greg hughes - dot net
Note that the contents of this site represent my own thoughts and opinions, not those of anyone else - like my employer - or even my dog for that matter. Besides, the dog would post things that make sense. I don't.
 Sunday, 29 January 2006 Saturday, 28 January 2006
CNN has an article that covers the 25 worst words you can use in your resume. Why are they so bad? In a nutshell, because:
a) everyone uses them, so there's no originality, and
b) they don't really mean anything
Seriously. Read the article and then do something about it. I've looked at a couple hundred resumes in the past month or so and this article is spot on. Good advice that needs to be read by all.
Resumes are (or, rather should be) about standing out from the crowd on the merits and saying something real, so take the time to do it well. That's what the potential employer is looking for.
Oh, and never be your own resume editor. Always rely on a hard-core, ruthless and smart copy editor to point out your flaws. And if that makes you uncomfortable, find a therapist or trusted friend to help you with that character problem and you'll not only get over that hump, you'll also probably interview better. 
If you're a geek and you don't know what Gnomedex is, you're truly missing out on something amazing. It's an annual conference, spawned from the brain of Chris Pirillo, and it's an event where a whole slew of the ultimate geeks and even some nerds gather and talk about all kinds of cool stuff. For example, last year IE7 was demo'ed for the first time at Gnomedex, where the IE team announced and showed off RSS integration in the browser and Longhorn/Vista OS. And many, many other interesting presentations were made. But most importantly, the people you meet are awesome.
There are 300 seats in the main hall. 100 are already sold. If you're going (or think you might be), act now! If you know a true geek and want to give him or her a great gift, a Gnomedex ticket and a trip up to Seattle is a terrific thing to do for someone.
Be there and be square. Word.
 I've been a South Park fan ever since it came out. Who woulda' thunk these cartoons would become such a phenomenon. I laugh my ass off every time I watch it.
I have to say that at $1.99 an episode, it's a bit pricey - maybe buying the DVD sets online (you can find some good deals if you look) might work better for some people. But for the convenience factor, and in terms of iTunes store's expansion into the video content arena, this is cool.
South Park on the iTunes Music Store - click here to open in iTunes
Comedy Central and Apple just added South Park, Drawn Together (never really watched that one) and Best of Comedy Central Standup to the iTunes store.
Published just this month, an important whitepaper is now available that provides authoritative information about applying the "don't run as admin" concept in the real world.
Should you care? Yes. Absolutely. Why? Because running as an administrator or high-privileged user opens the door to malicious software ruling your world by potentially damaging your computer and data, compromising confidential information, and harming your company's reputation and business relationships. Put simply, you should do it because it's now possible, because with Windows Vista it will be enabled in terrific ways that reduce the pain, and just because it makes obvious good sense.
Users will download and install software they're not supposed to. Policies don't solve technology problems. Rather they guide solutions to people problems. Users will take CDs they bought with a major record label on the sleeve and stick them in their CD-ROM drives, whether or not they are supposed to, and we've all learned recently that you cannot trust major record labels to product safe, appropriate software. Users will surf to web sites and (regardless of how much education and prevention you do, and how many times you tell them to never click on that stupid thing that says their computer might be infected) they'll click and download and even install software that wreaks havoc, logs keystrokes or any one of a thousand other bad things.
People and process changes and preventions are important - don't get me wrong. We need to educate and provide standards, and we still need to hold people accountable for behavior. But that does not remove from us the responsibility to make proper and correct technology decisions when it comes to operation and implementation security. Period.
People, process and technology - it's a combination of all three of these, in careful balance, that makes a true security ecosystem work.
But making changes like this is, honestly, something that most business and technology people avoid, because they're afraid they won't be able to operate that way. Or they're afraid someone will complain. Sorry guys, not a good enough reason, not anymore.
So... What's the problem we're trying to solve? From the paper:
"A significant factor that increases the risks from malicious software is the tendency to give users administrative rights on their client computers. When a user or administrator logs on with administrative rights, any programs that they run, such as browsers, e-mail clients, and instant messaging programs, also have administrative rights. If these programs activate malicious software, that malicious software can install itself, manipulate services such as antivirus programs, and even hide from the operating system. Users can run malicious software unintentionally and unknowingly, for example, by visiting a compromised Web site or by clicking a link in an e-mail message."
The approach into which the least-user model falls is a layered security, defense-in-depth style. We cannot rely solely upon one layer of security to solve all our malware problems, and the fact is this: If all computer users already ran with least-privileged accounts, the incidents of malware (spyware, adware, etc) would be significantly less. In the real world, we are stuck in a position of needing to make a change, but for the future we will do well to remember how taking the easier route early in a technology phase can come back to bite us later.
