Windows 10? Not Yet.

I’ve been holding off on this one.  The computers I have run adequately fast on what ever operating systems I use to get my own personal and professional work done.  It is a mix of Windows 8.1 and Debian Linux – primarily Linux by proportion of use.

I’ve been told that I need to adjust my “Tinfoil Hat”, that I’m overreacting.

No, I haven’t drunk the Kool Aid and I don’t have to.

Here’s the deal.  A month or so ago, people were given the option to download a copy and install a “Free upgrade to Windows 10 Home“.

Microsoft doesn’t give anything away for free.  There’s always a hook, even if you have to look deeply for it.

In the case of Windows, it’s best if you remember that “If you aren’t the customer, you are the product”.  I am directly quoting one of my friends who is one of the biggest critics of Android.

I have no doubt that Android is a case of Google simply watching everything you do, and using it to build a profile of you, personally.  It may be to serve advertising.  It may be for future use.  It may be for a friendly or not so friendly government.

Android costs money to make.  Those people have to be paid.  They’re doing it by selling that information to a shadowy “someone” who could be as “innocent” as an advertiser. 

I hate ads.  Did I say that?  I have never clicked on an ad in all the years that I have been using computers intentionally.  Have you?  I doubt it.

Anyway, that free version of Windows 10 Home is exactly the same thing.  Every time you do something, you’re being watched.  Even on the Pro version of Windows 10 you have to go in and turn that garbage off.

Thanks, I’ll pass.  Windows 8.1 has a bit of life left in it.

It might surprise you to hear that if you read this blog at any depth.  I use Windows 8.1 Pro with a program called Classic Shell to give me back a Windows 7 look and feel.  Any time I have to go back into that ugly block land called “Metro” or Modern Interface, I’m jarred with just how hideous and inefficient it is. 

But I’ll stay right here.  I don’t use any Modern programs and for that matter, everything I use on Windows is Free or Open Source.  The GPL License seal of approval.

You can tame the evil kitten called Windows 10 Home but then you have to do without the Microsoft Store. 

Just one example of one issue of many that I have with Windows 10 Home.  It has been shown that your personal typing style is distinct enough to track your self to your specific computer.  Microsoft wants you to help it improve its typing recognition.

Per Lifehacker:

Send Microsoft info about how I write: This feature improves text completion suggestions when you handwrite or type (presumably on the touch keyboard, though it doesn’t say. That’s very broad, and we’ll talk about it more in a bit. I recommend turning this off.

If you want to play Solitaire because you got hooked back on Windows 3.1, you can do so with ads.  Same thing with Freecell. 

There is an advertising ID number that basically stays with you.  If you didn’t like the idea of an advertising company tracking your every move, why would you want Microsoft to do so?

Actually, you can find it on your old Windows 7 machine, copy it across, and I’m told it works.  I don’t know first hand since I’ve got too much to do than to play Solitaire on a computer.  That’s the kind of thing I’d do on Hold with a Client, and I don’t stay on hold long if I’m there.
So to those of you who don’t like the prospect of being watched, you can pay the $100 or so and upgrade to Windows 10 Pro and then look into locking it down.

For me, I’m staying put.  The other machines I have are happily on Debian Linux.  I know Linux well enough to make it do what I need it to.  No ads, No spyware, and it’s all free, including Freecell.

One of those rare cases where you don’t have to worry about evil software getting involved on your computer.

Firefox Security Hole Is Why You Need An Adblocker And An Update

Windows:

  • When I clicked “Help” then “About Firefox” it immediately downloaded the patch.  
  • Click on the “Restart Firefox To Update Button”

Linux (Debian)

Assuming you have “real” Firefox installed and the sources in place.

  • Open Terminal as Root.
  • Smile because you have Root.
  • apt-get update
  • apt-get upgrade
  • Restart Firefox when you click on the button that appears.

Other Linux Distros will vary, of course.

Mac apparently does not have the problem.

What happened?  Hackers.  Simply put, a Hacker exploited a hole in Firefox so that advertisements could push some code onto your machine to take it over.

Now, this business about ad blockers.

I run one and I use it very aggressively. It is for this reason.  It is also that I truly hate being pandered to and watched.

