Werx Limited

We make IT work.

What’s the best way to make sure my data is safe?

Mar 18

Posted by wes in general, hosting, it industry | No Comments

I get asked many times from friends and family what the best storage solution is for ensuring data they find to be critical is not lost or corrupted.

Whatever storage solution you decide to use it needs to be unobtrusive and largely automated because, if not, then you’ll find out at the worst possible time (usually in a crisis) that actually recovering your data is nearly impossible and often times, incomplete.

The most unobtrusive solution I’ve found so far is to use a Network Attached Storage solution. The one I use and highly recommend is the D-Link DNS-321 which accepts standard SATA drives (which means they are fast and reliable) in a RAID-1 configuration. RAID-1 means the drives are mirrored, meaning the data is automatically duplicated to two internal drives. Just about any NAS system will work but make sure it includes RAID (most don’t) and isn’t simply a more fancy external hard drive.

Being attached a network attached device also gives you the benefit of not having to rely on too many additional moving parts. For a long time I used to use spare computer systems as storage units but what I quickly found out is that the individual parts in them posed as multiple unnecessary points of failure. Motherboards, RAM, even graphics cards can cause significant headaches when all you care about is the hard drives and the data they contain.

In fact, since Google’s high powered cloud computing infrastructure runs on common hardware like the kind you and I use, it is significant to note the hardware failure rate they discovered from constantly pushing common hardware to it’s limits over long periods of time. This simply means that when you are planning a computational strategy (in this case, storage of sensitive data) you need to plan for failure instead of hoping for the best.

In contrast, having a system that only consists of a minimal operating system and two drives should be able to give you enough time to replace one drive if/when the other one fails and the NAS unit itself is cheap enough that you could easily have a spare mothballed for the rainy day when you’ll need it.

It’s also a good idea to keep a copy of your data in an offsite location. The principle being that if one place storing your data were flattened then the you should be able to recover from the offsite location. The best way to achieve this is through a continuous online storage solution. I personally don’t use an online storage solution but some things to look for in one would be the backing company’s reliability, whether they back your data up to a cloud or a single server, and how well put together their interface software is. Try the free services first, chances are that if they are really as good as they claim to be (and they all claim to be good) you’ll quickly find out during the trial period (which often is a certain amount of allowed data storage). Here are a few free ones, I have used box.net before (for random file storage, not for regular automated backups) and can say it is pretty good.

I’ve also adopted the strategy of using as many online solutions (such as Gmail for email) which allow me to leverage reliable 3rd party clouds which provide inherent protection from data loss and provide the added benefit of allowing me to access my data from a wide variety of computers without having to sync data between every system I want to use.

Finally, focus on only backing up the files you know you will need. There is no reason to back up the entire computer in terms of applications, operating system, etc. Backing up unnecessary data will only serve to max out your storage capacity and quickly overtax your backup solution. Instead, plan on replacing your whole PC (and the operating system it uses, but keep a copy of the applications you use) in the event of catastrophic data loss. If you stick with reasonably reliable hardware your failure rate should be much higher than Google’s (3-4 years). Average costs of new and decent systems are low enough now that treating a computer as a disposable device (like a cell phone) isn’t all too uncommon or that bad of an idea.

  • Share/Bookmark

Tags: , , ,

WP-QREncoder Wordpress Plugin

Mar 4

Posted by wes in php, software development | No Comments

I managed to get an Android powered phone recently and quickly discovered the Barcode Scanner app is a common and seemingly preferred method of encoding and transmitting data in the Android community (and others as well I’m sure).

In less than a week I’ve grown to love the Android platform and I’ve already got a few ideas for some Android apps to write. But first I wanted to make sure I could post links to my apps using handy-dandy QR-encoded images easily within Wordpress.

So, borrowing somewhat from the WP-Footnotes plugin I set about to create the first rendition of the WP-QREncoder plugin for Wordpress.

This plugin is capable of encoding any string of text (specific use case is a URL) and is still in it’s infancy so I would appreciate any feedback you might have.

Download WP-QREncoder plugin here.

For more information (including usage) see the plugin’s permanent page here.

