Sunday, 29 January 2006

Ask-A-Ninja-CoverArtDude. You think Robert Hamburger's the bomb? (You're right if you do, by the way)

Well then you MUST check out the Ask a Ninja video podcast blog thingie.

"You've got questions. Ninja's got answers."

Go here, don't delay:

Hahah. Sweet, super sweet. You can also subscribe to the video podcast in iTunes.

Add/Read: Comments [2]
Humor | Random Stuff
Sunday, 29 January 2006 00:04:11 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Saturday, 28 January 2006

CNN has an article that covers the 25 worst words you can use in your resume. Why are they so bad? In a nutshell, because:

a) everyone uses them, so there's no originality, and
b) they don't really mean anything

Seriously. Read the article and then do something about it. I've looked at a couple hundred resumes in the past month or so and this article is spot on. Good advice that needs to be read by all.

Resumes are (or, rather should be) about standing out from the crowd on the merits and saying something real, so take the time to do it well. That's what the potential employer is looking for.

Oh, and never be your own resume editor. Always rely on a hard-core, ruthless and smart copy editor to point out your flaws. And if that makes you uncomfortable, find a therapist or trusted friend to help you with that character problem and you'll not only get over that hump, you'll also probably interview better.

Add/Read: Comments [0]
Random Stuff
Saturday, 28 January 2006 21:49:17 (Pacific Standard Time, UTC-08:00)
#  Trackback

If you're a geek and you don't know what Gnomedex is, you're truly missing out on something amazing. It's an annual conference, spawned from the brain of Chris Pirillo, and it's an event where a whole slew of the ultimate geeks and even some nerds gather and talk about all kinds of cool stuff. For example, last year IE7 was demo'ed for the first time at Gnomedex, where the IE team announced and showed off RSS integration in the browser and Longhorn/Vista OS. And many, many other interesting presentations were made. But most importantly, the people you meet are awesome.

There are 300 seats in the main hall. 100 are already sold. If you're going (or think you might be), act now! If you know a true geek and want to give him or her a great gift, a Gnomedex ticket and a trip up to Seattle is a terrific thing to do for someone.

Be there and be square. Word.

Add/Read: Comments [1]
Geek Out | GnomeDex | Random Stuff
Saturday, 28 January 2006 21:25:51 (Pacific Standard Time, UTC-08:00)
#  Trackback

Southpark1I've been a South Park fan ever since it came out. Who woulda' thunk these cartoons would become such a phenomenon. I laugh my ass off every time I watch it.

I have to say that at $1.99 an episode, it's a bit pricey - maybe buying the DVD sets online (you can find some good deals if you look) might work better for some people. But for the convenience factor, and in terms of iTunes store's expansion into the video content arena, this is cool.

South Park on the iTunes Music Store - click here to open in iTunes

Comedy Central and Apple just added South Park, Drawn Together (never really watched that one) and Best of Comedy Central Standup to the iTunes store.

Add/Read: Comments [1]
Humor | Random Stuff
Saturday, 28 January 2006 13:38:13 (Pacific Standard Time, UTC-08:00)
#  Trackback

Published just this month, an important whitepaper is now available that provides authoritative information about applying  the "don't run as admin" concept in the real world.

Should you care? Yes. Absolutely. Why? Because running as an administrator or high-privileged user opens the door to malicious software ruling your world by potentially damaging your computer and data, compromising confidential information, and harming your company's reputation and business relationships. Put simply, you should do it because it's now possible, because with Windows Vista it will be enabled in terrific ways that reduce the pain, and just because it makes obvious good sense.

Users will download and install software they're not supposed to. Policies don't solve technology problems. Rather they guide solutions to people problems. Users will take CDs they bought with a major record label on the sleeve and stick them in their CD-ROM drives, whether or not they are supposed to, and we've all learned recently that you cannot trust major record labels to product safe, appropriate software. Users will surf to web sites and (regardless of how much education and prevention you do, and how many times you tell them to never click on that stupid thing that says their computer might be infected) they'll click and download and even install software that wreaks havoc, logs keystrokes or any one of a thousand other bad things.

People and process changes and preventions are important - don't get me wrong. We need to educate and provide standards, and we still need to hold people accountable for behavior. But that does not remove from us the responsibility to make proper and correct technology decisions when it comes to operation and implementation security. Period.

People, process and technology - it's a combination of all three of these, in careful balance, that makes a true security ecosystem work.

