Michael E. Tibbs Jr. - A living analogue of digital living.
Tuesday, August 2, 2016
Tuesday, September 30, 2014
Microsoft unveils first look at Windows 10
Nancy Blair, USA TODAY 2:35 p.m. EDT September 30, 2014
The Windows 10 logo. (Photo: Nancy Blair, USA TODAY)
SAN FRANCISCO - Microsoft on Tuesday lifted the veil on the next version of Windows: Windows 10.
At an event in San Francisco focused on corporate users, Microsoft previewed early elements of the next generation of its iconic computer operating system.
It represents the first step in a whole new generation of Windows, said Microsoft executive Terry Myerson.
The company said it will focus on one Windows product family across devices. Its corporate users will find Windows 10 "familiar, compatible and productive," Myerson said.
Microsoft's Joe Belfiore gave a demo, focused on the core experience in how the PC "is evolving."
There are live tiles, familiar to Windows 8 users, but also elements familiar to Windows 7 users, which is far more widely deployed. The Start menu and taskbar are front and center.
The Start menu in Windows 10. (Photo: Microsoft)
Yes, the company is skipping the "Windows 9" moniker. Why skip "9"?
"When you see the product in its fullness I think you will agree with us that it is a more appropriate name," Myerson said.
Among other things, Belfiore said the company wants to focus on personalization, to make the Windows experience particular to individual users' tastes and preferences.
"We are trying to hit this balance in just the right way," Belfiore said.
Starting Wednesday, Microsoft is launching a Windows Insider program and will release a technical preview of Windows 10 for laptops and desktops, with other devices to follow.
Microsoft will start talking more about the consumer experience next year at the company's developer conference in the spring, Myerson said. It expects to launch Windows 10 "later in 2015."
Myerson emphasized that the insider program is for people who are comfortable "running pre-release software that will be of variable quality."
"We want to set expectations right," he said. "We are planning to share more than we ever have before...Windows 10 will be our most collaborative, open OS project ever."
Microsoft has been talking broadly about its Windows strategy for months. At its developer conference in April, CEO Satya Nadella and other Microsoft executives outlined ways in which it would make it easier for software developers to create applications that will work across all Microsoft devices – PCs, phones and tablets.
Ahead of the event, researcher Forrester said the pressure is on for Microsoft to address the needs of its business customers given the sluggish adoption of Windows 8.
"Only about 1 in 5 organizations is offering Windows 8 PCs to employees right now," Forrester analyst David Johnson said in a note.
Microsoft's last big Windows overhaul – 2012's tablet and touch-friendlyWindows 8 – was a dramatic departure from the familiar and well-received Windows 7 that preceded it. It left many consumers frustrated over the disappearance of the familiar Start button and desktop.
Windows 8 has since been updated to add features that make it more comfortable for people who prefer more traditional mouse-and-keyboard interactions.
Wall Street so far has embraced Nadella's big moves since being named CEO in February. The stock is up about 25 percent this year. It was at around $46 in mid-day trading Tuesday.
After the announcement, analyst Daniel Ives with research firm FBR said a unified Microsoft platform "is music to ears of CIOs worldwide." It could also open "massive opportunities" on the consumer front in coming years, he said.
In July, the company announced a massive layoff that would trim some 18,000 jobs, many aimed at its $7.2 billion Nokia acquisition. Earlier this year, it announced Office for iPad, a long overdue version of its bread-and-butter productivity software for Apple's popular tablet.
And just this month, Microsoft said it will acquire the studio that created the hit "sandbox" game Minecraft for $2.5 billion, a move that could help bolster both Xbox and the company's mobile ambitions.
Thursday, September 11, 2014
Windows 9 leak shows multiple desktops, notifications, new Start menu, and more
Jared Newman@onejarednewman
Jared Newman , PCWorld 
Jared writes for PCWorld and TechHive from his remote outpost in Cincinnati.
More by Jared Newman
A batch of leaked screenshots from the next version of Windows show just how far Microsoft will go to win back desktop users.
The update, codenamed Threshold and possibly called Windows 9 or just plain Windows, takes some features from Windows 8 and grafts them onto the classic desktop. While we've known for some time that Windows 9 will have a pop-up Start menu and the ability to run modern apps in windowed mode, the new screenshots from Computer Base and WinFuture.de give even greater detail on how things will work.
When running in windowed mode, Windows Store apps will get a button in the top-left corner. Clicking the button brings up a list of functions that previously appeared in the Charms bar, including Search, Share, Play, Project and Settings. This menu lets users switch the app to full screen mode as well.
WinFuture.de
Microsoft is also adding a few new buttons to the desktop taskbar. A search button sits immediately to the right of the Start button, followed by a button for switching between multiple desktops. The latter feature, possibly called “virtual desktops,” will let users switch between several sets of desktop apps and layouts in nod to Ubuntu Linux's longstanding “Workspaces.”
WinFuture.de
Near the right side of the taskbar, users will find a new notifications button, with a pop-up menu that will presumably show messages from Windows Store apps.
