call....
Merry Christmas to all our web-friends, and to all a Good Night!
--Claus and Family


P.S. Alvis, if you are reading this...you can't get up tomorrow morning until after 6:30 a.m. (US CST)

Wednesday, December 21, 2005

Christmas "Geek"

Blueprints for Christmas Cheer....or....Geeking up Christmas.

I'm departing from the anime themed Christmas cheer for a quick post.

Lavie works for an engineering group and brought home a set of blueprints for fireplace, tree, and roof design to enhance Christmas planning. I don't have a scanner yet, but figured they were so good, someone had to have them up on the web. Yep. Took a bit of google'ing but I found a link over at The Computer Vet Weblog. Thank's Computer Vet! This is bound to be a classic! We always had a joke (at Dad's expense) that if you were going to put it in the ground, you better put in in concrete first. Somehow this reminds me of that.....

During the search process, I also found a link to Christmas SOA blueprints. I'm have no clue what SOA blueprints are really about (Service Oriented-Architecture), but I don't really care. These are great. The author Steve Jones shows how there are several different ideas on the whole Christmas gift requesting to Santa process, depending on your position.

I wonder if there are more of these "Christmas-Tech" gems out there. If you find some, let me know!

Alvis presented us with a very detailed list of her Christmas wishes this year. I'd post, but she would probably die with embarassment and make my life miserable like only a pre-teen girl can do to her dad. When I was growing up, Christmas wish-listing first began with obtaining a copy of the Sears Wish List book. My brother and I would go through the whole thing a hunderd times. Each had his own color marker and we would circle the things we wanted. I remember really being fascinated with this army-men battle command-post mountain play set. Never did get it. Electronics were big. Games. Musical things. Star Wars sets and figures. Legos.

(Mom and Dad will remember it different from my own childhood memory) but I don't really remember asking for specific brand-items things (except Legos and Star Wars). We always shared our general interests--race cars, space toys, electronic stuff--and they always came through with the neatest things. It was magic, every Christmas.

I reflect on this because I was sitting at a light on the way home and across the street was a Walgreens that had on it's marquee "3-Toys for $11.50". As I waited for the light to change, I wondered what the toys were, were they pretty cheap? Imports? No-names. Which kids would be happy to get 3 toys that were just standard drugstore bin fare? Geesh. I had to battle malls and try 5 or more stores to find some of the things requested on the lists I was working this Christmas--and some items are so "hot" they are just plain sold out.

Then it hit me. Wow. I bet there are a lot of kids who would honestly be happy to get those toys--heck-- any toys for Christmas. And there are probably quite a few parents out there who will get some of these toys (maybe with guilt and reluctance) because they are the only ones they can afford or find. And come Christmas day, the kids will be happy (well, most will) because they got something and were remembered by people they love. And the parents will smile inside because the child or children they love are just happy. Period. Just happy.

I think I'm going to go pick up a gift or two and donate them to a toy drive, just because of this sign.

Time to go watch the "Grinch who Stole Christmas" again.....

See you in the skies,
--Claus

Saturday, December 17, 2005

Top 10 Anti-Malware Tools

Claus Valca's Top-10 Anti-Malware tools for this year...and a whole lot more stuff!

First, we survived the final big Christmas shopping push today with no major disasters. Lavie and I tried to make a shopping list to help us focus before we hit the BayBrook Mall today, but gave up in frustration with a lack of ideas and just decided to "wing-it". Weather was pretty typical London fare--windy, wet/rainy and cold. We reached the mall and found traffic horrible outside the mall but remarkably tollerable inside. I've noticed that (this season) instead of the Salvation Army bell-ringers and Santa greeters, almost all large box-stores (Best Buy, Target, etc.) have local uniformed police officers on patrol instead. The coolest officers seem to like parking their cruisers directly on the sidewalk itself and making you walk around them. Nice. The mall we went to actually had a mobile sub-station set up on the parking lot perimeter. It must be too cold and wet for the mounted patrols though..Oops...I digress....(and I really do appreciate their work protecting us!)...Anyway...

Under some active miracle (was Belldandy watching over us?) we hit the first store and it was going of of business and many things were 60% off. When we left just about all the ladies on the gift-list were taken care of. First store. SCORE!!! While we were checking names on our list, an idea popped up and GOOOOAAAALLLL! Had it, got it. Done. It went on like this the whole time. Amazing. Prices were unbelivably good. (This is an important factor this year as Alvis had braces put on this month and the budget took a heavy hit with our intial contributions to her Orthodontist's swanky new office suites --the chairs all have their own GameBoy!). When I was growing up Mom and Dad took us to a very nice dentist but all we had to look at were Highlights magazine and the wierd scenic wallpapers.

