Visualize your hard drive using a TreeMap viewer

Every once in a while, I get low on disk space, and hunting for large directories or files to delete can be difficult manually. [Tree Map visualization](http://en.wikipedia.org/wiki/Treemap) tools make the job easier. There’s [WinDirStat](http://windirstat.info/) for Windows, [KDirStat](http://kdirstat.sourceforge.net) for KDE, and [Disk Usage Analyzer](http://live.gnome.org/GnomeUtils/Baobab) (baobab) for Gnome.

![TreeMap Image](http://library.gnome.org/users/baobab/stable/figures/baobab_fullscan.png.en)

Products to avoid

The nice thing about mass-market commercial software is that I can purchase it at a small fraction of the cost to develop it myself, which I would never do because I don’t have the time. Unfortunately, home-user mass-market software seems to lack quality. Here are some that I recommend against.

* [Greeting Card Factory](http://www.google.com/search?q=greeting+card+factory). When I opened the package, I discovered that the software shipped on about six separate CDs! I purchased the software in 2007 — an enlightened age where most people have DVD drives. I’m impatient, and disliked having to play disk jockey to install the software. Once installed, I discovered that it’s cumbersome to use — too much clicking with the mouse required to get the job done. There’s no good preview of card greeting messages in the template browser, so I have to load each one in, click through the buttons to see the message, and then start all over again to find an appropriate card. It sure is a waste of time. The best greeting card software I’ve used was American Greetings, but that version was designed years ago and required inserting CDs to load some of the cards. Hallmark’s software was the most polished, robust, and least annoying, but I liked the quality of cards from American Greetings better.

UPDATE: There is a good way to preview greeting card messages in the template browser — you have to increase the zoom level to the maximum, and additional preview controls become visible.

* Symantec and McAffe AntiVirus. They slow down a computer too much (by 20% or more!). Anything that annoys my grandmother about activation is too much of a hassle. Switch to [AVG Free](http://www.google.com/search?q=AVG+free). I run Vista with an unprivileged account, and so far, I haven’t needed AV. I ran AVG Free on Windows XP for several years, and never got a virus — because I didn’t download and install random software — and because my user account didn’t have administrative privileges.

There’s hardware to avoid as well:

* [Kodak printers](http://printers.kodak.com/). I decided to give a Kodak printer a try because of the promise of cheaper ink. The printer has been a constant hassle ever since we purchased it. Just tonight, even after selecting the best print quality, it still printed every other line as faded and smudgy. My wife seems to know the ritual to make it print better, but she’s not here at the moment. Avoid Kodak printers at all costs. Go with an Epson or an HP — they provide quality results. If a laser printer fits your needs, they’re usually more reliable than an inkjet printer.

What programs are listening to the network?

Sometimes, I’d like to know what programs on my system are listening to the network, and to quote the Perl motto, “there’s more than one way to do it”. On Linux, there’s `lsof -Pi` and `netstat -p`. On Windows XP and Vista, there’s the built-in `netstat -b[v] -a` and a separate utility called [tcpview](http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx). I’ve included example usages and outputs.

__lsof__ (Linux)

sudo lsof -Pni

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
python 1886 root 4u IPv4 6621 TCP 127.0.0.1:2207 (LISTEN)
cupsd 1898 root 3u IPv4 6663 TCP 127.0.0.1:631 (LISTEN)
cupsd 1898 root 4u IPv6 6664 TCP [::1]:631 (LISTEN)
cupsd 1898 root 6u IPv4 6667 UDP *:631
sshd 1912 root 3u IPv4 6711 TCP *:22 (LISTEN)
httpd 20084 apache 4u IPv6 7293 TCP *:80 (LISTEN)
httpd 20085 apache 4u IPv6 7293 TCP *:80 (LISTEN)
httpd 20086 apache 4u IPv6 7293 TCP *:80 (LISTEN)
httpd 20087 apache 4u IPv6 7293 TCP *:80 (LISTEN)
httpd 20088 apache 4u IPv6 7293 TCP *:80 (LISTEN)
httpd 20089 apache 4u IPv6 7293 TCP *:80 (LISTEN)
httpd 20090 apache 4u IPv6 7293 TCP *:80 (LISTEN)
httpd 20091 apache 4u IPv6 7293 TCP *:80 (LISTEN)

__netstat__ (Linux)

sudo netstat -lp –inet –numeric-hosts

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 1912/sshd
tcp 0 0 127.0.0.1:ipp 0.0.0.0:* LISTEN 1898/cupsd
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 1886/python
udp 0 0 0.0.0.0:ipp 0.0.0.0:* 1898/cupsd

Where’s `httpd`? It should be there, and it is, when I exclude the `–inet` option:

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 :::http :::* LISTEN 2038/httpd
tcp 0 0 ::1:ipp :::* LISTEN 1898/cupsd

__TcpView__ (Windows)

[Download](http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx) and start TcpView. From the menu, choose File > Save. Here’s the output from the file.