The latest trend is to watch what you are doing via “tags”.  A 1 pixel “dot” of a picture will be pushed to your browser as an anchor for them to watch what you are doing.

The best thing for you to do is to run an ad blocker.  You tell it what to block, and yes, it gets very technical because you have to take responsibility to block these things.  For the most part, an ad blocker with (free) subscriptions will block most, but never all, of these nasties.

When you run an ad blocker you will also notice that your browser runs much faster since it isn’t trying to paint all those ads for all those products that you will never use.

Lets be honest, have you ever actually clicked on an ad intentionally?

Me neither.

Heck, I don’t even see youtube commercials because I run an ad blocker.

The easier one to use is Ad Block Plus.  It is controversial because they allow certain advertisers to pay *them* to be allowed past the blocker.  I would recommend this for basic users because unless you want to learn how to use it, it’s pretty simple.

The one I am using is called uBlock.  I’m still learning how to use it.  It removes the ads, but I haven’t figured out how to make it remove the blank space the ad created.

It’s up to you.  Ads and Hackers, or a better browsing experience.  I know what I chose.

Now, if you will excuse me, I have a browser to restart.

Windows 10 New Feature – You Are Sharing Windows Updates Files With Others

There are a lot of things that I am uncomfortable with in the new Windows 10. 

Oh sure, it’s shiny! and new! and free!

But wait, haven’t you heard the old line “If you aren’t the customer, you are the product”?

Microsoft is using that logic on your new free version of Windows 10 Home.

With all the privacy holes that Microsoft created with Windows 10 I really do feel like I’m watching the movie 1984 where the TVs are watching you – and can never be turned off.

Same thing with the book Fahrenheit 451, but I never saw a movie version of the book that did it justice.

You made the choice to go to Windows 10 because Windows 8.1 bleah.  I know, I said the same thing about 8 and 8.1 but I am not at this time going to windows 10 unless I can figure out how to make myself comfortable with it.

I’ll let the bugs get worked out, let the hackers figure out how to stop Cortana from watching over my shoulder, and so forth.  Maybe when the free year is up, I may take advantage of the Free! Windows 10! Upgrade!

But honestly, probably not.   This is being written from Linux and frankly it does everything I need and about twice as fast as Windows 8.1 ever did – on the same machine.  Yes, you can do both.  I am, but if you are an “end user” or “Mom just surfs the web” user, you probably won’t.

Never mind all that.  You made your choice.  Here’s what is happening.

With “old” windows you got windows updates directly from the mothership – Microsoft.  It would go out in the middle of the night, download patches, restart your computer, and you wouldn’t really know what all happened.

Every so often it would glitch and you’d have to talk to your neighbor’s 13 year old who “lives in the basement” to get it fixed, and you’d go back on your way after tossing him a $20.

Now Windows 10 Home goes out, grabs the updates from something called a torrent.  Basically it’s like the old Napster was – grab things from who ever has a piece of it.

Mind you, Torrents can be amazing things.   I grabbed my copy of Debian Linux using a torrent.

But.

Here is why you don’t want that happening.

It can either slow your computer down (especially if you have an older one) or it can easily slow down your network connection. 

Windows Updates now looks on your network for other computers that have Windows 10 and will grab what it needs to assemble the Update, then send it to whoever requests it.

Yeah, I thought it was a bit odd, perhaps heavy handed, too.

So if you made the jump and are happy with Windows 10, Great, but here is how to stop that behavior.

Go to the not-actually-very-obvious Settings Updates and Security Advanced options Choose how you download updates Get updates from more than one place.

Your choices are:

  1. Off. Your computer calls home to Microsoft, and gets updates only from there.
  2. PCs on my local network. WUDO (Windows Update) will “torrent-share” files, but only between computers on your own LAN.
  3. PCs on my local network and on the internet. You’ll potentially get files from, and offer file uploads to, computers anywhere in the world. 

The best one for you at home will be the second selection – PC’s On My Local Network.   It saves you from having all of your PCs using your connection to talk to Microsoft for their updates.

This was adapted from this article at the rather excellent site:

Naked Security from Sophos.

Sophos is well worth an occasional read or a like on Facebook if that’s your sort of thing.

What is Foistware or Crapware, and Simple Tips To Avoid It

With five different operating systems running here on far too many computers, I see it all the time.