So shopping done, we grabbed a late lunch at the Sweet Mesquite Grill and were back home in under 6 hours. Nice. Only bad thing is a USB-cellphone data cable I picked up that the cell phone store swore would be compatible with our cell-phones (bad sign #1--had different models listed on the front). Ok, I'm willing to be open. Tried to load the drivers since they weren't on the CD (bad sign number 2)--via web download. Failed. Eventually I discovered that this model of data-cable, while fitting both the phones connector interface, wasn't compatable after all. I'm taking it back and just ordering one on-line direct from Nokia. I snagged an e-coupon on their site and it will end up being cheaper than the one I picked up in the mall anyway. I can use the Nokia software on my laptop since it and my model cell phone have infrared ports. But Lavie's doesn't so that's why I need the USB cable adapter. She saw all the cool anime wallpapers I trimmed up for my phone and now I have to power-tweak her phone too!

Enough about me, now...to the tech!

"I'm making a list, and checking it twice! Valca Claus is going to take on malware that's been naughty with some security tools that are nice.." Let's see what Claus's lovely Hina Girl elves have in the gift-bag for you.

Paperghost had a blogpost on his security site about the security tool "HiJack This" that got me really thinking. So now I'm going to do a "Claus Valca's Top-10 Anti-Malware Tools List" for you fellow system administrators and malware warriors! (Like the web really needs another one!)

My selection conditions: Must be 100% freeware or have a free for personal use version, must have a fairly understandable interface (I use lots of command-line tools, but many users don't find that comfortable), and must be able to be used (safely or not) by users with normal to above-normal computer experience (in case I have to walk them through using them over the phone). Windows only for now--sorry MAC/Linux fans--but then again, you don't really worry about malware do you?!!! And with the exception of the Microsoft product (big-surprise) all of these can be downloaded to a USB device (or even burned to a CD-R) and used as portable tools!

Meirjn's HiJack This. Coming in at a strong number one spot. This is always the very first tool I will run on a system that is reported to have malware issues. Why? At a glance the scan results tell me just how bad an infection I am dealing with. It helps me to focus my attack strategy. I'll normally make some notes, save the logfile and clean the obvious items first right here. I always do multiple rescans after cleaning/removal of entries. If I note that any reload or come back renamed, I'll know I have some more intense work to do.

Sysinternal's Process Explorer. I usually have this running either alongside HJT, or just after. This tells me what processes are running in memory. The advanced tools allow me to track down which processes still has a malware .dll file in memory that the system will not allow me to delete the file itself. You can search for dll's and processes, and highlight windows/etc that are showing to find the process that is controlling it. It is a very powerful tool that in the right hands can be better than a katana in the hands of "The Bride" slicing through malware scum.

(Tie) Sysinternal's RegMon/FileMon. Run these tools to log the calls to your registry and files. It's a great way to track down who is trying to do what, and from where. I've found some hidden applications by watching who was monitoring the registry while IE was running (and generating a ton of popus) and then where they were running from.

Noël Danjou's Locked Files Wizard. This handy little app can save some time. Some malware files can be very stubborn about getting deleted. They just refuse to budge. This app can help delete such stubborn files and folders from your drive. There are other--more technical ways--to do this, depending on what Windows OS version you have, but this tiny tool has saved me a lot of time.

Spybot Search & Destroy. The first malware scanner/cleaner tool I broke my teeth on. It still is running strong. Yes, it can't clean/catch everything, but it is great for bulk-cleaning a system of malware in a single pass or two. The Advanced Tools options can provide a wealth of supportive software that really compliment malware removal and system lockdown afterwards.

Sysinternal's RootkitRevealer. Did you know that there can be "super-hidden" files on your pc that you can't normally see, even when you set your Windows Explorer to show them all? Yep. Some are downright nasty. This can shine some light on them. It takes a long time to scan a drive, but it a great tool for finding where these creepy-crawlies are hiding!

LavaSoft Ad-Aware SE Personal. A few notches down is the 2nd anti-malware bulk-cleaning tool. I use it to compliment Spybot as they seem to find things the others don't. It can list a lot of MRU's (Most Recently Used--a.k.a history) items that are distracting and not at all malware, but 0nce you get past it's busy interface--it is a great program.

Microsoft AntiSpyware (Beta). Yeah; it's not portable and only runs on XP/2000 systems, but I have to confess, Giant had such a good product the M$ machine bought a good thing when they saw it. It seems to integrate well with XP/2000. Scans can be deep and still fast. I question some of the default action settings ("Ignore" malware instead of DESTROY with Nukes!!!), but those can be changed. I also like that when it is running in a defensive mode, though "chatty" with alerts from the system tray, they are pretty well color-coded so the most untech end-user generally can figure out "it's red--that's bad--I think I better block what it says...or...it's blue or green...maybe not so bad."

Sysinternal's AutoRuns. Kinda like HJT, but the unabridged version. HJT looks for targeted locations in the Windows registry, while Autoruns shows all the processes, actions, etc that are scheduled to...well...autorun at a system boot. You can disable items without removing them--good for troubleshooting. Then go back and fully delete them if they are as bad as the looked to be.

