Science & Technology

Conference Time

Last week I had the great pleasure of attending the KnowBe4 conference in Orlando. (Official hashtag: #KB4Con18). This was without a doubt the best tech conference I have ever attended. Not only were there absolutely dynamic speakers, all attendees were treated to the best food!  I’m talking some of the healthiest stuff I have ever seen at any conference.

I’ve mentioned KnowBe4 before. This is the vendor we use at the city to train, test and generally harass our end-users (OK, maybe not harass). (KnowBe4 website) With just a small part of their product, I can train my co-workers on the latest ways the “bad guys” try to use social engineering to do well, bad stuff. I will admit that I enjoy sending out simulated phish emails. Why? Because it shows me where are weak links are. And this gives me the means to do targeted training to make our city network, and by association everyone’s home PC/Network, that much more secure. I don’t do it to shame someone or hold it over anyone’s head. Since I have been an instructor of some sort for very many years, I use this primarily as a training tool. But on to the conference itself.

Other than the hour plus, each way, drive on I4 (A.K.A. the devil’s highway), and being in Orlando (way too big and crazy for me), everything else went beautifully. The folks at KnowBe4 went above and beyond in this, their first ever conference.

The opening keynote speaker was Kevin Mitnick, or as he likes to call himself “The World’s Most Famous Hacker”, a title he lives up to. If you don’t know who he is, take a moment to read his Wikipedia page, even if it a bit light on his history. Kevin gave us many demonstrations of current hacks, all of which arrive via an inconspicuous email. And all of which are very nasty. But the one hack that scared me the most was when he showed how Google’s two-factor authentication (2FA) could be hacked. Google has always been one of the toughest to crack since they stay on the cutting edge of all technologies. As a big user of many Google services, this is troublesome.

MVIMG_20180517_182225.jpg

Me and Kevin Mitnick

The keynote speaker for the next day was Frank Abangale. I have to admit that I did not recognize his name. But once I heard his story I knew how he was. Here is his Wikipedia page for you to educate yourself. Frank is considered one of the foremost experts on imposters and forgery. Steven Spielberg made a movie “Catch Me If You Can” starring Leonardo DiCaprio as Frank and Tom Hanks as FBI Agent Carl Hanratty. I have not seen this movie, but I see it available on Amazon Prime so I will correct that error very soon. And if I caught his reference, he was also the inspiration for the TV show “White Collar”.  His family story and subsequent talk on how to keep safe with online financial sources was very eye-opening.

IMG_20180518_104922.jpg

Myself and Frank Abangale

Another fantastic speaker was Roger A. Grimes (he wants you to know he is not related to the Canadian political figure with the same name), the best-selling author of several tech books. KnowBe4 even included a copy of his “A Data-Driven Computer Security Defense” in the big ol’ backpack they gave every attendee. The big takeaway from his two talks was the point that you have to determine what your biggest exploitable problem is, and fix that first. Common sense, which as we all know, is always in short supply.

One thing that I really was happy to see was the inclusion of women speakers. KnowBe4 has several women in executive roles throughout the company, and that makes me very happy. Since I have two granddaughters, one of which is very interested in the sciences, I fully support women (and really anybody) in STEM (Science – Technology – Engineering – Mathematics). One of the first questions Wifey® asked me was if there were women presenters. I was so very happy to say yes!

There was one thing missing though. No vendor room. Every other conference I’ve been to there is always a room for vendors. Not only can one make some great contacts with products and services that one doesn’t know about, vendors always have cool swag (freebie gifts). I’ll have to check with my manager, but I think a conference is how we found out about KnowBe4. It may not have been in the vendor area, it may have been word of mouth from another attendee (word of mouth is ALWAYS the best advertisement).

Sorry, this is such a broad overview, but I could write about ten pages if I covered the entire 3 days. All I can say is “I’m ready for KB4Con19!”

Peace,
B

Twitter  FaceBook

DNA Testing – What Can You Learn?

So just what does a DNA test tell you about your heritage?  You may have seen the Ancestry DNA commercial that’s been all over (at least my) TV lately. I tried to find it on YouTube, but couldn’t. It shows a young woman who has discovered a long-lost relative using their DNA testing service. It even goes so far as to imply that she not only found this ancestors name but that he had blue eyes as she does.  All from a DNA test? Not likely. What it doesn’t tell you is that you need a lot of hard genealogy work to find these kinds of things out.