The screenshots don't reveal any other major features, but they do give away a few more minor details. Despite rumors that the Charms bar is dead, the screenshots show that users can still bring up Charms by pointing to the upper-right corner, or bring up a recent apps list by pointing to the upper-left corner. Those options and others will be available through Taskbar and Start Menu Properties.
Of course, all of these details are subject to change as Microsoft hasn't even released a public beta yet. The leaks likely come from Microsoft partners, who according to Neowin started receiving Windows builds a few weeks ago. A public “Technical Preview” is expected to arrive later this month or early next month.
Via The Verge
Tuesday, September 2, 2014
Oops! Microsoft accidentally teases Windows 9 'coming soon' on social media
Brad Chacos@BradChacos
- Sep 2, 2014 6:12 AM
Brad Chacos Senior Writer, PCWorld
Brad Chacos spends the days jamming to Spotify, digging through desktop PCs and covering everything from BYOD tablets to DIY tesla coils.
More by Brad Chacos
Microsoft's internal censors seem to be sleeping on the job this year. In June, the Surface Pro 3 manual included several references to a small-screen Surface Mini despite the fact that a small-screen Surface Mini was never actually released. And now, as rumors of Windows 9 swirl, Microsoft China appears to have confirmed the impending reveal.
Posting to Weibo—a Chinese social media site—Microsoft China posed its followers a question: "Microsoft’s latest OS Windows 9 is coming soon, do you think the start menu at the left bottom will make a comeback?" (Translation courtesy of The Verge.)
Oops. And not just because Microsoft has already announced the return of the Start menu.
The post was accompanied by a screenshot of a Windows 9 logo mock-up by Shy Designs, seen above. Microsoft China appears to have quickly realized the error of its ways, as the Weibo message has since been removed, though not before Cnbeta noticed and first reported it.
Several reports from oft-reliable sources say Microsoft is prepared to announce Windows 9 in "technical preview" form at the end of September or early in October, just before Windows 7 PCs disappear from store shelves, though Microsoft itself has yet to confirm it. Leaks suggest Windows 9 will better let a PC be a PC and a tablet be a tablet, bringing several mouse-friendly changes to the desktop and possibly killing the desktop completely in tablets and phones powered by mobile ARM processors.
If Windows 9 is indeed incoming—and Microsoft China's slip-up suggests it is—we have some suggestions for features we'd want to see. But one of the most crucial improvements Microsoft needs to make ASAP has nothing to do with the core operating system itself: The company needs to clean up the Windows Store pronto if it ever hopes to make Metro apps viable on the desktop. Fortunately, Microsoft's already taking its first tentative steps towards fixing the mess.
Friday, August 15, 2014
Create a Smart Home
Be Home... Wherever You Are
Create a safer, smarter home with SmartThings
Sign up to learn more and get a promo code
“With easy-to-install sensors, wide product compatibility, and no monthly fees, SmartThings gets home automation right.” -Ry Crist, CNET, 12/18/13
“The cleverly designed SmartThings app uses video to walk you through the process of connecting each device and assigning tasks to it.” -Dan Tynan, Yahoo! Tech
“The best software of the lot, by far, was SmartThings. With it, you build commands around specific needs and moments.” -Geoffrey A. Fowler, The Wall Street Journal
“SmartThings is a smart home system that's actually worth buying.” - Tyler Wells Lynch, Reviewed.com a division of USA Today
“The great thing about the SmartThings world is that they’ve created an easy-to-use ecosystem that is growing everyday, and they’ve built plenty of flexibility into both the hub and the app.” -Steven Sande, The Unofficial Apple Weblog
Power in the Palm of Your Hand.
SmartThings lets you control, monitor, and automate your home from wherever you are by using your smartphone. Control lights and electronics, get notifications when people come and go, adjust temperature and music, and trigger your home to automatically react to your daily patterns and preferences. Best of all, there are no contracts, monthly fees, or closed plans–just easy DIY installation that anyone can set up in 15 minutes.
One App. One Hub. Limitless Possibilities.
Our free easy-to-use smartphone app works on iOS and Android devices and is compatible with hundreds of smart devices from a variety of manufacturers. Once you have a SmartThings Hub and the app, you can add as many other popular smart devices as you want to create a fully connected smart home.
- As Featured On -
© 2014 Physical Graph Corporation. All Rights Reserved. Terms of Use | Privacy Policy
Thursday, January 23, 2014
How to restore your SSD to peak performance
- Jan 16, 2014 3:30 AM
Jon L. JacobiFreelance Writer, PCWorld
Back in the days when mechanical hard drives with spinning platters were the norm, you could simply hand your old hard drive to a deserving relative or friend as an upgrade, get a thank you, and call it a day. It’s not so simple with today’s solid-state drives.