Mozilla's Firefox/Portable Firefox web-browsers. Using an alternative browser (configured to prevent wholesale Javascipt execution) that doesn't use ActiveX will go a long way to preventing malware from even getting on your computer. I like keeping the portable version on USB so that when I am working on an infected pc, I don't have to use IE to download/browse the web while troubleshooting. Using IE while the pc is infected with malware can lead to an overload of popup windows and possible even more infections. So if the user insists on using IE, I can still use the portable version of Firefox and can leave a copy on their HDD for them to check out as well.

Honorable Mentions. I don't use these very much, but they make good special-teams unit players to call out onto the field for some special plays.

A-Squared Hijack Free: Similar to HJT. Gives a pretty wide view of things at a glance.

BHO Demon: No longer supported. Scanned IE for browser plugins and provided info/removal.

Spyware Blaster: Use this tool to lock down IE/Firefox from spyware using "whitelists" that get updated. Prevents/restricts ActiveX as well.

CWShredder: Nice tool to use to quickly scan/clean as system of CoolWebSearch browser/system hijacks (usually works).

LSP-Fix: Use this standalone tool to rebuild damaged Layered Service Provider items. Some malware make additions/changes to the LSP list and removal of the malware can prevent the internet connections from working. This can help repair them.

Advanced Process Termination: Every now and then a malware process just refuses to go quietly. It won't budge. This really brilliant tool allows you to use one of several programming methods (some easier on your system stability that others) to kill the running process. It is small, light, and free. Nice tool when all else fails before trying to boot in safe-mode.

Final comment. This list isn't dealing with virus/trojan bugabos. Just malware. I'm saving those for another day. Nor am I a malware researcher like some of the other pros. So they will use some additional tools to take pre/post infection snapshots of the registry, use packet sniffer tools to watch network traffic, etc. I'm not getting into those here. My primary task here is getting them off the pc, not finding out where they came from, who they are calling home to, and what other things they are doing while infesting the computers I support. Those are VERY important things and I follow the other pros in that field to stay informed on those things to help me know what I am dealing with, but I don't collect my paycheck for malware research work--"just get that user's pc up and running again"--hopefully without having to pull out my image cd's.

New Tool from SpyBot Team!

While validating the site links above I ran across a new tool offered by the folks who bring us Spybot: RunAlyzer. It is another variant of software (mentioned above) that displays items in your system startup group. I haven't played with it enough in "live-fire" exercises to judge it yet, but if it is from the Spybot team, it should be a good tool. The download is a bit challenging to find; use this link to get to the download/screenshot page. Note, it is still in Alpha (development) stage, but it seemed stable so far for me.

The rest of the Tech:

Quick hack to make a bookmark that resizes your browser window if it gets changed by a website. Neato!

Can a firewall be portable to USB? According to a forums poster, these two apps fit that bill. I can't vouch for them yet, but they are heading to my "testing" system to see: AS3 Personal Firewall and GhostWall. Both free but I'm not giving an endorsement yet.

CCleaner. Nice. Not really a malware tool. More of a system maintenance tool. Nice interface--lots of options.

iTMS Album Art Finder. Copy the url from iTunes and it will find the matching album art (if that's important to your iPod experience).

If you use a laptop like me in the field on tech-calls you may just have one PS2 port on your laptop. I don't like using the touchpad/keyboard of my laptop any longer than I must. When I'm at a field office away from my docking station I pull a keyboard or mouse from an unused pc, but I can only use one or the other (we aren't using USB keyboard/mice yet). But this handy set combines two PS2 plugs into one USB port. Cool!

Someone thought it would be clever to set up a spoofed McAfee website and offer a anti-virus patch for the "Kongo31.XRW" virus (which there isn't such a thing). Only trouble is that if you use it on your system to clean something you don't have....surprise! You just downloaded the "Trojan-Downloader.Win32.Hanlo.h". Bummer. I hate it when that happens. Link at F-Secure.

Not really sure how to use this tip, but it seems you could load just about any content in your Firefox sidebar--just check that little box in your bookmark item properties.

Moving on to RetroWorld:

My brother and I used to live on some early hand-held LED electronic games. These emulators allow you to recapture the thrill of retro-electronic nirvana. LED Head. He's got all the classics: Armor Battle, Baseball, Football (I and II), Sub Chase, Space Alert. Wow!

Virtual Merlin. Did you have this Parker Bros. gizmo? Man, this thing brings back the memories. I think we got this for Christmas one year.

Bits and Pieces...

More things you can do with folded cardboard. I think this is shaping up to be a new Grand Stream Dreams favorite blog topic.

More fun things you can do with industrial design over at DesignBoom.

I'm saving icon-love for another blog-day, but for some sweet Christmas Season desktop patterns, head on over to the retro-wonderful Pixel Decor. Jen is brilliant and generous with sharing her hard work and efforts.

When we would go and visit my Dad's parents in Missouri, they had a basement we would sleep in. Piled against one wall were hundreds (?) of old issues of Popular Science and Popular Mechanics magazines. Old ones. Very old ones. Modern Mechanix is a blog that captures scans of these early-technology days of wonder and exploration. This site brings back memories of the basement and visits to Grandpa's place. Man it's fun to read these again!

