Lusu's Blog

Backup Windows Server R2 to a Network Share and Retain Previous Backups

2012-01-20T08:44:00.000+02:00

If you ever tried to configure the new Windows Server Backup (WSB) to make backups of your server on a network share, you'll be notified that only the last backup will be retained and the previous one will be deleted. Period. There is nothing you can do about this... or is it?
While everyone is shouting at Microsoft that they can't create a proper backup system, I have to disagree. The mew WBS which replaced NTBackup is far more powerful than its predecessor. I admit, it has its own limitations and flaws, nothing is perfect though. There are indeed technical restrictions with the current design that prevent the new system to keep multiple backups. Maybe a future version will improve this.

Let's us go back to our problem... WSB is doing a nice backup job to a network share and it is able to restore it using the installation DVD in case of a major failure directly from the network share, if you backed up the system state of course. So here we have to be creative in order to keep multiple backups o a regular schedule... Let's unleash the power of the command line interface to WSB...

Create a batch file with the following content:


@echo off
setlocal
set currentdate=%date:/=-%
set target=\\backupserver\backups\
set log=%target%backup log %computername% %currentdate%.txt
set errorlog=%target%backup error log %computername% %currentdate%.txt
set backuptarget=%target%WindowsImageBackup\%computername%
set desiredtarget=%target%%computername% - %currentdate%
(
 wbadmin start backup -allCritical -systemState -vssFull -backupTarget:%target% -user:myuser -password:mypassword -include:d: -quiet
 move "%backuptarget%" "%desiredtarget%"
) 1>>"%log%" 2>>"%errorlog%"
endlocal

So what is this code do? First of all it sets up the variables needed then invokes the backup operation. After the backup is completed the backup folder is taken out of the original location and renamed to contain the backup date.

You will have to adjust the highlighted values to suit your own environment. Schedule this batch file as you wish using Windows Task Scheduler and you're done. Since you do the scheduling, you will also bypass the limitation of the WBS scheduling which is only once per day, every day. Note though that since I do not added the time to the folder name this batch file cannot be scheduled to run more than one time per day. However, you can schedule it to run only on weekends if you wish...

All you have to do now is to watch the backup server for disk space and delete old, unneeded backups.

To restore a given version, you will have to copy the day backup back into the WindowsImageBackup folder and remove the date. I did not renamed the WindowsImageBackup folder itself because to this location I backup multiple servers.

So here is the file/folder structure after a backup:

DC1 - Fri 01-20-2012\
DC2 - Fri 01-20-2012\
WindowsImageBackup\

backup error log DC1 Fri 01-20-2012.txt
backup error log DC2 Fri 01-20-2012.txt
backup log DC1 Fri 01-20-2012.txt
backup log DC2 Fri 01-20-2012.txt
As you can see the following are created for each server (names are DC1 and DC2 here):

The backup folder for each server with the added date
An error log file (all errors will be dumped here)
A log file of the backup (all non-error messages will be dumped here)

(I've listed one day only for two servers, but the full picture will contain multiple days of course)

So if I want to restore for example DC1 from Fri 01-20-2012 for example, I need to do the following steps:

Copy or move the folder "DC1 - Fri 01-20-2012" back to WindowsImageBackup
Rename the copy to read "DC1" by removing the date component
Perform the restore

Hope this helps you.

The new Bing Webmaster Tools to debut soon

2010-06-10T16:22:00.000+03:00

Microsoft is chasing Google with this one. It will offer a "Webmaster Tools" site which is similar with the Google's one.

The Bing Webmaster team held a session showed a preview of the next version of Bing Webmaster Tools, Microsoft’s no-cost toolset for webmasters and search engine optimizers (SEOs). Bing Webmaster Tools were rebuilt from the ground up to offer more data, including a new user interface and enhanced charting functionality.

The new Bing Webmaster Tools remain web-based, and basic functionality is available through most web browsers. They are very useful for search engine optimization or SEO.

To achieve the full potential of the new Bing Webmaster Tools user experience, you’ll want to install Microsoft Silverlight 4.0. Silverlight is a browser plug-in that helps organizations design, develop, and deliver rich applications and experiences on the Web. Silverlight works across multiple browsers, platforms, and devices, including the Mac OS, Windows and Linux operating system.

The Bing Webmaster team chose to focus on three key areas of interest to webmasters: Crawl, Index, and Traffic. Each area will offer detailed data going back as far as six months with dynamic charting capabilities, enabling webmasters to focus on the timeline trends that are most meaningful to them.

A key, new feature to Bing Webmaster Tools is Index Explorer, a tree-view that enables webmasters to see at a glance all of the crawling and index data for their website.

Bing Webmaster Tools has added a feature to Submit URLs that allows website owners & bloggers to send Bing a list of URLs that should be prioritized.

The Bing Webmaster Tools not only give webmasters control of what content to add to the Bing index, but the new Block URLs tool gives webmasters control over what content to block from the SERPs.

Source: http://www.thewindowsclub.com/

New widespread spam with PDF exploit

2010-06-09T12:57:00.001+03:00

The antivirus labs are currently seeing a spam run pushing a PDF exploit. The emails look like this:

From: random addresses
To: random recipients
Subject: New Resume

Please review my CV, Thank You!

Attachment: resume.pdf

This PDF attachment it's attempting to use the PDF /launch feature. The PDF's MD5 is cff871a36828866de1f42574be016bb8. If allowed to run, the exploit will drop an alureon/dnschanger trojan.

Beware of attachments from spam mails, even the files with non-executable extensions could be dangerous.

New blog location

2010-05-28T16:40:00.003+03:00

The main address of the blog is now http://blog.lusu.ro/. The old one http://lusutheghost.blogspot.com/ will continue to exist but will be redirected to the main one.

Nice Firefox bug

2009-11-10T12:11:00.003+02:00

Hi,

Take the following HTML:


[html]
[body onload="document.getElementById('a').innerHTML = '[input type=\'text\'/]';"]
[div id="a"][/div]
[input type="text"/]
[/body]
[/html]

(of course replace "[" with "<" and "]" with ">")

Open that in Firefox. Write something in the first input and press F5... see what happens... the value you just entered is now in the second input!

Add as many inputs and the shifting still occurs on all of them...

Beware of Michael Jackson Malware

2009-06-29T13:12:00.002+03:00

There has been a couple of malware attacks that have tried to use the news coverage of the death of Michael Jackson as the lure to get people infected.

The malware is a file called Michael-www.google.com.exe. This file was distributed through a site called photos-google.com, photo-msn.org, facebook-photo.net and orkut-images.com. Do not visit these sites.

When executed, Michael-www.google.com.exe drops files called reptile.exe and winudp.exe. These are IRC bots with backdoor capability. The file also shows a fake error message "Picture can not be displayed.".

The virus is detected as Trojan.Win32.Buzus.bjyo by major antiviruses.

Security for Me: Social Network Passwords for Job Applications?

2009-06-24T11:54:00.004+03:00

A recent news article from CNN shows that the city of Bozeman, Montana, USA, has been pressured into removing an item in its background-check waiver form requesting all applicants for to disclose their account names and passwords for social networking websites such as Facebook, MySpace and Youtube.

Now, who in the right mind would do that really give up their log-in details? I bet they provide fake ones or just ignored the request...

My advice if you ever encounter this: this is privacy invasion. Do not disclose them in any way to anyone. Just reply if being asked "my personal life has nothing to do with my professional one and my private credentials are my own and they do not make subject of your concern".

It is common for employers to read applicants blogs before an interview (this happened to me also), but they usually inform you about that. This statement was addressed to me recently and it was quite pertinent: "I have read your blog located at lusuthegost.blogspot.com and saw this remark of yours ... Can you detail this for me?". That one is normal and expected especially since I have included the blog address in my CV. If you wonder why did I ever do that is because my posts are related to security, Windows and programming and it shows some community activity which counts to some extend for a job application.

Security for Me: Applications

2009-06-23T11:00:00.000+03:00

It's time to go back to blogging, this time with a interesting topic for non-advanced users. You may ask why I link applications with security. The answer to this is simple: any application can be exploited by hackers to gain control over your computer and/or steal you confidential information. Did I said "any"? Yes, any, read on.

How do they do it?

Any application has (the technically called) buffers and stacks as part of they normal operation. If the developers of that application forget to add a test or two, the attacker can use that information and overflow them causing the content to "spill out" over the original application code. When this happens, the original code is overwritten by the malicious code and... voila!

Now... don't get paranoid and consider every application as a threat. Usually they are secured and regularly updated. Hackers tend to attack popular applications such as WinAmp, iTunes etc. because it makes sense to attack an application that is used by several million users than to attack an application that is only used by one thousand users.

However, be suspicious about your online programs (chats, browsers, file sharing etc.) and security ones (antiviruses, anti-spyware etc.) and make sure they are up-to-date always. If you wonder why I say to be suspicious about your security programs then keep in mind this: if they are not up-to-date they may not see a new threat and, worse, they can be exploited big time.

What can you do to stay protected?

Update your applications to their latest versions. Some of them provide mechanisms to automatically check for updates so leave that option active. If there is no such option in your program just remember now and then to visit the vendor site and check manually for a new version.

Alternatively, use a tool such as F-Secure Health Check (http://support.f-secure.com/enu/home/onlineservices/fshc/front.html) that provides an automated verification method. I am not affiliated in any way with them, this is not a commercial. F-Secure is a company that provides security products such as anti-viruses and it is well respected and deserves credit for their free tools.

Should I be worried?

Not really, but keep in mind those ideas and think twice before disabling automatic updates to any application and operating system... Make a habit of updating applications to the latest versions and read for yourself some security news blogs to be up-to-date with current major threats.

Security for Me: Internet Surfing

2007-11-06T01:36:00.000+02:00

One of the biggest problems today is to surf the Internet safely. Contrary to some may think, Internet surfing is not safe unless you personally take care of some things.

Why it is unsafe? Because you can access by mistake a site that has malicious intents and that use vulnerabilities in your browser to install on your computer some viruses or spyware, to crash your system completely or to steal your credit card information or other personal data.

So you need to make it safe...

First: always use the latest version of your browser. Internet Explorer is currently at version 7 for Windows XP and newer and it is still at version 6 for Windows 2000 and lower. However that one is safe too. Firefox updates more often, current version at the date of this post is 2.0.0.9. Other browsers also update regularly, so check their vendor sites.
Second: always install the patches for your browser and you operating system. While browser patches are obvious in the sense that they fix problems with your browser, the operating system patches are not so obvious. In short, it may not be a problem with your browser at all, but a problem in your system that can be exploited via your browser.
Third: install an anti-spyware and an antivirus. See my article regarding those issues at http://lusutheghost.blogspot.com/2007/11/security-for-me-antivirus-programs.html
Forth: keep away of strange or suspicious sites. Your browser usually notifies you that a site is malicious and blocks it by default. Please read carefully what your browser is reporting before continuing. Some antispyware and antivirus software may also block some sites. Take their advice and leave that site immediately. However if the antivirus kicks in, the site is automatically blocked with no chance to continue on it, which is a good thing.

