Friday, October 31, 2008

Security Tip - Windows PE

Good job on the new look for your blog, Suzanne.

A couple weeks ago my sister-in-law brought me her PC that would no longer boot. These things get dumped on me from time to time with a request to recover all their documents, make it work, and tune it up so that it runs faster than it ever ran before. My sister-in law is a sweetheart, so I figured I would have a go at it.

I started by trying a variety of the boot options provided through the F8 boot menu. Mostly the boots just ended at the same blank screen, but one presented the BSOD, otherwise known as the Blue Screen of Death. The BSOD is an error screen that happens so frequently on MS operating systems that it has its own acronym. The error message on my sister-in-law’s machine suggested some sort of video problem.

So I’m figuring the PC is dead, I’m going to have to do a fresh install of Windows XP and maybe replace the video card, but I want to save whatever I can from the disk so she can get her documents back. So I pull out the Windows PE disk.

The windows PE disk is something I have just started using, but I can already see that it will be a common tool for a variety of tasks managing a Microsoft environment. Have a look at www.windowspe.com or just search “Windows PE” to find out more. It’s an operating system on a CD. You put it in your CD drive, you boot it, and you have a MS environment to work in. It’s just a command line, but there is a lot you can do with this. Here is what I did with this troublesome PC.

I intended just to copy the entire contents of the hard drive to an external drive. I booted Windows PE to the command prompt, plugged in the external drive, and copied the entire hard drive successfully to a folder on the external drive. I was then free to do a fresh install on the PC’s hard drive because I had captured all my sister-in-law’s documents.

But my sister-in-law has kids, and there is a general principle known to people who manage PCs that PCs don’t work for very long in households with kids in them. So I plugged the external drive into my own PC and ran a virus and spyware scan on the folder of files copied from the offending PC. I found a couple dozen hits. I then went back to my sister-in-law’s PC and, using Windows PE, manually deleted all the couple dozen files that my scanner had identified as malware on the external drive. When I booted her PC off the hard drive again, after deleting those couple dozen files, the PC booted just fine. I then updated her virus scanner, installed and ran the Spybot spyware scanner, and presto she has her PC back.

I have been doing some other things with the Windows PE disk as well. Most interesting is that the Windows PE disk has enabled me to stop using Ghost to image and deploy PCs. More on that later.

Tuesday, October 28, 2008

Why Twitter?

A couple of questions keep coming up during Web 2.0 sessions when I talk about Twitter:
  • How is this different from email and email lists?
  • How is this different from RSS feeds?
Email vs. Twitter

The first difference from email is that you're limited to 140 characters in a twitter posting. So, you'd better be able to make it brief. Even URLs are routinely shortened. The good thing is you don't have to wade through pages of prose to try to figure out if this is something you need to know. Some people attempt to get around this limitation by sending out tweet after tweet. But I think the preferred procedure if you want to wax eloquent is to do it in a blog post and just send a link via Twitter.

Another difference is that Twitter posts are ephemeral. They're usually gone after 48 hours. They don't clutter up your inbox. Of course the downside is that if there's something you're interested in pursuing further, you'd better bookmark it or else you're going to have a hard time tracking it down later. But I was able to track down by a graphic I'd liked but neglected to save by contacting the person who'd sent it out. Within an hour, I had it.

Finally, email contacts tend to be fairly limited. Even if you subscribe to wired-mt, there are a lot of people on the list you never hear from. And while there are ways to check, most of the time you don't even know who's out there reading the emails you send to a list. With Twitter you know who's following you and getting your tweets. You decide who to follow based on your interests. In many cases, whoever you follow will also choose to follow you. And vice versa. So you can end up with people on your Twitter network that you didn't know at all before you started following and being followed. You can make some useful contacts. And, once again, using the principles of social networking, you can make a lot more useful contacts by seeing who others in your network are following and following them too.

RSS vs. Twitter

I think the biggest difference between RSS and Twitter is that RSS is really just one way communication while Twitter can be more two-way. And those who really use it effectively set it up as a two-way communication tool.

Say you're in a library looking for new ways to promote your new acquisitions and/or activities. You have an RSS feed from your catalog of new acquisitions. You can use a tool like TwitterFeed to take the RSS feeds and make them into Twitter posts. You can do the same thing with RSS feeds from your library's blog. If nothing else, this can be a fairly easy way to reach additional potential library users. And you probably will get some followers especially if you promote your Twitter page. You can also set up two way communication by following your followers. If these are library users, you can find out about their interests. You can also get feedback to your RSS enabled posts or to any questions you may direct toward them.

Let me give a recent example of what I think is the great potential of Twitter. When I initially signed on, I started following a number of libraries to see how they were using Twitter. Some had accounts but weren't using it at all. Others tweeted about an occasional event at the library. I found one library would send out 20 or more tweets in a day each referring to a new book or DVD. I thought this was overkill and used this library as an example of how you might not want to use Twitter in a couple of recent Web 2.0 sessions. But I felt bad about using them as a negative example without telling them so. This library wasn't following me, nor could I find an email address on their website. So, I used Twitter. I was soon contacted by their branch manager. I learned how they were attempting to use Twitter. He was interested in the feedback. And I've made a new contact who's experimenting with a lot of interesting social networking applications in his library in Arizona. Might we have connected sometime without Twitter? Possibly, but this was definitely faster.

It really is all about making connections. And Twitter seems to be one of the more useful tools for doing that at this moment in time.

Tuesday, October 21, 2008

using delicious links in your web page

Do you have a Delicious account with all kinds of great links that you'd like to share with others via your website or blog?

Delicious provides several tools on their website to make this easy to do.
  1. Click on Help in the upper right hand corner
  2. Click on Bookmarking buttons and add-ons for your browser or website? under Need Tools?
  3. Select the tool you want and copy and paste the html code into your web page/blog editor. You'll need to use the Edit Html section.
  4. Warning - these rely on CSS (Cascading Style Sheets) to make them look pretty and aligned. What you have set in your blog or web page will probably override the CSS from Delicious. This can make it look really goofy. That's one of the reasons I changed the template for this blog.

    Following are examples of Linkrolls and Tagrolls and how they'll look integrated into a blog.
Linkrolls will provide access to some of your recent bookmark additions:



Tagrolls put your tags into a tag cloud. The larger tags are used more frequently:



You can play around with some of the settings to customize for your website.

Wednesday, October 8, 2008

Do You Trust Your Tech?

I ran across an interesting article last month. A survey was recently conducted in which IT workers were asked whether they use "their IT privileges to gain access to employees' confidential data". One in three admitted to doing so. Have a look at
http://windowsitpro.com/article/articleid/99515/do-you-snoop.html for a little more detail. If a third of them are admitting to it you would think the number actually doing it would be somewhat higher.

It is hard to provide a tech solution for privacy from your system administrator. It can be done but it is a lot easier and cheaper just to trust your tech. It is what we do at my employer and my clients. All these places do have personnel records, for example, and I should not have access to them, but I do. I don't even need to be in the building to see any of it, as long as it is an electronic file.

But look at it from the tech's side. If for some reason the trust fades, then the tech is automatically a suspect simply because he has had access to the confidential information. So it is not a very good situation for the tech either. I don't anticipate providing any good solution to this though anytime soon.

Sorry there is not much of a tip here but I thought you would enjoy hearing about the high moral standards of the average tech these days. Truth be told, I suspect this would be accurate for the population at large, if they had similar access to your information.

Note to my own employer and clients: My lips are sealed.