Why you should care about The EFF

Join EFF!




EFF stands for the Electronic Frontier Foundation. The Electronic Frontier Foundation is a non-profit organization that works mostly in the legal system to fight corporate and government infringement of people’s rights, especially where technology is concerned. Think Atticus Finch meets the kids from Hackers and you’re kinda, sorta, not really there but you get where I’m going with this, right?

Anyway, the EFF has guts. Their first legal battle was to help a small roll playing game developer (Steve Jackson Games) who had been illegally raided and nearly financially ruined by the United States Freakin’ Secret Service. The EFF then went on to square off against many more bullies; defending the privacy, rights, and values of people who like freedom. You can check out a list of their exploits here: https://www.eff.org/cases

The EFF also works to raise awareness about privacy, fair use, and freedom of speech issues through whitepapers. They have a wonderful Bloggers’ Rights section on their website with tons of information including a legal guide for bloggers.

My point here is, the EFF is working hard to keep The Internet free and user’s privacy and rights intact; if you value those things, you should probably support them by donating.

You can donate to the EFF by going here: https://supporters.eff.org/donate.

Oh yeah, and Adam Savage of Mythbusters fame thinks they’re cool too.


So you want to learn to pick locks

Pin_and_tumbler_lock_pickingLockpicking is awesome. No lie. Picking open your first lock is exciting, unsettling, and possibly addicting. It’s exciting in the sense that you become aware that locks can be viewed as mechanical puzzles and that once you know how to solve them, you have the keys to the kingdom.  It’s unsettling because once you get the hang of it, you start to realize just how easy it could be to pick the locks that you depend on to keep you and your possessions safe. Picking locks is addicting because of the exhilaration, the sense of empowerment, the thrill of exerting your will toward something designed to prevent you from opening it without a key and prevailing.

Lockpicking isn’t just for spies and thieves. In most states in the US, picking locks that you own is entirely legal. Yes, this skill can be used for nefarious purposes but in most cases, if you want to break into a building, using a hammer, or even a rock is a much quicker and more effective way to gain entry – it works every time. Lockpicking is growing as a legitimate hobby and there are competitions in the US and internationally where enthusiasts get together and compete in lockpicking races and other challenges.

So now that you’re interested in lockpicking, the question is how do you get started? Well, I’ve been interested in this subject for quite some time and I have found several links and resources that have proven to be extremely useful. Lucky for you, I have gathered and listed those resources below.


Buying lock picks

To get started, you’ll need some picks. Toool (that’s with three o’s) is The Open Organization of Lockpickers. Toool’s purpose is to “advance the general public knowledge about locks and lockpicking. By examining locks, safes, and other such hardware and by publicly discussing our findings we hope to strip away the mystery with which so many of these products are imbued.” Their “Beginner’s Blend Pick Kit” can be purchased from their website at a reasonable price here: http://toool.us/equipment.html

Lock picks can also be purchased from these sites: 

Locks for learning how to pick

If you want to stay out of trouble, you should only ever pick locks that you own, or locks that you have been given permission to pick by the owner. So what locks are good for learning how to pick? I think that there’s an informal consensus among lock pickers that the Master Lock number 3 model is one of the best locks for beginners to learn on. It has only four pins in it which means that it is usually somewhat easier to pick than a lock with five or six pins. Locks can become harder to pick over time as the parts become fatigued from use. As someone who is learning lockpicking, you will probably want to go out and buy a new lock instead of using that rusted old padlock that’s keeping the shed door closed. The Master Lock number 3 is  easy to find at most hardware stores as it is a very popular and inexpensive model of lock.

There are also sets of locks for learning how to pick called progressively-pinned locks. Usually a set of progressively-pinned locks starts with a lock that only has one pin in it. Once you get the hang of picking a lock with one pin in it, you can move on to the next lock in the set that has two pins, and so on. Many sites that sell lock picks, also sell progressive-pinned locks. You can buy a set of progressively-pinned locks from the US Toool website as well: http://toool.us/equipment.html


Educational resources

Next you’ll also want some instructions, guidance, some information on how to go about this lockpicking business. There are some really cool people who invested a lot of time and effort into creating some fantastic resources that will help you learn how to pick locks.