There is the myth that Internet Explorer is not as safe as Firefox. Unfortunately this is exactly backwards (but things are improving). Opera is in fact the fastest and the most secure Internet browser. Don't take my word on it (as some my say that I am a Microsoft fan...), take what experts are saying. A good article, with quality and reliable sources is http://mywebpages.comcast.net/SupportCD/FirefoxMyths.html

Another thing is to be very, very, careful when entering your credentials (passwords, credit card details etc.) in forms on various sites. Please double check the site and its intent before proceeding. There are lots of legitimate sites that for example process your credit cards in order to sell you something online, and this is good. But there are even more sites that pretend to sell you something (like man potency pills, "original" software or quality watch replicas at incredible low prices) but in fact they simply steal your information so they can empty your account. No legitimate site will ask your credit card pin code! If you encounter such site leave immediately!

Also some banks offer online banking services where you have to authenticate with either a security device (one time code generators), with security certificates or with one time scratch codes. The later are not so secure as some sites may trick you in providing the next 10 codes in order to "verify your identity". Big mistake to provide those!

Do you have any other tips? Please feel free to comment and share with everyone!

Security for Me: Antivirus Programs

2007-11-05T00:35:00.000+02:00

I was thinking in explaining to you what an antivirus software is, but Wikipedia does it better in this article: http://en.wikipedia.org/wiki/Antivirus_software. It is an excellent one, take my word on it. Anyway, in short an antivirus software tries to detect and remove several types of malware. Therefore the best way to protect against such threats is to play a little defense on your own.

First, whenever you install an OS, do it with the network cable (if any) disconnected! (well, unless you do a network install...). Viruses are so versatile those days that they can infect your computer while it is still installing. Yes, that does happened! No kidding! How it is that possible? Easy... The OS will activate the network card so it can set it up and configure it. The firewall is usually down and there are no patches installed at this point... This is the critical point actually.
Second, always patch your computer! Turn on Automatic Updates in your OS! This is crucial so the updates get installed before a virus hits you on a known vulnerability. Personally, as an "advanced user" I have the Automatic Updates set to notify me about the patches but not download nor install them until I say so... This way I have a chance to review them. But I know what I am doing, and most of the people don't have a clue what a "buffer overflow that could allow remote code execution" is... So, if you fall in the second category, just leave the settings to automatic download and automatic install.
Third, keep your firewall running! Read my article on firewalls intro: http://lusutheghost.blogspot.com/2007/07/security-for-me-firewalls.html
Forth, keep the antivirus software running and up to date! Leave the automatically updates feature of the antivirus on! Read the instructions on how to do that (it is on by default anyway). Not sure what antivirus to use? Try AVG free. I am not affiliated with them in any way, but the product is good so I recommend it.
Fifth, virus is not the same as spyware! So keep an antispyware program running. I recommend Spybot Search & Destroy. Again, I am not affiliated...
And finally, keep your mouse cursor away of warning windows that pop up saying that your computer is infected so you need to download the antivirus "X" to clean it. And I mean that! There is nothing wrong with your computer. Those are misleading messages to trick you and manually download and infect yourself with a nasty piece of virus or spyware. Your antivirus software may warn you with a popup that a virus is found, BUT, it will report the file name, the virus found and will NOT instruct you to download anything!

Well... I kind of deviated from the subject, but nevertheless, this info is useful after all... So to go back to antiviruses... what defines a good antivirus? No matter which one you use, if it is up to date then it is a good antivirus! No joke about that, seriously. Keep it up to date and you won't have too much trouble...

Security for Me: Firewalls

2007-07-09T22:31:00.000+03:00

Firewalls? What in the world are they? If you look up in Wikipedia you find: "A firewall is a hardware or software device which is configured to permit, deny or proxy data through a computer network which has different levels of trust." Huh? Of course... is something too complicated for you... or? No, it is not. And it is crucial for your computer.

To put it very simple, a firewall is a program that runs on your computer, or a piece of dedicated equipment, that does one thing only: protect your computer or home (or business, why not?) network from unauthorized and unwanted access, while in the same time gives you access to the Internet. It does that by intercepting the information received or sent by your computer before it can do any harm. Therefore, if a connection is not permitted, your computer will never even notice it (except the firewall software of course).

Windows and other operating systems come with built-in firewalls that nowadays are already turned on by the manufacturer. You should never disable it unless:

you really know what you are doing (you are an expert or similar)
your computer is protected by another firewall, like a DLS, ADSL, PPPoE or other broadband router that is recently manufactured and has an active firewall, or even another computer that is securing your network
you are not connected to Internet in any way (it is an isolated network)

Even so, I don't recommend turning it off... never ever... Of course that I recommend to install a better security product that has a better firewall that the built-in one and I never recommend 2 active firewalls on the same machine as they can do more damage than prevent it.

Also, never attach a computer to a network and to the Internet unless the firewall is active.

Parody Songs

2007-05-31T00:09:00.002+03:00

Here are some parody songs that I find very funny...

Shakira - "Whatever, Don't Matter" (Shake Your Money Maker)
Shakira - "Translation" (Subtitles Required)
Shakira - "Whenever, Whatever"
Britney Spears featuring Madonna - "Me Against Madonna" (In My Zone)
Christina Aguilera - "Virginal" (From the CD: Ho No Mo')
Nelly Furtado & Timbaland - "Syphilis Girl"
Katy Perry - "I Kicked a Girl" (Warning: Domestic Violence!)
Eminem - "What's on TV"

The others listed here were removed from YouTube... too bad... they were so funny...

Security For Me: Broadband @ Home

2007-04-10T16:36:00.000+03:00

Got broadband at home? Sure you do! Whatever your connection is, DSL, ADSL, fiber optic etc. you are on a broadband connection. However this means something verry interesting... your computer is part of the local area network of your provider! How come? Basically, when you connect the broadband device it connects to a server (or a central point) at the provider location and puts you on the Internet. But this happens with all users of that provider and being connected directly to the same point it means that the computers will "talk" with eachother at very high speeds (at the maximum bandwidth of your connection). Some providers even use "town speed" and "Internet speed" (usually the fiber optic providers do that, something like 50 Mbps in the town and 1 Mbps in the rest of the world). For such providers, sky is the limit in the speed that 2 clients talk with each other (by the way, a wireless connection in the G band works at 54 Mbps). Now imagine a virus. The infected computer will attempt to infect your computer at very high speeds and it may succeed. You don't want that, do you?
Another problem is that some providers link you to a local switch. All users on that switch can use it at maximum capacity. For example, my own connection is a simple PPPoE one and I have an Ethernet cable coming into my home directly from the local building switch which in direct link to the "area switch" which connects to the fiber optic backbone. With the people in my area I can talk at 100 Mbps... meaning 10x the speed of my home router.
Did I said "home router"? Yes I did! This little device which costs less than 100 USD allows me to connect my desktops and my laptop (via a secured wireless link) to the Internet. As I said before I have an Ethernet cable to connect to the provider. However this is not important at all. I could have a DSL modem and that modem would be then connected to my router.
In our days the routers do an excellent job at protecting your network (if set up in the right way, and they come secured out of the box, but read below). No matter what broadband connection you have, a hardware based device that among others is a hardware based firewall, will secure your network very good. Some DSL and ADSL modems come with a built-in router so you don't need a second one unless you want to go wireless but some modems have that too.
So how do you connect all those? Case 1: without a router:
Provider --- modem --- computer
A modem connects you to the provider network; you may not have it at all if you have a fiber optic connection like I have (my case is: Provider --- computer). The big disadvantage of that modem is that it does not protect your computer, it simply does a media conversion from USB or Ethernet to the provider connection like a DSL line. To secure it just do this case 2:
Provider --- modem --- router --- computer
Insert the router between the modem and your computer. The router has the advantage of allowing you to share the connection to more than one computer.
If your modem has a built in router it already looks like:
Provider --- modem/router --- computer
so you can already share the connection and be secured at the same time.
If you don't have enough free Ethernet ports in the router (or modem/router) just put a normal switch in the picture. The routers allow you usually to connect directly (by expanding the number of ports with switches) 254 computers.
You may want to say that you do have a firewall on your OS. Sure, if you do, turn it ON! Although it does not make sense to have a double firewall, it may protect your computer from the others in your home network. And you want that too.
So how secured is your router? If you don't mess up the setting, very secured. However, some routers come with management ports wide open, so you have to close those by hand. To see what ports you have open, use a site like www.grc.com which will scan your computer (actually your router because it "is in the way"). If you don't use a router then at least turn on the OS firewall or a 3rd party one...
I won't go into details any further. Any more details I will discuss in the comments as replies to your questions. If I see a particular interest on a subject I will consider dedicating it a whole post.

Security For Me: Intro

2007-04-10T16:27:00.000+03:00

OK, I know that I was busy and I still am, but I am "cooking something"... the "Security for me" post series. What is all about? How security fits in in every day life, being computer based or not.
First of all I will start by saying why I am doing this. I read somewhere a wise quote (sorry, but I don't remember who said it first): "A false sense of security is worst than having no security at all". So what does it mean? How came that no security is better? Because if you think that you are secure you simply ignore it. Plain and simple. You just don't bother to check that security is in place and how up to date it is. Having no security at all makes you think twice because you know you are not secured. Starting from this I plan to write some security posts that will make you realize the importance of security on one hand and how can you make sure you are secured on the other.
Without any more boring intro, I will now write the first article.

Save the Laptop From Liquids

2007-03-03T13:57:00.000+02:00

Rule #1: Don’t drink and type!

If you're tempted to down a soda, water, glass of wine, coffee, or other liquid while typing away at your keyboard, you may end up paying the ultimate price - liquid spilled into your computer from an accidental knock, a few drips or a dropped cup. If this happens, don't panic. Instead, follow these simple instructions as quickly as you can to try to salvage your computer.

Shut it off! Immediately remove the battery and the A/C adapter! The biggest danger at first is the device shorting out.
Turn it upside down immediately to stop the liquid from traveling deeper into the laptop.
Disconnect and remove any and all external devices (while the laptop is still upside down).
Clean up any part of the spill you can get to. Use paper towels or any absorbent material that is lint-free.
Inspect the keyboard. Some keyboards are designed to protect the internals from liquids. Pour out any liquid contained in a keyboard enclosure.
Wipe up anything sticky. This may include the screen, the keys on the keyboard, and any buttons. Use a clean, slightly dampened, lint-free cloth.
Let it restLet it dry. Be completely sure that the parts are dry before you put back the batery or the A/C adapter.