I have had my DNA tested by both Ancestry and Family Tree DNA. Surprisingly, the results were very similar. Both give my heritage as very “Scottish”.  As a member of the Campbell group on Family Tree DNA, I have found that my DNA just might POSSIBLY point to a Pictish lineage.  For those that don’t know who the Picts were, they are considered one the earliest inhabitants of Scotland. They are basically made up of the Celts that came across from what we would call Germany today, Vikings that come from the northern Scandinavian countries, and the people who came across from what we call Ireland and then north up to Scotland. This shows just how impossible it is to be of “pure stock”.

Bruce's ethnicity

As you can see, my results from Ancestry DNA show a varied makeup.

The image above somewhat supports the findings from Family Tree DNA. My main groups do point to the historical makeup of the ancient Picts. But, since the Picts did not leave any written records of us to study, we can’t be completely sure.

But what does it prove? In all honesty, it doesn’t “prove” a damn thing. Without some genealogy work, it will never tell you much.  I have done a bit of work at Ancestry chasing down my family tree. I have managed to solidly confirm the Campbell line back to the 1860’s or so. I just may have a lead going back to the 1780’s or so, but have not been able to confirm it. Ancestry does have very fine resources such as US and UK census records. How much access you get depends on how much you’re willing to pay.

Unfortunately, all the matches I’ve found through DNA testing have not been on the Campbell side. I did have one gentleman who matched my DNA (up to 37 markers) exactly. But he will not answer my emails to see how we are related.

I would like to call your attention to this page; “Two Lies And The Truth About DNA Testing”. The big take-away for me from this blog post was;

I want to stress that DNA Testing is of little value to anyone except yourself if you don’t do the genealogy research to back it up and share it.  A common complaint among testers is that the test result is wrong.  That’s probably a misunderstanding. Genetic testing is pretty reliable.  What isn’t so well-known is that people traveled, sometimes quite a lot, even back to ancient times. Our genes have been mixing through migrations, marriages, immigrations, wars, and conquests for as long as we have been here.  If you believe it to be wrong, prove it. But don’t forget to study up on world history first.

Source: http://blog.ancestorcloud.com/2017/05/19/two-lies-and-the-truth-about-dna-testing/ 

And from this blog;

Alva Noë explains at NPR:

Shakespeare’s kid probably had 50 percent of his DNA; his kid in turn, on average, a quarter, and so on. Within 10 generations, Shakespeare’s DNA has spread out and recombined so many times that it doesn’t even really make sense to speak of a match. Putting the same point the other way, each of us has so many ancestors that we have no choice but to share them with each other… The truth is, you have your history and your genes have theirs.

So basically, trying to say some famous person is related to you without doing the genealogy work, and only relying on a simple DNA test, is impossible.

I’m not telling you NOT to do DNA testing. I just want you to know that the test alone will not answer most of your questions. Wifey’s® results from Ancestry gave her what she wanted. She wasn’t looking for a long-lost relative. She only wanted to see the “mix” of her heritage. But no, I will not post her results. That would be TMI. Hell, I don’t even use her name on this blog, why would I give you her DNA makeup???

One more consideration. What happens to your DNA test results? Family Tree DNA does not share your results without your consent. Can’t say the same for most of the others.

In the end, ask yourself why you want to do the test. Is it for health reasons? Trying to fill out, or start, your family tree? Just curious (as was Wifey®)? For whatever reason, read the fine print before you do the test.

And remember, your results may very well vary between companies. Take your results with a grain (or maybe a shaker) of salt.

Peace,
B

Twitter  Facebook

PC Security, Again (or Is It Still?) UPDATED!

Before I get into Facebook and its current issues, I’d like to pass along a portion of an email I received today from KnowBe4.  KnowBe4 is the company I use at work to help test and train our users in email security. If you’d like read more about them click here.