This guy who goes by the name Deviant Ollam, wrote THE BOOK on lockpicking. The title of this book is “Practical Lock Picking, Second Edition: A Physical Penetration Tester’s Training Guide”, ISBN-13: 978-1597499897. You can pick it up from Amazon by clicking on the link here: http://amzn.com/1597499897

Schuyler Towne is obsessed with locks and lockpicking. So much so, in fact, that he put together a terrific series of instructional videos that cover the very basics all the way up to intermediate and advanced topics in lockpicking. Mr. Towne released these videos for free on You Tube and can be viewed here: http://www.youtube.com/playlist?list=PL66CD42F86F3A1F85


Meetings and  groups

Are you interested in lockpicking but not sure you’re ready to jump in with both feet? There are lockpicking groups all over the US that meet up usually every month where you can get hands-on training by enthusiastic and friendly people. There are many lockpicking groups in the US but probably the one that’s most wide-spread is the US Division of Toool. If you’re interested in attending a Toool meeting in the US, chapter meeting locations and times can be found here: http://toool.us/meetings.html 


Other resources

There are many forums and sites dedicated to lockpicking but I have found Lockpicking101.com to be one of the best.


Time for a change

ChangeThis site has been quite useful for me in many ways. I’ve used the posts in it for reference countless times to accomplish various tasks at work. I also have found it to be professionally useful in demonstrating knowledge and interest in subjects that are desirable to employers.

At the same time, I feel that posting only bits and pieces related to technical issues I have personally run into is rather limiting and I worry that it will cause this site to die a slow, boring, death. With that in mind, I will start posting more regularly with content covering a more diverse range of subjects. Yes, I will keep things mostly technical in nature but I will be branching out; posting information and links to news and technical resources on security, science, and other related topics.

I hope that this change will keep things lively and interesting here while maintaining the value that this site has provided.

A file server by any other name: Errors when using a DNS Alias in a UNC Path.

Computers are mean. Here’s a robot.

You’re using a DNS Alias to access an SMB network share on a Windows 2003 server, and you get the following error:

“System error 52 has occurred.
A duplicate name exists on the network.”

This is a known issue with Windows 2000 and Windows 2003 based servers. If a DNS alias is created for a server, the server doesn’t know to listen for connections from computers that are trying to access it’s file shares. This issue has been fixed in later versions of Windows but if you’re dealing with say a Windows 2003 server, you’re going to have to make a change to the registry of the server that the alias was created for and then reboot it. You may also have to set the SPN (Service Principal Name) of the server to match the alias.


Further info and instructions can be found in the link below.


Adventures with Distribution Groups in Exchange 2010

Because no one should have to suffer alone.
Distribution Groups: Because no one should have to suffer alone.

I was involved in the process of migrating a company from Exchange 2007 to 2010. So far, it’s been smooth sailing with the exception of a small hiccup here and there. One of these hiccups, has to do with the new implementation of the RBAC security model in Exhcange 2010 and how that affects managers of distribution groups.

The distribution group manager just clicks the Modify Members button for instant user management joy.
The distribution group manager just clicks the Modify Members button for instant user management joy.

An organization may have hundreds of distribution groups set up in Exchange for various projects, management groups, initiatives, you name it. In a dynamic environment such as this, people are being added to and removed from distribution groups all the time. This is why Exchange admins appoint managers for distribution groups.

A distribution group manager is a regular user with the exception that they can add or remove people from the group that they manage. The manager usually makes changes to the group using the address book in Outlook. In previous versions of Exchange, when an administrator would appoint a user as a manager of a distribution group, all the administrator would have to do is open the Exchange Management Console, add the user as the manager, open Active Directory Users and Computers, open the distribution group properties and give the manager rights to modify the group.