Warnings!

Whatever you do, DO NOT power your laptop on to check if everything is OK. Give the laptop at least 24 hours to dry completely on its own before attempting any sort of power on at all.
Water and electricity do not mix! Make sure all power is off.
If you choose to let the spill dry without cleaning, be aware that any acid present will slowly "eat" the circuit boards, until the device fails.

The power of DIR

2007-02-05T19:19:00.000+02:00

Did you know that the DIR commmand can provide extra information to you? Take the /q switch... it will show you the owner of a file:


C:\>dir /q c*.*
Volume in drive C is System...
03/22/2006 01:06 PM 0 BUILTIN\Administrators CONFIG.SYS

1 File(s) 0 bytes

As you can see you have the owner of the file at a glance (BUILTIN\Administrators) in this case.
Another useful switch may be /b which will display only the file names without any other information, so you can redirect the list to a file in order to obtain file lists.
The /s switch will recurse the subdirectories and display the wole folder structure.
Of course that there are other switches to DIR... discover them yourself by typing DIR /?...

Andreea's Messages

2007-02-03T02:14:00.000+02:00

Andreea has recorded with the help of a national television 2 messages (in English and Romanian) for her fans that support her in her petition. Those messages are online on Youtube at:
http://www.youtube.com/watch?v=lxOgNDxFuCY (English)
http://www.youtube.com/watch?v=K2V_snS9PtY (Romanian)

Also, I've upgraded the petition at her site to contain also English texts...

Petition for Andreea

2007-02-02T00:22:00.000+02:00

Today I helped Andreea Raducan launch her petition to get her gold medal that was taken back at Sydney. I am with her on this petition all the way. The petition is online at http://www.andreearaducan.ro/ (Romanian only for now) and in less than one hour after the site was up, there were already 20 signatures (and we didn't even announced the petition web address...). Let's hope we will get millions soon...

Update: the site was updated to include also the English translation for better word wide coverage.

ways Internet Explorer 7 helps you get more done

2007-01-19T19:07:00.000+02:00

Here is a summary of an article found on Microsoft's site (original link). It explains the benefits of IE7 over its predecessors, not over other browsers like you may think. Anyway, my personal tip to you: whatever browser you use, make sure you use the latest version and you always apply the released patches...

1. Find what you need more quickly with tabbed browsing - allows people to manage multiple Web sites from within one browsing window
2. Eliminate printing mishaps with advanced printing features - Remember the last time you tried to print a Web site page? Remember how annoying it was to see that half the information was cut off on the right or left margin? That problem is gone with IE7. Pages will shrink text just enough to ensure the entire page prints properly. Plus, from within Print Preview, you can now adjust Web page margins, change the page layout, remove headers and footers, and increase or decrease the print space as desired. Sure, this one saves time, but it saves me money, too: no more wasted paper!
3. Search the Web directly from the IE7 toolbar - In IE7, if you look for the little Windows flag icon in the upper-right corner that sometimes waves endlessly as IE6 works away, you will never find it. That's because it's been removed to make room for the Instant Search Box. This handy new feature will save time, trust me. It allows you to choose a search provider from a drop-down list (MSN is the default search engine) and lets you add new providers to the list. No more opening new windows or sites when one search engine doesn't return a satisfactory search. Instead, you just select another provider from the menu and IE7 remembers the search term and transfers it to the new search engine you've chosen.
4. Save time with improved RSS Feed support - If you like to surf the Web for news or other changing information, this next IE7 enhancement will also save you a lot of time. Chances are that you've seen the little buttons such as, "Get your RSS feed now!" on your favorite news or sports Web site. If you don't use one of these feeds yet, you probably will at some point because it's becoming popular. RSS feeds allow you to have personalized news, sports or shopping links, headlines, and summaries delivered directly to your desktop. You can subscribe to as many feeds as you wish, and then read them at your leisure all in one place without visiting individual Web sites. IE7 improvements let even mere people read the RSS feed directly in the browser. Instead of surfing individual Web sites for information, just scan the feed for stories that interest you. When you're on a site in IE7, if the RSS Feed icon is illuminated, it means the site offers a feed. Click on the icon, and you can subscribe to the RSS feed by clicking the Add/Subscribe button.
5. Stop being bait with the new Phishing Filter - One of the latest buzzwords on the Internet is "phishing." Anyone who has e-mail and uses the Internet is a potential victim, so listen up. Phishing occurs when an e-mail is sent falsely claiming to be an established, legitimate enterprise. You've probably gotten one of those e-mail messages already: It directs you to visit a Web site, often has an official logo, and asks you to update credit and other personal information. The motive behind it? To trick you into visiting a bogus Web site that you think is authentic and scam you into releasing personal information that will be stolen and used for illegitimate purposes. The sender is sending bait to thousands, hoping a few fish take it. Hence, the term "phishing," a variation on the leisure sport. In IE7, a new Phishing Filter consolidates the latest industry information about fraudulent Web sites several times an hour and warns you when you attempt to visit a potentially untrustworthy site. A security status bar at the top of the IE window pops up in yellow for potential problems, and in red if the Web site is a confirmed phishing destination. If the threat level is red, you will be automatically navigated away from that site. Phishing Filter helps limit security problems. This is primarily a good thing for individuals but businesses will benefit as well: Employees will be less likely to accidentally share business financial information with nefarious sources in the course of their job. With so many of us doing business online these days, it's a good bet that businesses are at high risk for phishing attacks. Busy employees could easily see one of these e-mail messages as a quick request from a vendor, for example, and poof! There goes your business information.

Launch System Restore from a command prompt in Windows XP

2006-12-07T11:06:00.000+02:00

It's not unusual to use System Restore to fix strange Windows XP system behavior—but depending on how damaged your system seems to be, you may need to call for more advanced measures. Here's how to launch System Restore from a command prompt.
If your Windows XP system begins acting strange, a typical fix is to use System Restore to remove any system changes made since the last time you created a Restore Point. However, what if the problem is so bad that you can't start Windows XP normally, or even start the system in Safe Mode?
The good news is you can run System Restore from a command prompt. Here's how:

Restart your computer and press [F8] during the initial startup.
When you see the Windows Advanced Options Menu, select the Safe Mode with a Command Prompt option.
Select the Windows XP operating system.
Log on to your computer with an administrator account or with an account that has administrator credentials.
Type the following command at a command prompt:C:\windows\system32\restore\rstrui.exe

When you see the System Restore window, the graphics may look odd, but you can still follow the onscreen instructions to restore your computer to an earlier state.

Animusic

2006-12-01T18:18:00.000+02:00

Few days ago I received a video with some incredible balls flying around and hitting things and make beautiful music. I checked this out and it turned to be a piece of the song "Pipe Dreams" by Animusic. I do not want this to be a commercial to them, so I let you see them on YouTube. As I did not uploaded them and since I don't host them, I don't violate any copyrights (I hope)... Animusic is selling out 2 DVDs that supposed to contain the high quality versions plus more if you are interested. But since I don't want to give them free publicity, I will just provide the links to the collections bellow:

I also found this one, but it is not part of the original DVDs:

Animusic - More Bells And Whistles

I hope I have all the links right, but if I didn't please let me know...

Parked Domain, Reserved Domain...

2006-11-17T11:14:00.000+02:00

You may have heard those terms before, but what do they mean? Let's see some terms:

Reserved Domain - is a domain that was purchased but was not set up. Those type of domains do not exist practically, but nobody can buy them any more.
Parked Domain - is a domain that exists only to be out on top of another one. Basically, when such domain is requested, the underlying hosting domain is returned. Parked domains usually do not have subdomains (except for the standard WWW one)
Active Domain - is a fully functional domain, it can have subdomains, mail servers etc.
Expired Domain - is a previously reserved, parked or active domain that has its registration expired and the registrar has locked it out until the owner pays again or until it will be erased. Usually the expired domains are used to give the owner a grace period to renew it.
Domain Lock - is a setting in the registrar database that prevents unauthorised changes to it. Only unlocked domains can be transferred from one registrar to another.

Hope some terms are not more clear...

Robots and Blogs

2006-11-03T18:36:00.000+02:00

I just cannot pass this post... You know already that I have a profile on Technorati. Well... following the link to see who is linking to my blog, I've found this one: http://blagsta.com/blogging-for-money/ that is actually a collection of posts from other users. Somehow they crawl automatically for all posts containing the word "AdSense" in it.
I bet that after few hours this post is published, it will be shown in that blog. Good think is that they link to the original post, so giving this I cannot tell if this is a good or a bad thing. I actually don't mind yet about this because: (1) they link to my original posts and (2) they generate links to my blog and therefore traffic. And I didn't do anything for that, they found it on their own. I will keep monitoring the links and see if things go another way...

MSDN Briefing and SIAB in Brasov

2006-11-03T18:07:00.000+02:00

Yesterday I've posted about day one in the article TechNet Briefing Brasov. Today was the second day from the Microsoft Days here in Brasov. This day was focusing on developers, so lots of code was shown. I will not reproduce it here, but I will go a little bit through the ideas there.
Basically it focused on .NET framework version 3.0. It should be called 2.1 or 2.5, but for marketing reasons at Microsoft it is called 3.0. Why? because we have this simple equation:
.NET 3.0 = .NET 2.0 (CLR 2.0) + WCF (Windows Communication Foundation) + WS (Windows Workflow Foundation) + WPF (Windows Presentation Foundation) + InfoCard.
So as you can see 3.0 is just 2.0 on steroids.
In short, WCF is a powerful communication layer which can use SOAP, web services, TCP/IP, .NET Remoting etc. to communicate between 2 endpoints (client and server usually). However, the big news is that you can change the underlying communication provider and hoster just by changing the config file. Neat, isn't it? It can also self-host the services, deploy over IIS etc. So, Microsoft took the best (or let's say major) standards and put them all together under one roof.
WS is an engine to work with and execute workflows. It supports both sequential and state-based workflows.
WPF is actually the known XAML.
InfoCard is something similar to the Microsoft Passport, but much, much evolved and quite different. The idea is that it is much more secured and easy to use, and it does not require (though it can use) a centralized provider like the Passport does.

Another discussion was about the new Office file formats, which are basically a ZIP archive containing XML files and any binary-format objects that are embedded (like pictures). It is also very extensible and pragmatically you have the sky as the limit.

Also some examples of how to develop Vista-friendly applications were shown, but I cannot reproduce the demos here.

The second part of the day focused on the same subjects but from an architect level...

