I’ve been trying to decide what to do following the sudden demise of my spare PC last week. The question is whether to cannibalize the remaining components into a new machine, or just buy a brand new system. There are pros and cons to either approach, and it’s not an easy decision in these days of cheap ($500 and under) machines.

In the past, buying off the shelf meant you were stuck with whatever vendors had to offer. IBM, Dell, Gateway, and HP provided mostly dead stock machines that were mainly designed for business environments. You were better off rolling your own if you were a gamer, graphics guru, or other power user. Building a machine was a money saving option, since individual components generally cost much less than a production box.

That was then. This is now.

Today, PCs are appliances. Profit margins are razor thin, so it’s a lot harder to save money by building your own system. Plus, many companies now offer online configuration engines that let you customize your system before it’s ever built. Want 3GB of RAM instead of 1? Click the option, watch the price change to accommodate it. Need a bigger disk? You can change that as well, along with nearly every other option you could ever imagine.

This makes the game a whole lot more interesting, and buying a pre-built commercial machine offers two advantages. First, if you decide to build your own and manage to break a component during installation, you’re stuck eating that cost. No manufacturer is going to hand you a new motherboard because you pushed too hard on a connector and broke it off.

Likewise, it’s at least possible (though difficult) to buy components that won’t work together. If you get a socket 775 motherboard and a socket 939 CPU by accident, well that’s just too bad. If you’ve opened either box, they’re probably non returnable.

The other disadvantage of rolling your own involves warranty. Basically, you don’t have one, and it can be harder than you’d imagine to get a motherboard vendor to believe you weren’t overclocking or otherwise abusing their product. Buying off the shelf means you have a manufacturer’s warranty to fall back on, and someone to call if things go wrong.

This said, all my home-brew machines have been very reliable. There’s nothing wrong with building your own Frankenstein PC. Just be aware of the potential pitfalls.

If you’re one of the millions of users who says they’re tired of Vista, David Karp over at PC Magazine has just what you need. He’s written a step by step guide to upgrading back to good old XP on your Vista-infested machine. It’s probably not for the technically faint of heart, but it might be just what the doctor ordered if you’ve contracted a bad case of Vistaitis.

Apparently the complaints just keep rolling in regarding driver incompatibilities, bad performance, and an annoyingly intrusive user experience. There’s also the condition known as the “green ribbon of death” (successor to the old and beloved “blue screen of death”) for which Vista’s release of IE7 is becoming infamous. You may have experienced one or more of these conditions, or you’re just annoyed at the amount of disk space and RAM that Vista eats up.

The first problem with a Vista-to-XP “upgrade” is that the standard XP installer won’t allow you to roll back from a newer Windows release. Thus, David had to work up a mechanism that’ll allow a user to fake the installer into thinking Windows isn’t already set up on the machine. This involves some MBR (Master Boot Record) magic and some command-line utilities that most people aren’t even aware of. As he says, “back everything up before you try this.” It’s not dangerous, but you may have a problem if something is done out of sequence.

Obviously, it’s least dangerous to run this procedure on a machine that’s more or less brand new and out of the box. Not having personal files, settings, bookmarks, and other stuff in the way makes the migration that much easier — just run through the steps and you’ll be happily cooking along on XP in a few hours. If something goes wrong, just pop in the Vista recovery disk that probably (hopefully) came with the machine. You can then start from square one again, or opt to retain Vista and suffer its annoyances.

Again obviously, you should only do this with a legitimate, licensed copy of XP. No matter what someone tells you, the fact that you own a single Vista license does not mean you’re allowed to run a copy of XP instead.  That’s like claiming your drivers’ license gives you permission to fly a 747. Now, if you have an XP license from your old machine handy…

The rise of botnets, or huge networks of compromised PCs used by phishers and spammers to conduct illegal activities, has been a major topic in Internet security discussions over the last few years. Certain illicit groups have gathered literally millions of machines together, controlling them via remote control from any location on the planet. They’re a threat to security, to daily business, and to the usefulness of the Internet itself. In some cases, companies have been subjected to extortion demands: “pay for ‘protection’ or we’ll swarm your servers and take you offline.”