Lavie loves to watch those "I Love the 80's/90's" shows on cable. I'd rather forget most of those years myself, but I still find advertisments facinating glimpses on the changes our American society has gone though the decades. This site Adflip has scans of a multitude of ads from the 50's onward. They are awesome and great. It's another of those fun sites that make you why you want to spend so much time looking at things you would otherwise work hard to avoid.

Gillian had a birthday! Happy Birthday Gillian from the Texas coast!

I'm tired. It's late. But before we say good-bye. Check out Happy Palace. It's a blog that captures images from other sites/blogs--but without almost any comment or context. Wierd but fun.

Going to bed now....
--Claus

Saturday, December 10, 2005

Ch33r B0t


Microsoft WindowsOneCare Beta, CopyScape Blog Piracy Checker, Make your Gmail a storage drive--and more Tech madness! But first--Claus gets into the Holiday Mood!

Lavie was kinda surprised to find I was in a "scrooge" mood last post regarding the Christmas season so far. I didn't mean to say I was bummed out; only that it seems to take me a longer time to get up to speed. So I have started a mental conditioning program: I have turned off NPR during the day driving between network service trips and have been iPodding out on Christmas music. My favorite right now is HearMusic's Holly Days and Mistletoe Nights. I am going by Starbucks later today to try and pick up two more CD's (#1 and #2). This points out an interesting (to me) revelation: I prefer jazzy, croonie Christmas music. One of my co-workers was playing some Frank Sinatra holiday tunes in the dungeon level cubes we inhabit and I felt pretty seasonal.

As I was driving home last night, I passed a house that fit my image of Christmas perfectly. I told Lavie we had to stop by tonight and see if we could snag some picture for you all. It is small, white and decorated with dark green garlands and deep red bows. The only thing it was missing was snow packed up around. My heart pitter-pattered in Christmas cheer! I also saw a clip on GMA of the White House all snowed up with the "Holiday" wreaths and such. It was pretty. I did a quick search and found the White House website has a posting about all the Christmas decorations (this year and previous). Very beautiful stuff. (Nice to see our tax dollars hard at work! I guess I'll let this one slide...)

Last night, Lavie, Alvis and I gathered around our digital fireplace (the tv) and watched "I want a Dog for Christmas, Charlie Brown" Next week "A Charlie Brown Christmas" comes on: That's a perrenial favorite in our home. Now if I can catch "White Christmas" with Bing, Danny and Rosemary, I'll be set! Of course, for the anime loving crowd, there is always "Love Hina X'mas Special." Kawaii!

This time of the year, down here on the Gulf Coast, things just seem so brown. Not at all like the white and evergreened images in my mind that Christmas should look like. The grey skies don't really bother me. At least it has been cooler. Last year's snow on Christmas day was really special. I've also noticed that there doesn't seem to be any consistancy with Holiday decorating around our area. You may hit some areas of town that have gone all out, but drive through most neighborhoods and many houses look just as plain as ever while others are all decked out with lights. Maybe that's where my problem lies---Christmas to me seems like it should be a community and family wave of togetherness and celebration. Not just some token decorations here and there. (And I'm not talking about the community and family wave of togetherness we call the holiday shopping crush. That doesn't count!) Maybe I'll just blow the savings account and hop a plane to Japan and hang out with these folks, sipping some Bailey's. Pretty!

Christmas Factoid: Did you know that hamsters can get seasonally down as well? Yep, it's true! My guess is that it's either because all they keep getting is that stupid ball to be terrorized in by the dog for their gift, or they were forced to watch this thing all day.

In other related animal cuteness....I've been jonesing out on the newborn Panda cub in the Washington zoo. But now there is this cute otter baby at the Seattle Aquarium!