Oh, and here’s an example of the plugin in action:

  • Share/Bookmark

Tags: , , , ,

What do I do if my account’s been hacked?

Feb 23

Posted by wes in hosting, security | No Comments

A friend of mine recently asked me via Facebook what he should do if someone he didn’t know and wasn’t friends with on Facebook was able to access private information in he and his wife’s Facebook and email (and presumably other) accounts. Since this is a fairly common concern and question I figured I’d post my response below. Enjoy!

Most likely they have your password (which they might have gotten from a virus, trojan, back-door-worm, or something else.

While anti-virus is great (at this point I feel obliged to mention my employer, McAfee) one area constantly overlooked are apps on Facebook which are malicious. I just got through telling my wife not to install apps on FB unless she absolutely had to (which means, something you will use and use constantly). I used to be bad about installing all the poll and quiz applications on Facebook I came across until I went back through my installed apps one day and noticed that many of them weren’t even named the same thing they were named when I installed them.

So if you are worried that someone has hacked your online accounts the best thing to do is to immediately change all of your passwords. Make sure you use a strong password too (that goes for your wife as well as you).

Also, I highly recommend going through your Facebook applications and uninstalling anything you don’t use as they could be used to harvest your information. Not that you should remove them all (I love Mafia Wars) but if you were to read what a developer has access to you’d certainly think long and hard about each application you install ;-)

Finally, (for the super-paranoid) if you are using a wireless router you should certainly be using some form of wireless encryption (hopefully not WEP because it is vulnerable to attacks). Otherwise all of your information is being transmitted in the clear and can be easily captured with minimal effort.

It’s possible that this person might be getting your personal information another way (via ESP perhaps? :-P ) but I think the most likely culprit is your computer/network security.

There’s more that you can do to harden your systems against attack, but these are the most often used avenues of attack. If your adversary is a hacker let me know and I’ll continue listing things you can do to make your systems secure.

Good luck!

Next, we’ll look into some security products and practices that can help you secure your systems.

  • Share/Bookmark

Tags: , ,

Governments calling citizens to ditch Internet Explorer

Jan 28

Posted by wes in hosting, it industry, security | No Comments

Google was recently hit by an exploit McAfee has named “Aurora”. This exploit involves all versions of Internet Explorer (though version 6 is getting most of the attention) which has prompted the governments of France and Germany to warn it’s citizens not to use Internet Explorer at all.

Microsoft initially tried to claim that this exploit was trivial but has since issued an out-of-cycle emergency patch for all versions of Internet Explorer.

Looks like now is the perfect time to switch to one of the more superior browsers like Chrome or Firefox.

Here’s a video detailing how this hack works in action in case you are like me and interested in the juicy technical details:

  • Share/Bookmark

Tags: , , , ,

Passwords revisited

Jan 26

Posted by wes in hosting, it industry, security | No Comments

An analysis of 32million leaked passwords provided some interesting insights into the password selection practices of users. Among the key findings are:

  • The shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic forms of cyber attacks known as “brute force attacks.”
  • Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on). The most common password is “123456”.
  • Recommendations for users and administrators for choosing strong passwords.

Also, here are the top 10 most commonly used passwords they found:

1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123

I’ve said it before, the first step in computer security is having a strong password policy.

  • Share/Bookmark

Tags: ,

Simple JSON-RPC updated to 0.9.5

Jan 12

Posted by wes in java, software development | No Comments

The simple JSON-RPC package has been updated to 0.9.5 It has undergone some extensive refactoring and now includes documentation, and an example project. The source to this package is also available here.

For more information (and for future updates), visit the new project page here.

If you are interested in using, contributing to, or reporting bugs for this project, contact us!

  • Share/Bookmark

Tags: , , ,

Password policy: Creating and remembering strong passwords

Jan 12

Posted by wes in hosting, security | 2 Comments

Passwords are often the weakest part of any security system, partly because we don’t take the time to make them strong enough, change them very often, or use the same one all over the place.