In many cases, used SSDs simply aren’t as fast as newer ones. The biggest issue in retasking, reselling, or even maintaining an SSD for a prolonged period stems from an inconvenient characteristic of NAND flash memory: Previously written cells must be erased before they can be rewritten with new data. If the SSD is forced to reuse cells rather than use new ones while storing data, performance will plummet.
To avoid this problem with NAND flash memory, modern SSD controllers use a number of tricks, including building in extra capacity that users can’t touch—a technique known as over-provisioning. There’s also a command called TRIM that tells an SSD when blocks of memory are no longer needed and can be consolidated and erased.
Sounds good, right? But there’s a catch.
Better in theory than in practice
Intel NAND memory inside an Intel enterprise-class X-25E Extreme SATA SSD.
Not all garbage collection (as the cleaning up of an SSD’s NAND is known) is created equal. It doesn’t run constantly, and some older operating systems don’t even support the TRIM command. As such, more “used” NAND cells are left hanging around on your SSD than you’d suspect, according to nearly every vendor and data-recovery specialist I consulted
After prolonged use, these idle cells can add up to a big hit on your SSD’s performance. That’s not good.
Simply deleting files and repartitioning and formatting your drive won’t do the trick, however, as those operations take place at levels above where true garbage collection occurs. In fact, due to the total absence of utilities that force complete garbage collection, there’s only one way to return an SSD to pristine, like-new condition—the ATA secure-erase command.
Secure erase to the rescue
Secure erase, a function built into every ATA-based drive since 2001, erases everything on a drive and marks the cells as empty, restoring the drive to factory-fresh default performance.
Once upon a time, you could invoke secure erase only via command-line utilities such as Linux’s HDparam or the DOS-based HDDerase, developed by the University of California San Diego (with funding from the NSA, incidentally). But now, many SSD and hard-drive vendors provide a free utility—such as OCZ’s ToolBox, Samsung’s Magician, or Seagate’s SeaTools—that provides a secure erase capability.
Note that while the command is standard, many vendor utilities work only with their company’s products. If your vendor doesn’t provide a secure-erase command, you can use the DriveErase utility found in the stellar Parted Magic software.
Got all that? Good. Here’s how to restore your SSD to top performance, step by step.
How to restore your SSD to peak performance
First things first: If you have data on the SSD you’d like to retain, back it up. If you’re worried only about backing up files, simply drag and drop them onto a flash drive or external hard drive, or use your favorite backup program.
If you have a working operating system that you’d like to keep, however, use an imaging program such as Acronis True Image or R-Drive Image that copies everything. Do not use Windows System Recovery unless you’re restoring the data to the same drive. It won’t restore to a smaller drive and it sometimes hiccups even with a similar-size drive that has plenty of room.
Next, download the drive utility provided by your SSD vendor, or snag Parted Magic.
Before you get down to brass tacks, disconnect all other drives and boot from a flash drive to perform the erase procedure, to avoid accidentally overwriting the wrong drive. Parted Magic is a great option for this, since it works as a bootable flash drive. If disconnecting your other hard drives is too much hassle, make darn sure you’ve selected the correct drive to erase throughout this procedure. Secure erase is irrevocable.
Now run the secure-erase function. The exact method varies by program. PCWorld’s guide to securely erasing your hard drive explains how to activate secure erase in Parted Magic, which runs on a bootable flash drive. Some SSDs implement the enhanced version of secure erase by default—which also deletes the drive’s housekeeping data—but if an enhanced erase option is available, you might want to use it. Definitely use it if you’ve been doing work for the CIA.
Parted Magic contains all the tools you need to restore an SSD to top performance.
The secure-erase process should take just a few minutes on a modern SSD. (Traditional hard drives can take hours, by comparison.)
Once the process is done, repartition and format the drive if you intend to copy data back to it. Parted Magic handily provides a full partition editor for this purpose, but you can use Windows’ own Drive Management utility (Control Panel > System and Security > Administrative Tools > Create and format hard disk partitions) to do the same task. Most commonly, you’ll want to use the full capacity of the SSD in a single partition and format it as NTFS.
Once that’s done, you’re good to go. Dump any data you may have saved back onto the drive and bask in the super-speeds of your good-as-new SSD. Check out PCWorld’s guide to prolonging the life of your SSD to keep your drive humming along for years to come
Wednesday, September 11, 2013
Windows 8.1 Tip: Move the Location of the SkyDrive Folder
Relax, this one's easy
Sep. 10, 2013 Paul Thurrott
While most agree that the further integration of SkyDrive into Windows 8.1 is a good thing, some have been griping that there's no way to change the location of the SkyDrive folder. But it turns out you can very easily change where your SkyDrive files sync. You just need to know the secret.
As a recap, Microsoft has integrated SkyDrive more deeply than ever in Windows 8.1. As I wrote previously in Hands-On with Windows 8.1: SkyDrive Integration, SkyDrive file sync is on by default and can be managed from a new PC Settings-based interface. No separately installable app is required.