Playing With AdSense Spam

2006-11-03T08:02:00.000+02:00

First of all... this is not spam from Google or the official AdSense team. I went to one of those "Get rich with AdSense" sites I was talking about in my post "AdSense Heaven?" and put in my "name" and e-mail address. Actually instead of the name I put in "Ivebeenspamed" (that's "I've been spamed" if you missed it, I took the idea from The Noob Commic). Now of course... I receive spam from that site. Whatever they say it was free, with big text and lots of fuss, was actually a "sub product" of another big one. As I said... tricks to get your money.
Now that spam tries to sell me stuff and it is providing me with rubbish information that can, if I take it for granted, get me in trouble with AdSense. However, some of the "tips" got my attention because parts of them are quite true (I bolded the "true" part of then). However, do not take those for granted as tips! They are snippets from a junk mail! Here is the one that has the most truth in it:

2. Junk Sites Get Junk Income
Your site must have good content that can
attract users on its own merit. There are a lot of different strategies
available for producing good content for your site. You'll need to use them if you want to create the sort of site that makes real money. Don't build junky sites, because they'll just bring you junky (meaning, "not very much")
income.

Well... this is it. See how a spamer tricks users? They present to you half truth and whole lies...

Technet Briefing Brasov

2006-11-02T18:12:00.000+02:00

As promised I write about Microsoft Days in my town. I attended today the TechNet Briefing, but since I didn't have an available Internet connection I could not blog live. So, let's take it step by step.

First it started with a quick intro and then a local partner (no advertising here but they are called 2Net) had a speaker telling about his company. Direct advertising if you ask me. They offered keyboards to "key partners" as "presents". Go figure... but the list was 22 companies long.

Then the local communities were presented. I am a member of one of them, and they are quite legit, so I am glad that they were presented. I admit that Microsoft is still helping them with sponsorships and logistics, but what the heck, those are the local communities that use and promote their products. Without any other fuss, here they are: Ronua, ITBoard, SQLServer and ProFox.

The first TechNet presentation was about SBS 2003 R2 (Small Business Server 2003 R2). I'll
highlight what I think is interesting: it is based on Windows 2003 SP1 and not 2003 R2, it incorporates Exchange 2003 and Web Share Services. It comes in 2 flavours: Standard and Premium. The Premium version has as extra SQL Server 2005 Workgroup Edition, Internet and Security Acceleration (ISA) Server 2004 and Office FrontPage 2003. The rest is the same. The recommended prices are 606 USD and 1315 USD respectively.

The second presentation was about the security in Windows Vista. That was by far the most interesting presentation for me. They introduced with Vista the "Improved Security Development Cycle". This is a defensive programming technique that by design gets rid of the "standard" attack vectors like buffer overflow. It also means that the Microsoft Security Team has veto rights over it. In other words any security flaw will stop the product from being released. I am truly impressed about this.
Another security improvement is that services run with far less security privileges. This means that if a service is compromised by an attacker or a virus, it is restricted big time to what the service is allowed to do... mainly nothing. This comes handy with the next improvement: all windows services are profiled for allowed actions. In other words each service must declare upfront what they need to be allowed to do, like the list of files they need to write or computers they need to connect to. So? So considering the previous improvement, those two combined will constrain the malicious code as much as possible and the damage will be minimal.
They also introduced several run levels (0, 100, 200, 300, 400 and 500) where level 0 is fully restricted and level 500 is absolute power. Each level can write down and read up. They are not allowed to write data to an upper level. So if a process is running at level 300 (user context and user desktop) it will not affect anything on level 400 (services level) or 500 (admin level). This means that any user application cannot change the services and cannot change the system. Worst it can do is mess up the user documents.
Big deal is also that not even the administrators run with administrative privileges. What? Yup! you read right, and it is logical when you think about it. Most users are administrators on their machines which means that they can mess up the entire system by mistake or by means of a malicious program. When an administrative task needs to be done, the user is asked for explicit user permissions. This is done by a window that runs in level 500, which means that it can be interacted with only from the keyboard and/or the mouse. No application or service can access it since it is in an upper level (remember that the desktop is on level 300 and the services are on level 400). Of course that this behaviour can be disabled, but I don't recommend it. Actually the administrators have a split security token, one with regular user privileges and one with the admin ones but which is granted only after that "pesky level 500 window" (namely the user at the keyboard) is giving the OK. Also, if an application is known as malware, that level 500 window will have only... the Cancel button. Handy, isn't it?
The firewall got bidirectional in Vista. That means that rules can be defined for outgoing connections too, not only for the inbound ones. It also has direct, built-in, IPSEC supports.
There are many improvements too. I will mention just one more: The GINA is... gone!

The 3rd one was about deployment of Vista. Here I will not get in details at all.

The 4th presentation was about Exchange 2007. The bad news is that it works on 64-bit processors only. However it can be evaluated on 32-bits ones too.
It comes with 5 possible roles: Edge Transport, Hub Transport, Mailbox, Client Access and Unified messaging. The last 4 roles can be hosted by the same server. There are also 4 mailbox types: users, rooms, equipments and linked. I will not get in the details of those.
A big improvement is that users and groups can be created directly from the Exchange Management Console. Also the new Exchange Server Shell (a command line management console) can do everything the GUI can do (including deleting all mailboxes...)
Also, when Outlook Web Access (OWA) is used, all links to the local servers are identified and the documents they point to are accessible for the user from where ever he/she is, all this over Internet. OWA is implemented with the AJAX technology and it features auto complete and fast searches.

The day ended with an Q&A session. Now let's see the two events from tomorrow...

Late and Working

2006-10-29T12:17:00.000+02:00

... could describe what I am doing all day and night long. And this is the reason why I cannot write so often any more on the blog. Oh well, better fewer articles but with high quality than many and with poor quality. This post is one of the second category... I just wanted to let you know.

Anyway, this situation will not stay here for long (I hope... since I never know what tomorrow will bring).

On November 2nd and 3rd I will go to Microsoft Days here in my town. I will get back to this topic afterwards. If there will be an Internet connection available I will blog live.

AdSense Heaven?

2006-10-24T22:49:00.000+03:00

OK, some of you may already know about Google AdSense. Wow! What a great idea! Well... actually it really is. But there is a catch... You need to provide high quality content to your site so you can:

generate more traffic on your site (more visitors)

get higher CPC (Cost-Per-Click) ads on your site

1^st will increase your CTR (Click-Through-Rate) on ads, therefore your revenues, and 2^nd will increase the revenues per single clicks. Thus combined you can make a great deal of money just by running the site.
However, providing such site to the public is challenging. And don't cheat! Follow the TOS (Terms Of Service) "by the book" or you will for sure get banned.
There are a number of articles describing how you can optimize CTR by following some rules like:

positioning of ads on the page - there are researches that indicates the hot-spots for ad clicks

blending the ads into the page by manipulating the color scheme in which the ads are shown (such as the ones on my business site)

... and not last, lots of experimenting

I suggest for a beginner to look first into the official Google AdSense FAQ and forums. They provide all those tips in details.
Now the "heaven" part... If you surf the Internet you will find lots of sites that sell you stuff for "increasing" the revenues on AdSense. Such "products" are:

books and articles, usually collections of how-tos (some of them refered as "the black book of AdSense", which show you all sorts of tricks that are in clear violation with TOS)

software for site promotion and monitoring (which may be violating the TOS, thus get you baned)

ready-made sites or site collections, "already optimized for AdSense" (which by the way, Google knows about and will eventually get you baned)

affiliate programs that will increase your site rank (which may for the moment, however Google is "hunting" those type of sites and... assigns them negative ranks, so in the end your rank is lowered)

And they are many more out there. They all look fancy and promising and most of all they look "fool-prof". This is not the case. There is no such thing as an "AdSense Heaven" coming from such products. Most of them have a single purpose: find fools to click on the ads in their pages and buy they products (all which will only generate revenues to the site owners, not to you). Google has all sorts of algorithms that raise red flags to the teams in certain cases, such as:

sudden increase of site traffic

spikes in CTR (normal variation is OK, spikes almost always raise red flags)

As my recommendation, read first the official AdSense forum. Look at others problems and transpose them in ideas and warnings for your own site. A red flag from Google is a very bad thing for your whole program. Better to avoid it.
And the golden rule is: do not spend time optimizing AdSense revenues, spend this time optimizing your site content, writing good quality articles and satisfying visitors/customers. Do not get blinded by the shining descriptions of whatever third parties. Chances is that if they are not listed by the official AdSense documentation they are in direct violation with TOS. Good quality sites generate in the end good quality ads, with high CPC and high CTR.
However! Some products may be 100% legit! So, do the necessary research before, and if in doubt mail Google or ask in the official AdSense forum. Better safe than sorry!

Google Toolbar Button Available

2006-10-23T16:41:00.000+03:00

I've created a button for Google Toolbar. I've also put that to the button gallery, I wait for it to show up in there.
To install it just click here and it will install automatically.

A Little Fun...

2006-10-21T14:13:00.000+03:00

... does not hurt anyone ;) If you know what a MMORPG is, then you may want to read the 220 (and coming) episodes of the comic "The Noob" located at http://www.thenoobcomic.com/daily/strip001.html. Once I've started, I could not stop reading... I staid up until over 2 AM to finish the story... Now that's a laugh...
And being a programmer I was thinking in making a 3d animation of the slides and publish the movie on YouTube, but the work involved is too much for me as I don't have the required time... Maybe someone else has it...

Create Strong Passwords in XP

2006-10-19T13:23:00.000+03:00

Here is an interesting article I've found on the net (on TechRepublic).
Computer users consistently use very simplistic logic when creating passwords. For example, many of us choose meaningful words, personal dates, or a word commonly found in the dictionary because it makes the password easy to remember. These common practices cause us to sacrifice the security that passwords are intended to provide.
If you're really at a loss when it comes to thinking of a strong password, you can let Windows XP create and assign a random password to your account. To let Windows XP generate your password, follow these steps. (Warning: Before you follow these steps, please be sure that you are paying careful attention and are ready to actually use a password that might not be as memorable as you're accustomed to! Also, you cannot use this tip on a Windows Server domain.)
Open a Command Prompt window and type:
net user user_name /random
Windows XP will randomly generate a secure password, as well as assign that strong password to your account. Windows XP will also display the strong password so you can remember it.
At your discretion, you may want to create a Password Reset Disk at this point. This disk will allow you to gain access to your computer in the event you forget your password. Here's how to create the disk:
Open the Control Panel and double-click the User Accounts tool. Click your account icon. Select Prevent A Forgotten Password under Related Tasks. Follow the instructions provided by the wizard.

Firefox and Unicode

2006-10-16T15:18:00.000+03:00

Firefox (version 1.5.0.7 at least) is sometimes really stupid...
Scenario:
- file 1, HTML, saved in UNICODE (FFFE marker)
- file 2, CSS, saved in plain ANSI
- file 3, JS #1, saved in plain ANSI
- file 4, JS #2, saved in UNICODE (FFFE marker)
What would happend in Firefox? It will apply the UNICODE encoding from the HTML file to... all of the 4 files, resulting in the CSS and the JS #1 to be garbage after such decoding and therefore not usable by Firefox. Only the JS #2 is decoded OK since it is in the same UNICODE encoding in the first place.
I've found this after hours of "stupid debugging" (== change the code just to see "what if", even when you know the outcome)... My resolution? Save the HTML file in plain ANSI and... voila! It works!
All this time, Internet Explorer worked OK...

Service Controller Control from Command Prompt

2006-10-13T14:28:00.000+03:00

Again with XP commands... "sc" is a command line program used for communicating with the NT Service Controller and services.
Some commands based on sc are:
sc /query - displays the list of services and information about their state and flags
sc /queryex - displays the list of services and the extended information about their state and flags
sc /start service_name same as net start service_name; starts a service
Similar the /pause, /continue and /stop switches will pause, resume and stop a service
Now comes the interesting part...
sc /delete service_name deletes a service from registry
sc /create service_name creates a service into registry
To get extended help type sc at the command prompt...

System Information

2006-10-11T14:45:00.000+03:00

In XP there is a nice utility called "winmsd" which is a handy system information tool... It provides a not-so-basic level hardware and software information. Of course it cannot compete with professional system information tools, but the provided information should be enough for a quick overview or diagnostics. And after all... it comes with XP...

Kill Processes from Command Prompt

2006-10-10T14:34:00.004+03:00

Yes, you can do that in Windows XP. The command for that is "tskill" (Terminal Services End Process Utility). For example:
tskill mspaint - will kill all Paint windows
tskill 1234 - will kill the specified process
The switch /v will output some extra information (verbose mode) like:

C:\WINDOWS\system32>tskill mspaint /v
End Process(208)
End Process(3656)

Now sky is the limit...
Note: it does not work in Windows 2000 and I didn't checked in Windows 2003. Let me know if it works on it and on Vista.

Update June, 24 2009

There is another tool as other have commented: taskkill. I have studied it a bit, and in turn it is much more complex than tskill. It can terminate processes on remote systems as well. Just type taskkill /? and read the help. To my example how to kill mspaint, here is the required syntax:

C:\>taskkill /im mspaint.exe
SUCCESS: The process "mspaint.exe" with PID 8836 has been terminated.
SUCCESS: The process "mspaint.exe" with PID 7612 has been terminated.
SUCCESS: The process "mspaint.exe" with PID 9036 has been terminated.

or if you know the process id:

C:\>taskkill /pid 7760
SUCCESS: The process with PID 7760 has been terminated.

For Windows 2000 users:

The techniques that I’ll be showing you involve using the TLIST and the KILL command. These commands are a part of the Windows Support Tools, which are not installed by default. Instead, these tools are kept on the Windows 2000 installation CD until you manually install them. Installing the support tools requires a little over 18 MB of hard disk space.To install the Windows Support Tools, log on as an administrator and insert your Windows 2000 installation CD. When you see the Windows 2000 splash screen, select the Browse This CD option. When the browse window opens, navigate through the CD’s directory to the \SUPPORT\TOOLS directory. Next, run the SETUP.EXE program.

With the support tools installed, without looking to Task Manager, a way of determining the process ID is by opening a Command Prompt window and entering the TLIST command.

The command line syntax of the KILL command is as follows:
KILL [-F] < >

As you’ve probably already figured out, the PID is the process ID and the pattern is the name of the process. Therefore, you can shut down a process by simply entering the KILL command followed by one of the two parameters. For example:

kill 2304

kill mspaint

The -F switch parameter will force a process to shut down. "Most of the time, you won’t want to use the -F switch. It’s intended for emergency use only." But that's the point right? To kill the process...

You can actually use the KILL command combined with the -F parameter to shut down critical systems services, thus resulting in the Blue Screen of Death. Coincidentally, several years ago I was at Microsoft’s TechEd conference, and one of the speakers had developed a virus based on the KILL -F command. He had used a common utility to create a service that issued the KILL -F command followed by the name of a critical system service. He then configured his service in a way that would cause it to load on startup. The result was that every time the machine would boot, it would instantly go to the Blue Screen of Death because he was killing a low level service. The only way that the speaker was able to undo the damage was to use ERD Commander to disable the virus service from outside of the operating system.

Fake Antispyware: SpySheriff

2006-10-08T00:31:00.000+03:00

"SpySheriff is among the best-known rogue programs disguised as spyware protection. It might look like a useful security program but it actually isn't - it's typically pushed on systems through vulnerabilities, after which it reports nonexistent infections in order to scare you into registering the software for a cool $59.95 or so."
I don't recommend anybody to go and use this software, neither the antivirus companies like F-Secure.
So, please be careful of what programs you use. If you want antispyware software use consecrated names like:

Spybot Search and Destroy (http://www.spybot.info/)

Lavasoft AdAware (http://www.lavasoftusa.com/software/adaware/ or http://www.lavasoft.de/software/adaware/)

Microsoft Windows Defender (beta) (www.microsoft.com/athome/security/spyware/software/default.mspx)

Or any good antivirus with antispyware built-in. (this is not a full list, they are only examples)
Personally I use Spybot as resident protection and when in trouble all of the three. Why I don't use only one? Because there is no such thing as the best antivirus or antispyware software, there are only "the best ones" and sometimes you may need to use tools from different vendors to get rid of an unwanted infection. Overtime, they will add to their signatures for virus and spyware all known definitions, but viruses are simply one step ahead.

You Want to Buy a New Computer?

2006-09-30T14:03:00.000+03:00

... and you don't know what hardware it should contain? Well... here are some tips for you. This is not going to be a Brand X or Brand Y discussion. I will not cover laptops in this topic.

First of all answer the basic question: For what role I will use my computer? Workstation or Server? It is important to answer this because hardware requirements differs.

For workstations, answer this question: What I am going to do with it mostly? Play games? Use office applications? Surf the Internet? Create 3D graphics? Let's take them one by one.

Games:

It needs first of all the best processor + corresponding motherboard you can get. Games use the processor at its maximum. Also you may consider getting a better cooler than the one shipped by the processor manufacturer, since it will heat a lot (in games the processor usage does not drop under 100%).
Memory should be at least 1 GB (1024 KB) DDR2 in Dual Channel Mode (that means that you need 2 identical memory modules).
Hard drive should be a SATA one or an ATA 133 one (and the motherboard to support such transfers - many motherboards support only ATA 100). The capacity should be around 200 GB.
DVD ROM (or a DVD writer) drive as almost all games come on DVDs now.
5.1 or better yet 7.1 Channels sound card and corresponding speakers.
A very good graphics card with at least 256 MB of video memory. Those come in 2 flavors: on AGP 8x bus or on PCIx16 bus. Nowadays, they come in pairs of 2 and use 2 PCIx16 slots.
Depending on the type of games you play, a joystick, a drive wheel and a better mouse (with a higher sensibility than usual models)
Also, if you play network games a Gigabit Ethernet would be usefull.
If you want a LCD monitor that goes with this configuration, you will need a verry good one with very low response time (<8>

This is not a cheap configuration at all! That's the price you pay for playing games...

Office applications: That's easy. All you need is a functional computer with about 256 or 512 MB of memory, 80 GB hard drive (any kind). No special requirements here, as the demands of such software are not high.

Surf the Internet: That's also easy. take the above configuration for office applications and add a broadband Internet connection to it (ADSL, Wireless, Cable TV etc.). You may also want to add more memory since you will need to be running a firewall and an antivirus at all time.

Create 3D graphics: Well, that it is an expensive configuration too. You need in this case a dual-processor system, 2 GB (2048 MB) of memory in dual channel mode, SCSI or SATA-2 hard drives. The monitor should be at least 19". From this you should start adding what you need for your particular case (like pen input devices).

That's for workstations... choose between the configurations before you buy. As you can see, you can easily be fooled by a shinny configuration, but if you don't need it why buy it?

For servers, the question is what type of server will it be? A file server? A database server? An Internet server?

For file servers, the processor is not important as well as the graphic card, but the following ones are:

1 GB of DDR 2 memory (in dual channel mode) - as the unused memory is used as file cache, thus boosting the overall performance of the server.
SCSI interface with hardware-based RAID-5 capabilities, as you will need data protection.
At least 3 SCSI hard drives (so you can build the RAID-5), capacity should be over 200 GB.
Gigabit Ethernet controller.
A tape controller for backups.

Database servers need as many processors as you can give them plus 2 or 4 GB of DDR 2 memory (in dual channel mode) to help them out. You do not need RAID here but you do need SCSI hard drives with large capacity (as databases use lot of storage space) and a Gigabit Ethernet controller.

Internet servers do need about 1 GB of memory and a good firewall. Plain and simple. A Gigabit Ethernet controller may help. From this configuration add up what you need. For example if it runs lots of mailboxes, you need some extra hard drive space to store them.

I hope those pointers will help you decide what hardware you need for your future computers.

Spam Mails

2006-09-28T10:50:00.000+03:00

One of my favorite subjects... spam! So, what are the top stories lately?

Of course that everyone still sells me "viagra", "cielis" and dozen other drugs from whatever country online drug store at fantastic low prices... Wow! how lucky I must be... Subjects to those mails changed from PHARMA to MEDS with some random lowercase characters between those in uppercase like PHsdARMA or MEccaDS to make them look like a mail error, but in fact they do this on purpose to trick spam filters.
Recently I started to win the UK lottery! Wow! 250.000 UK pounds! Gee! How Lucky I am... since I never played that (fake) lottery... Anyway they give me an explanation that they collected my e-mail address from public institutions... What real lottery does that?
Another one is from PayPal (yeah, right!) which says that I just added an e-mail address to my PayPal account, they even give me that address which obviously is not mine, to panic me and make me click a "logon to PayPal link" and reject that mail. What will happen next? I just give them my PayPal account details so they can take it over! What they don't know is that PayPal does not work for Romania... ha ha ha... so I don't have such account.

That's this week top 3...

What do Thiefs With Yahoo! Accounts?

2006-09-24T20:41:00.000+03:00

Well... I saw several uses for the stolen accounts:

Spam - usually, everyone who has an Yahoo! account also has an Yahoo! Mail account too (with the same user name and password - if the mail service is activated), so spammers can use those accounts to send spam mails. Who will be the responsible person for that? The owner of the account of course! By the time you prove that your account was stolen, you may already be in legal trouble (some countries send spammers to jail!).
Advertising - the accounts are used to spam some instant messages to all contacts in the stolon account with various links to various sites, usually to steal more accounts.
Scams - I actually saw a message from one of my IM contacts asking me to deposit 1$ in her phone number account (you can do such mobile phone transfers) because she needs to make an urgent call. No indication whatsoever of the reason she does not have any credit left or why she can't put it in herself. Actually the provided phone number wasn't ever hers.

Those are only 3 of the uses of the stolen accounts. Let me know if you know others...

Some of the thieves do not reset the password to those accounts, so the owner can still use it without any indication that someone else is also using the same account. I also know persons who have lost their accounts forever.

To protect yourself, change your password at regular intervals, and if you didn't changed your password in the last 3 months, it is about time to do so!

Troubleshoot Network Problems

2006-09-21T14:41:00.000+03:00

If you want to diagnose network problems you usually start with ipconfig /all then you start ping-ing around. But next time try:
netsh diag ping adapter
This will start an automatic diagnose of all network adapters in the system. You can also test a specific adapter by using:
netsh diag ping adapter 1
Other helpfull commands are:

netsh diag connect mail - troubleshoots mail connection problems (using Outlook Express account settings).
netsh diag connect news - troubleshoots news connection problems (using Outlook Express account settings).
netsh diag connect ieproxy - troubleshoots proxy connection problems (using Internet Explorer settings.
netsh diag connect iphost server port (like netsh diag connect iphost www.google.com 80) - troubleshoots connection problems with the specified server on the specified port.
netsh diag gui - displays a window from where you can do a full network diagnostic.
netsh diag show adapter - displays all of the Adapters.
netsh diag show all - displays all categories.
netsh diag show client - displays all network clients.
netsh diag show computer - displays computer information.
netsh diag show dhcp - displays the DHCP servers for each adapter.
netsh diag show dns - displays the DNS servers for each adapter.
netsh diag show gateway - displays the default gateway servers for each adapter.
netsh diag show ieproxy - displays Internet Explorer's server name and port number.
netsh diag show ip - displays the IP address for each adapter.
netsh diag show mail - displays the mail server name and port number.
netsh diag show modem - displays all modems.
netsh diag show news - displays the news server name and port number.
netsh diag show os - displays operating system information.
netsh diag show test - displays all categories and performs all tests.
netsh diag show version - displays the Windows and WMI version.
netsh diag show wins - displays the primary and secondary WINS servers for each adapter.

Where Does My EMail Go?

2006-09-18T13:13:00.000+03:00

You send an e-mail and you don't know which server will receive it? Find it out from the commad prompt...
Step 1. Take the domain of the destination e-mail box. For example account@someserver.com ==> "someserver.com".
Step 2. Open a Command Prompt window.
Step 3. Run nslookup utility.
Step 4. Type "set type=mx" (without the quotes). This will set the tool too look for Mal eXchange entries.
Step 5. Type in the domain you found on step 1.
Step 6. Read the list of possible receivers. Note that the one with lowest "MX Preference" will be used first. If this fails to receive mails, the second one will be tried and so on (in the ascending order of preference).
Example:

C:\>nslookup
Default Server: dns.provider.com
Address: 192.168.4.15

> set type=mx
> gmail.com
Server: dns.provider.com
Address: 192.168.4.15

Non-authoritative answer:
gmail.com MX preference = 50, mail exchanger = gsmtp163.google.com
gmail.com MX preference = 50, mail exchanger = gsmtp183.google.com
gmail.com MX preference = 5, mail exchanger = gmail-smtp-in.l.google.com
gmail.com MX preference = 10, mail exchanger = alt1.gmail-smtp-in.l.google.com
gmail.com MX preference = 10, mail exchanger = alt2.gmail-smtp-in.l.google.com

gmail.com nameserver = ns2.google.com
gmail.com nameserver = ns3.google.com
gmail.com nameserver = ns4.google.com
gmail.com nameserver = ns1.google.com
>

Note that entries with the same preference value will be used in a random order. As you see "gmail-smtp-in.l.google.com" is the main (preferred) server for receiving the e-mails for GMail.

One Surprise

2006-09-14T23:33:00.000+03:00

I've promised a surprise... Here it is. Unfortunately it is for Romanian speakers only... sorry for the rest. I have one for you planned too... just wait few more days...

Surpriza se afla la adresa http://perleprofi.lusuwebsolutions.com/. Distractie placuta!

Group Commands in Command Prompt

2006-09-14T16:12:00.000+03:00

In command prompt it is possible to create a group of commands from the command line (not a batch file). This is useful for, among other things, copy&pasting scripts for testing without saving. To do this, just type "(" and hit enter, enter each command one by one (or paste a previously copied list of commands), then type ")" and hit enter.

Output for every command may also be redirected at the end of the block, in the same manner as Tip 7 on the Clever Tricks page: ") > log.txt" instead of just ")"

C:\>(
More? echo This is the first command
More? echo This is the second command
More? )
This is the first command
This is the second command
C:\>

To log the result of several commands, a commonly used method is
command1 > log.txt
command2 >> log.txt
command3 >> log.txt
But grouping can be used to simplify the code:
(
command1
command2
command3
) > log.txt

Command Line Calculator

2006-09-12T10:29:00.000+03:00

Do you know that you have a mini-calculator directly... in the command prompt. It is able to calculate expressions too. The trick is to use the SET command with the switch /a. The result is outputted to the console... See some examples:

Command	Result
SET /A 1+1	2
SET /A (10+20)*2	60
SET /A (10+20)*2^4	720
SET /A (10+20)2^4-(10(2+3)*(2+9-1))	220
SET /A 0XFF	255
SET /A 0XFF+12	267

Enjoy...
(Tested on Windows XP)

Pause Replacement

2006-09-12T10:16:00.001+03:00

Here it is a "pause" command replacement which waits for ENTER instead of any key. It uses SET /P:
SET /P =Press Enter to continue . . .
This trick uses the set feature "prompt for value" (/p) which will wait for a user given value, which is confirmed by pressing ENTER. However we don't specify a variable so we only wait for ENTER. Any other characters are printed on screen in the wait for ENTER.
However, we can also read the value in a variable like:
SET /P a=What is the value of a? a=
At the end the variable a will have the user-given value.

How to Remove Windows Genuine Advantage Notifications

2006-09-12T01:42:00.001+03:00

I have found an article on the net...
"Windows genuine advantage notifications occur when your computer hasn't passed the validation test. The validation test can be failed due to being sold a pirated (non-genuine) copy of XP, or because you have changed your XP product key to a software-generated key. The failed validation installs three types of notifications on your computer: one on the log in screen, one log in timer, and one balloon. It also stops updates from Microsoft and disables your ability to install IE7 and Windows Media Player 11. This solution can get rid of all three notifications, even though you will still not be able to update. Unfortunately, you can only update if you buy a valid Microsoft product key again."

Read the full article at: http://www.wikihow.com:80/Remove-Windows-Genuine-Advantage-Notifications

Viruses and Spyware

2006-09-10T23:50:00.000+03:00

Today I had to clean up a Windows system which crashed. Once I managed to start it up, surprise... lots of spyware was popping out with fake warnings of infections, messages that say that in order to remove the findings you should pay etc. So I started to hunt them down, remove startup applications from registry, etc. I managed also to uninstall some of them, but still big problems. Processes that were launching each other when killed... a total nightmare. So it was the time to bring up the power tools. I managed after several hours to get the Internet connection back up and running and I could download SpyBot Search and Destroy (from http://www.safer-networking.org/) and install it. The resident component started to pop out and after several clicks I've managed to leave it on "auto kill" while meanwhile I have launched a full scan. After the scan come the cleanup (a long list of spyware and adware). A reboot was in order and I scheduled another startup scan to clean up the remaining pests. Finally it was stabilised. Next step was to take an online virus scan (http://support.f-secure.com/enu/home/ols.shtml)... Surprise! Another 176 viruses!
That was pretty bad. But how did the system got in that mess? Well it is enough to get one pest and it will take care of downloading the rest... One mistake can mean a lot!
So what should you do?

never click on windows that say that you are or you may be infected with whatever virus or spyware or adware or whatever
use a good antivirus and keep it updated
turn on the firewall
use a browser protection tool such as SpyBot Search and Destroy or Lavasoft AdAware (http://www.lavasoftusa.com/software/adaware/)
keep your system patched
document and educate yourself about safe Internet navigation so you can reduce the risk of being accidentally infected

That are some of the things, if I missed some, please tell me...

Is Your .NET Code OK?

2006-09-09T18:22:00.000+03:00

That's sometime a tricky question, but you have tools for answering this question. One of them is FxCop which performs a static analysis of your DLLs and EXEs. It will report you "stupid mistakes" as well as more serious ones. For example it warns you about wrong usage of constructors as well as potential numeric overflows.
However, don't take everything it says as the book-of-laws because it is not always right in its findings, actually for my code it warns me where it shouldn't. But... fortunately you can exclude the findings that are not correct with a simple right-click.
I would recommend you to download and run this tool over your code and take a look at the findings. You don't need to change your code, but the results are always interesting... my 2 cents...

Bad Day...

2006-09-08T22:46:00.000+03:00

A friend of mine had a really bad day with his bike. He's a passionate biker btw...

"If you think you had a bad day, imagine please this:

09:50 - going to work on my bike
09:53 - jumping a kerb -> front wheel puncture
11:12 - transporting the bike by myself (with 1 wheel in the air) to the service (2 km away - pretty close fortunately)
17:40 - take bike (works perfectly)
20:20 - returning home
20:23 - crossing a medium-size hole in the road -> rear wheel puncture
22:24 - looking at the bike, desperately trying to understand... WHY ME???"

Sorry my friend... sometimes it happens... I had a similar thing with my car... front wheel puncture -> replace with spare -> drive 100-200 meters -> same front wheel, another puncture... no more spares... all this on January 1st...

Spam Anyone?

2006-09-07T13:54:00.000+03:00

Ha ha ha! Today I decided to read one of the spam messages I received. I was bored, so I decided to take a look at the today spam and... surprise! The same old story!

"I am contacting you on business transfer of a huge sum of money from a deceased account. Though I know that a transaction of this magnitude Will make any one apprehensive and worried, but I am assuring you that All will be well at the end of the day. We decided to contact you due To the urgency of this transaction.
We discovered an abandoned sum of (Seven million five hundred thousand United States dollars) in an account that belongs to one of our foreign Customer who died along with his entire family.Since his death, none of His next-of-kin or relations has come forward To lay claims for this Money as the heir.

Yeah right! I wonder, is anyone that stupid or uninformed to fall for this scam? I receive this kind of "offers" for over 8 years... basically since the boom of the Internet. Strange is that the story does not change, only the sum... Someone rich died and you will help them intermediate the transaction which will end up with a million dollars in your account. In fact this scam will empty your bank account if you give them the information they request from you...
The next favorite subject is drugs... someone offers you drugs like viagra, ciellis or whatever they are called at extremely low prices. Another scam. You want drugs? go to your local (authorized) drug store.