Strong passwords which include a combination of upper and lowercase letters, numbers, punctuation, and are not based on a dictionary word are often not very easy to remember. And if it’s not easy to remember, chances are we’ll either end up writing it down (bad idea!) or we’ll choose a simpler password. Additionally, since we are often faced with a myriad of sites which all require separate accounts (and passwords), using different passwords for each site we use tends to fall by the way side in favor of convenience.

It doesn’t have to be like this.

Here’s a technique I’ve found helpful for creating strong, easy-to-remember passwords. It involves coming up with a unique method of transforming a simple word into a strong password using a few simple rules. The beauty of this system is that, unlike a strong password generator, the passwords you come up with using a system like this are easy to remember and can be unique to each site you use them with.

Here are a few other strong-password-generating ideas:

No matter what you choose to use to help you generate strong passwords. It’s always a good idea to check your password’s strength to gauge how hard it would be for an attacker to guess your password.

  • Share/Bookmark

Tags: , , ,

Topic survey

Jan 8

Posted by wes in general, hosting | No Comments

What topics are you most interested in knowing more about? Take a minute to fill out the following short survey and let us know!

  • Share/Bookmark

Tags: ,

Taming the blogosphere with Google Reader

Jan 5

Posted by wes in general, hosting, it industry | 1 Comment

What are blogs?

Many of you are wondering what the big deal is with blogs. Well here is a short video on blogs and why they are important/useful:

What’s so great about blogs?

Aside from being able to access specialized information put out on a regular basis, there is one other reason I enjoy reading blogs and consider them to be an essential element in our modern forms of communication.

Blogs help you connect with people.

You learn a lot about someone’s character, thoughts, and passions if you follow what they say on their blog. The trouble is that since blogs are generally authored by one person on individual website it can become time consuming and cumbersome to visit each blog you’re interested in to check for and read any new posts.

How can I keep up with blogs?

The easiest tool I’ve found to help bring a variety of different blogs together into one place is by utilizing the RSS feed offered by most blogs.

Google Reader is a web-based RSS reader which requires a Google account and a little bit of setup, but once you get it going its pretty much automated and will allow you to check a number of blogs without having to spend time visiting each and every website to get updates.

Here is a short video to help you get started with Google Reader:

  • Share/Bookmark

Tags: , ,

New Year’s Resolutions

Jan 1

Posted by wes in general | No Comments

According to surveys, only 12% of new-year’s resolutions are actually kept. So I’m not going to try and beat the odds by offering another list of items here.

However as someone who loves getting things done, I figured I would switch gears a bit and offer some productivity tools/methods I’ve found to be particularly helpful.

Inbox Zero

I went to lunch once with a well known speaker, Mike Licona, who lamented that he had almost 2,000 undread and unprocessed emails in his inbox.

While I don’t get nearly that many emails, I have been using a simple email management system known as Inbox Zero that helps me quickly process, sort, and manage my digital communications. Since telling Mike about Inbox Zero, he has managed (after some initial effort) to keep the number of unread messages in his inbox close to zero (hey, it improves your chances of getting a response from him).

Here is a video of Inbox Zero’s creator, Merlin Mann, giving a Google Tech Talks presentation about it:

Getting things done

Getting things done is a pretty simple program aimed at helping you optimize your workflow to help you get more things done.

I like this system because it works with any personality type and accounts for both short-term and long-range planning. It also has a very low learning curve, overhead, and since it does not focus on any single set of utilities or tools it is very adaptable.

Here is an excellent presentation of getting things done by it’s creator, David Allen:

Six sigma

A very popular system among large businesses is Six Sigma. Originally developed as a manufacturing process designed to eliminate manufacturing defects, it has since been adapted to a more general set of principles which can help you have a lot more consistency when it comes to the work you produce.

Six sigma can get pretty complicated, job boards are filled with management requirements of the various “levels” of six sigma experience. However here is a simple introductory video by Kaj Ahlmann of Six Sigma Ranch and Winery. In this video Kaj, one of the founders of Six Sigma, uses his hobby of wine making as an example of six sigma principles:

Hope these methods help you become productive in the new year!

  • Share/Bookmark

Tags: , , , ,