Now for the tech....Gee, it's been a busy week....
  • Windows OneCare Beta--available for (free for now) download for XP users. This product seems to combine enhanced firewall and anti-virus products into an integrated product along with some other pc maintenance items like defragging, backups, system tune-ups, defrags, and file cleanups. Blog buzz on the web has been generally light but favorable. I personally will pass--beta or not. While it might be good for your non-tech parent's pc's, I prefer my more pragmatic approach. Different products for different needs. Futhermore, I haven't had good experiences with security suites. I do more than a few home-support calls where the suite isn't playing nicely with its components. Besides. Different products mean (maybe not logically) different code so a single exploit would be harder to take down the entire security package operation.
  • The next greatest time-waster after crossword puzzles...Suduko has hit the web!
  • CopyScape. Ever wonder if someone is lifting your blog content and posting it as their own. Pirates! Plagerists! Prepare for a broadside! This is a must have bookmark for bloggers. Put your blog address in and the site will find content matches in other blogs. Monitor where your content is going! Think it doesn't happen? Check out this post from over at Kaonashi Ga Kuki blog for more details. Girl got caught making her blog almost entirely out of other's blogs--total cut and paste--and claimed it was her own. Uncool! Of course, just because it finds a match doesn't mean the site plagarized it. It could be a credible block-quote from your site (or your's from theirs). Just play nice folks, and give proper linkage or credits!
  • First there was the cardboard pc case (Japanese). Now you can get some matching cardboard pc speakers. I kinda like the idea--in an enviromentally friendly way.
  • Then there is this custom Sangaku Japanese Case Mod. Wow! This thing is a masterpiece!
  • Paul Stamatiou blogs that the next Thunderbird email client will have Tabs like Firefox now does. Neat!
  • Speaking of Firefox, TechSpot has a nice user guide to tweaking Firefox. Good general guide for users looking to "kick the fox up a notch!"
  • Want to really put all those GB of G-mail to work? Convert your GMail account into a storage drive! Check out this Gmail drive shell extension. If you still have some extra unused "invitations" for gmail, maybe you could set one up for storage only so you don't bomb out your main email account. Looks really neat. I'll let you know what I find out when I finish setting it up.
  • Spotted on slashdot: 10 really bizarre USB drives. The drives are pretty normal, it's the cases that are freaky (Oh, those wacky Japanaese designers!) . This one is really tiny!
  • Neat bird's eye satelite images of LasVegas (and a few other places) via Microsoft's Live.Local (Virtual Earth) (NOTE: seems to like IE not Firefox--imagine that. Open link in IE or (even better) use IE Tab for Firefox). I've been spending hours combing the pics trying to find Grissom and Catherine. No luck yet. Oh, here they are: G and C. Maybe Microsoft's camera's are better that we knew....what a babe!
  • Icon Workshop 6.0: I'm an icon junkie. I collect icon packages bigtime. So when I hear Vista is going to support 256 x 256 PNG quality icon depth, I get excited. Mac Users have been swimming with gorgeous icons for a while. Now we Windows users can enjoy them also. This application promises to let icon artists for Windows up to Mac level quality (well, almost...). Free 30-day trial download. It's cheap enough I can afford it, and they have a free lifetime upgrade policy, nice.
  • Z-zip has a new version release. It's a small and fast (free) file compression program. Yeah, I know XP comes with that built-in, but I like this one and carry it on my USB drive for those 2000 and 98 boxes we still support. Others I like with slightly nicer interfaces are TUGZip and ZipGenius.
  • SmartFTP: Free, nice interface. Handy. (My primary FTP application remains FireFTP.)
  • Video spotted over at Drawn! blog: Le Papillon. You just have to see this BEAUTIFUL asian film done in Quicktime. It's illustrated work over a heavy watercolor paper background. Wow!
  • Also from Drawn! blog: illustrator Mickey Duzyj work is featured. If you like hard-edged graphics this is for you.
Special Bonus Linkage for you Harry Potter Fans!
  • MuggleNet has done some tweaking on their site layout. It's looking a little more polished and they have some new site-skins with the HP-trio a little more grown up. This is the first place Lavie, Alvis and I get our HP news.
  • One of the reasons I finally got broadband was to be able to cruise "Galadriel Water's New Clues to Book 6" forum. This is a monster place that may be one of the largest forums on the web. It is my idea of how the perfect forum should be. Heavy content. Heavy postings. Great and active moderation. Very insightful postings from a devoted fanbase. There was so much stuff here in the HP Book 5 forum that dial-up just couldn't handle it. Now they have opened it up for HP Book 6. If you consider yourself a HP fan, you have to bookmark and visit this place:
  • HPL: Timeline of the Wizarding World--If you have difficulty trying to keep up with just where all the key events in the HP world fall, this is the site for you.
  • The Leaky Cauldron: Our number 2 site for HP news and updates.
  • And of course, there is the site of the grand-dame herself: J.K.Rowling Official Site. Very nicely done. Have fun playing around on her desk. Great ambient sounds.
Finally, a big thanks to Dwight Silverman over at the Chron.com. He alerted me to Grand Stream Dreams being listed on the Chron's Opinion page under their BlogWatch section this past week. Neato! Thanks again Dwight! You can't see it now and Google's since recached their page, but I managed to snag a screen capture of it for posterity. This is heady stuff for a new blogger!

See you in the skies!
--Claus

Tuesday, December 06, 2005

Hacking the Fox


Ok. So you did the responsible thing and downloaded the latest version of Firefox (v1.5). Great!

For many of you, this probably was an upgrade from 1.0.7. Like me, you probably had quite a few extensions that you soon discovered no longer worked. Bummer. You have checked for updates and still don't find any now. Double-Bummer.

Don't loose hope so soon--Grasshopper! Here are two tips to getting some of those Firefox extensions up and running!

Method 1 -- Do a Google on the Firefox extension's name and try to find the developer's website (instead of the Extensions page hosted by Mozilla). In a number of cases I was able to find the new 1.5 compatible version on their website before it hit the Mozilla Extension rooms. I got fireFTP a couple of days earlier this way.

Method 2 -- This is more of a temporary Firefox extension .xpi "hack". Use it only if Method 1 strikes out and you just HAVE TO HAVE that extension! (like Spoofstick or PrefBar).

Step 1--Download the .xpi extension directly to your hard-drive. (Don't install it!) In Firefox you can accomplish this in most cases by right-clicking the "Install" link for the extension and select "Save Link As"

Step 2--Using a file-compression program that supports RAR files (I use the freeware 7ZIP) open the .xpi archive.