I suppose that like most admins who had upgraded from earlier versions of Exchange, I was surprised when managers of various distribution groups started complaining that they were getting an error when they tried to add or remove people. Distribution group managers who were able to modify the group before the upgrade to Exchange 2010, were getting errors stating something to the effect of:

Changes to the distribution list membership cannot be saved. You do not have sufficient permission to perform this operation on the object.

Turns out there may be a couple of different things going on here. First, the default permissions for Exchange don’t allow users to manage groups and must be changed. The Default Role Assignment Policy for users needs to be changed if you want your managers to be able to administer their distribution groups. To do this, log into your OWA server’s Exchange Control Panel and take the following steps:


  1. Click on Roles and Auditing
  2. Click on User Roles
  3. Click on Default Role Assignment Policy
  4. Click on Details
  5. Put a check in the box next to MyDistributionGroups
  6. Marvel at how easy that was. A little too easy…

There is one caveat: enabling this setting allows users to create, delete, and modify distribution groups resulting in… DISTRIBUTION GROUP ANARCHY! RUN FOR YOUR LIVES!!!

This is what distribution group anarchy looks like: users all hopped up on venti lattes and unlimited distribution group management.

I think that for most organizations, this setting isn’t sufficient for their needs. To further button down these access settings, a custom role can be created using The Exchange Management Shell. Luckily for us, the sharp folks over at the Exchange Team Blog created a PowerShell script that restores sanity to your distribution group settings by giving managers back the ability to manage their distribution groups while keeping them from being able to make new groups or delete them.

You can download the PowerShell script here: http://gallery.technet.microsoft.com/scriptcenter/8c22734a-b237-4bba-ada5-74a49321f159
You can read about using the script (which I highly recommend) here: http://blogs.technet.com/b/exchange/archive/2009/11/18/3408844.aspx

Second, you may find that you can use the Exchange Management Console (EMC) to modify distribution group memberships but managers who need to use Outlook to administer their groups can’t. To make editing distribution groups work in Outlook, you may need to change each distribution group to be Mail Universal Distribution Groups as well. You can do this in the EMC by right-clicking on the distribution group in question and selecting the “Convert to Universal Group” option.

Further reading:

Office 2010 GPO Nincompoopery

Whilst configuring group policy for Office 2010, I came across an interesting bug. The “Options” option in the file menu of all Office programs will be grayed out if you set the following policy to “Enabled” and place a checkmark next to “Office Center”:

 User Configuration\Policies\Administrative Templates\Microsoft Office 2010\Disable Items in User Interface\Disable commands under File tab | Help

 Group Policy for Office 2010 causes Options in the file menu to be grayed out.

Oddness when creating a dynamic distribution list in Exchange 2007 with custom filters

I recently ran into an interesting bug in Exchange 2007. I was creating a dynamic distribution list in the Exchange Management Shell. I set up a custom filter so that if a user’s AD account description had the word “common” in it, that user would be excluded from the distribution list.

Here’s the code for the DL:

New-DynamicDistributionGroup "EveryoneBlah" -OrganizationalUnit "blah.com/DL" -RecipientContainer "blah.com/blah/Lewiston/blah" -IncludedRecipients MailboxUsers

Here’s the code for the filter:

Set-DynamicDistributionGroup EveryoneBlah -RecipientFilter {(((RecipientType -eq 'UserMailbox') -and -not (description -like 'common'))) }

When I tried to test the filter by viewing the filtered list of recipients using the Exchange Management Console or by using the Exchange Management Shell, I would be shown a list of the users that the filter had been applied to BUT that list would not be limited by the RecipientContainer that had been specified.

So I did some searching and asking around and was pointed to this guy’s blog. He found out that this is actually a bug in Exchange 2007! The dynamic distribution group and the filter work just fine. It’s Exchange 2007’s functionality to SHOW the correct list of users that the DL is applied to that’s wonky.

Further Reading: