Blackmoor Vituperative

We all learned in grade school that the odd root of a negative number is also negative. The cube root of -8 is -2, for example.

Mathematicians will tell you that -8 has two more roots, but these are not “real” numbers, and unless you are a mathematician, you will never need to know what they are. If you are a real person using real numbers, the answer you want is -2.

Unfortunately, if you try to find the odd root of a negative number in OpenOffice Calc, it returns an error, because of a bug which has been present in OpenOffice since its creation: it uses logarithms to determine the root, which is perfectly fine, but it does not take into account the sign of the base, which is the bug.

This is a ridiculously easy to fix bug, and it mystifies me that the OpenOffice folks have let it stay broken for so long. However, there is a workaround:

SIGN(A1)*(ABS(A1)^(1/3))

What this does is find the cube root of the absolute value, and then applies the sign of the base against the result. Be careful with your parentheses.

Tech Republic has a pretty good five-minute introduction to using metrics for IT projects. This is interesting timing: I was just having a conversation about this at lunch yesterday.

Technology, like bureaucracy, is not an end in itself: it is a means to an end, and it has value only as much as it aids in achieving that end. If it doesn’t make the business more efficient or somehow create value for the business, then IT is a drain: a “cost center” in project management lingo. Technology should not be a parasite: technology’s job is to make the business better able to deliver its products or services and make its customers happier.

Too many people don’t get this. People who work in IT too often fail to see their own role in the context of the businesses’ needs, and people who aren’t in IT have an unfortunate tendency to see IT as something unrelated to them, and which only siphons money away from more important things. Sometimes it is even worse, and you have people who do not understand technology or its role in the businesses’ strategic objectives making decisions on what resources will be made available to IT and how it will be spent. This is like someone who never never leaves her house making the decision for what cars the employees will drive.

The Tech Republic video is based on a Forrester Research white paper, “Five essential metrics for managing IT“. Those five essential metrics, according to Forrester, are:

1. Align IT investments with strategic themes
2. Calculate cumulative value of IT investments
3. Show IT spend ratio — new versus maintenance
4. Measure customer satisfaction
5. Use a scorecard for operational health

The gist of this is that you have link IT projects and expenditures to clearly defined results which are relevant to the business. If you can’t measure the success or failure of an IT project, and if you can’t demonstrate that the project somehow improves the businesses’ ability to achieve its goals, then how can you make a plausible case for funding it?

I am so tired of seeing IT professionals who have to plead to have access to web sites they need to do their jobs. I am so tired of someone responsible for completing a multi-million dollar project not even able to change the screen resolution on their desktop because the people in charge of “IT security” have locked it down. And heavens forbid that you install any utility not on the “approved software” list, whether or not you actually need it to do your job.

The one thing no one seems to get, and one thing which causes many of the headaches for IT professionals, is that a skilled professional should be responsible for her tools.

When you take your car to a garage, do you demand that they use a specific brand of wrench? When an electrician comes to your house, do you demand they have a specific brand of voltmeter? Do you search their toolbox, and chastise them if they have a MP3 player or a DVD in there?

Of course you don’t.

The current way security is managed in every organization I have seen in the past 15 years is based on the flawed premise that the professional whom we trust to administer and manage multimillion dollar projects can’t be trusted to select and maintain her own workstation.

This is ridiculous.

IT professionals should not have their software selection restricted (or worse, chosen for them). IT professionals should not have their Internet access filtered or obstructed (for many IT professionals, Internet access is the #1 tool in their toolbox).

“Does she get the job done safely, legally, on time, and under budget?” That is the question that should be asked of any IT professional. That question has a yes or no answer, and it has nothing to do with web filtering or “nailing down” her workstation so she can’t install “unapproved” software.

Hold IT professionals accountable, by all means, but do not pre-emptively cripple their ability to do their jobs. You hired them to be experts: let the expert choose and care for her tools, like any other skilled expert does.

I use MediaWiki for a few web sites (Warlords of NUM and WestGuard, for example). Unfortunately, some lowlife scum like to post spam about luxury watches or viagra or whatnot on these sites, so I need to lock them down to prevent this.

The simplest way to do this is to 1) disable anonymous editing, and 2) disable account creation by anyone other than a sysop (which is to say, me). The MediaWiki manual explains how to do this (and a great many other things), but I thought it might be help for folks if I posted just those specific instructions here, since I think this is a common request for those using MediaWiki.

Simply add the following lines to the end of LocalSettings.php with a text editor such as Notepad++ (do not use Windows Notepad — use a real text editor):

## Customized settings begin here

# Disable anonymous editing
$wgGroupPermissions[‘*’][‘edit’] = false;

# Hide user tools for anonymous (IP) visitors
$wgShowIPinHeader = false;

# Prevent new user registrations except by sysops
$wgGroupPermissions[‘*’][‘createaccount’] = false;

And that’s that. You will probably also want to add a custom “wiki.png” logo. If so, you should add the path to it, like so (you will, of course, need to upload it to your site first):

## Customized settings begin here

# Custom logo
$wgLogo = ‘http://www.mymediawikiwebsite.org/skins/mycustomskin/wiki.png’;

# Disable anonymous editing
$wgGroupPermissions[‘*’][‘edit’] = false;

# Hide user tools for anonymous (IP) visitors
$wgShowIPinHeader = false;

# Prevent new user registrations except by sysops
$wgGroupPermissions[‘*’][‘createaccount’] = false;

And there you go.

There is a new version of SmartDefrag. SmartDefrag is an excellent, free disk defragmenter for Windows. I highly recommend it.

I don’t recommend installing the Yahoo toolbar, but that is up to you.

I ran into a problem with VMWare Server 2.0 the other day. I have VMWare set up to start the virtual machines when machine starts. This is a Windows XP Pro machine (the final version of Windows, as far as I am concerned). From looking at the event log, it appeared that the virtual machines would not start because the VMWare Host Agent service was not starting, and the VMWare Host Agent service was not starting because it had several dependencies which were not yet started themselves when the VMWare Host Agent service was being kicked off by Windows.

I did quite a bit of research on this, and tried some very clever solutions, none of which made any difference (changing the service’s dependencies, etc.). What I finally did was to create a small batch file, vmware_host_agent.bat

:: pause sixty seconds, then start VMWare

ping 127.0.0.1 -n 60 >nul

net start “VMWare Host Agent” -x

And then created a link to that in the Startup group.

Problem solved. It’s not elegant, but it works.

I own an IT consulting company in Richmond, VA. This morning I received the following email from someone who claimed to want us to service several laptops:

Hello ,

How you doing,I read your description and i am highly impressed in your services,I have some Hp PCs(Intel Pentium IV) since we currently have a major breakdown on most of our systems and I thought it was best to have a general upgrade and maintenance.(I will be providing the software needed).Below are the things needed to be done one on each laptops:

1 Format Hard Drive
2 Install Win Xp with Service Pack 2
3 Microsoft Office Package
4 AVG Virus Software (Free Lifetime Updates)
5 Adobe Acrobat
6 Laptop Cleaning of the keyboard, screen and other case.
7 Diagnostics of the entire system after to check hard, CD Rom, floppy, etc.

I will like you to know that my mode of payment is by US certified check mailed and address to you from my employer company since I am presently on a business workshop in Panama city,South American and i want you to know that i will handle the shipment myself since i have a shipper from the state here that will bring the laptops to your place,and will come pick them up as soon as you are done with them.

I should have make this a phone order but i have a network problem of where i am and my shipper will be coming with the necessary Software for the installations of the Computers with both the Operating System,Microsoft Office and the Anti-virus for each computers .

However,get back to me with your last asking price for the 8 laptops. I await your urgent response so that i can put the arrangement in order.

Thanks and hope to read from you soon.

The warning flag here is the “US certified check”. I did a quick search, and discovered that this is a typical “Western Union scam” (not that Western Union is in any way at fault: they are simply being used by the scammers). Here is what the scam looks like in operation:

1. First email

2. ---

3. from    Nicole Bagwell <karenww1@live.com>
4. reply-to        nicoleww1@hotmail.com
5. to      nicoleww1@hotmail.com
6. date    Sat, Mar 28, 2009 at 5:00 PM
7. subject PC needs repair and installations !
8. mailed-by       craigslist.org
9.        
10. hide details Mar 28 (10 days ago)
11.        
12.        
13. Reply
14.        
15.        
16. ** CRAIGSLIST ADVISORY — AVOID SCAMS BY DEALING LOCALLY
17. ** Avoid: wiring money, cross-border deals, work-at-home
18. ** Beware: cashier checks, money orders, escrow, shipping
19. ** More Info: http://www.craigslist.org/about/scams.html
20.  
21.  
22. Hello,
23.  
24. I got your resume on  www.craigslist.org and i was just checking if you will be available to repair and install some applications on 12(Twelve) PC .
25.  
26. Get back to me for details if you’ll be available.
27.  
28. Nicole.
29. Hotmail® is up to 70% faster. Now good news travels really fast. Find out more.
30.  
31. this message was remailed to you via: serv-xtstn-1063755610@craigslist.org

32. ---

33.  
34. Second email
35.  

36. ---

37.  
38. Hello ,
39.  
40. How you doing? and thanks for getting back to me.
41.  
42. I read your description and i am highly impressed in your services,I have some Hp PCs(Intel Pentium IV) since we currently have a major breakdown on most of our systems and I thought it was best to have a general upgrade and maintenance.(I will be providing the software needed).Below are the things needed to be done one on each laptops:
43.  
44. 1 Format Hard Drive
45. 2 Install Win Xp with Service Pack 2
46. 3 Microsoft Office Package
47. 4 AVG Virus Software (Free Lifetime Updates)
48. 5 Adobe Acrobat
49. 6 Laptop Cleaning of the keyboard, screen and other case.
50. 7 Diagnostics of the entire system after to check hard, CD Rom, floppy, etc.
51.  
52. I will like You to know that my mode of payment is by US certified check mailed and address to you from my employer company since I am presently on a business workshop in Panama city,South American and i want you to know that i will handle the shipment myself since i have a shipper from the state here that will bring the laptops to your place,and will come pick them up as soon as you are done with them.
53.  
54. My shipper will be coming with the necessary Software for the installations of the Computers with both the Operating System,Microsoft Office and the Anti-virus for each computers and i should have make this a phone order but i have a network problem of where i am.
55.  
56. However,get back to me with your last asking price for the 12 laptops. I await your urgent response so that i can put the arrangement in order.
57.  
58. Thanks and hope to read from you soon.
59.  
60. Nicole.
61.  

62. ---

63.  
64. Third Email
65.  

66. ---

67. Thanks for the mail .
68.  
69. I must confess I’m comfortable with the cost and its quite reasonable and affordable and also,i hope i can trust you that to do a good job.
70.  
71. I will be sending you the payment inform of US certified cashier check mailed and addressed to you and regards to this kindly get back to me with your full information (in the format below)to receive the payment so it can be made out on-time.
72.  
73. NAME:
74. ADDRESS(NOT P O BOX):
75. CONTACT PHONE NUMBER:
76. DIRECT PHONE NUMBER.
77.  
78. For clarity,all the softwares will be coming with the various license and key.
79.  
80. Will be waiting to read your mail soon.
81.  
82. Best Regards!
83.  
84. Nicole.

85. ---

86.  
87. Fourth email

88. ---

89.  
90. Hello Jonathan,
91.  
92. Sorry for my slow response to your mail,I was busy making a call to my employer company in the state as regards your payment.My Employer company just called from the state few hours ago informing me that there is no exact check for your payment.
93.  
94. Mind you, a payment of $2850.00 [which happen to be my salary and  travel allowance  for this month of March] has been issue out in your name from my company and  mail to your contact address in which upon receipt ,you just need deduct your own payment  out of the money and help us to send the remaining amount to my shipper who will be bringing the PCs to you for the installations and repairs.
95.  
96. Sorry for not informing you about this before,I guess things will workout as  well.
97.  
98. Hope we can count on you about the payment and your service.
99.  
100. Hope  to read  from you soon .
101.  
102. Nicole.

103. ---

104.  
105. Fifth Email

106. ---

107.  
108. Hello Jonathan,
109.  
110. Sorry for not getting back to you since.It’s just that am However,the payment has been delivered to you few minutes ago via United State Postal Service( u.p.s) and here is the Ups  tracking# of the payment….1Z95V97V2210004613,you can go to  www.ups.com/us to track the package movement.
111.  
112. I want you to proceed to your bank immediately you get the payment to get the payment deposited and withdrawn immediately you get it deposited.
113.  
114. As soon as you get the payment withdrawn ,i will want you to proceed to the nearest western union outlet and get the Balance sent when you deduct your own payment from the total payment sent to you by my employer company and get the rest money sent to my shipper that will be bringing the PCs over to you.
115.  
116. Below is my shipper information that you are to get the balance sent to.
117.  
118. Name  :  Christina  Lynch
119. Address: 4207 Park Avenue
120. City  : Hot Springs
121. State : Arkansas
122. Zip code :71901
123.  
124.  
125. Please do that immediately so that my shipper can come over to you with the PCs and also to sign/receive the necessary document .
126.  
127. As soon as you get the money sent i will want you to get back to me with the Western Union control Number( MTCN),full sender’s name and the actual amount in USD when you deduct the western union charges.
128.  
129.  
130. Moreover,you can go to any of the below  western union outlet in your area today to get the payment sent and for easy transaction :
131.  
132. VALLEY DRUG
133. 208 EAST MAIN STREET
134. Everson, WA 98247
135.  
136.  
137. LYNDEN FOOD PAVILLION #441
138. 8130 GUIDE MERIDIAN
139. Lynden, WA 98264
140.  
141.  
142. Hope to read from you Soon.
143.  
144. Cheers !
145.  
146. Nicole.
147.  
148. PS…Do get the money sent today because my shipper call me to inform me that she will not be bringing the laptops over if she did not received the money today since she will be needing the money today to settle some bills,for documentation and booking the  hotel room she will be staying prior to the completion of the repair and installations.

149. ---

I hope this information saves someone from an expensive mistake.

Many cryptographers and other security experts are familiar with what has come to be known as Kerckhoffs’ Principle. Many, however, do not know that there are actually six such principles. The core ideas of these principles are still relevant today, more than 125 years after he first articulated them.

1. The system should be, if not theoretically unbreakable, unbreakable in practice.
2. The design of a system should not require secrecy and compromise of the system should not inconvenience the correspondents (Kerckhoffs’ principle).
3. The key should be memorable without notes and should be easily changeable.
4. The cryptograms should be transmittable by telegraph.
5. The apparatus or documents should be portable and operable by a single person.
6. The system should be easy, neither requiring knowledge of a long list of rules nor involving mental strain.

(from Six principles of practical ciphers, TechRepublic)

Forrester Research has come out with a report stating, among other things, that half to two-thirds of businesses have “concerns” about open source security.

The problem with empty headlines like “Companies still concerned about open source security” is that they tell you nothing and yet imply everything. You may as well say, “Study Reveals Pittsburgh Unprepared For Full-Scale Zombie Attack“. What does this headline tell you? Is any city prepared for a full scale zombie attack? Is a full-scale zombie attack even remotely likely?

The answer to both is “no”. Yet the headline implies that the answer to both questions is “yes”.

Should companies be concerned about the security of open source software? Of course they should — and they should also be concerned about closed source software, as well as the firmware in their hardware, their physical security, and the safety of their employees in the parking lot.

Should companies avoid open source software for “security” reasons? Of course not. Open source software is, in general, more secure than closed source software, and security flaws in open source software are more quickly corrected when they are found.

The problem with polls like Forrester’s (and those who conduct them) is not that the results are inaccurate (although they may be). The problem is that you won’t get the correct answer if you do not ask the correct question — and you have to understand the topic in order to ask the right questions. Forrester Research clearly doesn’t.

Ars Technica has a review of the book Appetite for Self-Destruction: The Spectacular Crash of the Record Industry in the Digital Age. I will have to pick this up.

By the way, don’t feel bad for record companies. They have been screwing artists for years. It was only a matter of time before something brought an end to the perverse market conditions that allowed the big record companies to survive.