But there is a downside to this integration. With the previous solution, the SkyDrive desktop app, you could configure where SkyDrive synced its files. On modern PC devices with relatively small amounts of solid state storage, the inability to do so in Windows 8.1 can be an issue. Before, you could tell SkyDrive to sync to micro-SD storage or some other location.
But it turns out you can do this in Windows 8.1, too. You just can't do it from that shiny new PC Settings interface.
Instead, you can configure this from the good old Windows desktop. In the default This PC view, right-click on SkyDrive in the navigation pane and select Properties. Then, navigate to the Location tab. Yep, this is the place.
To change the location where SkyDrive syncs its files, simply click the Move button and choose a new location. It's that simple.
Sunday, August 18, 2013
Windows 8.1 + ModernMix
Stardock helps make our transition to the mobile future a lot easier
Aug. 18, 2013
Ever since Microsoft released the Windows 8.1 Preview back in June, readers have asked me whether Stardock’s useful utilities like ModernMix and Start8 will work with the new OS version. With the recent leak of a near final Windows 8.1 build, I decided to test ModernMix on my daily-use PC. And I think this is going to be a very useful transition tool indeed.
I think it’s fair to say that Windows 8 has presented a certain challenge to many if not most of the 1.5 billion Windows users worldwide. The cause is obvious: Windows 8 is a “touch-first” version of Windows that ships with its first-ever mobile environment, originally called Metro. And this new Metro environment was unceremoniously and awkwardly tacked onto the classic Windows desktop. The result is a disjointed experience that is optimized for neither touch nor mouse and keyboard.
Enter Windows 8.1. This very major update to Windows 8 (and RT) provides users with the OS that Microsoft should have shipped originally. Windows 8.1 includes major improvements to both the Metro and desktop environments, making this system a far better fit for those users that prefer either. It also eases the transition between the two, which is important because Windows will be moving further down that mobile path in future releases as the desktop is deemphasized and then made optional or removed.
Depending on your mindset, that future is either dystopian or utopian, but let’s not get bogged down in things we can’t change today. For now, we have Windows 8, imperfect as it is, and Windows 8.1, which finally offers some apps—like the improved Mail, Calendar and Xbox Music, among others—that are good enough that even desktop users should start paying attention. But doing so on traditional (non-touch) PCs is still a bit awkward, despite the useful advances in Windows 8.1
Enter Stardock. This Michigan-based firm has been around for over 20 years and been developing useful Windows-based utilities for years. With the advent of Windows 8, Stardock has stepped up to the plate and released a series of very useful products that help ease the transition to Windows 8 and make this less-than-optimal system work the way Windows users expect.
I’ve written about a few Stardock utilities in the recent past, including ModernMix (Windows 8 Tip: Run Metro Apps in Windows on the Desktop) and Start8 (Windows 8 Tip: Boot Directly to the Desktop with Start8) and recommend both highly. But now that I am using a near-final version of Windows 8.1, I find myself curious about using some of those new app versions at home, on my desktop set up (which is currently a jury-rigged Surface Pro docked to a large desktop display, keyboard, mouse and other peripherals, but is normally a tower PC). The thing is, these full-screen apps, good as they are, still don’t work well on such a PC configuration.
So I’ve been using ModernMix to see whether this utility can help cross that final divide between the future (mobile apps) and the present (my desktop PC with keyboard and mouse). And though there are a few bugs that I attribute to the pre-release nature of Windows 8.1, the answer is … yes. Most definitely.
New Windows 8.1 apps running in windows on the desktop
ModernMix provides what I think is a better “mix” (hence the name, presumably) of mobile apps and desktop. It lets you run Windows mobile apps (Mail, Calendar, Xbox Music, etc.) in windows on the Windows desktop, just like real desktop applications. This means they can float, be resized, be pinned to the taskbar, and so on.
What’s interesting is that ModernMix is so mature that it’s smart about how these apps work. I’ve pinned Xbox Music to the desktop, for example, and when I launch it from there it runs in a window as I want. But if I launch the app from the Start screen—which I might do when out and about in the world with the Surface, now used as a tablet—it will run normally, in full-screen mode. Which is also what I want.
This dual-mode use is why ModernMix is so useful as a transition tool. Yes, if you’re just going to use Metro apps on a desktop PC, you may simply want them to run in a window. But if you’re transitioning to this mobile future, not just through software but with a hybrid mobile device like a Surface, Lenovo Yoga, or whatever, you can have it both ways.
Choice is good. And while I applaud the changes Microsoft has made in Windows 8.1, some people will always believe that they’ll never go far enough. For those, and for any user that simply wants an easier transition from the desktop systems they’ve spent over 15 years using, ModernMix is a great (and, at $4.99, inexpensive) option.
Monday, August 12, 2013
Ten Immutable Laws Of Security
The 10 Immutable Laws
Law #1: If a bad guy can persuade you to run his program on your computer, it's not solely your computer anymore.
Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore.
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore.
Law #4: If you allow a bad guy to run active content in your website, it's not your website any more.
Law #5: Weak passwords trump strong security.