I’m That Guy.  I’ll say it this way:  Yes, I can fix your computer, but I won’t do it for free.  I’m done with that free stuff.

On the other hand, I hear this too many times.  Someone went out and got a new computer because it’s too slow.

The “new-to-me” computer I am using to write this on is a 5 year old.  It’s running Windows 8.1 and it’s running it quite well.  The one I do most of my professional work on is a 7 year old beast running Linux or/and Windows 7.  My file server is a 12 year old laptop running Windows 7.  That runs well too.  Laptops consume less power and space and do the same job as that beast of a desktop I used to love to build back in the day.

You say “Sure, but you know how to make it go faster”.

Yep.  It’s simple.  I don’t allow software foisted on me.  Crapware.  Foistware.

I was giving someone an old computer once who was staying for a few days.  Recently.  The day after he got the computer he had two pieces of Foistware already installed.

He got it when he went to install Skype.  I guess he wanted to be spied on, but he also wanted to talk to people in his family that was scattered all over the globe.  So I told him to go find the download and install.

Wrong person to do that to.  He went to a “Partnered Download Site” I was told.  Red lights and fire engine sirens went off in my head.  He ended up with a toolbar on the browser and a redirected home page.  I growled at him, fixed it, then sent him on his way.

Two very simple rules to avoid this kind of garbage.

First, make certain you are going to the software vendor’s approved site for downloads.  That means it’s going to require you, and not someone else, to do the research for you.  Skype is pretty simple, it’s a Microsoft product, so go to Microsoft to find it.  That takes care of the honest software producers.

Second, always, and I do mean ALWAYS, when you are installing the software use the Advanced install.  When you are installing, actually read the page that is presented.  Don’t simply click “Next”.  That’s how you get the crap installed in the first place.  That helps to take care of most of the dishonest software producers.

You don’t ever need a toolbar on your browser.  If you get one, remove it through your control panel’s “Programs and Features” list of programs.  There are way too many programs to list here, but you will then be able to remove the “feature” by double clicking on the name of the program.  Other more evil toolbars are actually more like a virus, and you will need to do research on how to get rid of them. 

If it truly is a virus, it gets much more complex, but here’s one way of fixing all that garbage.

That is the same place you can go to when you find yourself with a program needs to be removed, such as anything is riding along and doing “useful” things like presenting you with ads or anything by McAfee.

Why do I mention McAfee specifically?  Adobe Flash.  If you aren’t careful, when you do a security update for them, you will end up with the helpfully named “McAfee Security Scan Plus”. 

You don’t need it.  More “Foistware”.  All this “Foistware” slows you down.  You can get rid of it, or you could get a new PC and start over.  One requires less time than the other.  Since many computer stores that you can actually visit have a nasty habit of trying to upsell you to a more expensive model, you should try to delay that particular task as long as possible.

Basically be careful and watch what you’re doing.  It is, after all, your computer.  Just because a particular NEW! and shiny piece of software is “suggested” to you by something you actually want, doesn’t mean that you need the blasted thing.

In return, you may be able to skip a new computer next year.

How great would that be?  An extra couple hundred bucks in your pocket?  Or Pounds, or Euro?

You’ll thank me later.

Microsoft Discontinuing Their Advanced Notification Service for Patches

Not the best news to come out of Redmond in a while

For Mom and Pop, they’ll get the news the way they always had, their machine will restart on a Tuesday or Wednesday, they’ll ask someone what is going on, and they’ll hear “Patch Tuesday” out of their grand kids or their children, shrug and go on.  It’s all automatic, isn’t it?

For Businesses and IT support people, this Advanced Notification Service is more important. 

What happened was that it gave someone in the know the advanced notice that Microsoft was going to push a patch to their computers at some level on Patch Tuesday, typically the Second Tuesday of the Month.  It would tell them what the patch would do, and let them know some more background info on the patch.

Great.  It would also warn these people that if your computer is broken when it forces a restart, you may have to back out the patch and restore to an earlier time.  It may allow them a cushion of time to test their servers, create extra backups, revisit whether their computer security policies are up to date.

That Good Computer Hygene is a part of Information Technology.  They’re made by people, people sometimes have an oops.  Best to let them know what’s up and give advanced warning.