I receive a “Scam Of The Week” email from KnowBe4 every week. Todays was very relevant, at least to me.  The headline is “Fiendishly Clever Gmail Phishing You Need To Know About”. If you’re not sure what a “phish” email is, to sum it up, it’s any email that impersonates someone else. A good example that I bet a lot of folks have received, is one from FedEx claiming that they need you to click on an attachment or follow a link because they couldn’t deliver a package.  The attachment or link is nothing but a malware-laden delivery tool. Either will infect your PC leaving you open to become a victim of a crypto tool (something that encrypts all the files on your PC, then the bad guys make you pay money, usually in bitcoin, to unlock your files. Most of the time they take your money and never decrypt your stuff). Or your PC becomes a “bot” under the control of the same bad guys, causing it do malicious acts without your knowledge.

Here is the quote from today’s scam;

“There is a new scam where hackers send you a text that asks you about a password reset on your Gmail account, and if you did not, text STOP. This is a scam. The bad guys asked for that password reset and now want you to send them the authorization code! Don’t fall for it.

Remember that Gmail or any other web email service will never ask if you *don’t* want to do something with your account. You didn’t ask for a password reset, so you shouldn’t be asked about one.

Do not reply to the text (doing so will tell the scammers that they have reached a valid number). And to prevent losing your account to bad guys, it’s a very good idea to have 2-step verification set up on your Google account.”

So what about Facebook?  If you used an app called “My Digital Life”, you have not only allowed your information on Facebook, but you have also allowed anyone in your contact list to have a limited part of their data shared. Again without your knowledge.

This breach is so bad that Facebook founder Mark Zuckerberg is testifying in front of Congress as I type this. The impact of this event is that 87+ million people have had their information shared.

I cannot stress how important it is to NOT USE ANY FACEBOOK APPS this includes games. I would also strongly recommend that you DO NOT do any of the “surveys”, like What Animal Am I, or the ones that give you a list of months and days to make up a name of some kind. Just think what you just did if you responded to one of those. In the case of the ones that tell you to post your answer and you do, you just publically posted your birth date. So anyone watching these posts (and believe me, they do track this stuff) now not only knows your name but your birthday too. It would only take one or two more little pieces of information and next thing you know your identity has been compromised. It’s scary.

And as you can see at the bottom of this post, I use both Twitter and Facebook. I’m not saying you shouldn’t enjoy them.  Just be careful, please.

So, a few tips to make things a bit safer;

  • Do not click on any attachments or links in any email where you don’t know the sender or if there is no reason that they would be sending you an email of this type. Going back to my FedEx example above the email claimed the attachment was a shipping label you needed to open and print. So look at the reasoning. They can’t deliver a package to your location. So why do you need to print a shipping label? That would be the responsibility of the shipper, not the recipient.
  • Be suspicious of emails coming from known sources. It is very easy to spoof an email address. Just because a family member or a friend sends an email with an attachment or a link doesn’t mean it’s legit. Ask yourself “Self! Why would so and so be sending me an Excel spreadsheet?” Be wary my friends.
  • When on any social media (Facebook, Twitter, LinkedIn, etc..) be very careful of the information you post. The bad guys are monitoring all those sources very closely and will not hesitate to scrape any data they can get their grubby little paws on.
  • And make sure you have a good anti-virus and anti-malware program installed. And keep it updated. AND scan your PC on a regular basis.
  • Finally, NEVER, NEVER, EVER post information such as your phone number, your email address, or your home/work addresses on a public forum such as Facebook. You’re just inviting someone to steal your identity.

These exploits are not limited to Windows PCs (although since Windows has the biggest share of users in the world they get targeted the most). There are exploits for Mac/Apple (including iPhones/iPads/iPods), Android, Linux, you name it. Someone has written an exploit for that operating system.

If you have any questions about PC security, please leave a comment!

So let’s be careful and happy internetting! (Yeah I made that word up)

Peace,
B

EDIT:  This link came across my Twitter this morning. It will give you a tool to see if your data was “shared” in the Cambridge Analytica breach.  Click here for the link (you do need to be logged into your Facebook account for it to work).

 

Twitter  Facebook

Duuu.. Duuu.. Looking Out My Back Door (Or, Oh Hail!)

(With apologies to CCR)

So I have training in Orlando all this week. For the locals, that means I-4 both ways. Prayers and good wishes are accepted.

Today, the first day of spring we had a nasty storm come through. And as usually happens, it hits Orlando before it hits Daytona. So I’m in class and the storm moves through dropping about marble sized hail. But it clears by the time I get out of class. No problems the entire time on I-4.

