Thursday, September 13, 2007

Education and business

I find it entertaining that people worldwide think they have the right to discredit Americans and make fun of them. If you are not American, you do NOT have this right. However, since I'm an American, I'm allowed to make fun of my own people and nation as a whole.

It is pretty well known that education in America, as a whole, stinks. This video is well worth watching because I believe it paints a pretty accurate picture of the state of the nation:

http://www.youtube.com/watch?v=pfRUMmTs0ZA

The video is from a show called 20/20 and it is over a year old but please return when you finish watching.

I was brought up in a family that cared deeply about proper education. I had learned to speed read by the time I entered school. I also remember at least four different forms of corporal punishment used on my behind/legs as a child. Boy grandma sure loved finding that freshly-cut switch. But it made me into a fine, upstandin', law-abidin' citizen who cares about the world around us. And history and math were rammed down my throat (actually, I enjoy history* and math). Fun is NOT what school is about - people are there to learn. Those that cause trouble and hinder the learning process should be publicly humiliated and, should it continue, be kicked out**. The same goes for teachers and administrators who don't know the first thing about education.

* Those who fail to study history are doomed to repeat it.
** There are plenty of ways to learn. For instance, I taught myself everything I know about Software Development through hard work and perseverance. (And, just to clarify, I was never expelled but did cause some trouble mostly because school was not challenging enough - I got A's in my sleep - another reason to have a fast-track program for brilliant individuals...most of them stagnate under the current system).

One of my biggest gripes about education in America is that it is NOT tailored for the individual. Everyone takes the same exact classes regardless of what industry they want to be in. Really smart people are kept together with the average people and those who constantly struggle. Let's take math - considered by most Americans to be one of the "hardest" subjects. The reason people find it hard is because they don't see any use for it. Our daily lives are not The Matrix and we aren't Neo. When someone has that mindset, you can't teach and they can't learn. Might as well be talking to a wall. Which, ironically, is almost always based on math.

The unruliness you see in the video is not too far off from the truth of most schools. Granted the kids in the video knew there was a camcorder in the vicinity, so their behavior was perhaps slightly more outlandish than usual, but it is pretty accurate overall (i.e. they did a decent piece of journalism). I know a bunch of teachers (and even one principal) who constantly complain about unruliness of their students and how their hands are tied. The nation is shocked when a teacher "snaps" (e.g. spanks a misbehaving student)...I'm not surprised. Teachers everywhere here are frustrated and how they manage to maintain a semblance of composure is absolutely amazing.

So what am I saying? Well, part of the problem lies in grades. I'm not talking about A, B, C, D, E, and F--. Nope. I'm talking about 1st, 2nd, 3rd, etc. The system restricts really brilliant individuals from proceeding ahead and forces people who aren't ready to continue to do so. It is important to study math, English, history, etc. But by the time educators finish allocating the basics to a specific grade, there is no room for customized/individualized education. Particularly those of a technical nature. Few people learn to write computer programs until college - as if to say "Well, college is the place to learn that stuff". Not true. Elementary school is the age to start programming if that is going to be your target career.

Here is what I propose: Drop the idea of grade levels entirely. Students take types of classes in some order relevant to interest and closest industry. If they don't pass, they retake the class. Some people are "prodigies/savants" though - so they might ace every math class but continually struggle through everything else. This is where colleges/universities and lower education have to agree to combine forces. Why have two separate institutions? It doesn't make any sense.

Part of the problem is also discipline. Teachers have no way to enforce it. I therefore propose to reinstate corporal punishment. As far as I can tell, nothing is stopping schools from writing up a legal document that parents have to sign to let their kids attend the school. In that document, simply have checkboxes as to what types of corporal punishment are allowed by the parent to be executed by the school teachers in the event of unruly behavior. If the parent won't allow any punishment, simply send a rejection letter (Thank you for applying to [Name of School] school. Unfortunately, we cannot accept your child at our humble institution as we have determined he/she is not a good fit for our organization. We hope you have success in your search). This unties the hands of the [currently very frustrated] teachers to actually do their job. And it has the side benefits of creating a more stable, honorable, and well-educated society. And it won't cost anything...the necessary material for switches is generally located around the outside of almost any building.