Now, some researchers are fighting back by developing “friendly” botnets that can swarm in and defend against felons. The system in development is called Phalanx, and it effectively shields servers that are under attack from being overwhelmed during a DDoS attack. The friendly machines take on the role of “mailbox” for the server, intercepting messages and relaying them back to the server only when it’s capable of handling the load.

The friendly botnet machines basically jump in as extra hands to manage the outrageous load placed on under-attack systems, thus allowing the server to function normally. It’s like having a massively distributed queuing system in place, with a nearly infinite number of machines managing the queue. If 10,000 queue-managing PCs aren’t enough, just add another 10,000.

This is a very cool idea, and has the potential to render DDoS attacks obsolete unless hackers find a way around the Phalanx itself.  Even better, Phalanx manages the communications stream itself. “Phalanx also requires computers wishing to start communicating with the protected server to solve a computational puzzle. This takes only a small amount of time for a normal web user accessing a site. But a zombie computer sending repeated requests would be significantly slowed down.”

Will Phalanx, or a system like it, spell the end for malicious botnets and the Wild West nature of some Internet businesses? We can only hope so.

Note to self: never let the smoke out of your PC. If the smoke ever manages to escape, the machine will stop working.

There’s actually an old computer technician joke about this. The line is that a technician arrives at a customer site, is shown to the failed system, and asks what happened. The customer says something like “I don’t know, it was working fine. Then there was a pop, a puff of smoke, and it stopped.”

The technician’s reply was “well there’s your problem. These things all have built-in smoke. They won’t work at all if you let the smoke out!”

I guess you had to be there.

I was there earlier today when, after adding RAM to my aging Windows 2003 Server system, I powered it back up only to hear an ominous “pop.” I smelled smoke, and the power LED went off. Dead power supply, dead PC. Happily, this box doesn’t hold any of my live data. It’s just used for test, so it’s not backed up. The project I’d been using it for was complete, so the fact that it was dead didn’t bother me much.

The situation might have been very different if my primary machine was involved. What if I’d been on a tight development schedule and lost time running around in search of a new power supply? And as it turned out, the supply was only the beginning. I had a spare handy, and installed it only to find the motherboard was dead as well. Did the power supply kill the board, or vice versa?

This is how people lose data. In electronics, one failure can beget another.  The supply may have generated a surge when it failed, thus frying the board. Did it also kill the drives? Are they now unreadable?

Hardware does fail. Everything has a “mean time before failure” (MTBF) rating. Nothing lasts forever, and odds are it’ll fail just when you need it most. In this case, I got lucky. If the smoke had escaped a day earlier, I’d have failed to deliver a demo to an important customer.

I’m actually kind of glad this happened, since it reminded me how important backups are. Now I get to go hardware shopping.

It appears the online protest against Microsoft’s decision to stop selling XP as of June 30th is gaining some traction. An article on Yahoo today said Steve Ballmer, Microsoft CEO, is at least considering the idea of extending the sell-by date for XP.

Will it happen? Will Redmond face the fact that lots of people heavily dislike Vista? It’s too soon to say, and Steve seems to have his head in the clouds regarding Vista’s popularity. He claims, probably correctly, that “most people who buy PCs today buy them with XP’s successor, Vista.” Sure, when you’re not given a choice between the two. If you look at most vendors today, obtaining XP is harder than finding an honest politician. So what does he expect they’d be buying?

I understand Redmond’s reticence regarding an extension for XP. First, extending its lifetime means they have to maintain production lines for multiple products, and also are stuck supporting installation problems from two different customer bases. PC vendors are in the same boat. In the long term, maintaining two OS variants at the same time also bleeds off software support and development time. Managing two large code bases and providing patches for both means increased overhead. This is the same basic reason auto manufacturers aren’t still selling models from the 1990s.

There’s also the problem of forward compatibility. Microsoft has to deal with Intel and AMD’s plans, not to mention other chip vendors and hardware manufacturers. Supporting two OSes means Microsoft has twice as much work to do regarding hardware testing. New hardware means a new round of testing. Life is a lot easier if only one OS has to be tested.

It wouldn’t surprise me if Ballmer announced a limited level of forward support for XP. By this I mean they’d support new installations only on hardware manufactured up until, say, the end of 2008 or 2009. This would limit their exposure to the hassle of forward support while still giving a very vocal and angry segment of the user base what they want.

