dirtypotato.com^2.0

2:37:34

After the longest support call I have ever experienced, my three days of windows install hell has ended. I lost about 2 years worth of mail, and contacts which I'm not ready to accept yet and I'm considering a data recovery option. It's kind of ironic that the work I was doing when everything crashed was backing up my data. The time spent on the phone wasn't completely wasted. I felt like I got to know Bejoy pretty well who was the support representative from a southern coast Indian support center. I got an e-mail from him thanking me for my patience, but he addressed the e-mail to Mark and the relevant support information had absoultely nothing to do with what we conversed about for the previous 2.5 hours. I also learned a trick during the windows repair install that might be handy for someone out there. When installing XP Pro there is a point where there is a green status bar on the bottom left of the screen which says, "Installing devices". When that appears you can hit shift+f10 and a command prompt will appear in front of you which you can use to type various commands during the install. The command that Bejoy had me type was, "nusrmgr.cpl". This command brings up the user manager interface and allows you to perform all kinds of tasks like creating new users, deleting existing ones, changing the way users log on or log off, removing passwords. Handy no? Well if you haven't noticed yet I have just described one of the largest security holes in the windows OS that I have ever heard of. With a simple windows install disk you can basically get administrative access to any XP Pro machine you have physical access to. Hacker's take note, just drop an install disk in the drive, reboot from the cd, perform a repair install, hit the shift+f10 combo and the nusrmgr.cpl command and you've got the skeleton key for any XP Pro machine. As I am writing this I can't help think some evil thoughts about what I could do with this power, but I don't have any enemies, corporations that I want to steal secrets from etc. At least I don't want the repercussions of any of those actions. So I'm going to be a good citizen and write to Microsoft about the knowledge that I have just aquired, and maybe a few other security organizations so that they can spackle up this hole right quick. What this does remind me is how many of these types of holes must still exist, and how many holes Billy G's company has patched up in their history. It's a little unsettling; especially for a developer like myself who knows how software is built, and who uses and trusts the windows platform with so much. Maybe the hole that I fell upon tonight is a situation that has happened many times over, and the person holding the information just decided to keep it to themselves. I'm currently writing this post on my G4 Titatnium Powerbook which I have fallen in love with, and in my frustration last night I threw Fedora on my additional hard drive in order to use the machine crippled by windows. I was debating making a full switch, and swearing off the winOS entirely. Unfortunately that is the platform of choice where I am currently employed, and I think for anyone in the professional software business there are times where you are just forced to use the win os. Microsoft hater I am not, but I do feel some uncomfort especially after what I've experienced tonight. I just can't get the idea of driving a tank out of my head, and leaving the station wagon in the garage.