The reason you need this information is that it’s entirely possible your entire business sits on “That Computer In The Corner”.  They may not know what it does, but they do know it’s an important box.  They may call it The Server in hushed tones, and give it offerings of tapes from time to time.

They hopefully have backed the machine up, made sure that they could gracefully reverse changes and so forth.

For my own sanity, I turned off automatic updates years ago, and keep turning it off every time I get a new machine or upgrade one.  I then make it a point to manually go to Windows Update and get “up to date” a couple days later.

The reasoning I have behind that is that while Microsoft is diligent in making sure that things work, their tests don’t involve the machine that is in my lap in this exact moment.  That patch may be great on the box sitting three timezones away, but it may break when it gets to me, specifically. 

I tend to be on the trailing edge with Windows Update for that reason.

The blog posting that Microsoft made did say that the service will be available for a fee so their largest customers can manage their server farms with the information that isn’t getting out so widely.

Information leaks, it’s like carrying water in a leaky bucket.  Information will get all over your shoes and water the grass on the way in from the well.

But it does make things a bit less secure since Information is best used when it is widely spread.  It also puts the onus back on the individual or the person in the business who is charged with maintaining them.

Hopefully everyone has their Backups and their Restore Points set, right?

Oops. Caught myself there. It has been a week or three since I have done a proper backup.  Happens to the best of us and the rest of us.

While Manually updating Windows Update is what I personally do, it is a bit annoying and it is something you have to remember to do.  On the other hand, Automatic Updates is a bit like flying in an airplane without a seatbelt.  It is safer to fly than drive, but once in a long time something happens and you hit some turbulence.

It’s all up to you and that is what I think Microsoft is telling us – Security through updates are up to you, after all it is your data and your computer.  Just be aware best practices and of what is going on around you.

Happy Unbirthday or Why I Became 110 Years Old on Facebook

I admit it, I read too much.  It’s part of staying up to date in any sort of technical career.

I came across article after article about sharing online.  People share too much data about themselves. 

What they’re wearing, well that’s kind of harmless right?   No, not really if you have a stalker.  Look for that person in that shirt over there and …

What they are cooking for dinner?  I’m doing that all the time, but apparently I’m doing it right.  Why?  Well you can see what kind of furnishings you have in that kitchen.  Is there a house alarm on the window?  Good, you can break in there.

Oh look, beautiful vacation pictures!  They went to Hawaii, they won’t be back for a week.  Nice TV in the living room in the other picture. 

Not Anymore, Inspector Clouseau.

Get the picture?  Or rather you don’t?

It was one after another. 

An article was warning people about putting controversial items up on their Facebook feeds.  After all, if you are radical, your next company or even your current one won’t want you.  Nobody wants someone who rocks the boat, right?

I’ve been self editing that sort of thing for years.  I hardly ever post anything that is “out there”, usually everything is supportive, and I’m liking things more than anything else. 

That’s a problem too.  If you just Like things on Facebook, it has been shown that things get “weird”.  Your feed starts to show things that are more intense than the things you actually like.   For example, if you like animal causes like the local SPCA or Rescue, and I definitely do, you start seeing things for PETA.  PETA is “controversial” to many people because of their “radical” vegan outlook. 

“Nothing with a face” is their motto, and animals first.  They go a bit too far for me, I’m a carnivore, still.  But I do support that they are out there. 

You see the point, things keep getting more “radicalized” if you like absolutely everything.

One of the “data points” that came up recently was about identity and credit card theft.  If “they” have a few things like your name, birth date, and a few other obscure things, “they” can get you a credit card. 

For themselves.

How do they get that? 

You used to get a phone call from someone saying they were from the “Credit Card Bureau” and they would want to “verify a few details”.  You’re done if you answer that question. 

First off, YOUR credit card company would never call for that.   I have been called by one questioning whether I was really in Florida once, but yes, I was at the beach and it is a lovely day and I wanted to get something in a shop, so please do put that charge through.

One other time, it was after I ordered something from www.Rakuten.com and almost immediately started getting weird charges.  Five Minutes Later I got a call from my credit card asking me if these were valid.  Nope, and thanks!  They stopped that in the bud and I can not recommend http://www.Rakuten.com as a result

So one of the most important details they said you should never share?

Your Birthdate.

I immediately went into Facebook.  Facebook’s business is getting information from you in a “soft” matter.  It is what they are doing when you click on Like. They are building a profile of you.

It is what you signed up for, and personally I am OK with that end of it.

What I didn’t like was when I went in to hide my birthday as a recommendation of that security article, I couldn’t. 

Facebook would not let you hide your birthday from “everyone”.  You had to keep it visible to your friends.  That was the most limited you could go.  Mind you there are a lot of friends in Facebook that you collect through the years of use, and by now it really is “Years” of use, that you really don’t know.  Some of them you will never meet, and some of those that I will never meet I consider that a shame.  Some really neat people I have “met” over the years and “friended” that I will never run into, or never run into again.

Others, Who knows what they really are.  They go silent or something happens and they drop away.  You may have said something inappropriate or what have you. Can’t really say that happened much to me, but it does happen.

So I changed it.

I moved it from my real birthday to the oldest possible date I could.

January 1, 1905.

I’m expecting a nasty email from them at any day now.

So if you wished me a happy birthday yesterday, thank you, I know you care.  Or I know you had a knee jerk reaction to seeing the thing. 

I do know that those that wished me happy birthday yesterday were those who I know well, and I did appreciate the well wishes then as I appreciated them and their well wishes every day.

But it’s not my actual birthday and I am not 110 years old.

If I have to change it again, I think I will make myself 32.  I met my partner then, life was looking up, things were going into a time that just kept getting better.

I’ll stop there, I don’t want to share too much.

But Happy Unbirthday to me!

Was I right to do this?  I’ve been told I’m getting paranoid.  Perhaps I am.  I don’t know.  But I feel good about “This”.

If you are a friend and you perhaps feel a bit manipulated, I apologize completely. 

My bad.
Mea Culpa.

It was not my intent.

Hit Windows Update Yet This Week?

Oh yes, I will admit it, I am stubborn.

I don’t like people monkeying around with my computers which is why I told my windows computers not to go out and grab the windows update patches automatically.

Mind you, I did tell it to tell me when it wanted my attention and check for critical updates.

Small semantic point, but I prefer to be the person who pulls the trigger, and not the trigger that gets pulled.

However…

If you are like me, today is an excellent day to go to your favorite start button, find your Windows Update link in there or in Control Panel, and do a Windows Update.

They fixed a 19 year old bug that is in every version of Windows including and since Windows 95.

I tend to do my own checks later in the week, on a Thursday, although I have been getting reflexive about just hitting the damn button and doing updates whenever I think about it. 

You know, sometimes when you’re bored and you just want to do something that needs to be done and don’t want to really think about it?  I rearrange the deck chairs on the Titanic my own way, thank you very much!

The reason why I wait a day or two to do it “officially” is simple.  If you have your system go out and grab the updates as soon as they are there, which is typically on the second and fourth Tuesday at 1 PM in the Eastern time Zone or 6pm in London, and you restart your computer, you may have a bigger problem.  Once in a very long while, some of the same patches will break your computer.  It may not start.

So give it a day or three.   They may have to fix their fix after someone else broke it.

I know, eventually a person just has to shrug and say life moves pretty fast. If you don’t stop and look around once in a while, you could miss it. Ferris, do your updates and take your chances.

Today is my turn.  Actually later today is my turn.  I’ve been on Linux for the last two weeks and there’s a very different way of doing things there. I get a little sunburst in my control strip in the upper right and it tells me to go look.

Wait, Bill, How is that different?

It just is.  Now go check Windows Update, just because.

Thanks, Apple, But I Think I’ll Pass on Yosemite

I have computers on Windows, Mac OSX, and Linux.  Various levels and flavors of all of the above actually.

There’s always the question as to when or whether to upgrade them.

Linux is pretty simple – when your distribution changes, give it a week or so and listen to the chatter.  If the chatter is clear, go for it.  I’ve never had a problem here.

Windows.  I have a Windows 7 machine that won’t get upgraded because it’s an old Core 2 Duo machine.  It will either die before Windows 7 does or it will get given away.  Windows 8 became Windows 8.1 as soon as it was offered to me.  Windows 8 was an abortion, Windows 8.1 is manageable.  Just add Classic Shell and it cleaned up almost all of that Modern/Metro hideousness and pushed it aside.  Classic Shell made that ugly block land go away and replaced it with all the desktop land goodness that I need to get things done.  It’s still there, lurking under the hood, but I couldn’t tell you the last time I had to use one of those ugly blocky programs that Microsoft mistakenly thinks I need to slice, dice, and make julienne fries.  Other than network access which the Modern/Metro interface gets in the way massively and then drops you back to a desktop app to actually get the job done to disable and enable things.

I don’t.  ‘Nuff said about that.

Then there’s the Mac.  I always liked the sleekness and the design of them.  Beautiful hardware, a well thought out interface.  When I need to use my Mac, it is almost always a pleasure.  I got the thing, installed Snow Leopard, and it purred.  When the Mavericks upgrade was offered, it was free so why not?  I noticed no real problems there, and since I am a lightweight user of my Mac it’s fine.

I’ve heard reports that Mavericks slowed memory access from the prior version, Lion, but like I said: I’m a lightweight user so I don’t notice.

They put out a new operating system, Yosemite.  Since I knew about the memory speed issue, I thought I’d wait.  Let the experts go after it.

I’m glad I did because there are some privacy issues that made me uncomfortable with things.

Everyone likes having search functions on their computers and generally don’t think twice about how things are done.  What happens is that that information you are looking for is sent back to the program to check its indexes and report back to you when it finds what it thinks is the right answer.

That was all well and good back in the good old days when it was enough just to search this current computer.  Some smart people decided that they’d go out and do a search on the internet to give back more content.   It’s a built in function on the desktop called Spotlight that phones home to Apple and does that search. 

Fair enough if you’re actually doing an internet search.  But why do you need that search to go back to Apple if you’re just looking for a file on “this” computer?  If you are searching for movie information or maps, it’s going to send back your current location, as well as the current device you are on, and anything else that it thinks is pertinent such as language settings and what apps you have used.

To be fair to Apple, you can turn this off, but I have done enough support to know that unless someone turns that sort of thing off for you it won’t get done. 

The flip side to that is that if you have turned it off, location services are one of those things that get rather naggy to have turned off.  Your searches get a helpful prompt asking you to turn on location services and eventually you wear down and just leave them on.

Checking my Android phone, location services is turned on there, and we know that all that sort of thing goes on there with Google.  If you want a smartphone these days, you are either going to have Apple or Google put their hand in your pocket and watch over every move you make that they believe they need to, it’s part of the game.

The idea of having big brother was scary enough when I read 1984, but the reality is that we all now have that big brother in our own pocket and don’t think too much about it.

Nothing to see here, keep moving on.

All this was reported in the Washington Post’s technology blog a while back, and apparently Apple has been taking heat about their decisions to make these changes. 

There is a website called fix-macosx.com that promises to give you information how to take back some privacy and turn off some of Apple’s data collection.

This all is a change of heart since the old days where the Mac was more privacy friendly.  Now, they’re going all in and sucking down all this info while you happily go along with it.  Since Apple is notoriously tight lipped about what they do internally, I suspect that it will be a long time before we find out just exactly what they’re doing with all that data.

No thanks, I’ll pass.

Password Frustrations

So tell me why is it that some websites have a Fort Knox approach to passwords when it may not be appropriate?

Most of that is answered with a question:  Appropriate to whom?

The best way to answer all of this for myself is through examples.

I have a few passwords that I repeat all over the place.  The reason why I repeat them is because I don’t care if the account gets compromised.  Websites that require free registration are typical of this.  If you aren’t really invested in the information, a password is a nuisance and I generally give them “that password”.

“That Password” was one that I used at work, years ago.  It became something that quickly formed a “body memory” in that I could sit at a keyboard and just burst it through my fingers.  So why not, right?

The problem there is “Familiarity Breeds Contempt”.  You want a password you know, and that you think others won’t guess, but not too simple.  That leaves out things like your dog’s name, Mom’s name, your elementary school, 12345, password, or the ever favorite “qwerty”.

Why?  When someone tries to crack a password online, any given network for example, they typically won’t walk up to “your” computer and type away.  They’ll be noticed. 

Who was that guy in cubicle 9 anyway?