Process Protocol Local Address Remote Address State
svchost.exe:1064 TCP jareds-xp:epmapi jareds-xp:0 LISTENING
System:4 TCP jareds-xp:microsoft-ds jareds-xp:0 LISTENING
svchost.exe:976 TCP jareds-xp:3389i jareds-xp:0 LISTENING
nxssh.exe:2032 TCP jareds-xp:11000 jareds-xp:0 LISTENING

__netstat__ (Windows)

Note that this runs quite slowly on Windows.

netstat -bva

Active Connections

Proto Local Address Foreign Address State PID
TCP jareds-xp:epmap jareds-xp.mydomain.com:0 LISTENING 1064
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]

TCP jareds-xp:microsoft-ds jareds-xp.mydomain.com:0 LISTENING 4
— unknown component(s) —
[System]

TCP jareds-xp:3389 jareds-xp.mydomain.com:0 LISTENING 976
— unknown component(s) —
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]

TCP jareds-xp:11000 jareds-xp.mydomain.com:0 LISTENING 2032
[nxssh.exe]

TCP jareds-xp:3389 jareds-xp.mydomain.com:0 LISTENING 976
— unknown component(s) —
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]

Palm TX: There’s more than one way to install an application

When I got my Palm TX, I didn’t realize that the Palm Desktop software wasn’t completely compatible with Windows Vista. For example, I can’t install new palm apps via hot syncing. Here are some alternative install paths:

1. Attach the pdb files to an email, and send it to myself. Use VersaMail to retrieve the message, and install the pdb attachments.
1. Use the web browser to download and install a pdb file.
1. Have someone beam it using the IR interface.
1. Have someone send it using bluetooth.
1. Install from an SD card. I haven’t verified that this works.

While I’m at it, it seems like configuring Linux to hotsync with Palm devices can be a pain. As an alternative, I think I’ll get an SD card and use [nvbackup](http://handypalmstuff.sourceforge.net/) to backup to SD, and then copy the backup from SD to my Linux box and use it with JPilot.

There’s more than one way to do things, especially for a Palm equipped with built-in WiFi, bluetooth and an SD expansion card.

Disk Encryption: Not as secure as I thought

Apparently, it’s easier than I thought to recover disk encryption keys from a stolen laptop computer. The attack works against “several popular disk encryption systems: BitLocker (a feature of Windows Vista), FileVault (a feature of Mac OS X), dm-crypt (a feature of Linux), and TrueCrypt”. Watch the demonstration video at [http://citp.princeton.edu/memory/](http://citp.princeton.edu/memory/).

> The root of the problem lies in an unexpected property of today’s DRAM memories. DRAMs are the main memory chips used to store data while the system is running. Virtually everybody, including experts, will tell you that DRAM contents are lost when you turn off the power. But this isn’t so. Our research shows that data in DRAM actually fades out gradually over a period of seconds to minutes, enabling an attacker to read the full contents of memory by cutting power and then rebooting into a malicious operating system.

Encrypting a disk drive _does_ increase the confidentiality of data. It’s just not as secure as once thought.

Sidenote: Software and hardware based [key loggers](http://en.wikipedia.org/wiki/Keystroke_logging) can reduce the security of encryption as well.

Vista’s VirtualStore silently causes problems

When our household bought a Vista laptop, I migrated our install of Quicken 2002 to the new computer. My wife and I have separte accounts, and we update the checkbook separately. When she went to balance the checkbook, she noticed that my entries were missing.

On further investigation, it turns out that when I run Quicken, I can see my entries, but not hers. When she runs Quicken, she sees her entries, but not mine. It appeared that we are using two different databases. Quicken 2002 is supposed to write its files to the c:\Program Files\QUICKENW directory. I had given each of our non-Admin users access rights to write to that directory. I installed [Process Explorer](http://download.sysinternals.com/Files/ProcessExplorer.zip) so that I could see what files Quicken had open, and their location. It turns out that Quicken was writing its files to C:\Users\\[USERNAME]\AppData\Local\VirtualStore\Program Files\QUICKENW\. Why was it doing that? What is this VirtualStore thing?