Law #6: A computer is only as secure as the administrator is trustworthy.
Law #7: Encrypted data is only as secure as its decryption key.
Law #8: An out-of-date antimalware scanner is only marginally better than no scanner at all.
Law #9: Absolute anonymity isn't practically achievable, online or offline.
Law #10: Technology is not a panacea.
Law #1:If a bad guy can persuade you to run his program on your computer, it's not solely your computer anymore
It's an unfortunate fact of computer science: when a computer program runs, it will do what it's programmed to do, even if it's programmed to be harmful. When you choose to run a program, you are making a decision to turn over a certain level of control of your computer to it -- often anything up to the limits of what you yourself can do on the computer (and sometimes beyond). It could monitor your keystrokes and send them to criminals eager for the information. It could open every document on the computer, and change the word "will" to "won't" in all of them. It could send rude emails to all your friends. It could install a virus. It could create a "back door" that lets someone remotely control your computer. It could relay a bad guy’s attack on someone else’s computers. Or it could just reformat your hard drive.
That's why it's important never to run a program from an untrusted source, and to limit the ability of others to make that decision for you on your computer. There's a nice analogy between running a program and eating a sandwich. If a stranger walked up to you and handed you a sandwich, would you eat it? Probably not. How about if your best friend gave you a sandwich? Maybe you would, maybe you wouldn't—it depends on whether she made it or found it lying in the street. Apply the same critical thought to a program that you would to a sandwich, and you'll usually be safe.
Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore
In the end, an operating system is just a series of ones and zeroes that, when interpreted by the processor, cause the computer to do certain things. Change the ones and zeroes, and it will do something different. Where are the ones and zeroes stored? On the computer, right along with everything else! They're just files, and if other people who use the computer are permitted to change those files, it's "game over.”
To understand why, consider that operating system files are among the most trusted ones on the computer, and they generally run with system-level privileges. That is, they can do absolutely anything. Among other things, they're trusted to manage user accounts, handle password changes, and enforce the rules governing who can do what on the computer. If a bad guy can change them, the now-untrustworthy files will do his bidding, and there's no limit to what he can do. He can steal passwords, make himself an administrator on the computer, or add entirely new functions to the operating system. To prevent this type of attack, make sure that the system files (and the registry, for that matter) are well protected. In modern operating systems, default settings largely prevent anyone but administrators from making such bedrock changes. Preventing rogue programs from gaining administrative-level access is the best way of protecting the operating system. That’s best accomplished by not operating your computer from an account with administrative privileges except when specific tasks make it absolutely necessary – and logging out of that high-privilege mode as quickly as possible once your task is complete. Home users should consider creating an “everyday” account set to operate with standard-level user permissions. On those relatively rare occasions when you really do need to make big changes, you can log into the administrative account, do whatever needs to be done, and switch back to the safer account when you’re finished.
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore
Oh, the things a bad guy can do if he can lay his hands on your computer! Here's a sampling, going from Stone Age to Space Age:
- He could mount the ultimate low-tech denial of service attack, and smash your computer with a sledgehammer.
- He could unplug the computer, haul it out of your building, and hold it for ransom.
- He could boot the computer from removable media, and reformat your hard drive. But wait, you say, I've configured the BIOS on my computer to prompt for a password when I turn the power on. No problem – if he can open the case and get his hands on the system hardware, he could just replace the BIOS chip. (Actually, there are even easier ways).
- He could remove the hard drive from your computer, install it into his computer, and read any unencrypted data.
- He could duplicate your hard drive and take it back to his lair. Once there, he'd have all the time in the world to conduct brute-force attacks, such as trying every possible logon or decryption password. Programs are available to automate this and, given enough time, it's almost certain that he would succeed. Once that happens, Laws #1 and #2 above apply.
- He could add a recording device or transmitter to your keyboard, then monitor everything you type including your passwords.
Always make sure that a computer is physically protected in a way that's consistent with its value—and remember that the value of a computer includes not just the value of the hardware itself, but the value of the data on it, and the value of the access to your network that a bad guy could gain. At a minimum, business-critical computers such as domain controllers, database servers, and print/file servers should always be in a locked room that only people charged with administration and maintenance can access. But you may want to consider protecting other computers as well, and potentially using additional measures to guard their physical integrity.
If you travel with a laptop or other portable computer, it's absolutely critical that you protect it. The same features that make them great to travel with – small size, light weight, and so forth – also make them easy to steal. There are a variety of locks and alarms available for laptops, some models let you remove the hard drive and carry it with you, and almost all can be used with extremely small, extremely portable storage – e.g. USB thumb drives – for storing your data while you travel. You also can use features such as drive encryption available in most modern operating systems to mitigate the damage if someone succeeded in stealing the computer, or to retain some confidence in its protection if it’s taken from you in an unexpected bag check or unfriendly border crossing. If the computer walks off or is lost, you’ll still need to address the loss of the hardware, but it’ll be harder for your data to be disclosed without your knowledge. But the only way you can know with 100% certainty that your data is safe and the hardware hasn't been tampered with, is to keep them on your person at all times while traveling.
Law #4: If you allow a bad guy to run active content on your website or online application, it's not your website any more
In Law #1, a bad guy tricks you into downloading a harmful program and running it, giving him control over your computer and its data – at least as much control as you had. But what about the reverse: if he can upload active content – programs, scripts, or even documents and pictures designed to crash peoples’ computers in specific ways – and have them served from your website or online application? Your site becomes his platform for reaching out to capture data from site visitors or harm their computers, or reaching inward towards other systems that support your site.
If you run a website or hosted applications, you need to limit what visitors can do. Some sites provide an open forum for people to upload and distribute software, code or configurations – and that’s fine as long as visitors understand Law #1 and the risks that come along with their downloads. But if the bad guy’s uploaded programs actually run on your server or in the browser of visitors, he effectively own your site and can impersonate you. Worse, the bad guy could gain your rights to the underlying systems, and might find a way to extend his control to the servers, data storage or network itself. If your site is on shared infrastructure or a cloud-based service, this can put other sites and data at risk, and potentially create interesting liabilities for yourself and other people.
A properly administered site host or cloud service will have taken many of these risks into account and will disallow scripts or programs uploaded to the service from affecting other accounts that happen to share the same resources. Just the same, you should only allow a program to run on your site or as part of your application if you wrote it yourself or if you trust the developer who wrote it, and make sure your operations and maintenance processes don’t run afoul of the host administrator’s security policies.
Law #5: Weak passwords trump strong security
The purpose of having a logon process is to establish who you are. Once the operating system knows who you are, it can grant or deny requests for system resources appropriately. If a bad guy learns your password, he can log on as you. In fact, as far as the operating system is concerned, he is you. Whatever you can do on the system, he can do as well, because he is you. Maybe he wants to read sensitive information you've stored on your computer, like your e-mail. Maybe you have more privileges on the network than he does, and being you will let him do things he normally couldn't. Or maybe he just wants to do something malicious and blame it on you. In any case, it's worth protecting your credentials.
Always use a password on your computer—it's amazing how many accounts have blank passwords. And develop a complex one. Don't use your dog's name, your anniversary date, the name of the local football team, or QWERTY / 12345 / other basic keyboard patterns – and avoid using single “dictionary words” (that is, words that can be looked up in the dictionary). And don't use the word "password!" Build a password that has a mix of upper- and lower-case letters, numbers, punctuation marks, and so forth. Make it as long as possible; consider using two words in combination. (If you speak multiple languages, you might choose to mix tongues in your password for extra complexity.) And change it often.
Once you've picked a strong password, handle it appropriately. Don't write it down. If you absolutely must write it down, at the very least keep it in a safe, a locked drawer, or perhaps deep in your wallet—the first thing a bad guy who's hunting for passwords will do is check for a yellow sticky note on the side of your screen, or in the top desk drawer. Don't tell anyone what your password is, and don’t ask for theirs. Managers, kids, and even IT helpdesk staff should rarely if ever ask for your password. Modern operating systems and programs allow you to give other people permission to see and use your files, without giving out your password so they can impersonate you. Remember what Ben Franklin said: two people can keep a secret, but only if one of them is dead.
If you have accounts for multiple computers and online services, you’ll need to balance requirements for unique and strong passwords, yet limit how many passwords you have to remember. For accounts that give access to your most critical information – financial accounts, regulated personal data, sensitive work access, and primary email accounts to name a few – use a unique password for each one, and follow their access management policies. If you’re awash in multiple accounts that gather little personal information and have low value if lost, such as news sites that require free registration, consider developing one reasonably strong password and reusing it for most or all of them.
Finally, consider using something stronger than – and in addition to – passwords to identify yourself to the system. Windows, for instance, supports the use of smart cards, which significantly strengthens the account checking the system can perform. You may also want to consider biometric products such as fingerprint and retina scanners. “Two-factor authentication” of this sort incorporates not only something you know (your password) but something you own (a card) or even something you are (a person with your unique fingerprint or retina) – dramatically increasing authentication strength.
Law #6: A computer is only as secure as the administrator is trustworthy
Every computer must have an administrator: someone who can install software, configure the operating system, add and manage user accounts, establish security policies, and handle all the other management tasks associated with keeping a computer up and running. By definition, these tasks require that the individual have control over the computer. This puts the administrator in a position of unequalled power. An untrustworthy administrator can negate every other security measure you've taken. He can change the permissions on the computer, modify the system security policies, install malicious software, add bogus users, or do any of a million other things. He can subvert virtually any protective measure in the operating system, because he controls it. Worst of all, he can cover his tracks. If you have an untrustworthy administrator, you have absolutely no security.
