About Duffbert...

Duffbert's Random Musings is a blog where I talk about whatever happens to be running through my head at any given moment... I'm Thomas Duff, and you can find out more about me here...

Email Me!

Search This Site!

Custom Search

I'm published!

Co-author of the book IBM Lotus Sametime 8 Essentials: A User's Guide
SametimeBookCoverImage.jpg

Purchase on Amazon

Co-author of the book IBM Sametime 8.5.2 Administration Guide
SametimeAdminBookCoverImage.jpg

Purchase on Amazon

MiscLinks

Visitor Count...



View My Stats

05/26/2011

Some expansion on my "irritating" tweet from last night...

Category Everything Else
Admittedly, yesterday was a very long day with lots of emotions and such twirling about in my head.  Since writing helps me clarify things to myself, here's what was going on...

I'm not terribly confident or adept in social/public settings.  There have been numerous times where after some gathering (or even during), I've gotten "the look" from the wife (guys, you know the one) or the kick/nudge which is the "shut up or die" indicator.  Since I also deal with self-confidence/self-image/depression issues, I tend to become hyper-aware of trying not to offend/irritate/put anyone out.  At least when I'm at home, I can mitigate some of this by retreating to my basement man cave and existing in my own world, where online words are the main source of my image.  That's not to say that I don't screw up with words, either.  But at least I feel like I'm on a more level playing field there.

One of the ways this manifests itself is how I react in crowds.  You know how you feel when you're in a line expecting everything to keep moving, and you end up stuck behind the person who acts like they've been dropped from outer space and has no clue as to how things work?  You go from not noticing to wondering what the problem is to "OMG WILL YOU JUST MOVE OUT OF THE WAY SO EVERYONE ELSE CAN GET ON WITH THEIR LIVES?!?!?"

Well, touring in a different country makes me the space alien...

All the social cues I depend on are gone.  All the past experiences of "this is how things are done" become a hindrance (because that's not how other cultures do things).  I fumble for my transit card at a turnstyle while others are queuing behind me (and in a rush to actually get somewhere on time).  I get to the bottom of an escalator, faced with a decision to turn left or right for the correct tube platform, and I don't know the answer.  But I can't stop where I am, as there's a thousand people behind me who DO know where they're going.  I try to push against a wall to get out of peoples' way to read the choices, but even then I seem to be in the way.

An example from last night...

I needed to take a bus from Richmond to get back to Tim and Gab's place.  So many unknowns for me there.  Which bus to take?  Which stop? Which direction? What's the fare? What's coming up in terms of where we are and where we get off?  So we get on the bus and need to figure out the fare.  In Portland, you need exact change or else you forfeit the extra money.  We're trying to ask the driver for the fare and get something reasonably close to the right amount.  Meanwhile, I'm in the way of others behind us.  I pull out coins, and end up staring at them trying to figure out what denominations I have.  Oh, and I'm still blocking the way.  After that, I need to find a seat (of which there aren't any) without clobbering people with my bags.  When someone wants to get off the bus, who is the person in front of the exit?  Me... and so on and so on.  And when I *do* try to make a decision or choice, it's reasonably good odds that it's the wrong one.  And of course, that just adds to the "I'm an idiot" feeling on top of everything else.  Doesn't matter that it's not true or that it was a really trivial thing.  It was yet again another "mistake."

After a long day of walking and the emotional experience of the War museum, it all adds up.

I know all the "right" answers as to how it really doesn't matter, people are not feeling that way, let it go, etc.  But if you struggle with those things, you desperately just want to fold in on yourself to occupy as little space as possible so as not to irritate any more people.

And hence my tweet from last night...

So now after a night's sleep (and a dose of my meds which I may have forgotten for a day with travel and such), I put yesterday behind me and start again...

05/25/2011

iDefense Security Advisory 05.24.11: IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow

Category IBM/Lotus
iDefense Security Advisory 05.24.11: IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow

iDefense Security Advisory 05.24.11
http://labs.idefense.com/intelligence/vulnerabilities/
May 24, 2011

II. DESCRIPTION

Remote exploitation of a stack buffer overflow vulnerability in IBM Corp.'s Lotus Notes could allow an attacker to execute arbitrary code in the context of the current user.


The vulnerability occurs during the processing of header information contained within a LZH archive file. A length calculation may cause an integer value to underflow and result in a large length value. A memory copy operation using the length value may cause LZH data to overflow the bounds of a stack buffer. This condition may lead to arbitrary code execution.

III. ANALYSIS

Exploitation of this vulnerability results in the execution of arbitrary code in the context of the user opening an attachment delivered via email. In order to be successful, an attacker must social engineer the victim into processing a specially crafted email attachment in a certain way. Specifically, the victim must open the attachment and click the view button on the attachment dialog box.

IV. DETECTION

Lotus Notes versions 6.0, 6.5, 7.0, 8.0, 8.5 are vulnerable.

V. WORKAROUND

A workaround is available to disable LZH archive files within the Lotus Notes file viewer:


Open the keyview.ini file in the Lotus Notes program data directory (C:\Program Files\IBM\Lotus\Notes\Data) and comment out all references to lzhsr.dll. To comment out a reference, proceed the line with a semi-colon ';'.

VI. VENDOR RESPONSE

IBM has released patches and workarounds to address this vulnerability. For more information, consult their advisory at the following URL.

https://www-304.ibm.com/support/docview.wss?uid=swg21500034

VIII. DISCLOSURE TIMELINE

08/18/2010  Initial Vendor Notification
08/18/2010  Initial Vendor Reply
05/24/2011  Coordinated Public Disclosure

IX. CREDIT

This vulnerability was reported to iDefense by binaryhouse.net.

05/24/2011

If you'd like to download the UKLUG TDI session from Marie Scott and myself...

Category UKLUG
... you can do so here.

Thank you to everyone who attended our session, as well as those who continued the conversation after the session.  I always consider it a successful presentation if one or two people get their world rocked about the possibilities that open up when you start to use TDI.  Judged on that, UKLUG's TDI session was definitely a success.

And thank you to my partner in crime, Marie Scott, for putting up with my TDI questions and sharing the stage with someone who couldn't even *spell* TDI a couple of years ago...

05/09/2011

Book Review - Hamlet's BlackBerry: A Practical Philosophy for Building a Good Life in the Digital Age by William Powers

Category Book Review William Powers Hamlet's BlackBerry: A Practical Philosophy for Building a Good Life in the Digital Age
A picture named M2

For some of us, living our lives connected to the digital world is a normal occurrence.  I can reach anyone at any time, and others can reach me.  But is that healthy?  Should I step back and take the time to be unplugged?  These questions are explored in William Powers' book Hamlet's BlackBerry: A Practical Philosophy for Building a Good Life in the Digital Age.  I joke about the fact that I can leave the Internet any time I want... I just don't want to yet.  But there's some good food for thought here, and Powers has me rethinking my nearly-always-on attitude.

Contents:
Prologue: The Room
Part 1 - What Larks? - The Conundrum of the Connected Life: Busy, Very Busy - In a Digital World, Where's the Depth?; Hello, Mother - The Magic of Screens; Gone Overboard - Falling Out with the Connected Life; Solutions That Aren't - The Trouble with Not Really Meaning It
Part 2 - Beyond The Crowd - Teachings of the Seven Philosophers of Screens: Walking to Heaven - Plato Discovers Distance; The Spa of the Mind - Seneca on Inner Space; Little Mirrors - Gutenberg and the Business of Inwardness; Hamlet's Blackberry - Shakespeare on the Beauty of Old Tools; Inventing Your Life - Ben Franklin on Positive Rituals; The Walden Zone - Thoreau on Making the Home a Refuge; A Cooler Self - McLuhan and the Thermostat of Happiness
Part 3 - In Search of Depth - Ideas in Practice: Not So Busy - Practical Philosophies for Every Day; Disconnectopia - The Internet Sabbath
Afterword - Back to the Room; Acknowledgments; Notes; Further Reading

Powers makes the case, through the use of seven philosophers over the years, about how technology often leads us to become more shallow in our thinking and reasoning.  We think this is a recent phenomenon, but it was a fear even back in the days of Socrates and Plato.  The act of writing down speeches was thought to be the first step towards less thinking.  Why work on memorization and deep thought if you can just read something?  Shakespeare used a table, an erasable notebook of specially-treated paper or papyrus, that allowed him to write things down during the day and review them at a later time.  Again, a use of technology that helped a person take in and deal with more mental stimuli and clutter.  And with more input came less time to listen and reflect, more often giving in to the demand to deal with something immediately before the next thing showed up.

While we tend to think that no time in history has ever been as fast-paced as this, the reality is that each time period has had some level of turmoil and change that was significantly greater than the time before it.  So our base problem isn't really new... it's just magnified.  More things are going on, we have less time to reflect and contemplate matters, and we lose the ability to think deeply about issues that matter.  We end up with sound bites and summaries that we buy into without thinking.  To reverse this trend, Powers offers up the concept of an Internet "sabbath", or the conscious decision to go "off the grid" for a period of time.  Without the constant bombardment of email, instant messages, tweets, etc., you can spend time reading and thinking... spend time talking with others and interacting with *real* people who matter to you.  It's not necessarily easy, as it can be hard to make the decision to not try and keep up with everything that happened in the last 24 hours.  But will it really matter if you don't see the latest YouTube video or read the latest blog post by a friend?  Won't it still be around if it was really important?

I'll admit that I'm still struggling with the concepts in Hamlet's Blackberry.   I know I spend far too much time online at the expense of other things that should get greater attention.  But part of the solution is knowing you have a problem, and I think Powers at least got my attention.  Well worth reading...

Disclosure:
Obtained From: Friend
Payment: Free

05/09/2011

Musings on turning 50...

Category Everything Else
I'm not normally introspective, and I don't spend a lot of time looking back or forward.  But I suppose when you turn 50, a little introspection is called for.

50... that sounds so... old.  I remember when my dad turned 50, and I signed his card with "Now you're half-a-hundred."  He reminded me of that card yesterday, so what goes around comes around. :)  50 sounded so adult back then, and it sounds so adult now.  But surprise... sounding adult and feeling adult must be two different things.  In fact, I'm starting to think that the whole "feeling like an adult" thing just doesn't exist.  Everyone I talk to seems to feel like a kid playing make-believe in an aging body.  I don't think we ever get to the point where we feel like we're competent to be a grown-up.  It just happens, and we're along for the ride.  All those others who look like they are grown-ups don't know any better, either.  It's just a bunch of kids making up the rules as they go along.

Looking back, I've done some things I never thought possible.  Writing a book, speaking to hundreds of people on stage, being successful in my career...  I've always felt intimidated by a lot of those things, as I never had the proper "credentials" that said I was qualified to do what I'm doing.  I just did it with the help of friends, and we figured it out as we went along.  I've been a sounding board for friends going through hard times, and I've been the one doing the crying on occasion.  You don't make it through 50 years of life without a number of dings, dents, and fender-benders.  I've been fortunate to get to this point with things relatively intact, but I know it's not due to my extraordinary skill at navigating life's currents.  I'm still the kid making this up as I go along...

So what happens in the second half of life?  It's strange to think that the odds are that I've lived well over half my life.  The number of days left is likely less than the number of days lived.  And what story have I written with my life?  Are there still things I want to do?  Is that novel I've talked about writing actually getting written?  Am I trying new things and learning new skills, or am I just repeating the same old things as the sand continues to flow through the hourglass?  Is spending "a few spare moments" playing Solitaire on the computer really a good use of time and talent?  

Going forward, I want to remember this phrase... Try It

It's time to try new things (like teaching an ewok to dance).  It's time to step out of my safety zone and feel free to fail.  It's time to try getting my body back in shape where I can actually enjoy what's left of life in good health.  It's time to try new experiences and visit new places... being open to adventures that may be scary or uncomfortable.  Some things will be fun and I'll do them again.  I'll fail at others and laugh at the results.  But I will try them.

It's been a good 50 years, but there's so much more I could do.  I'm tired of limiting myself as to what I can accomplish and experience.  Here's to life after 50, and all that I want it to be.

05/09/2011

Book Review - Buried Secrets by Joseph Finder

Category Book Review Joseph Finder Buried Secrets
A picture named M2

As part of the Amazon Vine review program, I had the chance this month to snag Joseph Finder's latest book Buried Secrets.  In short, there was no way I was going to let the opportunity to read Finder's latest novel before the release date get away.  I'm glad I didn't, either.  Finder does an excellent job with the Nick Heller character, and the twists kept coming fast and furious right up to the end.