Step 3--Unpack the install.rdf file you should find in the .xpi package.

Step 4--Open the file in notepad (or you other favorite text editor).

Step 5--Look through the code and find where the em:maxVersion entry is listed. Usually it is near the bottom of the file. Sometimes it is higher up. You should see a value that is less than 1.5 like 0.9 or maybe 1.0.7 (Look carefully...some extensions can be used both for Firefox and Mozilla and have that value there for both. Modify the one in the Firefox section if you see that type!)

Step 6--Change that value to 1.5+

Step 7--Save the file with the name install.rdf (should remain same!)

Step 8--Move the modified file back into the .xpi package, overwriting the existing file.

Step 9--Open up Firefox and go to Tools-->Extensions to open the Extension Manager window. Open up your Windows Explorer and browse to that .xpi file.

Step 10--Drag the .xpi file you modified onto the Extensions window and drop it. If you did everything correct it should install.

Step 11--Close Firefox and reopen to apply the Extension.

Step 12--See how it works!

I have done this with a large number of Extensions. I only try for ones that were available for and running under Deer Park without issues. Using the ones for 1.0.7 might work fine, but there is a little bigger risk of failure.

I don't recommend changing the em:minVersion value to update the extension's version number (though I guess you could if you really wanted to). My thought on that is by not changing the version number, the Extension manager should be able to catch the "true" Extension update when the developer finally offers it.

If you find your "hacked" .xpi extension doesn't play well with v 1.5 you should be able to just delete it from the Extension list. (Disclaimer: I haven't borked out my Firefox build by doing this, but who knows what may happen on your....you were warned!)

I don't take any credit for this "hack." Firefox lovers have been doing this for years in the forums...I'm just offering my wisdom to you that I learned from the Fox Masters before me!

In other Extension news--I have switched from PrefBar to NoScript (kind of noisy though) to block Java Scripting. I have also switched from Statusbar Clock to FoxClocks.

The image above apparently isn't really of Firefox-tan but of Hana, a "Ghost Mascot" whatever that means....but she is cute anyway! If anyone finds out who the actual artist is, let me know so I can credit.

See you in the skies!
--Claus

Saturday, December 03, 2005

Is it really...

Christmas time already?

I find it really hard to get started "getting into the season." I'm not sure why. I really enjoy fighting the swelling crowds of people in the stores. Who wouldn't like the even worse than usual traffic jams around the shopping centers. The loads of ads on tv that appear to be holiday themed but leave you wondering "what were those ad-guys thinking?" Then again, maybe it is the fact we can run around in our shorts pretty much all the month of December down here on the Gulf Coast. Oh well.....

Been a busy week in the IT trenches. We are having a lot of bad network client upgrade/installs that got pushed down to the pc's. I'm still not sure what is causing the problems. I suspect (since we don't warn users we are pushing software) some users are resetting their pc's mid-install and when they reboot the files don't match or are not all present. It took me two weeks but I have worked out a series of steps that can get the old software pulled off, the registry modified, a couple of tricky reboots and manual reinstall/configuration of the software. Takes about 30 min to do, but much easier that saving the user's data, reimaging the computer, then restoring all the applications and user's data back to the computer.

I saw some news on Window's Vista that looked promising. It appears they are working on incorporating "semi-reboot" into the build. So when you have to shut down your system due to an update or something, it tries to do that by closing only the processes it needs to. If that doesn't work, then it will reboot the entire system, but only after taking a "snapshot" of the system state (like what applications you had open first) and then will restore them when it comes back up. Interesting idea. Here are some wallpapers found in the latest Vista Beta as well for your enjoyment.

In other Microsoft news, it looks like a new patch down the road with slightly change the ways ActiveX controls plug into their Internet Explorer. They decided not to contenst a patent Eolas was claiming. So the end result is that you may have to click one more link to get a plugin feature to work in your IE browsing sessions.

Here's a tip for all you GMail fans out there. By simply starting your GMail sessions with https:// you can ensure you start and maintain a secure email transaction the entire session. Not just during your login. Neat! This is way more secure and helps keep anyone sniffing your packets from seeing what you are transmitting. I use GMail a lot and have already changed my bookmarks to encorporate this tip automatically.

Mozy offers "free" data archiving on their servers. 1GB or 2GB depending on what you sign up for. The only catch is that you have to agree to get some emails offers from them. Could be handy in a pinch.

Dan Gillmore posted an article that really gets my hackles up. He points out that many of the telco providers are begining to not feel happy just providing you with access to the "broadband pipes" that you pay for. They feel they also should be able (that it is their right) to control the information you choose to send and receive while you use those pipes. Why is this a big deal? Let me give you an example: Say you subscribe to a cable broadband provider. They offer VoIP service, but you decline and choose to use something like your hard-line phone and SKYPE instead. So basically, they block your SKPYE traffic. Don't want to use our service on our lines? Fine. But we won't help you use a competitors! What if the electric company wanted to tell people what they could and couldn't plug into their wall outlets? Is it really that much more different? I am paying for a "point-to-point" data-transfer service. You are the data-packet carrier. As long as I don't violate the conditions of my subscriber contract--you shouldn't tell me what I can and cannot send over the wire!