Of course, another reason Microsoft is resisting the idea of extending XP is that it gives a tacit level of support to the idea that Vista is badly broken. By caving into the pressure, they’d be acknowledging that these problems are real.

In a recent Security Intelligence Report released by Microsoft, the number of new vulnerabilities exposed during the second half of 2007 was lower than prior reports. That’s the good news. The bad news is that the actual number of incidents involving installation (or attempted installation) of malware climbed sharply. The numbers are based on reporting provided by Microsoft’s Malicious Software Removal Tool (MSRT), which apparently sends such data back to Redmond for analysis.

While I think it’s too soon to call this a “trend,” it might reflect a strategy shift on the part of hackers. Rather than looking for new vulnerabilities, they may be focusing on sneaking into machines using infected websites or compromised application software.
In a way this makes sense. Users are generally clueless, and often will click on anything without thinking twice about it. On the other hand, digging up new OS or network vulnerabilities is a much more labor intensive activity. It requires more talent and expertise in the area of software development and could require a lot of time. Why resort to mental gymnastics when you can just use a proven, KISS (”Keep It Simple, Stupid”) strategy?

What does this mean for Internet denizens? Simple: be aware. Use a mail client that’s spam-aware, never click on any link without checking it out first, and for heaven’s sake don’t blindly install or open any attachment you receive. Even if the message is allegedly from a trusted friend, it might be a forgery based on a hacked address book or hijacked account.

Also stay away from websites you can’t identify. Be especially vigilant of links that trace back to a Chinese, Indian, Russian, or other foreign IP address unless you know who’s operating it. Watch out for sites hosted on someone’s DSL or cable account, since these may be home PCs that have been hacked and turned into malware distribution channels.

I receive bogus mail all the time, inviting me to look at someone’s “killer site” or watch the latest Paris Hilton video. I bet you do too. Guess what? They’re bait. Don’t take it.

Here’s a quick quiz. You’re visiting your brother, and notice he’s using some snazzy new graphics package on his PC. You comment on it, and he offers to cut a copy on CD or DVD so you can use it as well. It’s licensed commercial software.  If you accept the copy and install the software, are you guilty of piracy?

Answer: yes.

That’s not what you wanted to hear, was it?

The sad fact is that lots of people are using pirated software. When you buy a copy, either over the Internet or in a store, it’s generally a single use license. This means (if you ever bother to read license agreements) you’re permitted to install one and only one copy. You’ve bought a license to use the product on one machine. That’s all. In some cases, vendors add a special “running instance” clause that allows you to install on more than one machine, as long as only one copy is in use at a given time. No fair installing two copies so your kids can run the same package while they’re at school.

Microsoft is dealing with this problem via its somewhat onerous hardware-based licensing scheme, as used in XP and Vista. If you install a second copy, it’ll try to register itself over the ‘Net. When it does so, it’ll detect that it’s already been installed elsewhere. Eventually it’ll refuse to run. Theoretically, Microsoft could track down the illegal machine’s IP address and send the software police to knock on your door.

More strangely, some people seem to think they can buy a Vista “upgrade” package and slip through a loophole regarding licensing. This is a very dangerous game, and one that’s bound to lead to problems later on. They certainly won’t be given support if they need it, since the OS was installed “fresh,” not atop an earlier version of Windows.

Software licensing isn’t a game. Eventually, if you run outside the law, it’ll catch up with you. Paying $200 for a cleanly licensed application is a lot less expensive in the long run. Heck, that amount would only cover the first hour of a decent lawyer’s fee.

Everyone talks about the so-called “paperless office,” but I’ve seen many cases where it’s more a dream than reality. A former boss (in an I.T. organization, no less!) had the habit of printing out each and every email message he received. He then filed them in stacks of manila folders that eventually required a 4′ wide, 3-drawer lateral file cabinet all their own.

I’m sorry, this is a really bad way to run a department. Even today I see people still using paper faxes when they could be going digital instead. Why print a document only to pop it onto a fax machine for transmission?