The last problem is relevance. Why separate and segment education from the work force? That doesn't make any sense either. When I was in school, I constantly heard the phrase "real world" in reference to the work force. What does that mean? We're already in the real world. Phrases like that say to me, "We in education have created a bubble for ourselves such that we instantly and purposely obsolete ourselves." In terms of technology, education is always lagging behind by at least 5-6 years (some schools don't even teach technology and just admit that it is "out there in the 'real world'"). Education is pointless if it doesn't keep up to date. Students today are bright enough to realize this...hence they have no desire to learn. And why should they? They are learning about and using outdated technology and methods. Businesses have already realized this and provide on-the-job training to compensate.

Proposal: If businesses and corporations cared anything about education, they would get involved instead of shuttling money into a generic fund (e.g. Bill Gates' Foundation). That could mean, for example, employees taking a day off here or there and stepping in to provide a history or math lesson to students. It would be designed and prepared by the teacher, presented by the employee (failure could mean they get the pink slip). It says "knowledge about the world around you is important to your future" to those students. The end result is they will pay closer attention to their teachers. Get enough businesses involved (who are there to teach the current lesson plan and not advertise their products) and teachers can take a much more sideline approach to learning (focusing a lot more on lesson planning and helping students achieve more).

Or maybe getting involved would just be an addendum to the teacher's lesson plan (e.g. 5 minutes at the end of every class). The business person would show actual source code that used a math concept the students learned about from a real software product their company uses.

Now: Why should a business even consider this? Well, the youth of tomorrow are generally creative and have plenty of ideas. Some students will be more than eager to share their ideas with you. Most businesses stagnate or get in a rut when their first cash cow happens. They just lose the drive to innovate because of the risks involved with innovation. Doing this also has the bonus benefit of keeping the employee's minds sharp. You will also be aware of what today's youth experience and desire. And then there is the cliche and obligatory: 'Helping to shape tomorrow's work force, today!' Or something like that.

Just a few thoughts that I have thought about for a long time.
(In general, I'm pretty well-behaved. Only saying things I regret later when I lack sufficient sleep.)

Monday, September 10, 2007

Standards documentation is annoying...

Don't get me wrong, having Standards is a great idea. Being able to clearly communicate how something works is essential to daily life. If we, for instance, did not have the HTTP RFC Standards, you probably wouldn't be able to read this blog entry because every single web server would deploy their own idea of what a website is and there would be no single web browser to handle every single web server. (Or if there was, it would be a couple hundred gigabytes).

No. What irks me is the fact that very few Standards authors actually sit down and write binary data examples. That is, "Here is some sample data" and "here is how to read the sample data" and "here is some basic source code that reads and processes the data". While Standards should be about specification, of which they do a great job already, they should also be able to present an implementation or at least an example that could actually happen.

This is where Standards bodies and a community dedicated to each Standard should meet online to perform the latter. The actual Standard is supposed to be "set in stone" sort of documentation that changes very infrequently (if ever). What I propose to all Standards bodies everywhere is that the published Standard be closely associated with an online Wiki AND an official online forum. Dedicated community and Standards body members can then provide the essential examples and implementation that a Standard does not contain.

A perfect example of this is the C++ Standard. Some time back, some people came up with what I call the STL. Also known as the Standard Template Library, which, at the time, was not part of the Standard itself but was quite popular for providing additional functionality that avoided reinventing the wheel by using C++ templates. The ANSI C++ Standard committee adopted most of the STL into the C++ Standard. I still call this the worst idea they have had to date because the Standards body is defining implementation where they shouldn't be. The reason I think this way is because you cannot extend any of the existing templates (e.g. edit them) without violating the Standard. Because STL was no longer valid for new stuff, another really popular project called Boost has been made. What happens when the ANSI C++ Standards body decides to integrate Boost into the Standard?

The Standard should merely define what it means to be a template...not demand certain templates be included with every compiler. The STL should have been adopted into a Wiki and a related project. That way, it could have gained certain bits of functionality I consider essential. Take a look for a moment around the industry: C#, Java, PHP, Ruby, etc. are all gaining popularity and I say it is because they are not being hindered by Standards. Integrating STL into ANSI C++ was a horrible idea. Instead, the Standards body should have said "Hey, we really like this, let's point it out in the Standard as 'officially recognized' and dump it on our Wiki so the community can continue to develop it." Boost would have never existed.

The other thing I've noticed about ANSI C/C++ is that it continues to be geared for a line printer. This is 2007, not 1970. We have what is called the Graphical User Interface (GUI). You know? Mouse that points at and click buttons and hyperlinks and images and stuff? The ANSI C++ Standard and modern computing are at direct odds with each other. Because there is no central location for building on the ANSI C++ Standard such things like GUI stuff, threads, sockets, database access (!), etc. C++ has fallen by the wayside because to do anything you have to re-invent the wheel. Need socket code? Sorry. You'll have to go write that again despite already having been written thousands of times over and over.

As a result, people see other languages as being "easier to use" simply because those languages provide modern technology more easily. Sure C++ can do it, but you've got to lay the groundwork down before using it (even importing an existing library can be challenging). If another language already has the groundwork code written and included by default, then C++ becomes inferior.

Honestly, I'm not really sure what I'm looking for. Maybe I'm asking for two different things. That happened before when I wrote VerifyMyPC 1.0. I didn't really know what I wanted from the tool. It took a lot of feedback and self-analysis to finally figure out what I wanted and what other people wanted as well. I guess what I want is a Wiki for collaboration to create examples that people can use to understand Standards. However, I also want Standards to be separate from implementations and yet, at the same time, not distance themselves from the real world such that they obsolete themselves. I'm not really sure how to address the latter problem, but it is one that causes languages to become obsolete.

I don't ask for much, do I. :)

Friday, September 07, 2007

Setting up a wireless network

Edit (July 12, 2010): Ruh-roh! This blog post was declared Dead on Arrival. Read the story on how my "secure" WPA-PSK wireless network got hacked before setting up your wireless network. My personal recommendation is to NOT use a wireless access point unless you do some real hard thinking and research.

Occasionally I will receive a request for help on wireless networking. Usually the person was scared by someone when they were told, "Wireless networking is insecure. Your personal computer data is at risk." The first question they ask me is, "Is my setup secure?" Well, I'm not a mind reader and usually not in front of the computer, but usually those same users are surprised even to know that they can log into the router.

Okay, so the first thing I have to do is explain what a router is. In layman's terms: A router is something that takes data from computers on a LAN and sends it out on to the big bad Internet. When a response comes back, it is responsible for making sure the data gets back to the computer. Routers also double as a hardware firewall (keeps the bad guys out). If you want the technical explanation, go here:

http://en.wikipedia.org/wiki/Router

Most modern Cable and DSL lines go into some sort of box that you then connect your computer to (or use wireless in it). These are usually bundled with some really lightweight router software stuffs.

If you really want to secure your wireless network, I highly recommend getting a decent router. Like an actual router instead of the fluffy stuff your ISP provided you with. Buffalo, at the time of this writing, makes a pretty mean wireless consumer-level router. You can get consumer quality routers at pretty much any computer and office supply store (Best Buy, Office Max, etc.)

When you first hook up the router, your network is vulnerable (i.e. completely insecure). The first thing to do is use the bit of patch cable (CAT-5) that came with the kit and connect it directly to the LAN port on the computer you plan on using wirelessly. Configuration should be done over the wired connection just to make life simpler.

Once connected, your computer will have an IP address. Now comes the technical part. Go to "Start->Accessories->Command Prompt". If you aren't familiar with this, don't worry. Type in "ipconfig /all" (without quotes). Something like this should appear in the output:

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : ****************.
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.130
Default Gateway . . . . . . . . . : 192.168.0.1


The line you are after is the 'Default Gateway...: 192.168.0.1' line. Now start a web browser and enter:

http://192.168.0.1/

(Substituting whatever the Default Gateway is for you.)

A password prompt should display. The default username is usually something like 'admin' and the password field is left blank. This differs by router and model - read your manual.

