The proliferation of modern programming languages (all of which seem to have stolen countless features from one another) sometimes makes it difficult to remember what language you’re currently using. This handy reference is offered as a public service to help programmers who find themselves in such a dilemma.

TASK: Shoot yourself in the foot.

C: You shoot yourself in the foot.

C++: You accidentally create a dozen instances of yourself and shoot them all in the foot. Providing emergency medical assistance is impossible since you can’t tell which are bitwise copies and which are just pointing at others and saying, “That’s me, over there.”

FORTRAN: You shoot yourself in each toe, iteratively, until you run out of toes, then you read in the next foot and repeat. If you run out of bullets, you continue with the attempts to shoot yourself anyways because you have no exception-handling capability.

Pascal: The compiler won’t let you shoot yourself in the foot.

Ada: After correctly packing your foot, you attempt to concurrently load the gun, pull the trigger, scream, and shoot yourself in the foot. When you try, however, you discover you can’t because your foot is of the wrong type.

COBOL: Using a COLT 45 HANDGUN, AIM gun at LEG.FOOT, THEN place ARM.HAND.FINGER on HANDGUN.TRIGGER and SQUEEZE. THEN return HANDGUN to HOLSTER. CHECK whether shoelace needs to be re-tied.

LISP: You shoot yourself in the appendage which holds the gun with which you shoot yourself in the appendage which holds the gun with which you shoot yourself in the appendage which holds the gun with which you shoot yourself in the appendage which holds the gun with which you shoot yourself in the appendage which holds the gun with which you shoot yourself in the appendage which holds…

FORTH: Foot in yourself shoot.

Prolog: You tell your program that you want to be shot in the foot. The program figures out how to do it, but the syntax doesn’t permit it to explain it to you.

BASIC: Shoot yourself in the foot with a water pistol. On large systems, continue until entire lower body is waterlogged.

Visual Basic: You’ll really only appear to have shot yourself in the foot, but you’ll have had so much fun doing it that you won’t care.

HyperTalk: Put the first bullet of gun into foot left of leg of you. Answer the result.

Motif: You spend days writing a UIL description of your foot, the bullet, its trajectory, and the intricate scrollwork on the ivory handles of the gun. When you finally get around to pulling the trigger, the gun jams.

APL: You shoot yourself in the foot, then spend all day figuring out how to do it in fewer characters.

SNOBOL: If you succeed, shoot yourself in the left foot. If you fail, shoot yourself in the right foot.

Unix:

% ls
foot.c foot.h foot.o toe.c toe.o
% rm * .o
rm:.o no such file or directory
% ls
%

Concurrent Euclid: You shoot yourself in somebody else’s foot.

370 JCL: You send your foot down to MIS and include a 400-page document explaining exactly how you want it to be shot. Three years later, your foot comes back deep-fried.

Paradox: Not only can you shoot yourself in the foot, your users can, too.
Access: You try to point the gun at your foot, but it shoots holes in all your Borland distribution diskettes instead.

Revelation: You’re sure you’re going to be able to shoot yourself in the foot, just as soon as you figure out what all these nifty little bullet-thingies are for.

Assembler: You try to shoot yourself in the foot, only to discover you must first invent the gun, the bullet, the trigger, and your foot.

Modula2: After realizing that you can’t actually accomplish anything in this language, you shoot yourself in the head.

DOS/VSE/SP (etc): You first find the building you’re in in the phone book, then find your office number in the corporate phone book. Then you have to write this down, then describe, in cubits, your exact location, in relation to the door (right hand side thereof). Then you need to write down the location of the gun (loading it is a proprietary utility), then you load it, and the COBOL program, and run them, and, with luck, it may be run tonight.

OS/MVS/etc: You tell it you need a gun, and that you need space to put your foot, then you run that, along with the COBOL program. Don’t forget to store the code as a proc, if you need to shoot your other foot.

From: jkonrath@bronze.ucs.indiana.edu (Jon Konrath)

VMS:

$ MOUNT/DENSITY=.45/LABEL=BULLET/MESSAGE=”BYE” BULLET::BULLET$GUN SYS$BULLET
$ SET GUN/LOAD/SAFETY=OFF/SIGHT=NONE/HAND=LEFT/CHAMBER=1/ACTION=AUTOMATIC/
LOG/ALL/FULL SYS$GUN_3$DUA3:[000000]GUN.GNU
$ SHOOT/LOG/AUTO SYS$GUN SYS$SYSTEM:[FOOT]FOOT.FOOT
%DCL-W-ACTIMAGE, error activating image GUN
-CLI-E-IMGNAME, image file $3$DUA240:[GUN]GUN.EXE;1
-IMGACT-F-NOTNATIVE, image is not an OpenVMS Alpha AXP image

oh well, almost..

From: johnw@johnwuu.canb.auug.org.au (John Wright)

SQL:
Insert into Foot
Select Bullet
From Gun.Hand
Where Chamber = ‘LOADED’
And Trigger = ‘PULLED’

Computers, Geek, Languages, Nerd, programmers Hide

It seems as if the powers at be have realized they are fighting an uphill battle. After a laborious trial in Sweden, Time Warner has decided that they can’t beat The Pirate Bay, so they’ll join them.

After years of hostility, lawsuits, police raids and heated invective between the two groups, the Pirate Bay has today announced they have settled their differences with US media conglomerate Warner Bros. The largest BitTorrent tracker has sold out to Hollywood and the two have agreed a deal. - TorrentFreak

Honestly, I feel that this was the right move from the start. The Pirate Bay is no more responsible for pirating software than Google. Technology and the Internet have always been about innovation and moving forward. The Pirate Bay took the existing technology of BitTorrent and simply capitalized on it before anyone else thought to. Now that the major industries are taking a page from TPB, you can expect to see a number of changes in the way we view and purchase media online.

What does it all mean?

Well, personally I feel that this will have a major impact on the distribution of online media. If the major powers of distribution and production cannot adopt this new market of media sharing they will fall victim to the next TPB. Warner Bros. should not revamp or close down TPB, instead they should embrace its tech-savvy, intelligent user base and find a way to grow the community as well as make their fair share.

Related articles by Zemanta

• April Fools Pranks on the Internet (paraschopra.com)
• RIAA Apologizes and announces an immediate cease fire (techwag.com)
• The Pirate Bay Gets Ready for Court Case (torrentfreak.com)
• Mininova helps musicians monetize their BitTorrent downloads (inquisitr.com)
• The Pirate Bay to launch VPN service (to keep prying eyes away from your Torrenting) (crunchgear.com)
• Pirate Bay rejects law-breaking claims (theregister.co.uk)
• TorrentFreak’s Top 10 Most-Read Articles of 2008 (torrentfreak.com)
• NIN Launches BitTorrent Tracker for New Release (torrentfreak.com)
• Charges Against The Pirate Bay Partly Dropped (mashable.com)
• A Few Thoughts on The PirateBay Trial (mymediamusings.com)

acquire, BitTorrent, BitTorrent tracker, File sharing, Google, Pirate Bay, sweden, TorrentFreak, Warner Bros Hide

One of the coolest D.I.Y. laptop projects I’ve ever seen.

Chris Fenton (ChrisFenton.com) took a PICAXE microcontroller and fabricated one of the sweetest laptop projects I’ve ever come across. Complete with a 4kb home-brew OS called LINAXE. This minimalistic throwback sports all the functions of a basic operating system including text editing, a custom compiler, and even plays PONG. You’d be surprised how much you can do with only 16kb of RAM and 256kb of storage. Here’s a few photos and the specs from the site:

Hardware specs:

• Storage: 256 kilobytes total, in a 4 x 64 kilobyte  configuration. It uses 4 24FC512 i2c EEPROM chips formatted with the ChrisFS file system.

• RAM: 16 kilobytes of i2c FRAM, in a 2 x 8 kilobyte configuration. Fully accessible from within programs through the use of pointers.

• CPU:  Picaxe 28X-1 Microcontrollers. The main CPU runs at a blistering 16 Mhz, and has a whopping 4 kilobytes of onboard storage for the processor’s firmware/OS.

• I/O Controller: Another Picaxe 28X-1 Microcontroller serves as an i2c slave and I/O controller for the main CPU. It primarily provides a keyboard FIFO interface to support asynchronous keypresses during programs (can you say PONG?!).

• Sound: Dual-mono sound is driven by the main  CPU and supports a wide range of tones, beeps, bops and bloops. It drives 2 x 1-inch, 8-ohm speakers mounted on either side of the display. Volume knob or headphone jack, you ask? I say, play it loud and play it proud!

• Display: A giant 24 x 8 serial character display provides a much-needed upgrade over the previous 20 x 4 display. It also takes in data at a blistering 19200 bits-per-second, drastically improving update speeds.

• Case: Beautiful, hand/laser crafted wooden case, with a touch of steampunk. My friend Pat showed me how to build a simple box, and I finally learned how to use the CNC laser! Tip: Never try to use real laptop hinges when working with wood. Way too much hassle!

• Battery pack: 4 x AAA batteries keep this humming for hours. Think your pathetic EEE will make it on that flight to Japan? Pack this bad boy and keep hacking while your neighbors are stuck watching the third showing of “You’ve Got Mail.”

  [source: ChrisFenton.com]

EDIT: Found some more cool wooden laptop pics.

Related articles

• In the Maker Shed: New Arduino Duemilanove (makezine.com)
• MSI claims nine hour battery with Wind U110, adds ATI Radeon HD3200 GPU (crunchgear.com)
• HOW TO - Breadboard memory game (makezine.com)
• The new iPod Shuffle: small, sleek and will sell like hotcakes (timesonline.typepad.com)
• i-SOBOT Wants Your Input (wired.com)
• Luminary Micro Continues Its Leadership With the 4th Generation of Stellaris Microcontrollers (newswire.ca)
• Twin Cities Makers Find a Home? (wired.com)
• 5 Cool Christmas Car Gifts… (whybuyusedcars.com)
• Kensington USB Charger Eats AAA Batteries (ubergizmo.com)
• How-to Tuesday: tinyCylon kit (makezine.com)

AAA battery, Central processing unit, CNC, diy, EEPROM, Hardware, laptop, Microcontroller, PICAXE, Random-access memory, slashdot, wooden Hide

After being banned from Google Adsense a few times while learning the ropes of SEO (and slipping through a few) I decided I wanted to learn more about 3 things.

1. Why was I banned?
2. What detected the violation?
3. What can I do to get around this?

So I began learning about CPM, CTR and ROI, investigating other PPC programs like Adbrite, and researching the path a popular piece of original content took on its way to “viral” status. I’ve developed a few theories on the subject however these are not what this article is about. This is about starting your own PPC ad network and taking Google out of the equation.

So here are the steps on how to create a mini-Google Adsense with Open Source Software and $100.00 in overhead.

What you’ll need:

• Dedicated Server: 3 months ($89.00) Server Pronto
• Domain Name 1 year (9.99) Godaddy
• OpenX
• Linux, Apache, PHP5, MYSQL (free) Gentoo Linux

Steps

Related articles

• Set Up Your Own Blogging Network And Split AdSense Revenues With Fair Blogs
• Set Up Your Own Blogging Network And Split AdSense Revenues With Fair Blogs
• Free Road Map to How To Use Goolge To Track Your Website Traffic
• Hosted OpenX: Set up an ad server without installing a thing
• Enable Google Analytics for your AdSense Account Now
• OpenX.org - Take Control Of Your Advertising
• Remember Markus Frind - the “AdSense Millionaire?”
• See Your AdSense Earnings Data in Google Analytics
• Google Analytics Integrates with AdSense
• Google Analytics Integrates with AdSense

AdSense, Cost per mille, Google, Google Adsense, Google Analytics, LAMP, Open Source, OpenX, Web 2.0 Hide

10. Verify your problem.

Example: If you cant load the company website, check another computer. Better yet, check from your iPhone, Android, or Blackberry. Don’t assume that because the site wont load on your computer, the site is down. This is rarely the case. Admins beat their heads against desks when we’re asked to reboot an entire web server because 1 person forgot they were in “Work Offline” mode.

9. Email first, call last.

I’m 2  hours into the day, eyeballs deep in code, completely immersed in what I’m focusing on and RIIIIIIIING! My concentration is shattered by the technological shortcomings of Dwayne from HR. He needs his password reset. This however is not all he decides to tell me. He then goes on inform me that his sister’s uncle’s friend’s dog’s computer crashed the other night and would like me to tell him why. Two hours of excruciating explanation later, I whip out my magic hat, cape, and DIY Voodoo kit, and inform him that I’ll either need more information, or the blood of a sacrificed virgin goat to diagnose the problem. All he needed was a password reset, which could have been solved in seconds via email.

8. Admit Ignorance.

Nothing pisses off an IT professional more than a user who thinks they’re the hot stinkin’ shit. These are the people who insist they know everything, and will jump at the chance to try and correct you. Some people will challenge everything you say, just to split hairs so they can feel less ignorant. The simple fact is, if you dont work in IT, you probably dont know fuck-all about computers and should approach the situation as such. If you are the boss/owner, this applies especially to you. You hired these people because they are knowledgable about things you are not.

7. Respect the key holders

Without your email, network, workstation or phone, you’d be fucked. If any 1 of the aforementioned technologies goes away, so does your paycheck. IT departments work hard to keep interruptions in employee services to a minimum and if they’re doing their job, you should almost never hear from them. Many times this leads upper management to believe that the IT department is busy playing Quake all day when in actuality they’re maintaining status quo as well as holding the hands of your companies technotards.

6. Dont waste company resources.

I don’t care how hot or bangin the new Lil’ Wayne album is. If I catch you torrenting or using Limewire on my pristine, well-oiled network, I’ll format your HD at least once a week and replace all your mp3’s with goat porn.

5. Do not micro-manage us.

The way I deal with this is actually pretty simple. Everytime someone from ‘upstairs’ asks me that bullshit question “What are you working on?” I immediately start reading off lines of code to them. Then if that doesnt confuse the shit out of them, I’ll hit them with a few random computer terms about something completely unrelated to what I’m actually doing, so when(if) they actually research it, they’ll be even more confused. Misinformation is your ally.

4. Realize ‘freelance’ doesnt mean free.

If I had a nickle for every time I was asked to fix a co-worker’s personal computer, or one of their friends/relatives/spouses issues, I could probably actually afford to work for free. Many of us turned to the corporate world out of disdain for the freelancing domain. Feature creep, late payments, picky clients and generally being underapreciated are all good reasons to want a 9-5 office gig. What the bloody hell makes you think that we want to go back to that three ring circus? With that said, if you’re going to ask for our services outside of the domain of the company, you’d better be prepared to at least match our salary, if not more.

3. Check to see if its plugged in (and turned on!).

Please?

2. Take Screenshots, “I got this error” does not help.

This cracks me up. I’ll get a call or an email stating that someone “Got an error” and coincidently slammed face first into a brick wall. On that wall are painted the words OK and Cancel. Just above that is a cryptic riddle from the tiny gremlins that power your computer. This aparently comes with a nerve-agent that melts a normal user’s brain upon sight. Far be it from the user to actually read the error message, let alone hit the button clearly labled “PRINT SCREEN.”

1. Learn how to use Google.

Dont laugh! You’d be surprised how many people have no idea about the awsome power of Google. Chances are, your IT department spends at least 10% of their day on Google, googling things for your employees when they could be focusing on more important tasks. Learn how to use boolean operators and Google-specific query tricks. Become a seeker of knowledge rather than a reciever.

Frustration, General, Good Side, IT, Top 10 Hide

I’ve been in the IT industry for over 10 years now, and if theres one thing I’ve learned, its that IGNORANCE IS RAMPANT in today’s typical office setting in regard to general computer use. Now, I know what you’re thinking, “Who is this guy, why doesnt he just find another job if he hates it so much?.” Well my name is Ben, but many know me as Dacks. I’m a life-time nerd, and I LOVE computers and technology in general. I consider myself to be quite knowledgable in many areas of IT, and I’m always down for a quick geek-out session with another nerd in close proximity, HOWEVER(!) my patience runs thin whenever someone asks me: “Hey how do I [insert google search query]“. Welcome to office life in the IT department.

10. You must explain everything, regardless of simplicity, at least 10,000 times

Sometimes I wish it were actually possible to replace people with small shell scripts. I’m not an alien. I have 2 legs and 2 arms, 1 head, and I speak English. Somehow in that equation, even the most simple explanation is lost in translation when dealing with a Computard. My favorite part is scanning over the poor soul’s ‘notes’ after I’ve just finished oversimplifying how to attach a word document to an email, only to find an entire Library of Congress worth of text just to cover: 1. Click Attach, 2. Find File, 3. Click OK.

9. At least 3 times a week, someone will say “I can’t print”.

Nick Burns Anyone? This is one of those comments that drives me bat-shit insane. Printers, possibly the most low-tech device in the whole office, somehow manage to foil your 36 kill streak in Quake just about every hour, on the hour. How is it, that a device with a average of 3 buttons, 1 blinking light, and PAPER can be so confusing to the common user? Forget trying to explain what a driver is…

8. You get the same emails, 500 times.

Here’s the scenario. You’ve actually done your job! The website’s traffic is through the roof thanks to you brilliant S.E.O. tactics and semantic code. The problem? “OMG THE SITE IS SLOW” echoes out from the nether regions of your cubicle circus. The first wave of emails from the marketing department come raining in. As soon as you’re done hitting DELETE on the bunch, a second department feels its nessicary to alert you with an individual email from each employee, all stating their own nifty hypothesis as to why the site is so slow. After about 9 waves, you start recieving the “Did you get my email” email, followed up by the “Did you get my email about my email” phone call. Mass murder ensues shortly after.

7. You’re the first to show up, and the last to leave.

God forbid anyone decides to learn how to turn their own machine on or off. Having a ’schedule’ might seem like a good way to decide when to arrive and depart, however your time as an IT administrator does not enter the mind of the co-worker who’s late for Greys Anatomy re-runs. People will leave you the most ridiculous list of tasks to rush through, usually in the last 10 seconds of the work day. You can expect to be bumped up 1 notch on my hitlist for this infraction.

6. Nobody ever saves you any coffee.

Leave it to the advertising team to lick the pot clean, occasionally saving you the smallest, coffee-ground soup-ish, coldest drop of sludge. I broke down and bought a coffee pot which sits right next to me, guarded by a pair of rabid doberman pinchers with sniper rifles.

5. The dreaded “What are you working on?”

Nothing pisses me off more than some idiot poking their head into my office and blurting out “Hey, What are you working on?” I usually approach this question with a deep breathe, followed by a brief moral struggle over whether or not to turn this moron’s brain into an even more viscous mush. Answering this question honestly will often result in your coworker’s head exploding. There is a reason why I am paid to understand these things, and you are not. If you truly don’t care to understand, then by all means, have a nice helping of shut the fuck up and let me do my job.

4. For every hour you spend trying to make things easier, you’ll create 10 more hours of explanation

Forget trying to make these fools’ lives easier. It will only result in further frustration. Let them slink into their anti productive work flows. The more company time they piss away doing things ‘how they’ve done them for 10 years’, the less time they have to bother you. Something as small as moving an icon can have terrible butterfly-effect results. Expect questions like:
“DROOOOOOOOOL…….DERRRRRR……FGGGGGGGGGHHHHNNNNN….UMMMM….WHERE IS MY WINDOWS?”

3. Updates from outer space!

Somewhere along the line, a developer had a brilliant idea that would in fact forever degrade the patience of future developers and administrators: Updates. First of all, don’t get me wrong, updates are great (if you can wrap your head around this astronomical concept). My major gripe here is the fact that a perfectly well written dialogue box, in plain English, will undoubtedly read “PLEASE CALL SOMEONE INTO YOUR OFFICE, FROM THE OTHER SIDE OF THE BUILDING, TO CLICK ‘OK’ ” to the average grunt. The update might as well read “I am an idiot, Click Yes, Ok, or Uh-Huh”.

2. Do you think you can _____ ?

Unless your name is Boss, or Manager, I never want to hear this come out of your mouth. Ever. This phrase, as innocent as it seems, is a portal to another dimension where every second of your personal life is sucked dry by the things that will “only take a second.” Accept no side jobs from co-workers. You WILL be underpaid and overworked due to your ‘working’ relationship, with no possibility of actually getting what you’re worth. Unless they’re willing to pay you double what you’re making at the gig, walk away. I don’t “think I can” do anything, I know what I can do, and I know how much its going to cost you, and you probably can’t afford it.

1. You are everyone’s personal Google-er.

My mind was blown away the other day by my friend James, who sent me what I feel is the best invention since Google. It’s called LetMeGoogleThatForYou. Basically, its the most passive aggressive way to let someone know that what they just asked you, when typed into Google, will probaly give you a better explination than I can ever give. To some, this may come off as an insult, but others will be wisked away to the magical land of AJAX where an invisible pink elephant will dance into their office and type their question into Google for them. It even hits the search button for you. A dyslexic retard with 1 hand and a lazy eye can usually take it from here. Either way, they’re out of my hair.

Do you have any ridiculous office-related stories you’d like to share with us? Till then, try and keep the high powered weapons out of plain site. They might catch on to your plan…

Related articles

• Where have all the women gone?
• I Heart Geeks
• Geeks, nerds, or dorks?
• Nerd or Geek?
• What kind of Geek are you?
• Robot Lingerie: Totally Geeky or Geek Chic?
• Rubik’s Cube Alarm Clock: Totally Geeky or Geek Chic?
• The top 10 greatest geeks of all time
• The Ars Technica Holiday Gift Guide 2008
• MIT To Say No More Nerds?
• Tonight: Supporting the Troops (By Drinking)
• Sorting 1PB with MapReduce
• Google: Site Search Tweak for Publishers
• Department of Civil Disobedience: Google Should Deliver Its YouTube Data to Viacom in Paper Form
• Our disappearing web
• Google to present millions of photos from ‘Life’ archives
• Google’s Android takes your conversation too seriously [Android]
• Google investing profits in data centres
• Should Organizations Get To Ignore Copyright For The Sake Of Preservation?

Computer, Geeks and Nerds, Google, history, Information, Library of Congress, Nerd, Outer space, Plain English, Quake, Search, Search Engines, Searching, Shell script, Subcultures, Technology Hide

Image via Wikipedia

This package looks like it’s maturing quite nicely. Check out XAMPP, available for Windows, Mac, and Linux<3.

Many people know from their own experience that it’s not easy to install an Apache web server and it gets harder if you want to add MySQL, PHP and Perl.

XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use - just download, extract and start.

Related articles by Zemanta

• BitNami serves ready-to-roll CMS stacks
• Annvix: A stable, secure, no-frills server distro
• Why Apache Server is Better?
• Apache+MySQL+PHP on Vista/XP in 3 minutes
• Sun to acquire MySQL for $1B
• MvixBOX Media Server
• SolutionBase: Installing and configuring Network Access Control with PacketFence
• How to: set up and run your own web server
• MvixBOX media server: 2TB of web-enabled, media streaming goodness
• Get your PHP on the right Trax

apache, Apache HTTP Server, MySQL, Perl, php, Server, WWW, XAMPP Hide

Image via CrunchBase

Here at the Microsoft Security Response Center, we investigate thousands of security reports every year. In some cases, we find that a report describes a bona fide security vulnerability resulting from a flaw in one of our products; when this happens, we develop a patch as quickly as possible to correct the error. (See “A Tour of the Microsoft Security Response Center”). In other cases, the reported problems simply result from a mistake someone made in using the product. But many fall in between. They discuss real security problems, but the problems don’t result from product flaws. Over the years, we’ve developed a list of issues like these, that we call the 10 Immutable Laws of Security.

Don’t hold your breath waiting for a patch that will protect you from the issues we’ll discuss below. It isn’t possible for Microsoft—or any software vendor—to “fix” them, because they result from the way computers work. But don’t abandon all hope yet—sound judgment is the key to protecting yourself against these issues, and if you keep them in mind, you can significantly improve the security of your systems.

On This Page

Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore
Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore
Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore
Law #4: If you allow a bad guy to upload programs to your website, it’s not your website any more
Law #5: Weak passwords trump strong security
Law #6: A computer is only as secure as the administrator is trustworthy
Law #7: Encrypted data is only as secure as the decryption key
Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
Law #9: Absolute anonymity isn’t practical, in real life or on the Web
Law #10: Technology is not a panacea

Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore

It’s an unfortunate fact of computer science: when a computer program runs, it will do what it’s programmed to do, even if it’s programmed to be harmful. When you choose to run a program, you are making a decision to turn over control of your computer to it. Once a program is running, it can do anything, up to the limits of what you yourself can do on the computer. It could monitor your keystrokes and send them to a website. It could open every document on the computer, and change the word “will” to “won’t” in all of them. It could send rude emails to all your friends. It could install a virus. It could create a “back door” that lets someone remotely control your computer. It could dial up an ISP in Katmandu. Or it could just reformat your hard drive.