What Is Your Password?

2006-09-05T20:25:00.000+03:00

Strange, but the easiest way to find out a password is to ask for it. That's how phishing sites steal your passwords, they put up a fake login and ask for credentials that are not theirs and users do fall for this trap.
Do your own experiment... ask your colleagues what passwords do they have... Invent a reason for asking, like "I come up with a good password, it is called 'super secured password'... ha ha ha... what password do you have? I bet that mine is better!"... and count the results...
I originally wanted to post a scenario that will guarantee you to find 99% of your colleagues passwords just by asking for them, but I won't... so don't ask.

Extend Laptops Battery Life

2006-09-04T23:36:00.000+03:00

If you don't get the original instructions of your laptop or if you haven't read them, then here are few tips in order to extend your laptop's battery life:

At least once a month, disconnect the computer from a power source and operate it on battery power until the battery pack fully discharges
If you have extra battery packs, rotate their use
If you will not be using the system for an extended period, more than one month, remove the battery pack
Disconnect the AC adaptor when the battery is fully charged. Overcharging makes the battery hot and shortens life
If you are not going to use the computer for more than eight hours, disconnect the AC adaptor
Store spare battery packs in a cool dry place out of direct sunlight.

Basically don't keep it on AC power unless you need it. Here are the basic "I need it" scenarios:

You charge the battery... of course you need the AC power...
You want your battery fully charged in order to travel or go to a meeting
You are running power-intensive applications such as 3D games or CPU intensive applications - those dry the battery power fast

If you are operating on batteries, then those tips will help you keep the laptop running on batteries for a longer period:

Reduce screen brightness to a level that you can read the screen in good conditions; in low-light environments (such as evenings) you don't need too much back light (it is not good for your eyes either)
If you have a docking station at hand or at least an external monitor, keyboard and mouse use them and close the LID (watch out not to go in sleep mode when you do, check power settings)
If your manufacturer is providing you a power management software, use it

ROSI's Activities Related to eLiberatica

2006-09-03T17:45:00.000+03:00

I did not posted a lot about ROSI and eLiberatica, but trust me when I say that the things are moving forward. Members are promoting it all over the world and we gain lots of hits in the search engines:

Google: "Results 1 - 10 of about 18,200 for eliberatica. (0.08 seconds)"

Yahooo!: "1 - 10 of about 1,190 for eliberatica - 0.28 sec."

MSN: "Page 1 of 579 results containing eliberatica (0.15 seconds)"

... just to name few. So keep up the good work guys!
Anyway, behind the scenes the members are working on the conference and related activities probably more than ever...

The Freeware Section Is Up

2006-09-03T15:10:00.000+03:00

I have posted today the freeware section on my site. More software will come, especially "The Bubble Game 2" which can either relax or annoy you to maximum ;)

Lusu Web Solutions Is Online!

2006-09-02T22:58:00.000+03:00

I am proud to announce that www.lusuwebsolutions.com is online! I still have few pages to build, but it is open for business. And this is only the beginning. I have several sub-domains that I am preparing for you... stay tuned.
This is my business site, so I will keep lusu.tripod.com as a personal web page for now. Probably in the future I will shut this one down and move to a sub domain of my business site. One thing is for sure though: this blog will stay up and running, I will not move it again.

Execute a Command Only If Connected To Internet

2006-09-01T17:39:00.000+03:00

You may want to execute a (scheduled) command or a program only if your computer is connected to the Internet or if a specific server is online. You can do this with a simple batch file...


@echo off

ping www.mysite.com /n 1| find "time="
if errorlevel 1 goto nonet

my_command_here
goto done

:nonet
echo No network connection detected to my server, aborted.

:done

I think that the code is self explanatory, but... First we ping the server and check if it is online and show a message if not. Then we carry out the operation and exit.
This type of batch file is ideal for scheduled jobs like scheduled updates or backups. You can also redirect the result of your job to a log file.
For example, here is a batch file that will manually update the virus definitions for F-Secure Internet Security 2006 and logs the result (it works, but it is just for demo purposes because it has a better, built-in, auto update feature):


@echo off

echo Scheduled update started %date% %time%... > log.txt
echo. >> log.txt

ping ftp.f-secure.com /n 1| find "time="
if errorlevel 1 goto nonet

ftp -i -n -s:ftp_commands.txt -w:102400 -A ftp.f-secure.com >> log.txt
fsupdate /s
echo Update finished, exit code %errorlevel%.
del fsupdate.exe
goto done

:nonet
echo No connection to ftp.f-secure.com, update aborted. >> log.txt

:done

You will also need a file called ftp_commands.txt in the same folder as the batch file with the following content:


cd /anti-virus/updates/
bin
get fsupdate.exe
quit

This file is used to send commands to the ftp utility so it will fetch the file fsupdate.exe automatically for you.

New Yahoo! Accounts Phishing Sites

2006-08-31T21:09:00.000+03:00

I have located new sites that steal your Yahoo! accounts. Please do not enter your credentials there!
Spaces were inserted for security reasons.

h t t p : / / w w w . g e o c i t i e s . c o m / lol_ just4 laughs . com2/
h t t p : / / w w w . g e o c i t i e s . c o m / lol_ just4 laughs . com3/
h t t p : / / w w w . g e o c i t i e s . c o m / lol_ just4 laughs . com4/
h t t p : / / w w w . g e o c i t i e s . c o m / lol_ just4 laughs . com5/

Finally I Got Rid of IE 7 Beta 2

2006-08-31T12:41:00.000+03:00

That means that I managed to uninstall it. How? I installed Beta 2 on another system and copied the uninstall folder on my laptop. Then I could uninstall it from both systems. Now I could install RC1... yupee!

Watch for Open Connections

2006-08-30T15:50:00.000+03:00

Ever wondered what network connections your computer has open? Well... open a Command Prompt (I won't tell you how to do that) and type "netstat" (without quotes of course!) and take a look at the list (you are interested in the ones with "ESTABLISHED" status).
Next try some variations: "netstat -a" which will display all connections, open and listening too (listening connections are the ones that your computer will accept if someone else tries to access them). Add the "-n" parameter to skip resolving of host names and see the IPs instead like "netstat -n" or "netstat -a -n".
Type "netstat /?" to see a list of all available options.
Enjoy!

Create Web Pages W3C Style

2006-08-28T12:16:00.000+03:00

You want to create web pages? If you are not targeting a specific browser then you may want to make sure that your pages validate according to W3C. The validators are located at:
HTML validator: http://validator.w3.org/
CSS validator: http://jigsaw.w3.org/

You can add those links to your page (if it is available on the Internet) to do an automatic validation of your page:
http://validator.w3.org/check?uri=referer
http://jigsaw.w3.org/css-validator/check?uri=referer

If the validation passes, W3C gives you some logos that you can add on your page.
Why is it important? If you pages pass W3C validation that means:

The page is written in portable HTML and/or CSS which works on most browsers

Putting the W3C logos on your valid page is a marker of quality

You look smart ;)

OK, I'm joking with the last one, but there are other benefits too, I let you discover them.
One more... using those validators you can find some very obscure but small mistakes so you can correct them.

Internet Explorer 7 RC1

2006-08-25T22:00:00.000+03:00

Microsoft released the Release Candidate 1 of Internet Explorer 7. Unfortunately I cannot install it since I am stuck with beta 2 version (remember what I did to get stuck?)

Find Out MAC Addresses, the Easy Way

2006-08-24T11:47:00.000+03:00

When securing a (wireless) Windows network, in addition to using security protocols such as WEP (Wired Equivalent Privacy) or WPA (Wi-Fi Protected Access) encryption, you can use Media Access Control (MAC) address filtering.
When MAC address filtering is enabled, the access point, router or firewall software verifies that the network card in the computer requesting access has a MAC address in its filter list before allowing or denying the computer to access the network. This means that you must first obtain the MAC addresses of each computer in that network in order to build that access list. To do so you don't ave to manually visit each computer and use the getmac or ipconfig /all commands. An easier way to gather MAC addresses is to take advantage of the ARP (Address Resolution Protocol) command. First, use the ping command to ping the computer you want to find out its MAC, then run (in a command prompt window) the command "arp –a" (without the quotes of course).
When used with the –a parameter, the ARP command displays the ARP cache, which stores the IP and MAC addresses of the computers that most recently accessed the system, or in this case, those computers that responded to the ping command.

Desktop Themes

2006-08-23T22:24:00.000+03:00

Big things are spoken about the desktop themes in Windows, pros and cons.
Here are my 2 cents...
Pros:

Nicer looking desktops

Modern looking windows and applications

That was it, not a long list, isn't it? Now the cons:

Slows down the computer a little bit (not a big deal for modern computers, but still)

Incompatible with some applications (I really hate those incompatibilities)

Bigger borders, taskbars and windows (not a problem unless you are a developer like me and every pixel counts)

I also keep this one short. I am not against themes, but the first thing I do after I install the OS is to disable the themes service (actually set it to manual start) and change the desktop theme to "Windows Classic". So it looks like a good old days Windows 2000, so what? I like it. Plus no more conflicts and the system runs without being slowed down.
What you should do? It's completely up to you. However, use themes when:

The OS is not a server type one, but a workstation one (like Windows XP)

You do not care about the slowdown it introduces

You actually like them

Desktop space is not that important to you

Do not use them when:

The OS is a server type one (like Windows 2003)

You can notice an improvement in computer speed and response when the themes are off

You do need every pixel on the screen

You don't like them

Sites are Down

2006-08-22T20:28:00.000+03:00

The sites I have reported to Yahoo! in the post More Yahoo! Accounts Fishing Sites seams to be down. I also received several personalized messages from Yahoo! like thise one (preety automatic and by template, but they did the job):

Dear Leontin,

Thank you for writing to Yahoo! Geocities.

Thank you for informing us of possible abuse on Yahoo! GeoCities. We have investigated the site and taken the necessary action. We appreciate your concern and thank you for reporting this incident to Yahoo!.

Please continue to notify us of any content you believe violates the
GeoCities Terms of Service, located at:

http://docs.yahoo.com/info/terms/geoterms.html

Your Yahoo! ID and password are your own confidential information. No Yahoo! employee will ever ask you for your password or personal information in an unsolicited phone call or email message. If you are ever asked for your password in an unsolicited manner, or by someone youdo not believe to be a representative of Yahoo!, *do not* share your password with them.

For more helpful information on password scams as well as information on how to protect your password, visit:

http://security.yahoo.com/password_scams.html

For additional information on ways to protect your information online, please visit the Yahoo! Security Center at:

http://security.yahoo.com

Thank you again for contacting Yahoo! Customer Care.