But making changes like this is, honestly, something that most business and technology people avoid, because they're afraid they won't be able to operate that way. Or they're afraid someone will complain. Sorry guys, not a good enough reason, not anymore.

So... What's the problem we're trying to solve? From the paper:

"A significant factor that increases the risks from malicious software is the tendency to give users administrative rights on their client computers. When a user or administrator logs on with administrative rights, any programs that they run, such as browsers, e-mail clients, and instant messaging programs, also have administrative rights. If these programs activate malicious software, that malicious software can install itself, manipulate services such as antivirus programs, and even hide from the operating system. Users can run malicious software unintentionally and unknowingly, for example, by visiting a compromised Web site or by clicking a link in an e-mail message."

The approach into which the least-user model falls is a layered security, defense-in-depth style. We cannot rely solely upon one layer of security to solve all our malware problems, and the fact is this: If all computer users already ran with least-privileged accounts, the incidents of malware (spyware, adware, etc) would be significantly less. In the real world, we are stuck in a position of needing to make a change, but for the future we will do well to remember how taking the easier route early in a technology phase can come back to bite us later.

"A defense-in-depth strategy, with overlapping layers of security, is the best way to counter these threats, and the least-privileged user account (LUA) approach is an important part of that defensive strategy. The LUA approach ensures that users follow the principle of least privilege and always log on with limited user accounts. This strategy also aims to limit the use of administrative credentials to administrators, and then only for administrative tasks.

"The LUA approach can significantly mitigate the risks from malicious software and accidental incorrect configuration. However, because the LUA approach requires organizations to plan, test, and support limited access configurations, this approach can generate significant costs and challenges. These costs can include redevelopment of custom programs, changes to operational procedures, and deployment of additional tools."

Small and large organizations (of all types) are faced with this problem. While it's not the end of the world, it's often not a trivial task to change to a least-privileged computing model if you're already deployed in a mode where all users are administrators. This is common in software companies and other place where people have liberal privileges in order to provide ultimate flexibility in their development and design world.

I should also note that in Windows Vista, the next version of Windows, there are significant improvements in the operating system that will make it completely feasible to apply a least-privilege user model to every single computer, while affording users the ability to install software and make appropriate configuration changes in a controlled and safer environment. In my opinion, any shop that deploys Vista when it's available and does not take advantage of this security capability is negligent (and there will be many companies where that will happen, just watch). Find out more about Windows Vista User Account Control (UAC) at the Microsoft Technet site pages that cover the subject, and be sure to read and subscribe to the UAC Team Blog.

I highly recommend this whitepaper. It cuts to the chase and explains things in a clear and concise way, while addressing real world concerns and providing links and references to third-party tools and information. If you run a network or a dev shop, or if you're in any way responsible for secure computing, this is a paper you need to get familiar with.

Description and summary of the whitepaper from the Microsoft download page:

This 100-level technical white paper provides information on the principle of least privilege and describes how to apply it to user accounts on Windows XP. The paper covers the following topics:

  • Risks associated with administrative privileges
  • Definition of the principle of least privilege
  • Definition of the least-privileged user account (LUA) approach
  • Benefits of the LUA approach
  • Risk, security, usability, and cost tradeoffs
  • Implementing the LUA approach
  • Future developments

This paper also describes at a high-level the issues that affect implementation of the LUA approach and provides useful links to other online resources that explain these concepts in more detail.

Add/Read: Comments [0]
IT Security | Safe Computing | Tech
Saturday, 28 January 2006 09:51:48 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Thursday, 26 January 2006

Omar Shahine sent me a message inviting me to sign up for Live Contacts this evening. It's a service that ties together your Messenger address list, Hotmail/live mail contact lists, and MSN spaces profile info (all, of course, associated with your passport identity), and let's you subscribe to someone else's contact info. Once subscribed, any time someone on you Live Contacts list changes their contact info, it changes in your list. So, it's always connected and up to date.

Plus, you can choose how much of your personal and business contact info to share (granularly), and with whom to share it.

Start by logging into your Spaces profile (mine's here, not used much to date) and then you can share your contact info with others. Choose "Edit Profile" on your space page, and scroll down to the "Contact Information" section - that's where you can specify how and with whom to share your info. It'll always be up to date in other people's Messenger and Hotmail/Live Mail apps.

Add/Read: Comments [0]
Thursday, 26 January 2006 22:41:33 (Pacific Standard Time, UTC-08:00)
#  Trackback