When hiring a system administrator, recognize the position of trust that administrators occupy, and only hire people who warrant that trust. Call his references, and ask them about his previous work record, especially with regard to any security incidents at previous employers. If appropriate for your organization, you may also consider taking a step that banks and other security-conscious companies do, and require that your administrators pass a complete background check at hiring time, and at periodic intervals afterward. Whatever criteria you select, apply them across the board. Don't give anyone administrative privileges on your network unless they've been vetted – and this includes temporary employees and contractors.
Next, take steps to help keep honest people honest. Use sign-in/sign-out sheets or log access badge swipes to track who's been in the server room. (You do have a server room with a locked door, right? If not, re-read Law #3). Implement a "two person" rule when installing or upgrading software. Diversify management tasks as much as possible, as a way of minimizing how much power any one administrator has. Also, don't use the Administrator account—instead, give each administrator a separate account with administrative privileges, so you can tell who's doing what. Many industries require audit logs documenting all activities on covered business systems; audit trails can’t stop rogue admins from running amok, but they can record who did what if a problem is discovered later, and enforce a sense of individual accountability. Finally, consider taking steps to make it more difficult for a rogue administrator to cover his tracks. For instance, store audit data on write-only media, or house System A's audit data on System B, and make sure that the two systems have different administrators. The more accountable your administrators are, the less likely you are to have problems.
Law #7: Encrypted data is only as secure as its decryption key
Suppose you installed the biggest, strongest, most secure lock in the world on your front door, but you put the key under the front door mat. It wouldn't really matter how strong the lock is, would it? The critical factor would be the weak way the key was protected, because if a burglar could find it, he'd have everything he needed to open the lock. Encrypted data works the same way—no matter how strong the crypto algorithm is, the data is only as safe as the key that can decrypt it.
Many operating systems and cryptographic software products give you an option to store cryptographic keys on the computer. The advantage is convenience – you don't have to handle the key – but it comes at the cost of security. Simply put, no matter how well the keys are hidden on the system, the software has to be able to find them – and if it can, so can a sufficiently motivated bad guy.
A better solution is to store them in a protected repository. For instance, the Trusted Platform Module (TPM) chip that’s present on most computers is designed to strongly protect cryptographic keys, and release them only when a PIN is entered. Smart cards provide similar protection, and their portability means that you can also physically separate them from the computer. But the best “protected repository” is your brain – if the key is a word or phrase, memorize it.
Law #8: An out-of-date malware scanner is only marginally better than no malware scanner at all
Antimalware scanners work by comparing the data on your computer against a collection of malware "signatures." Each signature is characteristic of a particular malware family, and when the scanner finds data in a file, email or elsewhere that matches the signature, it concludes that it's found trouble. It's vital that you keep your malware scanner's signature file up-to-date, as new malware is created every day.
The problem actually goes a bit deeper than this, though. Typically, malware will do the greatest amount of damage during the early stages of its life, precisely because antimalware programs will not be able to detect it, let alone remove it. Once word gets around that new malware is on the loose and people update their signatures, the propagation of the problem falls off as protections spread through the ecosystem. The key is to get ahead of the curve, and have updated signature files on your computer before the malware reaches your machine.
Virtually every maker of antimalware software provides a way to get free updated signature files from their website or from a dedicated update service. In fact, many have "push" services, in which they'll send notification every time a new signature file is released – several times a day, if necessary. Use these services. Also, keep the malware scanner itself—that is, the scanning software that uses the signature files—updated as well. Malware writers regularly develop new techniques and variations that require that scanners change how they do their work.
Law #9: Absolute anonymity isn't practically achievable, online or offline
All human interaction involves exchanging data of some kind. If someone weaves enough of that data together, they can identify you. Think about all the information that a person can glean in just a short conversation with you: In one glance, they can gauge your height, weight, and approximate age. Your accent will probably tell them what country you're from, and may even tell them what region of the country. If you talk about anything other than the weather, you'll probably tell them something about your family, your interests, where you live, and what you do for a living. It doesn't take long for someone to collect enough information to figure out who you are. If you use any payment system other than cash or any transportation other than your own two feet, you leave a trail of data breadcrumbs that can be used to reconstruct a personally identifiable “portrait” of you with remarkable accuracy. If you crave absolute anonymity, your best bet is to live in a cave and shun all human contact.
The same thing is true of the Internet. If you visit a website, the owner can, if he's sufficiently motivated, find out who you are. After all, the ones and zeroes that make up the Web session have to be able to find their way to the right place, and that place is your computer. There are a lot of measures you can take to disguise the bits, and the more of them you use, the more thoroughly the bits will be disguised. For instance, you could use network address translation to mask your actual IP address, subscribe to an anonymizing service that launders bits by relaying them from one end of the ether to the other, use a different ISP account for different purposes, surf certain sites only from public kiosks, and so on. All of these make it more difficult to determine who you are, but none of them make it impossible. Do you know for certain who operates the anonymizing service? Maybe it's the same person who owns the website you just visited! Or what about that innocuous website you visited yesterday, that offered to mail you a free $10 off coupon? Maybe the owner is willing to share information with other website owners. If so, the second website owner may be able to correlate the information from the two sites and determine who you are. And anonymity is even less achievable when you factor in location data, which is gathered perpetually by mobile phones and often enough by Web sites, mapping your machine’s IP address to a real-world location with pretty decent accuracy.