A webpage should now display. This is usually called the Web-based Administrative Interface. What this looks like is usually different for every router. I refer you to your manual on your router for how to navigate the interface that shows up. Keep the command prompt open, more stuff from here is needed later on.

The first thing to do is to locate the wireless device name and change it from the default to something you will remember. This is also to avoid conflicts with surrounding devices. Also, if there are a ton of other wireless devices in the area, you should select a different channel. The default is usually 6. You can usually select a range from 1 to 11. However, because you are operating with radio waves, a channel is actually selecting a range in the 2.4GHz band. This range spans roughly 3 channels on either side. So to completely avoid signal overlap with channel 6, you need to select a channel that is at least 5 channels away: 1, 6, 11.

After making a major change and the router reboots, it is a good idea to close the browser completely, open a new browser window up, and reconnect to the router.

If you royally mess something up or get seriously lost, you can reset the router. There should be a little spot that you can push with a pen for 30 seconds to reset it to factory settings. You'll have to start over from the beginning if you use that (but at least you know it is available).

Now you are ready to start securing the device.

The first thing to do when securing a wireless router, is to go locate where the password for the router is stored. Change the password. Close your browser and open a new browser to the same location you just had opened. You will be asked for your new password. Make sure the password is complicated enough. Someone who breaks into the network will go straight for the router configuration to figure out where the weak points are within the network (along with making it easier to break in next time).

The next step is to make sure remote administration of the router is turned OFF. You don't want outside snoopers on the Internet to even know you have administration interface. Log into the administrative interface and locate the setting for remote administration and make sure it is off.

The next step is to go into the wireless configuration and enable some security on the wireless end of things. The default setting on wireless routers is to disable encryption. That is, everything is being sent in the clear and not encrypted. Someone could watch various bits of traffic such as e-mails, IMs, etc. without even being on the network.

There are various levels of encryption available and they have really weird, technical names for the non-technical person. So, I'm going to lay it out in a really straight-forward manner from strongest encryption to weakest:

WPA-PSK2 (AES) (aka WPA2-PSK)
WPA-PSK (TKIP)
WEP
None (default)

Some sites say that WEP is better than nothing, but it can be broken in 10 seconds. I leave it up to your imagination to come up with some humorous analogy. Note that as you increase encryption strength, the distance you can travel from the router (e.g. with a laptop) decreases significantly because signal strength drops off on both ends (power is diverted for encryption calculations). Also, you have to be careful with WPA-PSK2. You have to be using a network card that supports it and drivers that support it and have at least Windows XP SP2 and possibly a specific update.

When choosing a password for the encryption key, make it random. Completely random - letters, numbers, and characters. And store it in a file on a USB thumbdrive or write it down or something. And also make the password really long (at least 20 characters, preferably 40-50). NOTE: Some network cards do not like really long passwords in excess of 15-20 characters.

Once you apply the password and encryption changeover, wait for the router to reboot. You will have to reconnect to the wireless network using the new key. Right click on the "broken wireless connection" icon (has a red X through it) and select "View Wireless Networks". Select your network and click "Connect". Enter the password. It should connect. Now wander around and figure out the limits of how far you can travel before losing the connection. If necessary, move the router to a better place to cover more usable area.

This next step is optional but highly recommended. Log into the administrative interface and go to the wireless setup and locate something called "MAC address filtering" or "MAC filtering". This feature has absolutely nothing to do with the computer systems that Apple, Inc. sells. Enable MAC address filtering. Once enabled, there is usually a "Clone MAC address" feature with a dropdown list but, if you are physically connected, it will have to be entered manually. Switch to the open command prompt and locate the line that says "Physical Address...: XX-XX-XX-XX-XX-XX"...BUT make sure it is for the wireless card (NOT the Local Area Connection). Then switch back to the browser and enter the data into the fields manually.

What MAC address filtering does is say, "Only wireless network cards that have this MAC address are allowed to connect into this router." MAC addresses are uniquely assigned by the manufacturer of the wireless card (or any network card for that matter). Some OSes can use specialized tools to change the MAC address and "spoof" or fake a different card but conflicting MAC addresses makes it harder to get into the network without being noticed.