Years ago I set up an EFax account and started managing all my fax needs via email. For $14.95 a month you can send and receive faxes electronically. The software sets up a printer that actually transmits fax data to the company when you “print” to it from Word or any other application. Arriving faxes (sent to your personal fax number) show up in your inbox so they can be opened and printed at leisure. Your faxes are archived on the company’s servers, so you can go back and retrieve them later on if you need to.

An alternative is FaxDigits, which is a free service that supports incoming faxes only. You get a personal fax number, and the incoming documents arrive as PDFs. If you need to send anything, standard Windows fax utilities do a fine job.

There are several advantages to these solutions. First, you don’t have to tie up a phone line (whether your regular home line or a secondary one) for fax traffic. If you’re now paying for a second phone line, you can save $40-50 per month by going digital. Doing so also largely eliminates the need for a dedicated fax machine in your office, so there’s a savings in physical space. The fact that all your documents become electronic is another bonus. Removing paper documents from your office minimizes storage requirements. If you need a hard copy of a particular fax, just print it and go.

Currently I use EFax for most of my work, but also maintain an HP OfficeJet multi-function printer for cases where I need to fax a physical piece of paper to someone. Plus, the OfficeJet can copy, print, and scan to PDF as well. It’s a great way to do business.

So, what are you waiting for?

Security and identity protection are major points of concern in society today. Data security on the Internet is an especially hot topic due to the growing amount of data we store online. But this is only half the problem. The way we behave in traditional social contexts influences our online behavior. Data thieves know this.

That’s a fancy way of saying that a large percentage of people are suckers when it comes to their personal information. This was borne out by a study in which people were offered chocolate in exchange for personal data, and it shows how easy it is for online (or offline) thieves to con us out of information they can use to guess passwords.

According to the study’s results, “21 percent of the nearly 600 people queried outside Liverpool Street Station in London gave up their password when offered an incentive — in this case, a chocolate bar — down from 64 percent last year. Yet, of the people who declined to give their password, six in ten later identified the type of information — such as date of birth, pet’s name, or anniversary date — used to create their password.” So while more people are unlikely to give out a password when asked, they’re perfectly willing to hand out nearly anything else of value when asked nicely.

This is classic social engineering. How hard is it, really, to get someone to disclose the name of their favorite pet or car, their spouse, or other information that they might use as the basis for their password? The answer is that it’s not. And since lots of users (naughty!) still use these tidbits when setting passwords, they’re effectively giving away the keys to the kingdom.

Two important lessons can be learned here. First, think about what you disclose to semi-strangers during casual conversations. Second, stop using your cat’s name as the basis for your passwords. “Fluffy1″ isn’t secure, no matter what you might think.

Given Vista’s huge size on disk (3GB worth of installable files), anything that helps make installation easier is probably a good idea. As it turns out, there’s a product called vLite that makes installation simpler. It takes time to set up, but according to another reviewer it’s well worth the effort.

Effectively, vLite allows you to pick and choose which components to install and which to ignore. It allows users who need to perform multiple installations to set up pre-configured instances that require (ta-da!) no intervention at all. All questions that the Vista installation asks are pre-answered, so you can just start Setup and walk away. These are known as “unattended” installation images, and they can save huge amounts of time in corporate settings. PC manufacturers use pre-built images like these when configuring new systems on the assembly line.

The time savings is apparently quite good. Maybe you want your Vista install to include the Classic menu, a specific set of printer and graphics drivers, but you also need to exclude certain “entertainment” modules.  Create a new image with vLite (which is bound to be significantly smaller than the original distribution) and it’s all there. Now you pop it in, boot the PC, and it installs itself.

This snazzy little tool can be useful for home users who already have Vista installed as well. You’ve spent hours tweaking your installation to your liking, and don’t want to go through all that work again. Use vLite to build an installable image of your customized install, then back it off to a DVD-R. Now you’re ready in case of disaster, or if you just need to re-install for some reason.

This tool isn’t for everyone, but it’s another weapon in the arsenal of PC maintenance. For overworked systems people at large corporations, it’s a Godsend. There’s nothing like sitting in front of a dozen PCs, answering the same installation questions over and over for days at a time.

Many companies use programs like Norton’s Ghost to create pre-configured installation images, so vLite may be nothing new to them. For others, it may be just what the doctor ordered.