Does this mean that privacy is a lost cause? Not at all. Governments along with public and private entities continue to wrestle with how best to balance the need for personal data privacy with other concerns. What it means is that the best way for you to protect your privacy on the Internet is the same as the way you protect your privacy in normal life—through your behavior. Read the privacy statements on the websites you visit, and only do business with those whose data-sharing practices you understand and agree with. If sites you visit allow you to determine how and with whom information about you will be shared, learn how to adjust those settings and check yours regularly. If you're worried about cookies, disable them. Most importantly, remember that information shared by or about you online is only as safe as the least protective, least enforced privacy policies and settings with which it comes into contact. But if it's complete and total anonymity you want, better start looking for that cave.
Law #10: Technology is not a panacea
Technology can do some amazing things. Recent years have seen the development of ever-cheaper and more powerful hardware, software that harnesses that hardware to open new vistas for computer users, and services that change our expectations for both, as well as advancements in cryptography and other sciences. It's tempting to believe that technology can deliver a risk-free world if we just work hard enough. However, this is simply not realistic.
Perfect security requires a level of perfection that simply doesn't exist, and in fact isn't likely to ever exist. This is true for software as well as virtually all fields of human interest. Software development is an imperfect science, and all software has bugs. Some of them can be exploited to cause security breaches. That's just a fact of life. But even if software could be made perfect, it wouldn't solve the problem entirely. Most attacks involve, to one degree or another, some manipulation of human nature, a process usually referred to as social engineering. Raise the cost and difficulty of attacking security technology, and bad guys respond by shifting their focus away from the technology and toward the human being at the console. It's vital that you understand your role in maintaining solid security, or you could become the chink in your own systems' armor.
The solution is to recognize two essential points. First, security consists of both technology and policy—that is, it's the combination of the technology and how it's used that ultimately determines how secure your systems are. Second, security is a journey, not a destination—it isn't a problem that can be "solved" once and for all, but a constant series of moves and countermoves between the good guys and the bad guys. The key is to ensure that you have good security awareness and exercise sound judgment. There are resources available to help you do this. The Technet website, for instance, has hundreds of white papers, best practices guides, checklists and tools, and we're developing more all the time. Combine great technology with sound judgment, and you'll have more effective security.
Friday, August 2, 2013
How to Fix a Cracked Touch Screen Phone
Even if you're super-careful with your phone, accidents happen. Sometimes that beautiful touchscreen phone takes a fall and the glass cracks.
Today, we'll show you how to remove the glass from a touchscreen phone (in this case, a Samsung Galaxy S3), then apply a new piece of glass on it. We are not removing the actual display or digitizer. A digitizer is what actually recognizes your inputs. Burke McQuinn came by to show us how he repaired his cracked Galaxy S3. He consulted the forums at XDA Developers to provide a guide.
Materials
You will need a replacement piece of glass, goggles, a heat source, a prying tool, microfiber cloth, some tape, and time.
You can find a replacement piece of glass on Amazon. You can even get kits that include prying tools. Example kits: ProKit for Galaxy S3 |Replacement Glass Kit by NewerStone.
Before You Start
Before you begin taking apart your phone, back up the phone if you can in case you damage the phone. After that, take out the battery and MicroSD card if you have one installed.
Removing the Glass
To remove the glass, we will use a heat gun to melt the glue that affixes the glass to the digitizer and then pry off the glass.
For our heat source, we used a heat gun. You can probably get away with using a hair dryer if you don't have one. We checked on the temperature of the glass periodically using a thermometer and tried to keep the temperature around 200 degrees Fahrenheit (roughly 93 degrees Celsius).
From there we pried the glass away from the digitizer using a prying tool in the corner of the S3. The one we used is called iSesamo, which is a metal prying tool. This can cause more scratching of your device if you're not careful. You can opt to use a plastic prying device like theoOpener.
Burke then heated around the border of the glass prying up each part slowly and keeping the glass away from the digitizer using plastic razor blades.
Use caution when removing the glass from the bottom of the device where the home button is. There is a small ribbon that flanks the home button. It controls the two capacitive buttons on the Galaxy S3. You don't want to damage that.
Replacing the Glass
Once the glass is removed, you'll want to clean off the digitizer of any excess glue. Burke wore latex gloves used painter's tape to remove any dust and remnants of broken glass on the screen. You could use a microfiber cloth to clean off the screen before you replace the glass. You want the screen as clean as possible, but don't damage it with too much pressure.
Burke applied the glass from the bottom of the device, carefully placing the ribbon under the glass. Then he heated the new glass to affix the glass to the device. Then you just have to let the phone cool off before you use it.
Test Your Results
Once your phone is cooled off, reinstall your battery and test out your handiwork. With the new glass, Burke's phone worked flawlessly.