"A defense-in-depth strategy, with overlapping layers of security, is the best way to counter these threats, and the least-privileged user account (LUA) approach is an important part of that defensive strategy. The LUA approach ensures that users follow the principle of least privilege and always log on with limited user accounts. This strategy also aims to limit the use of administrative credentials to administrators, and then only for administrative tasks.
"The LUA approach can significantly mitigate the risks from malicious software and accidental incorrect configuration. However, because the LUA approach requires organizations to plan, test, and support limited access configurations, this approach can generate significant costs and challenges. These costs can include redevelopment of custom programs, changes to operational procedures, and deployment of additional tools."
Small and large organizations (of all types) are faced with this problem. While it's not the end of the world, it's often not a trivial task to change to a least-privileged computing model if you're already deployed in a mode where all users are administrators. This is common in software companies and other place where people have liberal privileges in order to provide ultimate flexibility in their development and design world.
I should also note that in Windows Vista, the next version of Windows, there are significant improvements in the operating system that will make it completely feasible to apply a least-privilege user model to every single computer, while affording users the ability to install software and make appropriate configuration changes in a controlled and safer environment. In my opinion, any shop that deploys Vista when it's available and does not take advantage of this security capability is negligent (and there will be many companies where that will happen, just watch). Find out more about Windows Vista User Account Control (UAC) at the Microsoft Technet site pages that cover the subject, and be sure to read and subscribe to the UAC Team Blog.
I highly recommend this whitepaper. It cuts to the chase and explains things in a clear and concise way, while addressing real world concerns and providing links and references to third-party tools and information. If you run a network or a dev shop, or if you're in any way responsible for secure computing, this is a paper you need to get familiar with.
Description and summary of the whitepaper from the Microsoft download page:
This 100-level technical white paper provides information on the principle of least privilege and describes how to apply it to user accounts on Windows XP. The paper covers the following topics:
- Risks associated with administrative privileges
- Definition of the principle of least privilege
- Definition of the least-privileged user account (LUA) approach
- Benefits of the LUA approach
- Risk, security, usability, and cost tradeoffs
- Implementing the LUA approach
- Future developments
This paper also describes at a high-level the issues that affect implementation of the LUA approach and provides useful links to other online resources that explain these concepts in more detail.
Thursday, 26 January 2006
Omar Shahine sent me a message inviting me to sign up for Live Contacts this evening. It's a service that ties together your Messenger address list, Hotmail/live mail contact lists, and MSN spaces profile info (all, of course, associated with your passport identity), and let's you subscribe to someone else's contact info. Once subscribed, any time someone on you Live Contacts list changes their contact info, it changes in your list. So, it's always connected and up to date.
Plus, you can choose how much of your personal and business contact info to share (granularly), and with whom to share it.
Start by logging into your Spaces profile (mine's here, not used much to date) and then you can share your contact info with others. Choose "Edit Profile" on your space page, and scroll down to the "Contact Information" section - that's where you can specify how and with whom to share your info. It'll always be up to date in other people's Messenger and Hotmail/Live Mail apps.
© Copyright 2012 Greg Hughes 
This work is licensed under a Creative Commons License.
 | This page was rendered at Friday, 13 July 2012 17:33:07 (Pacific Standard Time, UTC-08:00)
newtelligence dasBlog 2.1.8015.804
|
"Computers used to take up entire buildings, now they just take up our entire lives."
- Unknown
"So how do you know what is the right path to choose to get the result that you desire? And the honest answer is this... You won't. And accepting that greatly eases the anxiety of your life experience."