Optional: Locate the option in the administrative interface for turning off the SSID. The SSID is usually broadcast by default to make it easier to configure. It also makes it easier for the average snoop to figure out where wireless networks are. Those with wireless cracking tools, though, will still be able to figure out your SSID even if broadcasting is turned off.

Optional, but recommended: Switch the patch cable to the Cable/DSL box and connect into the web server that runs there (use 'ipconfig /all' again from before). Locate the a "Wireless radio on/off" toggle and turn off the wireless radio. You don't need it any more and will likely conflict with your newly secured wireless router.

Now that the wireless is completely set up and secured, you are ready to connect to the Internet and see if everything works. Up to this point, everything can be done and verified to work without connecting the router to the Cable/DSL modem. So go ahead and plug the patch cable (CAT-5) into the Cable/DSL. Test to see if you can connect to various websites. If you can connect and view websites, then skip the following troubleshooting section. Otherwise, read on.


Troubleshooting

When you can't connect to websites through a router but it works fine if you connect directly (a bad idea to begin with), then a couple of things could be happening.

The first thing to check is the obvious: Make sure the patch cable (CAT-5) is connected properly between the router and the Cable/DSL box. The patch cable should go from the port that says WAN on the router to a port on the Cable/DSL box. Also make sure to check that everything is powered properly.

The next thing to check is if your Cable/DSL provider has put a special MAC filter of their own and associated it with the IP. Every single networking device has a MAC address. Even the router has one. The problem is that the router's MAC address does not match any known/authorized MAC address. To fix this, go into the administrative interface on the router and locate the "WAN configuration" options (WAN = Wide Area Network...the device upstream, which, in this case is the Cable/DSL box). There should be a MAC address listed here. This is the address which gets broadcasted upstream. Now switch back to the Command Prompt and type in 'ipconfig /all' (without quotes) again. This time look for the wireless card's MAC address. Now switch back to the web browser. There should be a "Clone MAC address" feature with the wireless card's MAC address in the "WAN configuration". Use this option. When the router reboots, try connecting to websites again. NOTE: The MAC address you use should be the same one used when you used to connect to websites through the Cable/DSL box.

If the above fails, then you have probably run into the second problem: IP address range conflicts. The Cable/DSL box is issuing the same LAN (LAN = Local Area Network) IP addresses to the router that the router is issuing to computers on the actual LAN. In this case, the router is confused when it receives a request to connect to the outside world. To verify that this is the problem, directly connect the computer to the Cable/DSL box and use 'ipconfig /all' to see if the Default Gateway is the same as when you connect through the router. If so, to resolve this issue, go into the administration interface on the router and locate the "LAN configuration" options. What you are looking for is the base address of the router that matches the Default Gateway address. Here is where it gets tricky. Usually you will have a conflict of 192.168.0.* or 10.0.0.* (and rarely 172.16.0.*) - that is, both devices use the same first three numbers. To resolve this, simply increment the third number by one (1). So, 192.168.0.1 becomes 192.168.1.1. When you save this change, the router will reboot. A side effect of the change is that the web address to access the administrative interface changes to:

http://192.168.1.1/

Now try to connect to various websites. In most cases, this will work fine.

In the event that it doesn't work, you may be experiencing a synchronization problem between the new router and the Cable/DSL box. Power cycle everything. By this, I mean shut down the computer, router, and Cable/DSL box. Disconnect all cables (try to remember what goes where). Wait 30 seconds. Then plug the Cable/DSL box in and connect the line (from the wall) to the box. Wait for everything to be ready. Then plug in the patch cable between the Cable/DSL box to the router. Plug in the router and wait a bit for it to be powered up. Boot up the computer. Wait for the wireless connection to kick in and say you are connected. Try connecting to various websites.

If that fails, repeat, but leave everything disconnected for about 2-3 hours.

If that fails but connecting directly through the Cable/DSL box works fine, call your Cable/DSL provider and mention that you have a new router and "would like to know if there is anything special you need to do to get it to work because directly connecting through the Cable/DSL box works just fine". In particular, they may have a specific "MTU" setting. Whatever they tell you to do should be in the "WAN configuration" options of the administration interface.