Apparently, Windows Vista enforces security policy and doesn’t allow applications to write to C:\Program Files. Instead, it redirects badly behaved applications, like Quicken 2002, to write files to a per-user [VirtualStore](http://www.google.com/search?q=vista+virtualstore) directory, and it does this silently (for backwards compatibility). I wish Vista had simply denied write access to Quicken, so I would have known that there was a problem early on, before getting into this mess of having two diverging checkbook databases. I like the additional security that Vista enforces, but it’s inconvenient in subtle and exasperating ways.

Now I need to figure out how to merge our separate copies of the checkbook.

Update: I never did merge the two quicken databases.

CD Burning in Windows Vista

Summary: When creating a CD from Vista, create it as a “Mastered” CD instead of as a “Live File System”. This gives the best chance of being able to share it with friends and family.

Microsoft has sprung some surprises for those who burn CDs using Windows Vista: they’re not as compatible as when created with Windows XP — in particular, they don’t use the long established [ISO 9660](http://en.wikipedia.org/wiki/ISO_9660) standard, which is compatible with Windows 3.1, 95, 98, 2000 and other legacy operating systems. The ISO 9660 format is readable in all CDROM drives. Instead, Vista uses the [UDF](http://en.wikipedia.org/wiki/Universal_Disk_Format) standard, which is the right choice for DVDs, but not for CDs.

In other words, I can’t burn a CD of family pictures from Vista and read them on my legacy 500 Mhz computer. The CDROM drive in that machine isn’t capable of reading the UDF format. Microsoft has created yet another road block to compatibility. It wouldn’t have been difficult to support ISO 9660.

Still, that’s a legacy computer. What about modern computers?

Vista creates CDs in either “Live File System” or “Mastered” ([UDF](http://en.wikipedia.org/wiki/Universal_Disk_Format) 0.9.8.1) format. Neither one of these formats is supported by most CDROM drives — you’ll need a DVD drive to read them. The “Live File System” format will cause problems if you want to share the CD with non-Vista computers. To achieve maximum compatibility when burning a CD from Windows Vista, choose the “Mastered – Readable on all computers and some CD/DVD players” option. With this, I can read a CD, created by Vista, in a Linux computer with a DVD drive.

Picture of Vista CD Burning Dialog

My solution to get ISO 9660 CD burning capability is to install and dual-boot [Fedora Linux](http://fedoraproject.org/) alongside my Vista computer. Its CD burning is a user-friendly experience, with none of the hassles that Microsoft introduced with Windows Vista. Linux even gives me access to the files on my Vista disk partition. I’ll bet that [Ubuntu](http://www.ubuntu.com/) or [Suse](http://en.opensuse.org/) linux would work just as well.

Windows solutions for burning ISO 9660 CDs include [Nero](http://www.nero.com/) (commercial) or [Burn At Once](http://www.burnatonce.net/downloads/) (freeware).

Internet Explorer more secure than Firefox?

In the past, I’ve recommended to friends and family that they run Firefox instead of Internet Explorer to gain better security and usability on Windows systems. I’m re-evaluating that stance now that I’ve learned about a new feature of Windows Vista that restricts Internet Explorer and runs it inside of a jail. It’s called [Protected Mode](http://blogs.msdn.com/ie/archive/2006/02/09/528963.aspx), or [Mandatory Integrity Control](http://www.securityfocus.com/infocus/1887/2), and it means that that spyware and adware are less likely to infect a Vista computer.

As far as I know, Firefox doesn’t (yet) run inside the “jail”, so Internet Explorer is probably the more secure choice — yet another reason to admire the technical engineering [effort that went into Windows Vista](http://en.wikipedia.org/wiki/Windows_Vista#New_or_improved_features).

Despite the improved security of IE 7 in Vista, I enjoy the usability of Firefox, including the ability to disable JavaScript from running by default, using the [NoScript extension](https://addons.mozilla.org/en-US/firefox/addon/722) extension. Does anyone know whether there’s a [NoScript extension](https://addons.mozilla.org/en-US/firefox/addon/722) available for Internet Explorer? If not, I’m sticking with Firefox.