In Buried Secrets, Heller is hired by his old (and rich) friend Marshall Marcus to find his daughter Alexa.  She didn't come home after supposedly going out to visit Taylor, her best friend, and the father is worried that something may have happened.  A little pressure on Taylor uncovers that they were really at a trendy bar, and that a guy was hitting on Alexa.  The last video image of Alexis has her leaving with the guy, looking like she's been drugged.  As Heller continues to dig and follow the trail, he uncovers some nasty characters who have reason to want something from Marcus.  He also finds that Marcus isn't being entirely open as to his own situation.  When the ransom demand comes in, it does so in the most unsettling way... via a live computer video feed of Alexis repeating her captor's demands, apparently buried underground in some sort of coffin.  Heller has to figure out who knows what, who is hiding what, and where Alexis is being kept, as it's a near certainty that killing Alexis means little to those who are making the demands.

I really enjoy reading Finder's stories.  The Nick Heller character is fun, in that he's a step above a private eye, yet not a full-on spy.  The back cover on the ARC labels him a "private spy", and that's a good description.  He's got his own way of doing things, has a smart mouth and sharp wit, and the dialogue rings true.  I also like that he's not a "Superman"-type character that has all the bases covered and never makes a misstep.  His improv when he gets out of the shower to discover two guys bugging his computer is great... I'll never look at an electric razor the same way again. :)

If you've never had the pleasure of reading a Joseph Finder novel, feel free to jump right in with Buried Secrets.  The writing and characters are reminiscent of Harlan Coben and Lee Child, and the only disappointment is when you get to the end and know you have to wait for a new Finder novel.

Disclosure:
Obtained From: Amazon Vine Review Program
Payment: Free

05/08/2011

Book Review - Windows 7 Portable Command Guide: MCTS 70-680, 70-685 and 70-686 by Darril Gibson

Category Book Review Darril Gibson Windows 7 Portable Command Guide: MCTS 70-680 70-685 and 70-686
A picture named M2

I've never been much of a command line junkie.  I understand that you have more power when you are at the command line level, stringing together commands to create utilities, but it's never been a comfortable habit for me.  That might change now with this book: Windows 7 Portable Command Guide: MCTS 70-680, 70-685 and 70-686 by Darril Gibson.  It's meant to be a study guide for Microsoft certification testing, but it's also a great tool to learn about the important command line features and options that will make your life easier.

Contents:
Part 1 - Command Prompt Basics: Launching and Using the Command Prompt; Basic Rules When Using the Command Prompt; Using Basic Commands
Part 2 - Working with Files, Folders, and Disks: Manipulating Files and Folders; Manipulating Disks
Part 3 - Scripting with Batch Files: Creating Batch Files; Scheduling Batch Files
Part 4 - Managing and Maintaining Windows 7: Using Windows 7 Maintenance Tools; Retrieving Information About Windows 7; Managing Security in Windows 7; Configuring Windows 7 with netsh
Part 5 - Troubleshooting Windows 7: Configuring Windows 7 Using Basic Troubleshooting Tools; Troubleshooting Network Issues; Using Recovery Tools
Part 6 - Remote Administration: Managing Remote Windows 7 Systems; Windows Management Instrumentation Command Line
Part 7 - Creating and Managing Images: Understanding Images; Preparing a System to Be Imaged with sysprep; Installing the Windows Automated Installation Kit; Using imagex; Using the Deployment Image Service and Management (DISM) Tool
Part 8 - Working with WinPE and Setup: WinPE Commands; Installing Windows 7 with setup
Part 9 - Migrating User Data with USMT: Capturing User Data with scanstate; Restoring User Data with loadstate
Part 10 - Using PowerShell: Understanding PowerShell Commands; Using the Integrated Scripting Environment (ISE); Creating and Running PwoerShell Scripts
Part 11 - Group Policy and the Command Line: Group Policy Overview; Group Policy Command-Line Tools
Appendix - Create Your Own Journal Here

I approached the book from the viewpoint of a developer (which is what I am in my day job).  As such, I was more interested in the material focused on controlling my own machine rather than the network as a whole.  But even with that somewhat narrowed view, there was more than enough to keep me interested and trying things out.  I started to recall the power of batch files, especially when you pass in variables to make it a true flexible utility for your situation.  I started to see some possibilities for working with my main disk, such as building virtual hard drives for some flexibility in building test scenarios.  I even finally got around to building a rescue CD (which I had promised myself I'd do for months...)  :)

If you are studying for the cert tests, I'm sure Windows 7 Portable Command Guide would be an excellent resource.  But after you're done with that (or even if you're not going for the certification), this book deserves to be on your shelf as a go-to book to make your life easier.  