But as soon as I get off the interstate it starts to rain. But I can deal with rain. I even managed to get home before it started racing hard. Then out of nowhere I hear what sounds like branches falling on the roof. It wasn’t branches, it was good sized hail.

Hard to see through the screen, but I wasn’t going out there!

Peace,

B

Scary Email Phish

(In case you are not aware of what a “phish” is, in broad terms, it is an email designed to make you click on a link, or open an infected attachment. Once the link is clicked or that infected attachment opened, your machine (and this works on Windows, Apple, and Linux) will become a “host” for a variety of nefarious activities.)

This information came from one of the vendors we use at the city, KnowBe4. We use the tools they provide to send simulated phishing attacks to all our employees. It’s one of the fun aspects of my job. Here is a very specific phish threat they sent a notice about. I felt it important enough to pass along.

I was alerted by a customer about a really difficult scenario that’s becoming all the more frequent. While there’s probably little that can be done in terms of tuning your spam filters and endpoint security tools, new-school security awareness training can make a difference. Here is the story:

“Over the past few months, we have been hit with increasing frequency with an attack that follows this 5-step pattern;

  • A known vendor or customer falls victim to a phishing attack. Their email credentials are compromised, and the “bad guy” gets access to their email account.
  • They start by changing the password, so that the victim no longer has control.
  • They then comb through past email correspondence, and using the victim’s account, signature, and logo, send out targeted emails crafted to closely resemble legit correspondence they have had with our company in the past.
  • Depending on the “bad guy’s” dedication to his craft, these could be fairly generic, or extremely specific. We’ve received one with an inquiry that referenced a specific real invoice # for that individual.
  • The email always includes a spreadsheet or PDF. The name can be generic, or can be really specific. We’ve received one titled with a specific real invoice # for that individual.

Because these emails are coming from a real email account for a real business partner, they are very hard to identify, and in some cases they are literally impossible to detect, as they are carefully crafted copies of past legitimate emails. Naturally, there are a few that cast a wide net, so they are more generic and often contain corrupted grammar or spelling, but others are indistinguishable from real emails.”

What To Do About This Threat

Granted, this is a frustrating and dangerous situation, as the majority of the red flags users have been trained to watch for simply aren’t present if the scammer uses a highly targeted approach like this.

However, there is one cardinal rule that you need to stress with your users to protect against a scenario like this: DID THEY ASK FOR THE ATTACHMENT?

If they did not, before the attachment is opened, it’s a very good idea to double check using an out-of-band channel like the phone to call and ask if they sent this and why it was sent . There is little else that can be done.

Yes, that is a little more work. But also, better safe than sorry. You have to constantly work on and reinforce your security culture, anywhere in the world.

As you can see, this is very scary. Especially in a corporate environment. The biggest thing to take away from this is if you get an email with an attachment THAT YOU DIDN’T REQUEST, DO NOT OPEN THE ATTACHMENT! This holds true even if you recognize the sender. The sender field on an email can be spoofed very easily.

So, as I’ve said before, keep your antivirus/antimalware up-to-date, and scan your machine on a regular basis. One of the catchphrases of KnowBe4 is “Think Before You Click”. Wise words to live by.

Happy and safe interneting my friends.

Peace,
B

Twitter  Facebook

Empty Post

No need to like this post, it’s simply a test post. Seems that every time I post something, I will get at least one “like” within seconds with no views recorded. No way someone could have read my entire post that quick. So I’m checking for who has a script running. I figure it’s a ploy to get views on their (probably virus-laden) site.

So here goes nothing… And I’ll throw in a video to make it interesting.

Peace,
B

A Review Of The Google Pixel 2XL And The Google Mini

My old LG5 was having major issues. It wouldn’t charge most of the time requiring me to keep it plugged in both at home and on my desk at work, texting would suddenly just not respond. The keyboard.. well I won’t go into all the problems I had with that.

So I ordered myself a Pixel 2XL directly from Google. I decided to by-pass by cell carrier, Verizon, for two reasons. First, by buying directly from Google I get the monthly security updates AND any OS updates long before big red will send them out. Second, no app bloat. The phone didn’t come loaded with all the usual Verizon apps that I never use anyway. Seriously, has anyone ever used the NFL Mobile app? So this is a much cleaner phone, and therefore runs much smoother.