If it still fails, then you could have faulty hardware. Especially if it works when you directly connect.


Final Security Check

Now that you are secure from the inside (including your pesky neighbors and wardrivers), let's see if you are secure from the big bad Internet. There are LOTS of bad guys out there and if you think your ISP is protecting you from them, you are wrong. If you sit on an open Internet connection with even a patched Windows-based PC (and even with many Cable/DSL providers!), you will be hacked and botnet'ed in under a minute..."up to one quarter of all personal computers connected to the Internet are part of a botnet" (botnets are usually protected by some form of rootkit making them nearly impossible to remove without reinstalling the OS).

The router you now have in place is there to defend you from all fronts at the IP packet level. So let's test that theory. Go here:

https://www.grc.com/x/ne.dll?bh0bkyd2

Scroll down the page past the useless stuff. Steve Gibson is a fanatic and not much of a security expert (moves his mouth a lot though - Bruce Schneier, on the other hand, is a REAL security expert) but his ShieldsUp! tool is extremely useful for finding any chinks in the armor of your router. Click the "Proceed" button. Click the "All Service Ports" option. Then sit back and wait as the website handles the rest.

A really good router will be completely "stealthed" (all green). However, many consumer routers have port 113 "closed". Port 113 is the identd service - some manufacturers do this so users won't complain about certain e-mail servers that require identd. If it was "green"/stealthed, sending e-mail messages could be very slow. Therefore it responds as being closed. This keeps the e-mail process moving along BUT at the sacrifice of having control over router security. Blame your manufacturer but also realize that port 113 isn't going past the router (i.e. requests stay on the WAN side - they never enter the LAN).


That's it! You're good to go. As far as consumer-level security, you've got the best there is for a minimal amount of tinkering.

If you want to do some more stuff, look into setting up firewall rules that block every outgoing connection except on specific ports that you use. This requires a fairly good understanding of how the Internet works in general. To try to explain it in English in a way that you could understand would take about two blog entries. Maybe more. And I would not try to explain it the same way Senator Ted Stevens did...The Internet is a series of tubes...it is not a truck...huh?

For commercial purposes and the adventuresome, take a look at RADIUS enabled hardware and software (along with various Linux/*NIX installations for certain router brands). The commercial hardware/software allows you to dynamically change the encryption key every 'x' minutes, which is a huge security enhancement. Also, you can set up those nifty redirection/login pages you see when you visit various establishments. You can also issue SSL client certificates for really secure setups. Actually, organizations are starting to put/are putting the wireless outside the LAN (usually squashed between two firewalls) and requiring people to VPN/SSH into the network to get on the LAN. This route is very secure.

This has been a very long message from your friendly neighborhood geek.

Monday, September 03, 2007

Cleaning a LCD display...

It is interesting to note that many people don't really know how to clean things. This is especially true when it comes to electronic components. In particular, cleaning monitors on computer systems is a widely varied practice and no one seems to have a definitive answer on what the best method is. We pay a lot of money for our LCD flat-panel displays and then spray harsh chemicals on them that causes the display to go murky...where is the logic in that?

Some people might say that the safest chemical is water. However, is fluoride, found in most city water, really good for the plastic film on a LCD display? Probably not. How about all those minerals and "floaties"? Also, probably not good. Fluoride is for strengthening tooth enamel and the minerals probably contain corrosives. And water doesn't mix well with electricity and the delicate circuitry in the monitor.

Other people mention really harsh chemicals and household items as the solution to cleaning LCD displays. In particular, soap comes up often. Not only is soap harsh on the plastic surface, it tends to leave a nasty film behind that is usually worse/harder to remove than the original problem. Soap is for human skin, not delicate computer equipment. If you have ever gotten soap in your eyes, you know that it burns like crazy.

Also, soap contains numerous ingredients. Take Dove, for example, a Ph-balanced, hypoallergenic soap that contains:

- Sodium cocoyl isethionate
- Stearic acid
- Coconut acid
- Sodium tallowate
- Water
- Sodium isethionate
- Sodium stearate
- Cocamidopropyl betaine
- Sodium cocoate or palm kernelate
- Fragrance
- Sodium chloride
- Tetrasodium EDTA
- Trisodium etidronate
- BHT
- Titanium dioxide
- Sodium dodecyl benzene sulfonate.