Disclosure:
Obtained From: Publisher
Payment: Free

05/07/2011

Product Review - Cyber Clean

Category Product Review Cyber Clean
My home office is in the basement of an older home, complete with all the dirt and dust that comes along with the location.  As such, my keyboards tend to get somewhat grungy over time.  In fact, some would say downright disgusting.  But since I see the keyboard every day, it's easy to just sort of overlook the dirt build-up until someone else points it out.  Well, someone did, and I thought I really should do something about it.

Someone told me about a product called Cyber Clean that is supposed to do wonders for cleaning keyboards.  Rather than spending time trying to get in-between the keys with a Q-Tip and alcohol, you take this gel-like substance, press it onto the keyboard so it can ooze between the keys, and then pull it off.  There's just enough tack in the gel to pull off the dust, dirt, and grime.  Fold it over, smush it together, and do it again.  Repeat until you're happy with the result.  So how'd it do on a really tough job?  Let's see...

Here's the product:
A picture named M2

The starting look of the keyboard (left and right side):
A picture named M3

A picture named M4

As you can see, Cyber Clean was going to get a workout here...

After about five minutes of work, here's the left- and right-side results:
A picture named M5

A picture named M6

So what do I think?  It *does* clean the keyboard, but not enough that I'd call it a spectacular result.  The dust definitely comes up, as does some of the grime that isn't stuck hard on the keys.  The dirt build-up on the edge of the keys is significantly reduced from what it was before, but I'm not going to be mistaking my keyboard for one that just came out of the box.

In a somewhat more fair test, I also ran it over the keyboard attached to my work computer.  It's not had nearly the use as my personal keyboard, so it was mostly just a matter of dust.  After a Cyber Clean treatment, it looked like it did when it was first assigned to me.  In that case, Cyber Clean was a success.

Bottom line...  If you were to get and use Cyber Clean on a regular basis, it would do a fine job in keeping the keyboard looking decent.  If you're playing catch-up on a particular nasty keyboard that hasn't seen cleaning often enough, then Cyber Clean will do an adequate job on the surface or loose grime, but you shouldn't expect miracles.  

Disclosure:
Obtained From: Amazon
Payment: Purchased

05/06/2011

Beginners...

Category Ira Glass
What nobody tells people who are beginners — and I really wish someone had told this to me . . . is that all of us who do creative work, we get into it because we have good taste. For example, you want to make TV because you LOVE TV. There is stuff that you just LOVE.

So you have really good taste. But you get into this thing where there is this gap. For the first couple years you are making stuff… but what you’re making isn’t so good. It’s not that great. It’s trying to be good, it has ambition to be good, but it’s not. But your taste, the thing that got you into the game, your taste is still killer. And your taste is good enough that you can tell that what you’re making is a disappointment to you. It’s still sorta crappy.

A lot of people never get past this phase. They quit. But the thing I would say to you with all my heart: most everyone I know who does interesting, creative work, went through years of this. We knew our work didn’t have this special thing that we wanted it to have. Everybody goes through this.

If you are just starting this phase, still in this phase, getting out of this phase, you gotta know it’s totally normal and the most important, possible thing you can do is do a lot of work. Do a huge volume of work. Put yourself on a deadline so that every week or every month you know you will finish one story. You create the deadline. It’s best if you have someone waiting for the work, even if it’s somebody that doesn’t pay you. It is only by going through a volume of work that you will close that gap, and your work will be as good as your ambitions.

In my case, I took longer to figure out how to do this than anybody I’ve ever met. It takes awhile. It’s going to take you awhile. It’s normal to take awhile. And you just have to fight your way through that.

Ira Glass - http://www.elumir.com/v5/?p=1210

Want to support this blog or just say thanks?

When you shop Amazon, start your shopping experience here.

When you do that, all your purchases during that session earn me an affiliate commission via the Amazon Affiliate program. You don't have to buy the book I linked you to (although I wouldn't complain!). Simply use that as your starting point.

Thanks!

Thomas "Duffbert" Duff

Ads of Relevance...

Monthly Archives