I also opted for the 128GB model so I could download my Spotify playlists and not burn up data when I don’t have a Wi-Fi connection and want to play my music.

I have had this phone now for about two months, I do not have any case for it yet, nor does it have any screen protection. I really, really hope to have both of those issues remedied this weekend.

But here’s what I’ve learned in the first two months.

  • This screen is extremely sensitive. Since I don’t have a case, I keep it in my pocket most of the time. I’ll take it out and there will be 3 or 4 apps open, the texting app will have picked a random contact and is sending pure gibberish. I’m hoping a case (one that I can clip to my belt) and the “gorilla glass” type of screen protector will help alleviate these problems.
  • The “Google Assistant” isn’t all it’s hyped to be. I understand that this app is still “under development”,  but it still needs lots of work. I primarily use it while driving to be “hands-free”.  Many times (after I use the “catchphrase” either ‘OK Google’ or ‘Hey Google’) nothing happens. Usually, the second time I call it, it answers. All you get is a musical tone to let you know it’s ready. The most common use, for me, is to text someone (usually Wifey®). So it’s “OK Google” (wait for music), “Send a text” (it will then ask “Who do you want to text?”), “Text <contact>” (You can simplify this by saying “Send a text to <contact>”, but that doesn’t always work. Last time I tried to do it that way, it started reading me the news and weather. I couldn’t figure how to stop that, so I had to wait for it to finish. If the contact has more than one phone number, you will be asked to pick which number to send it to.  This is good for folks that may have more than one cell phone, like myself (one business and one personal), but usually, it’s overkill. Let’s face it you can’t send a text message to a fax machine or a landline (who has a landline anymore anyway?). But more than that, when I’m in the middle of dictating a text and a new text come in, the assistant basically stops and the message will be displayed on top of everything, and it erases whatever I had already dictated. Very frustrating. And forget about asking it read incoming text messages. Most times it doesn’t respond at all, or when you can get it read a message and it asks you if you want to “Reply, Ignore, or go to the Next Message”. No matter how quick I say my answer (usually it’s Reply) or how long I wait, all it does it repeat my choices. I finally just have to wait it out and start all over again with the “Send A Text Message”.
  • I do like the GUI. Instead of the usual swiping right or left for screens (although it does have a Google News feed if you swipe to the left, and a user-configurable screen to the right), all apps are available by swiping up. And even more importantly, for me anyway, they are automagically arranged alphabetically. One thing I have hated from the days of my OG Droid was having to manually configure apps so I could find them. I love this feature.
  • This phone has an excellent camera. And not only that, pictures are automagically backed up to Google Photos (if you have an account). I also mine set to back up to my Amazon Prime Photos and even my Verizon Cloud. We’ve lost lots of photos before, don’t want that happening again.
  • I like the fingerprint option for unlocking (you can also set a 6 digit numeric pin). This also allows me to securely log into most of my banking and credit card apps. Saves me a lot of head scratching trying to remember what my damn passwords are.

On to the Google Mini.  I received my mini free.  Google sent it to me as a “gift” for buying the Pixel from them. I can understand why they gave it away, it’s pretty much useless to me.

One of the big things that Google touts for any of its home systems (the mini or Google Home) is the ability to control a “smart home”. Well, my house is more along the lines of a “Flintstone House”. We have absolutely nothing that can be voice controlled. And in all honesty, as an IT professional, I’m not sure I want a house like that. Hacking an IoT (Internet of Things) is pretty easy.