I wonder if the free and open net is going the way of the open ranges...I see barbed-broadband wires in the near future. Geesh. If this attitude keeps up, I am really going to start supporting the idea that public municipalities need to get into the broadband business.

I paid my phone bill today and they asked me (again) if I wanted to sign up for DSL. I told them I went with a cable broadband because I had been asking my phone company (them) for DSL for two years but they won't extend it to our area in the middle of town. The sweet phone teller assured me I was incorrectly informed, so for amusement I let her check.....She was so disappointed to find out her customer was still correct.

Growing up, mom and dad had these cool "flip-style" bedroom clocks. They had a orange backlight glow and the numbers were on this Rolodex syle flipper. Every so often they would "flip" a new number up. I could sit there and watch them for hours. Imagine my surprise when surfing over at Retro Thing and what did my eyes spy, but a new one from Casio that would look right at home over on bridge of the Silvana! Neato!

I was on my pc the other night and noticed the clock had gotten off as much as 20 minutes. That is pretty bad. I have it configured to automatically check the time and update it, but it wasn't doing it fast enough. There are some extra registry hacks you can do to tweak out the frequency check and location of the time updates on XP and 2000 systems.

The Leaky Cauldron has a good photo gallery of Harry Potter and the Goblet of Fire movie set items that were on display over in Japan. The detail on these things is incredible. I think that is what helps the movies be so fanstastically believable.

My cellphone wasn't keeping it's charge as well--and who wants to just buy a new battery? So I picked up a Nokia 6102 model. I haven't had a flip-style phone and wasn't sure at first if I would like it. The other day the battery dropped too low and it shut off (my fault for not charging it). I had a car-charger, but silly thing is, I have had it on ever since I bought it, so I didn't bother reading the manual to find out how to turn it on/off. I had to surf the web at work and download a pdf version of the manual. (Us IT geeks, who needs a manual? OK, maybe me!) So while I was figuring out how to turn the dang thing back on, I found out that the on/off button I had been pushing fruitlessly wasn't a on/off button at all, but an infrared port. Hmm. That's interesting. That calls for more research!

Turns out that this phone can data-connect via infrared to a pc/laptop. You can sync files/photos upload/download files and images to and from the phone (yeah, mine has a digital camera and an FM radio in it--Alvis is beyond herself with pleasure at this development). So I downloaded the PC Suite software from Nokia and darn it, this thing is really cool! I have created some custom wallpapers for my phone displays (main and mini)--anime and Japan themed of course! Right now I am using the infrared port via my laptop, but I thing I am going to get a USB infrared port for my desktop pc. Nokia offers a USB data cable as well but it is almost $50 so I can wait for that one....Lavie has had both Nokia and Motorola phones, I have always kept with Nokia and really love them.

I am going to be adding a new list of blogs to the right of this page. This list will specifically include links to bloggers from Japan. There are a lot of interesting bloggers out there in Japan, and many have great photography and thoughts.

IT Shortbread:
UT Longhorns win the Big-12 Championship 70-3 over Colorado. I wore burnt-orange all day today in support of my poor UT grad brother--stuck at work and not over in Reliant Park. I know it's wrong on so many levels with Bevo, but this UH Cougar grad feels like steak for dinner in celebration!

See you around the dinner table!
--Claus

Sunday, November 27, 2005

One of these things...

...is not like the others!

Growing up I had one of these books. "Richard Scarry's Best Word Book Ever". Kokogiak posted a looksie on Flicker that shows how the 1991 edition differs from the 1963 original. It is a fun romp through political correctness and modernization. I believe mom even made a hand-stitched Lowley Worm plushie for my brother. Hint, assuming your browser is properly configured, you should be able to hover your cursor over his pictures and highlight the changes.

Don't expect anyone but die-hard manga and anime freaks like us to get this one, but a very creative individual posted a flash movie takeoff. They took the opening credits to Azumanga Diaoh anime series and rebuilt it for the Yotsuba&! manga characters. Very well done if you've familiar with either one.

