Today's Post is Brought to You by the Letter F and the Number 2

I was at a local Microsoft partner's office into the wee hours of Friday morning.  They had a server blowup and were in their second day/night of getting it back up and running.  They invited me up to the office to hang out, keep them company (and awake!), and potentially offer some assistance if they came across a problem.  As it happens when geeks get together, some techie discussions ensued.  One of them actually mentioned my last blog post about "things I take for granted."  He asked me if I knew about "F2."  I know F1 is help.  And I know that Alt-F4 will close down a program.  F5 is refresh, but I couldn't think of a use for F2.  He smiled, knowing full well that he was about to teach me something and teach he did.  Clicking on something (a file or folder in Windows Explorer, a cell in Excel, etc.) and clicking F2 automatically drops you into edit/rename mode.  In Windows Explorer, in order to rename a file, you would need to right click, select rename, then type the new name.  Or, you could just use F2.  In Excel, double clicking is probably easier than hitting F2, but now you know it is an option.

And today's a two-fer.  (It is sponsored by the number 2.)  I tested this out by opening My Computer and clicking on one of my hard drive icons (I have several external drives connected to my home machine) and hitting F2.  Why would I do that?  Here's one from me -- you can change the name of your drives from "local disk" to something more meaningful.  This is especially nice if you have multiple external drives.  Simply click on the drive icon in My Computer and hit F2.  This highlights the name of the drive ("local disk" by default in Windows Vista) and allows you to change it.  I, for instance, have a drive that looks like a giant blue Lego block named "BlueLego."  This way, I know where my data is going when I save it.  These names persist after being disconnected, too. 

This is much easier than trying to decipher which external drive is H and which is T.  It also makes things easier when you actually need to take one of your portable drives with you -- you'll know exactly which one has your data on it!

Technorati Tags: tips and tricks,Windows,F2

Things I Take for Granted...

I'm constantly reminded how some things that I take for granted are things that others (even my former co-workers) don't know.  I'm certainly not suggesting superiority here -- it works in reverse as well (and usually more often).  An example is the nugget I am about to share -- I was asking my good friend, Chris (who happens to be an Exchange engineer), about some complicated piece of Exchange.  He explained it in great detail.  When I went to test it, I actually performed the tip/trick I describe below to his amazement -- he was unaware of this particular feature.

I decided that it may be beneficial to throw out these little nuggets along with my regular blog posts.  My first one is going to be about the auto-complete feature in Windows.  This post is specifically about Microsoft Outlook, but also works in Internet Explorer and probably a number of Windows-based applications.

 

The Problem

You've made a mistake somewhere along the line.  Instead of typing in whateveraddressyoumeant@live.com, you typed in whicheveraddressyoumeant@live.com.  No big deal.  You went back and typed in the correct address.  But, every time you type in that address now, auto-complete automatically provides you with both addresses:

The Solution

Want to get rid of one?  No worries.  Highlight the item you want to get rid of and click the "delete" button on your keyboard.  Yes, it is that easy.  You can use this to clean up auto-complete entries in Outlook, Internet Explorer, etc. 

 

Technorati Tags: Outlook, Internet Explorer, auto-complete, Windows, Microsoft

The Password is....... Password.

I had started a series on my old blog regarding security.  I'd only gotten the first post up when I found out I was being laid off, so I never finished the series.  I think, however, it is worth finishing as this is an important topic that we should all take seriously.

When I was out delivering presentations for Microsoft, I would often discuss aspects of security.  I had several different angles I would use to start the discussion, but however I approached it, I could always see that it wasn't reaching some of my audience.  They would put on their "this doesn't apply to me" faces and wait for me to finish.  That is just plain wrong.  Security applies to everyone.  The truth is that some businesses probably are not going to be the intended victim of a ring of skilled hackers (like something you would see in a movie), but everyone needs to be concerned about security, regardless of the business you are in.  "Why?" you ask.  Good question.  Let me tell you.  You might not fall victim to Robert Redford's gang of cyber-criminals from Sneakers.  And you may never come to the attention of Timothy Hutton's band of do-gooding thieves from Leverage.  But what about Joe in accounting?  He's angry at being denied a raise/promotion/preferred parking spot/extra week of vacation/etc.  Do you think you might come to his attention?  Am I setting up this scenario to scare you?  I am if that is what it takes to get you to think about your IT security.  The main concern I have is that often people don't think of IT security as something they need to worry about.  Enterprises have entire teams devoted to security while some (though not all) smaller organizations sometimes think that security is making sure employees are using a password.

Let's start our security discussion right there -- passwords.  What is your password policy?  Are you using a domain with complex password enforcement?  Do your passwords expire?  Is that really enough?  The truth is that it is not.  It's really only a start.  People, inherently, can't remember really good passwords.  They especially can't remember a number of good passwords, which means it is likely that they are using the same passwords in multiple places.  They're also probably using passwords that have some relevance to them, like personal information.  And what about password hints?  If they're prompted for their birthdate or their pet's name, how hard is that to find out?  It is likely that other people in the office know their birthdate (and guessing the year isn't that tough).  And their pet's name?  Really?  When did this become a question that was hard to answer.  How many dog people do you know that don't love talking about Sparky, George or Fido?  My point is that questions which can be answered by the intended party could also be answered by others, especially people who know them.  Going back to the disgruntled employee example, you can see the problem here.

So how do we fix this problem?  Unfortunately, that's not an easy question to answer.  User education is step 1.  Explaining the dangers inherent in weak passwords may help, but it is likely that they will consider your worries paranoid.  "What information do I have that a hacker could want?" is a typical response.  Enforcing policies only goes so far, too.  Creating a password policy that is too draconian and you end up with people writing their passwords down in order to remember them.  Personally, I am an advocate of passphrases, rather than passwords.  They're secure (because they can be very long and contain special characters like punctuation) and they're easier to remember.  Look at this example:

X30$2lnLeom  (This is a good password.  It has multiple character sets, is 11 characters long, and contains no personal information nor dictionary words.  It's also pretty impossible to remember.)

What about this password, though?  (This is a good password, too.  It's got multiple character sets, is quite long, and has the benefit of being much easier to remember.) 

These passphrases could be song lyrics, movie quotes, or even things your mom told you when you were little.  Take, for instance, one of my favorite songs, Istanbul Was Constantinople, by They Might Be Giants.  This song offers tremendous password potential.  The chorus is "Istanbul was Constantinople.  Now it's Istanbul, not Constantinople.  Been a long time gone, Constantinople.  Why did Constantinople get the works?  That's nobody's business but the Turks."  Any of these lines, complete with the punctuation, makes a great passphrase.  (And who in the world is going to guess that whole thing?)  I could also use the first line of the song as my first passphrase, switching to the next line every time I need to update my password.  This provides a lot of passwords before I have to move on to the next song.  (It has the happy side benefit of getting me humming each time I log into my PC.)  :)

Leveraging passphrases like this also provides users with a better ability to use different passwords in different places.  Need a password for work?  How about lines from Working in a Coal Mine by Devo or Bang the Drum All Day by Todd Rundgren?  A password for your financial sites could come from Money by Pink Floyd or Money by the Flying Lizards.  For your social networking sites, you could use songs like Joe Cocker's With a Little Help from my Friends or Bill Withers' Lean on Me.  Get the idea?  By making these connections, it is much easier to remember which song (and therefore, which password) goes with which login.  This means it is more likely that users will use different passwords in different places.  How do you make this happen?  There is no substitute for user education.  You need to explain to users why this is important and give them some helpful tips on creating good passwords (like the ones above).  You also need to ensure you have a policy in place outlining your password requirements.  (And, in this case, I'm speaking of a written policy as well as a domain policy enforcing strong passwords, password expiration, history, etc.)

Is using a passphrase going to protect your network?  Nope.  Not even close.  It's a good start, though.  I'm going to continue discussing some security concerns in the coming days.  Hopefully, once we're done, you'll have a more comprehensive idea of what the dangers really are and how you can protect your assets.

 

Technorati Tags: password, security, policy, passphrase

My Second New Post (again)

For those of you who followed the link from my Wordpress.com blog, I appreciate it.  I certainly hadn't intended on moving so soon.  The good news is, I hadn't even unpacked my boxes yet, so it wasn't too much work.  (Hopefully, it wasn't too much work for you, either.)

If you haven't seen it yet, I have been getting a little ink out in the blogosphere.  It's mostly focused around my tattoo and I would like to take this opportunity to respond to some of the comments I have seen.  (After all, that's the whole point of having a blog, right?)

I showed up on TechFlash thanks to Todd Bishop.  He even sent me an e-mail letting me know about the post.  Thanks, Todd.  I certainly appreciate it.  I wanted to address some of the comments that I saw on his site:

This one, from "A":

Microsoft tatoo? I'm glad he got fired. Who gets a microsoft tatoo? You dont tell your family you work at MS.

While this seems ridiculous and not worth the time it takes me to type a response, I see this type of crap all the time and want to respond.  (One of the things that is probably going to come out now that I have my own blog independent of Microsoft is that I am a snarky, sarcastic person who has low tolerance for stupidity (which is NOT the same as ignorance) and am especially annoyed by stupidity which hides behind anonymity.)  I could go off on the fact that he can't spell "tattoo," despite the fact that Todd had correctly spelled it three times in his post, but I won't.  Instead, I want to focus on the second sentence -- "You don't tell your family you work at Microsoft."  This is pretty common Internet rhetoric.  Microsoft is the evil company whose sole motivation is corporate greed.  This is simply not the case.  Before you get started on your angry retort (which would almost certainly include the word "monopoly"), hear me out.  I am not going to get into Microsoft's business practices because, quite frankly, I do not have any knowledge of the decisions which were made at executive levels.  I do, however, know some of the results.  (Can you say "DOJ?"  I know Microsoft can.)  My point is that, in my opinion (which is all this is), Microsoft was in a fairly unique position in the 80s.  They created an operating system which became wildly popular.  (Point of fact -- they created several operating systems which became popular, but that's not the point.)  They also created software that ran on those operating systems.  Many of these packages, too, became wildly popular.  (Think Microsoft Office.)  It made sense to package these things together.  And, with the Internet revolution, things became even more complicated.  Technology became big business for home users as well as businesses and Microsoft began creating products that took advantage of these new technologies.  They were in a great position to bundle all of these products together to ensure that a user had access to everything they needed right out of the box.  Evil?  Hardly.  Can you honestly say that you would have done something differently if you'd been in charge?  Ok... I've digressed from my point (passion is sometimes hard to control).  I want to point out, however, some good that Microsoft has done (and I don't begin to think I could cover it all here, even if I knew it all).  Let's look at just a few recent examples:

Coding for charity -- this is an event which partnered developers with charities to help them get the technological solutions they need.

Aids Research -- Microsoft developed and released code to the AIDS research community free of charge. 

Gates Foundation -- do I even need to mention Bill and Melinda Gates' foundation and all they do?

And the financial cuts?  How will they impact the philanthropic nature of Microsoft?  According to Akhtar Badshah, manager of the company's global employee and corporate giving programs, not at all. 

Microsoft donated nearly $500 million in fiscal 2008, including cash, employee matching gifts and software. It was ranked the best company for investing in its community by the U.S. Chamber of Commerce.

To me, that says that not only should I tell my family that I work for Microsoft, I should be proud of it.  And I certainly am.  (Well.... was, anyway.)  :)

Another comment from this same site was from @Joe. 

The best thing in his life was working at Microsoft? No dig on Microsoft but seriously you are missing out on life if the best thing you've experienced is your job.

@Joe -- you are 100% correct.  It is the best place I have ever worked, but not the greatest experience of my entire life.  I should've been more clear.  :)

I also managed to get some press on BoingBoing.net.  A great comment got posted here by TechnoGeek:

Strikes me as an object lesson in why you should never make any permanent marks upon your body that you may not want to live with (and by) for the rest of your life.

I just want to make it clear that I in no way regret my Blue Monster.  As I said in my last post on TechNet, it is a constant reminder that changing the world is something that is within my power and I should attempt it every day. 

Want to see some positive comments?  Take a look here.  I appreciate the comments and look forward to much more interaction in the near future.

There's a lot more out there, but you get the idea.  I'm tired and going to call it a night (watching Super Bowl 43 today wore me out a bit), but I'm excited about the possibilities that this blog will afford me.  :)

 

Technorati Tags: Microsoft, Blue Monster, Dan Woodman