  • So, the main use of this mini is to play my Spotify playlist. Good thing I didn’t pay for it. This is something I can do (and much better) with either my phone or tablet. here’s the problem; As usual, you wake it up with the “Ok Google” or “Hey Google”. No problem there. To play my “combo” playlist (a test list I made on Spotify), you tell it “Play combo playlist”, it responds “playing Spotify playlist combo”. It will always start with the first song that was added to the playlist.  This playlist has just over 1500 songs, from about 30 artists. I would guess an average of 30 songs per artist. So it starts at the top of the list, in the order that the songs/artists were added. According to the instructions on Google to make the mini shuffle the songs, you will next tell the mini (after the required “OK Google”), “Shuffle the playlist”. It will respond, “OK, will shuffle the playlist after this track has finished”. Fair enough. You can next tell it (again after the required “OK Google”) “Skip this song”. This is supposed to make the mini pick a random song from there on out. But it doesn’t appear to work that way.
    • Let me explain it like this. Let’s say I had 5 artists, and each artist has 5 tracks on the playlist. We will call the artists, A, B, C, D, and E. The tracks we’ll call 1, 2, 3, 4, and 5. Simple enough. So when you start the playlist, it will always start on artist A, track 1. When you get it to skip command it will always go to artist B (which is the next artist added when the list was created) and track 1. Then it goes back to artist A and track 2, followed by artist B, track 2. And so on until it finishes artist A track 5, then it will go to artist C track 1 and so on.
    • So with a playlist of over 1500 songs, I’ve never gotten through the first 3 or 4 artists before I get frustrated and turn it off.
  • And that’s where the mini sits.  On my nightstand, with the mic turned off. Every now and then I hit it and it tells me the mic is turned off and how to turn it back off. I just look at it with contempt and tell it “Shut the hell up!”

Anyone else having issues with a Google Mini?  Leave me some suggestions as to what I’m doing wrong, please!

Peace,
B

Falcon 9 Heavy

As a little boy, I wanted to be an astronaut, not uncommon for young boys. As since I grew up in Florida, we visited Cape Kennedy (it has now reverted back to its original name of Cape Canaveral, and the Kennedy Space Center has been built for tourists) several times. Looking at the rockets that came back, everything from the original Mercury capsules and the giant Saturn 5 rockets that took us to the moon (or did they? – think I’ve been watching too many X-Files), and especially the Shuttles kept the wonder alive for me. But I have to admit, over the last years, as NASA has constantly had their budget cut and less and less space programs are originating here in the USA, my interest has waned.

But today we have another “big boy” launch. The Falcon 9 Heavy. This excites me. I worked at Cape Canaveral for a short time (it was cut short by 9/11 when my sub-contract was terminated as many others were).  And if I’m not mistaken, this was the launch pad I worked on.

But one thing I find almost humorous is that Elon Musk (@ElonMusk) has put one of his Telsa Roadsters, with a “spaceman” in the driver seat (no one is in the suit, in case you were concerned). The mission, as I understand it, is not only a real test of the Falcon 9 Heavy engines but to travel to Mars.

falcon_roadster

Tesla Roadster with its Spaceman driver

Not only is this cool as hell, it reminds me of one my all-time favorite movies, “Heavy Metal“.  This animated movie, released in 1981 (not good for little children – see the link), starts off with a spaceman leaving orbit in a 1959 Corvette and reentering earth.

hmvette

Heavy Metal

This intro always intrigued me. It was obvious that no one could survive such a reentry, but what the hell, it’s a cartoon, and we well know that physics do not apply in the world of cartoons.  I was down with it. Now, this Telsa Roadster will sadly, not be landing on Mars just left orbiting for eternity. Still a cool accomplishment.

So now we have a roadster blasting off into space, or as Elon said: “it blows up in a million little pieces”.  It could go either way, this is the first launch of this rocket model. And no matter how much testing they put it through, it’s still a bit of a crapshoot.

If you want to watch the launch from the comfort of where ever you’re reading this, the launch window is 1:30 – 4:00 PM EST. You can watch the live webcast at the SpaceX website (along with a host of other sites). The feed usually goes live about an hour prior to the launch window opening.

I’ll be watching, hope you can too!

Peace,
B

 

PC Security… Again

<rant>

So once again here I am at the hands of Stupid End Users.  I have to keep reminding myself that these fools pay the bills.

I want to make one thing perfectly clear. INSTALL ALL THE SECURITY UPDATES FOR WHICHEVER OS YOU HAVE (Windows, Apple or Linux). Nothing and I mean NOTHING is more critical to the smooth operation of your computer (and even your smartphone – this applies to Android and Apple phones as well) than keeping these up-to-date.

Case in point. I am working on a laptop for one of my co-worker’s son. He claims the screen went blank “while doing school work”. Neither dad nor I buy it. Right now, his screen doesn’t work, the mouse and keyboard are not functioning properly (even with USB versions). I could not do anything (since the screen was black) without plugging in an external monitor and resetting the BIOS (the Basic In and Out System – what controls almost everything on the motherboard) to recognize the second monitor.