That’s why it’s important to never run, or even download, a program from an untrusted source—and by “source,” I mean the person who wrote it, not the person who gave it to you. There’s a nice analogy between running a program and eating a sandwich. If a stranger walked up to you and handed you a sandwich, would you eat it? Probably not. How about if your best friend gave you a sandwich? Maybe you would, maybe you wouldn’t—it depends on whether she made it or found it lying in the street. Apply the same critical thought to a program that you would to a sandwich, and you’ll usually be safe.

Top Of Page

Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore

In the end, an operating system is just a series of ones and zeroes that, when interpreted by the processor, cause the computer to do certain things. Change the ones and zeroes, and it will do something different. Where are the ones and zeroes stored? Why, on the computer, right along with everything else! They’re just files, and if other people who use the computer are permitted to change those files, it’s “game over”.

To understand why, consider that operating system files are among the most trusted ones on the computer, and they generally run with system-level privileges. That is, they can do absolutely anything. Among other things, they’re trusted to manage user accounts, handle password changes, and enforce the rules governing who can do what on the computer. If a bad guy can change them, the now-untrustworthy files will do his bidding, and there’s no limit to what he can do. He can steal passwords, make himself an administrator on the computer, or add entirely new functions to the operating system. To prevent this type of attack, make sure that the system files (and the registry, for that matter) are well protected. (The security checklists on the Microsoft Security website will help you do this).

Top Of Page

Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore

Oh, the things a bad guy can do if he can lay his hands on your computer! Here’s a sampling, going from Stone Age to Space Age:

• He could mount the ultimate low-tech denial of service attack, and smash your computer with a sledgehammer.
• He could unplug the computer, haul it out of your building, and hold it for ransom.
• He could boot the computer from a floppy disk, and reformat your hard drive. But wait, you say, I’ve configured the BIOS on my computer to prompt for a password when I turn the power on. No problem – if he can open the case and get his hands on the system hardware, he could just replace the BIOS chips. (Actually, there are even easier ways).
• He could remove the hard drive from your computer, install it into his computer, and read it.
• He could make a duplicate of your hard drive and take it back his lair. Once there, he’d have all the time in the world to conduct brute-force attacks, such as trying every possible logon password. Programs are available to automate this and, given enough time, it’s almost certain that he would succeed. Once that happens, Laws #1 and #2 above apply.
• He could replace your keyboard with one that contains a radio transmitter. He could then monitor everything you type, including your password.

Always make sure that a computer is physically protected in a way that’s consistent with its value—and remember that the value of a computer includes not only the value of the hardware itself, but the value of the data on it, and the value of the access to your network that a bad guy could gain. At a minimum, business-critical computers like domain controllers, database servers, and print/file servers should always be in a locked room that only people charged with administration and maintenance can access. But you may want to consider protecting other computers as well, and potentially using additional protective measures.

If you travel with a laptop, it’s absolutely critical that you protect it. The same features that make laptops great to travel with – small size, light weight, and so forth—also make them easy to steal. There are a variety of locks and alarms available for laptops, and some models let you remove the hard drive and carry it with you. You also can use features like the Encrypting File System in Microsoft Windows® 2000 to mitigate the damage if someone succeeded in stealing the computer. But the only way you can know with 100% certainty that your data is safe and the hardware hasn’t been tampered with is to keep the laptop on your person at all times while traveling.

Related articles

• Threat to computers for industrial systems now serious
• Microsoft security maturing fast
• Microsoft to seek credit for finding vulnerabilities
• The Ethics of Vulnerability Research
• Microsoft rushes out emergency Windows security fix
• Hackers eye Macs, iPhones
• Microsoft’s urgent security update: What it means
• 10 essential (and free!) security downloads for Windows
• Intel’s Moorestown would make iPhone less secure
• The DNS Vulnerability
• Brian Gardner’s Revolution 2 - INCREDIBLE Premium WordPress Themes
• WordPress Showcase. Brightest WordPress Stars
• WordPress 2.7 Beta 1 available…
• WordPress 2.7 delayed (beta available)
• WordPress 2.7 Beta 1 is out, November 10 release gets delayed

Business, Computer, Computer security, microsoft, Microsoft Security Response Center, Operating system, Security, Vulnerability Hide