Regards,

Xxxxxx Yyyyyyy (name hidden)

Yahoo! Customer Care
http://www.yahoo.com/

25418247

Let Employees Surf From Work - They Make It Up

2006-08-21T10:10:00.000+03:00

Here is an interesting post that I found on the net...
http://www.techdirt.com/articles/20030204/1349202_F.shtml
which points to another post to back up its claims:
http://washington.bizjournals.com/washington/stories/2003/02/03/daily12.html

Essentially he said "In the continuing debate over whether or not companies need to actively monitor and/or block employee surfing habits, there's always this assumption that any non-work activity done at the office must be "bad". This simply isn't true". Personally I totally agree since I see myself and my colleagues doing it...

More Yahoo! Accounts Fishing Sites

2006-08-20T15:51:00.000+03:00

I did my own little research and I've found the same pattern on several sites (DO NOT ENTER YOUR CREDENTIALS IN THOSE PAGES!):

w w w . g e o c i t i e s . c o m / lol_ funniest_ online_ humor. com_ 30/
w w w . g e o c i t i e s . c o m / lol_ funniest_ online_ humor. com_ 25/
w w w . g e o c i t i e s . c o m / lol_ funniest_ online_ humor. com_ 24/
w w w . g e o c i t i e s . c o m / lol_ funniest_ online_ humor. com_ 23/
w w w . g e o c i t i e s . c o m / lol_ funniest_ online_ humor. com_ 22/
w w w . g e o c i t i e s . c o m / lol_ funniest_ online_ humor. com_ 20/
w w w . g e o c i t i e s . c o m / lol_ funniest_ online_ humor. com_ 15/
w w w . g e o c i t i e s . c o m / lol_ funniest_ online_ humor. com_ 10/
w w w . g e o c i t i e s . c o m / lol_ funniest_ online_ humor. com_ 6/

As you see, there is a pattern. All sites are carbon-copy of the each other, so the same person or group is behind all of them. The e-mails behind those pages are different and some are repeating. I guess that at some point there were quite a bunch, but some were already shut down.
The sites and mail addresses were reported to Yahoo and Google.

EDIT:

w w w . g e o c i t i e s . c o m / lol_ funniest_ online_ humor. com_ 28/
w w w . g e o c i t i e s . c o m / lol_ funniest_ online_ humor. com_ 26/

(and probably more) are also online now. The mail addresses behind were already reported...

Another Yahoo! Account Thief

2006-08-20T12:08:00.000+03:00

I don't know if it is the same thief or not, but I found another site that does the same thing.

PLEASE DO NOT ENTER YOUR CREDENTIALS THERE!!!

List of password fishing sites I've found (spaces were inserted in the URLs for security reasons):

20 Aug. 2006: w w w . g e o c i t i e s . c o m / lol_ funniest_ online_ humor. com_ 21/
14 Aug. 2006: w w w . g e o c i t i e s . c o m / now_ thats _funny_ 203/

I already posted details of the previous site I've found (but that time I did not posted the URL for security reasons), and this one looks pretty much like a carbon copy.

Please be aware of such kind of sites that ask for your passwords, bank accounts and other personal data.

P.S. Yahoo! and Google have been notified about the abusers of their services.

.NET and Read-only Text Fields

2006-08-19T20:42:00.000+03:00

A note of caution to all .NET developers: if you change a read-only text field (with runat="server") with javascript on the browser, you will not see the change in the Text property after a postback. However the value is sent by the browser and it is present in the Request parameters. This does not apply if you change the value from the server side.
This caused me and my colleagues a lot of headaches.
To work around it you can use a the Request directly, ahidden field to double the value or, if you use inheritance, override the method LoadPostbackData with the following code:


protected override bool LoadPostData(
    string postDataKey, NameValueCollection postCollection)
{
    string text1 = this.Text;
    string text2 = postCollection[postDataKey];
    if (!text1.Equals(text2, StringComparison.Ordinal))
    {
        this.Text = text2;
        return true;
    }
    return false;
}

If you are curious, use Lutz Roeder's .Net Reflector and take a look of the original implementation.

ROSI and eLiberatica are online!

2006-08-18T21:07:00.000+03:00

Both sites are online now at:

http://www.rosi.ro

http://www.eliberatica.ro/

I already posted about those two, so no more comments...

Windows and Hibernation

2006-08-18T02:19:00.000+03:00

First of all what is it?
When Windows entrees in hibernation mode, it saves all its memory content in a file on the hard drive (hiberfil.sys) then powers the entire system off. Yes, it really does that, it is not a stand-by mode of some sort, it is fully powered off (however, modern computers still keep a small amount of power going on even in off mode, but that is by design). In this state you can unplug the computer from the main power supply and, if it is a laptop, you can also remove the battery with no danger in losing the data.
Data loss
There is no danger in losing any data since the memory is safely saved on the hard drive. However if something fails with the "wake up" from hibernation, Windows may delete the hibernation file and start all over.
Powering up
When the computer is powered on again, Windows reads the memory content back from the hard drive and resumes from the point it was before hibernation. This means that all open programs are still open, open documents are still open, network connections are resumed and so on.
What to do before hibernating your computer
First of all save all your open documents. It is not necessary to close them, but saving them ensures that if there is a problem with waking up from hibernation the documents are intact. However if you keep them unsaved, when you resume you can still save them safely in most of the cases. Second, ensure that you don't have downloads or file transfers in progress because all network connections are reset before hibernation and all transfers will fail on wake up.
Enabling hibernation
To enable or disable hibernation open Control Panel (Start > Settings > Control Panel) then go to Power Options. There open the "Hibernation" tab. If this tab is not visible then your computer does not support hibernation. In that tab make sure that the checkbox is checked to enable the hibernation or unchecked to disable it.
Hibernating the computer
Use the normal Start > Shut down... procedure and choose Hibernate from the list. If you are under XP and you have a shut down box with three buttons on it (Stand by, Turn off and Restart) press the Shift key and the Stand by button transforms into Hibernate and you can click it. You can also use the Power Options applet from Control Panel where in the Advanced tab you can choose what the computer should do when you press certain buttons or switches like "Power", "Sleep" or when you close the LID on your laptop.
Advantages
The main advantage is that all your programs and documents stay open so you can continue your work later. Another advantage is that usually it takes less to wake up from hibernation than powering up from zero, especially if the computer is slow or you have many programs in the start up list.
Disadvantages
The only disadvantage is that this way you don't shut down the computer for days, weeks or even months, so sometimes the system gets chocked and chocked and goes slower with no apparent reason. Some reboots now and then or normal shut downs are recommended. Also, a big file (hiberfil.sys) will be created on hard drive with the size equal to the ammount of memory you have (1 GB memory >> 1 GB file size).
Conclusion
If you want to use hibernation is up to you. I use it daily both on my laptop and on my desktop. For me is so simple to press the power switch (and close the LID on the laptop) then leave with my work "frozen in time"...

Thiefs Stealing Yahoo! Accounts

2006-08-17T22:09:00.000+03:00

This is a warning and a story in the same time...

The story... Yesterday I received a link via Yahoo! Messenger from a friend. So I clicked it. It supposed to be a funny picture and since I love to see funny things I went along. The site that opened looked exactly like Yahoo! Photos log-in page. A little bit strange, but it was hosted on Geocities which is an Yahoo! member. So I typed in the user name and password... Next I see again the log-in page with my user name read-only, this time the page was the legitimate Yahoo! Photos log-in page. That moment was just like a striking bold to me... So I went back to that page and viewed the source. Surprise! The page was mailing those credentials to a GMail account! Imagine my frustration in that moment as I should seen that before I entered the password! So the next move was to change the password for the account. Luckily it worked and I managed to keep the account. So the next move was to send a warning to Google, Yahoo! and F-Secure (see below why) and I sent a note in Romanian and English to all my Yahoo! contacts.

The warning... Please, pretty please... be very careful where you type in the credentials to your accounts, banks etc. and make sure that you actually use the right sites. Never ever follow links in e-mails that ask for bank credentials and be suspicious about the ones that want your site credentials.

The analysis of the page... Now I get technically. I used view source and looked at the <form> tag, here is the content of it:

<FORM METHOD="POST" ACTION="http://<a site address goes here>/form/mailto.cgi" ENCTYPE="x-www-form-urlencoded">

   <INPUT TYPE="hidden" NAME="Mail_From" VALUE="Yahoo">

   <INPUT TYPE="hidden" NAME="Mail_To" VALUE="<a mail account>@gmail.com">

   <INPUT TYPE="hidden" NAME="Mail_Subject" VALUE="Yahoo id">

   <INPUT TYPE="hidden" NAME="Next_Page" value="http://photos.yahoo.com/ph//my_photos">

Look at it! The action for the page is a mailer CGI... that means that it actually mails the password to someone! Next you can see that it mails it to a GMail account with the subject "Yahoo id" and the mailer redirects you to Yahoo! Photos.

Looking at the hidden fields there you can see that the mailer is a public accessible one and not a custom made one. And since I could see what GMail account was used to receive it, I notified it to Google. The page is hosted on Yahoo! Geocities, so I notified Yahoo! to0. And since I am a "fan" of F-Secure products I also dropped them a note too.

So I really hope that the site from Geocities will be shut down as well as the mail account on Google too. Hopefully the owners of the abused accounts will perform criminal investigations and the thief will be caught and brought to justice... Am I too harsh with her/him? You judge and tell me...

Improve Windows NT/2000/XP/2003 Pagefile Speed

2006-08-17T21:31:00.000+03:00

Improving pagefile speed improves system speed. There are several things that you can do to speed up Windows pagefile speed. Some may seam strange, but trust me...

Place the pagefile on the fastest hard drive you have

Set the minimum and maximum size to the same value, forget about those that say to set 500 MB min, 800 MB max

Even if the recommended size is 1.3 * RAM size, based on my experience 1024 MB (1 GB) is usually enough and big enough for any normal use; so set 1024 on min and max size fields

Make sure the hard drive with the pagefile is defragmented

Use pagedefrag to defragment your pagefile and other system-critical files

An idea to defragment your page file, that unfortunately involves several restarts is:

Set pagefile min and max size to minimum (2 MB) or completely move it on another partition

Defragment the partition that will held the pagefile (not the one you move it to) as good as you can; notice that Windows Defragmenter needs several runs to do a better job

Set the pagefile size back to the desired size or move it back to the initial partition.

Steps 1 and 3 require a restart, but this is sometimes the only way to get an unfragmented pagefile.

Just starting

2006-08-17T16:56:00.000+03:00

I just started to use this site as my primary blog. Previously I used Yahoo! 360 which is nice but it has limited functionality.
This blog will contain all kind of entries, each one with the apporpriate label.
I plan to start publishing tips&tricks and how-to entries that will make your life easier with the computers... I know that there are many that do that, but me is me and I will try...