I still cannot get any of the usual tools I would use to scan the system for viruses (virui?), check the hard drive for errors, or even check the display properties. All of those options are missing from the system.  Normally I would do a “System restore”. This is a very nice feature that Microsoft added some time ago (in Windows ME – probably the only good thing to come out of that version of Windows). Since this machine belongs to a college student, there is a real good chance he was doing something “he shouldn’t have been doing”.

No matter how good your anti-virus/malware is if you visit “questionable” sites (and I’m not talking strictly porn – many download, or ‘warez’ sites are riddled with viruses) you run an elevated risk of getting an infection. There is an increasing problem of sponsored ads on respectable websites that are pushing viruses without you doing anything. We refer to these as “drive-byes”.

Normally you can access System Restore through the Control Panel and “Advanced Features”. Naturally, that’s missing on this machine as well. The other way to get to System Restore is by booting into “Safe Mode” and running it from a command prompt (the old DOS black & white screen where you have to type everything. Oh how I miss those days.) But for whatever goddamn reason Micro$oft took the “F8” feature out of the boot cycle in Windows 10. In previous versions, you could hit “F8” while the system was booting to be presented with a menu of boot options or just use “F5” to go straight into Safe Mode. Micro$oft, you made a stupid, stupid, stupid decision to remove that.

So now, 3 hours of working on this machine and I tell it to reboot, hoping (beyond hope) that at least the mouse and keyboard will work. What happens? My options are “Apply Updates and Restart or Shutdown”. So now I’ll have to wait for it to apply who knows how many updates before I can go back to troubleshooting. (edit: so far 90 minutes on the “Getting Windows Ready” screen).

There is a very good chance that if these updates had been applied when first available (the last update from Micro$oft was 2 weeks ago), what has crept into this machine may have been prevented. Even though this machine has a reliable Anti-virus installed (I cannot tell if it’s up-to-date though), without these security patches something can get through.

Wifey’s® office will not install any updates for fear it will “break” a program or something. Now, yes, it’s true. M$ updates have been known to cause havoc. But when that happens it’s (usually) easily reversible. A simple “roll back” (sometimes you need to go to safe mode) is all it takes. And M$ is pretty good about fixing those bad patches, either by sending a remote uninstall or an updated patch within 72 hours.

Second example.

Working on another laptop (this one city owned). The user claims the screen “scrolls on its own”. Looking at the machine when he brings it in (interrupting lunch as usual), I see it is doing just that.

Looking a bit deeper I see that there have been no updates applied to this machine since it was issued to the user almost one year ago. Now this machine could be considered “mission critical”. But instead of being out in the field, where it’s needed, and up-to-date, it’s sitting here on my desk slowing applying a years worth of updates. One update at a time. Because that’s how fucked up this machine is.

It not only needs updating to the latest version of Windows 10, it needs every security update since the beginning of time.

Also, keep any Anti-Virus and/or Anti-Malware product you use up-to-date (you do have an Anti-Virus/Malware program installed, Right?? RIGHT???), and scan your machine on a regular basis. There are many excellent free choices out there, pick one, any one. My favorite is Malwarebytes (I do not get any money from them, but I’ve been using their product for over 10 years without a single infection). They have both a free and a paid version, I HIGHLY recommend the paid version. Last I looked, if you download the free version you get a 2 week trial of the paid version, so it’s worth a look. The extra benefits of the paid version make it a good investment for your PC.

Malwarebytes has blocked very many of the “drive-by” ads I mentioned above. I will get either a little notice that says “access to <website name> blocked”, or just a blank spot on the webpage where the ad would have been.  You can also look into an “ad-blocker” for your web browser that can plug into either Chrome or Firefox (I’m not sure about Safari as I don’t have a Mac). IE and Edge users are out luck. Drop those and go with either Chrome or Firefox (I like and use both of those).

</rant>

I apologize for the rant, but it has been Monday all month here at work. My frustration level is quite high for many reasons, just not here at work. (Don’t ask me about yesterday’s useless dentist appointment)….

Peace,
B

I’ve Been Tagged!

My friend Kiersten over at Once Upon A Spine tagged me as part of the “Unique Blogger Award”. I have no idea what makes my blog unique, as it tends to meander its way around various subjects without ever really coming to any conclusions.

But anyway, first thanks for the tag Kiersten (and you folks should go read her blog. Some excellent books reviews that my Wifey® has found helpful.)

Here are the “rules”;

  • Share the link of the blogger that has shown you love by nominating you.
  • Answer the questions.
  • In the spirit of sharing, nominate 8 – 13 people for the same award (not sure I know that many bloggers).
  • Ask them 3 questions.

Onto the questions I was asked!

First – If you were to choose a different topic/theme for your blog, what would it be?

Since this blog has no theme or topic (hence the name Random Ramblins’), this is a bit tough for me to answer. When I first thought of coming back into blogging I knew I was not going to go back to the old technology blog I had years ago. Things have changed so much, I couldn’t keep up with it. My next thought was something about faith and my struggles with mainstream Christianity and why I’ve left it. But that was boring. And lots of people can explain it better than I. Then I thought food, who doesn’t love food? I love to cook and eat, but then health issues got in the way and I’ve had to change everything there, so that went out the window. How about mental health? I do have Bipolar Disorder type 2, some anxiety and social issues, but compared to what I’m reading on other blogs, mine is rather mild, or maybe my meds are just working better I don’t know. But again, better things are being said already.

But what I’d really like to do is humor. Back in the day (as in pre bipolar meds) I had a knack for telling the right joke at the right time. I could cheer someone up (even when I was struggling) with just a little humor. I had a flair for what my Soon-To-Be-Wifey® called “Gonzo Journalism” (a term stolen from the late, great Hunter S. Thompson, one of my favorite authors of all time). But since I’ve been on the meds, it seems my creativity level, my Gonzo if you will, has left me.  Maybe the meds are doing too much, or not enough, I don’t know.  But humor is what I’m shooting for.

Second – If you could befriend any author in real life, who would you choose? Why?

Another difficult question mainly because I feel I could do better with a really good copy editor than with an author. Come on, you’ve tried to read some of my stuff and just had to shake your head because it made no sense what so ever. Between the typos and the left out words…

But to answer the question, finally, I would choose Dr. Bart D. Erhman. From his Facebook page (easier to copy and paste – still looking for an editor you know) – Bart D. Ehrman is the James A. Gray Distinguished Professor of Religious Studies at the University of North Carolina, Chapel Hill, and is a leading authority on the Bible and the life of Jesus. He is the author of more than twenty books, including the New York Times bestselling Misquoting Jesus, God’s Problem, Jesus, Interrupted and Forged. I have read many of his books and I think his reasoning for leaving the Christian faith very closely echoes my reasons. Find him here. A close runner-up would be Dr. Pete Enns. I don’t have all his details, but he is an Old Testament professor. Find him here. One more to add to list is Dr. Amy-Jill Levine. A Jew who teaches New Testament. Such an oxymoron that I love it, plus she has a great sense of humor. Alas, she has absolutely no web presence.

Third – What’s the weirdest blog post you’ve ever written?

A long time ago (thinking about 2002) I wrote a post on my original website about my somewhat dysfunctional family. Nothing out the ordinary, just questions like “How did you get mashed potatoes on the back of your head son?”.  That site is long gone now, couldn’t find it on the “Wayback Machine” either. So for this blog, I’ll have to go with News You Can Use…No Not Really.

Questions for my nominees:

  • What is the one subject you wish you knew more about? A course you wish you had taken even just a seminar or such? And why.
  • Anybody alive or dead you’d love to have dinner with, and what would you talk about?
  • And since I ask this every time I get to sit on an employment interview committee; Star Fleet Academy or The Vulcan Science Academy and why? You’d be surprised how many supposed IT Geeks don’t understand the question.

Now I have to nominate folks… I don’t have many followers so I’ll only add these;

Sorry I don’t have more to add, but feel free to join in even if you’re not listed.

And free feel to send along any cheap copy editors, Wifey® says she won’t do it anymore. Well not really, she just can’t do it while she’s at work, and then I’d probably forget to post anything by the time I got home and she could edit it for me.

Peace,
B

P.S. Thanks again Kiersten!