Syndication [XML] and .net Alerts
For lazy, highly-technical or enlightened people, get this site's content without the use of a web browser. I use FeedDemon for this, but you can choose your own. Subscribe - click the icon for my feed... or sign up for Microsoft Alerts to receive updates through your MSN Messenger, e-mail, or mobile device. Click the orange button thingie to sign up with your Passport account: 
Contact
Drop me an email: Phone: 503-766-2258
Add me to MSN Messenger
Monthly Archive
| June, 2012 (1) |
| November, 2011 (1) |
| October, 2011 (7) |
| July, 2011 (1) |
| May, 2011 (1) |
| April, 2011 (1) |
| January, 2011 (2) |
| December, 2010 (3) |
| November, 2010 (2) |
| October, 2010 (1) |
| September, 2010 (1) |
| July, 2010 (1) |
| June, 2010 (13) |
| May, 2010 (4) |
| April, 2010 (10) |
| February, 2010 (1) |
| January, 2010 (2) |
| December, 2009 (1) |
| November, 2009 (2) |
| September, 2009 (2) |
| August, 2009 (1) |
| July, 2009 (2) |
| June, 2009 (4) |
| May, 2009 (7) |
| April, 2009 (3) |
| March, 2009 (5) |
| February, 2009 (1) |
| January, 2009 (10) |
| December, 2008 (7) |
| November, 2008 (7) |
| October, 2008 (18) |
| September, 2008 (18) |
| August, 2008 (18) |
| July, 2008 (35) |
| June, 2008 (16) |
| May, 2008 (12) |
| April, 2008 (16) |
| March, 2008 (22) |
| February, 2008 (32) |
| January, 2008 (9) |
| December, 2007 (6) |
| November, 2007 (4) |
| October, 2007 (19) |
| September, 2007 (36) |
| August, 2007 (19) |
| July, 2007 (17) |
| June, 2007 (16) |
| May, 2007 (13) |
| April, 2007 (11) |
| March, 2007 (5) |
| February, 2007 (14) |
| January, 2007 (16) |
| December, 2006 (16) |
| November, 2006 (4) |
| October, 2006 (23) |
| September, 2006 (14) |
| August, 2006 (21) |
| July, 2006 (34) |
| June, 2006 (25) |
| May, 2006 (20) |
| April, 2006 (20) |
| March, 2006 (17) |
| February, 2006 (34) |
| January, 2006 (30) |
| December, 2005 (23) |
| November, 2005 (39) |
| October, 2005 (30) |
| September, 2005 (49) |
| August, 2005 (31) |
| July, 2005 (21) |
| June, 2005 (35) |
| May, 2005 (53) |
| April, 2005 (54) |
| March, 2005 (60) |
| February, 2005 (27) |
| January, 2005 (59) |
| December, 2004 (70) |
| November, 2004 (58) |
| October, 2004 (55) |
| September, 2004 (64) |
| August, 2004 (53) |
| July, 2004 (65) |
| June, 2004 (50) |
| May, 2004 (49) |
| April, 2004 (26) |
| March, 2004 (20) |
| February, 2004 (26) |
| January, 2004 (28) |
| December, 2003 (12) |
| October, 2003 (8) |
| September, 2003 (11) |
| August, 2003 (1) |
On this page
Search and Translate this Site
Blog Posting Categories
Navigation Links
Blogroll
 Scott Adams' Dilbert Blog
Scott Adams is the creator of Dilbert, and his blog is an incredibly smart, clever and often funny (sometimes very serious) look at the world. Everyone should read this blog. |
Alex Scoble
Alex is a former coworker who blogs about a variety of IT-related topics. |
Brent Strange
Brent is a cool dude and a great QA guy that I used to work with. His blog is, appropriately, focused on QA and testing technology. |
Chris Brooks
Chris was formerly my boss at work and is an avid board gamer and photographer. He always has some new info about top-notch board games you may have never heard of, so if you're into them, you should check out this blog. |
Chris Pirillo
Lockergnome by trade, Chris is always up to something new. If you are not familiar with the Lockergnome newsletters, be sure to check them out, too. |
Matthew Lapworth
Matt's a software developer and friend. He seems to enjoy extreme sports. That's fine as long as he doesn't, like, die or something. |
Milind Pandit
Milind writes about all sorts of interesting stuff. We worked toegther for eight years, and he worked at our employer longer than I, which pretty much makes him old as dirt in company time. :) |
MSFT Security Bulletins [RSS]
RSS feed for all Microsoft security bulletins provides an always-up-to-date list of updates along with complete descriptions of each. |
neopoleon.com
Rory Blyth is one of the funniest and most thought-provoking bloggers I read. And I blame him for everything. Literally. |
Scott Hanselman
Scott's computerzen blog is a popular spot for all things .NET and innovative. I used to work with him, but then he went off to Microsoft. He's one of the smartest guys I know, and arguably the best technical presenter around. |
Sign In
Who Links Here
Total Posts: 1889
This Year: 0
This Month: 0
This Week: 0
Comments: 3450
Android (7) Apple (67) AudioBlogging (42) Aviation (2) Blogging (154) Fireworks (5) Geek Out (130) GnomeDex (20) Google Voice (1) Helping Others (27) Home Servers (5) Humor (144) IT Security (218) Kineflex Artificial Disc Surgery (16) Management (8) Microsoft Office (4) Mobile (139) Movies (31) Mt. St. Helens (13) Office 2003 (52) OneNote (29) Personal Stories (163) Photography (29) Random Stuff (642) RSS Stuff (47) RunAs Radio (28) Safe Computing (39) SharePoint (56) Tablet PC (42) Tech (1036) Things that Suck (69) Windows (6) Windows Media Technology (27)
|