They will use software that will show up if someone is actually watching the store.  That network guy who is usually in cubicle 9 is probably down the hall watching the statistics on a remote computer or the phone, and locking down that specific port or address coming in to his network that someone outside is running the software on and will be back in a moment.  He’s got to stop off and visit the boss, grab coffee, hit the head, and fight a few fires.

The problem is that companies have decided that it is your problem to worry about your own passwords.  So they’re getting grumpy.  You’re asked to think of a new password every time you log in because you haven’t visited them in more than once a month, and there are rules.  Evil, sick, and twisted rules.  Something that you won’t remember because it requires Mixed Case, Punctuation – but not all punctuation, and a f3w numb3rs. 

Yeah, numb3rs.  That will show th3m!  The name Eric becomes 3R1q just because it is k3wl and L337.

Except it doesn’t.  All those remote attacks will be done via software.  The software has access to all the same books you read, plus the ones you didn’t read, plus the telephone book, plus many other aspects of popular culture.  I once came across some of those dictionaries to crack a computer that I was given and they’re massive.

I didn’t end up using that because on the fourth try, I guessed the password for the happy client.

My biggest complaint, though, is the Recruiting and Human Resources websites.  The worst of them assume that you actually care about them.  You end up rewriting your resume once you get in, and have to type in War And Peace while you’re doing it.  Oh, and don’t forget to log back in once every two weeks or we will delete your information!

No wonder why I try the “Low Security” password that I memorized and if that doesn’t work I click on the “I forgot” link.

Recruiters, you really are not all that significant and are a hurdle to get past, so relax on the security. 

So what do you do?

When I was doing Project Management at the University you would be shocked to know how many times I found people’s passwords.  Forget the Social Engineering tricks of their baby’s name plus their dog.  I would walk to their workstation and lift up their keyboard.  There would be a Post-It note with the passwords written on it.

Believe it or not, that isn’t as terrible as it sounds – if you convert that post-it note to a text file on your phone or on the cloud that you really really do know what the password is for.  After all, while I would lift  your keyboard, I won’t be able to get into your phone.  That is unless it is unlocked or your password is “1111” or something simple like that.

There is a file I keep on my computer.  It’s a clear text file.  Has the passwords on it.  There is a wrinkle though, it is only hints to the password and the hints are pretty obscure unless you are in my family.  But it is in a “safe place” that only I know where it is.

Now that you have found the place to store the hint file, what would I suggest you make the password?

Random numbers, letters, and punctuation is probably best, but make it a physical keyboard pattern you will find easy to memorize, and change it for truly important websites like your bank and credit cards and that annoying website you get all your financial advisor’s information from.

That last one emails me practically every day and I hate logging into it.

Find the file, open it up and remember what that password was…

Actually, this all makes me wonder where I put that post-it note.  Nope, not under my keyboard.  I’ll have to have a look. 

Security? Poodles? Sandworms? Here we go again.

If you have any passing interest in computer security, you have noticed a few announcements go by.

If you don’t, you may think it is overwhelming.

Yes, and Yes.

If you are worried, there’s a simple solution.  No matter what the computer, no matter what the operating system – make sure you are up to date.

Most home users are set up “from the factory” to automatically get updates.  This is true on Windows and on Mac OSX.  My Linux computers pop up a friendly sunburst to say it’s got updates too.

In both cases this will solve these two problems.

Poodle – Make sure your browser is up to date.  Windows update will fix this.  It is a low level problem that is more of a headache for systems administrators. So it’s not a major headache for most people.

The long description that 99 percent of us can skip is that it’s a bug that Google has found in the Secure Sockets Layer (SSL) version 3 that is seriously out of date.  It shouldn’t be used at this point anyway, but some folks haven’t updated that.

Sandworm – It’s a worm that goes after Powerpoint files.  Since Windows machines are set up to ask you if you want to open the file, don’t.  If your computer asks you to open anything with a “.INF” extension, don’t.  That is how the worm will propagate.

How to fix it?  Home users, make sure you go through your Windows Update.  It’s a windows problem.  But anyone else should be running the most up to date version of their operating systems that they can.  If their operating system is no longer supported, it’s best that you upgrade as best you can.  No more XP for you.

While you are at it, make sure your virus protection is up to date and you may want to just force a run of a full scan.  You never know what is running around on your computers these days and it is just good practice to do this once in a while.