More Mozilla tips:
  • If you are using SAGE for your RSS feeds, you can customize the templates the feeds are displayed it. It isn't obvious from the extensions page. You need to go directly to the SAGE site. Check out the Styles link and follow the previews/instructions. I really like the dual-pane display, but am using the "Hicks" style sheet since the colors better match those I'm using in my Firefox browser (Outlook 2003 Blue).
  • Paul Stamatiou outlines how to change the Firefox "throbber" button to link to any-other link of your choice. It seems so obvious now.
  • Rumors on the net seem to suggest that next week, Mozilla will make a final release of Firefox 1.5 Right now they are sitting on RC3. I have been very happy with it. Only 3 crashes. I just wish my favorite extensions would catch up to this release for compatability.
  • Speaking of Extensions for Firefox I've been running "No Script" for the past week now. I saw it referenced on SANS and thought I would give it a try. It basically prevents JavaScripts from running during your browsing sessions unless you allow the site to run them (trusted location). JavaScripts are not necessarily evil, and are required on some sites for features to function properly. However, they can be used to install malware or redirect you to undesired locations. The only thing I don't like about it right now is that it is kinda "noisy". I've configured the notification to show for only 5 seconds, but may need to set it to zero. You can allow scripts to run temporarily or set the site to always allow them. The more I get configured, the quieter it is, but it does kinda intrude on the surfing experience. Hmmm. Do I want web-safety or speed?
Songbird Media Player--coming soon. Found this while trolling the net. My very first thought was "Sheesh. Looks just like iTunes. Hope they don't get sued by Apple." Looking at it though, It could be a really nice media player/organizer for those who don't have iPods but want to manage Podcasts and such. Will have to keep an eye on it for now.

In Firewall news--it looks like Symantec is about to kill off Sygate Firewall. Sygate recently got gobbled up by Symantec. They offered a free firewall for personal use. First we lost Kerio, now Sygate. Who next? I use ZoneAlarm and have since day one, but like to have alternatives to propose to individuals. My father-in-law's Win98 pc eventually refused to play nice with ZA so I switched it to Sygate since it was one of the last that supported Win98 OS.

Speaking of firewalls...should you get a hardware firewall instead of using a software firewall? Or maybe use both? Since I am a pretty parinoid person when it comes to pc security, I have been considering dropping in a physical firewall/hub device between my cable router and pc. The benefit of a hardware firewall is that it provides an additional layer of protection for your network and is not OS linked, so if your system is compromised, it would (hopefully) not be and still provide some protection. I haven't made a final decision yet. One more article.

I like lists. Here is a good one: Scott Hanselman's 2005 Ultimate Developer and Power Users Tool List. Some is freeware--much is not. Some is useful...much is for software developers. But it is a good list anyway.

The Houston Chronicle website just did a major rebuild. I know the team worked hard on it and it shows. I just am an "old-school" guy and miss the old site layout. Too many graphics now and it is challanging to navigate. I find I am making lots of bookmarks to favorite sites instead of just browings to the main page and going from there. Oh well....

Special blog feature

Opening up a can of malware spanking on
gjhdumf.exe!

Last week I had a real malware smackdown at work. Got an assignment to look at a user's pc that had a bad network client software upgrade. Got that fixed easy enough. (Good tip#1--know was MSGINA.DLL does and how to use it to your advantage!) So then I started doing the usual MS Automatic Update configuratations using the gpedit.msc tool running the malware scans/cleans (found a ton to clean). Then I downloaded and ran the latest MS AntiSpyware tool. As part of this whole thing, you have to agree to an ActiveX download to validate the OS first. So when I got an ActiveX popup, like the 1000's times before I just robotically clicked "OK" but in that horrible second after you do, I realized what I had read but not processed. That wasn't the MS ActiveX window (which popped up a second later). So I had to pull that first ActiveX out. What is going on? I paused and looked at the pc. Several popunder windows had appeard that I didn't notice. I reran all the malware scanner tools and the MS Antispyware. Clean. But I was still getting pop-unders. HiJackThis showed a clean registry as did SysInternals Autoruns. Hmmm. I ran CWShredder. Ok. Cleaned one more off. Rebooted. Everything looked clean after another full check. Browsed with IE and bam. More pop-unders. Checked the system processes but everthing there was normal. Hmmm. Rootkit? Possibly.

So I rebooted and ran SystInternals FileMon and RegMon applications (concurrently). Then I fired up IE and started browsing. Soon enough I was getting pop-unders again. Once I was sure I got enough I closed IE and went back and examined the logs. Soon enough both showed that once IE was launched, a process/file called gjhdumf.exe was kicking off--calling to the registry, etc. I browsed to the location it was in C:\WINNT\system32 but didn't see it. Ah! I know what to do! I opened a command prompt session and did a dir gjh*.* And promptly found four "super-hidden" files! (I know that you can set the View Files opens in Windows Explorer" to show all these files, but from experience, some still don't always display except in DOS.) There was gjhdumf.exe along with gjdumf.dat, gjhdumf_navps.dat and one more I forgot to write down. I renamed all the files with an additional ".bad" extension and rebooted. Browsing once more in IE, no more pop-unders! I went back and deleted all those files. Ran a Rootkit Revealer scan. Nothing to see. Case closed.

I usually save the files and examine them in PE unpackers but was too busy to take the time to save them. So how did the malware know to run only with IE and not be listed in the registry as startups? I can only guess that an additional registry hook had been placed in a such a way that tied into IE. So that when IE launched/ran it would trip over that extra registry call and fire up the malware file when then generated the pop-unders.

Bonus link for you malware fighters--thanks paperghost!
Japanese TV celeb Kaori Manabe was named "spyware extermination squad" leader in a Tokyo press event Thursday. Story here.
Hoping your skies are clear!
--Claus