I can't pronounce half of those chemicals. I wouldn't want them on my computer monitor. Would you?

Windex, on the other hand, contains ammonia (among other chemicals). Some people report success with this, but ammonia-based products have this amazing tendency to interact with plastics negatively (read: chemical interactions). LCDs have plastic...not glass coatings. Actually, I wouldn't even recommend ammonia-based products for CRT displays either. These displays usually have anti-glare coatings with a plastic to bond to the glass. Chemicals would damage this coating and possibly remove sections entirely from the glass, thus ruining the display.

There is a product called Klear Screen that is recommended by every major computer manufacturer. I have no idea what they put into it, but most people probably spray it right on the monitor, which will tend to do more harm than good. It also costs money.

Computer equipment is manufactured in a sterile environment and then used in non-sterile environments. People engineering LCD displays clearly don't think, "I wonder if we are making something the average person can clean?" Nope - their minds are clearly thinking of that sterile clean-room that Monk dreams of living in.

Here is how to clean any monitor safely:

1) Go to your local grocery store or Walmart.
2) Locate and purchase two items:

One or two "3M Microfiber Lens Cleaning Cloth"(s) (roughly $3 each).
A jug of Distilled Water (about $2).

3) Go home.
4) Put a little distilled water on the cloth so that part of it is damp and the rest is dry. (Not soaking wet!)
5) Clean the monitor. Don't apply very much pressure or you'll damage the display itself!
6) Dry the monitor with the dry portion of the cloth.

In most cases, this will clean the monitor (in some cases, just using the cloth by itself will clean it up nicely). If not, repeat once more.

Now you will remember I said water is probably a bad idea. There is a significant difference between tap water and distilled water: Almost all of the impurities are removed in distilled water. Tap water is healthy for people, but distilled water isn't. Distilled water is used in chemistry and biology experiments for its purity. I don't recommend using "double-distilled water" because it apparently interacts and reacts with carbon dioxide (which may or may not be "okay" for the monitor). Also, don't drink distilled water - studies have shown it to be detrimental to one's health if drunk exclusively - there are many important health benefits when drinking tap water that you don't get from distilled water.

The microfiber cloth is essential as well. It won't scratch the delicate surface. Generally you use these things for cleaning glasses and camera lenses (even digital camera lenses), but they also work well for computer monitors. Many people swear by 3M's microfiber cloth. T-shirts and most "soft" cloths are much harsher on the surface and will cause scratches over time.

If it still isn't clean, it is time to pull out better ammo. Go find a bottle of Klear Screen and purchase it. You can obtain it online and possibly at a local computer/office supply store. Again, just dampen your microfiber cloth with this mysterious solution. Repeat the procedure once more if necessary.

If the monitor still isn't clean, it is time to pull out the big guns. Go to the store and get a bottle of 90%-98% rubbing alcohol (about $3). Go home and create two different strength solutions in two sterilized containers:

1 part distilled water to 1 part rubbing alcohol. (Roughly 50% alcohol)
1 part distilled water to 2 parts rubbing alcohol. (Roughly 66% alcohol)

Try the weaker solution first using the microfiber cloth. Use a clean cloth - don't mix this solution with even dried-on Klear Screen - who knows what chemical reaction will occur! When cleaning the cloth via a washer/dryer, remember to never use fabric softener or dryer sheets (they will both ruin the cloth)!

If that fails, try the stronger solution. Remember! Never apply too much pressure or you'll damage the monitor itself (assuming a standard LCD monitor)!

If all of these methods fail, either live with the problem, get a new monitor, or go to a professional computer repair shop and see what they can do (they'll have access to chemicals consumers don't have access to - probably take them five minutes to determine if it is even feasible to attempt to clean).

DO NOT EVER use any ammonia based or strong household cleaners to attempt to clean a computer monitor screen. You will more than likely cause irreparable damage to the surface.

This has been a friendly computer geek announcement.

Saturday, September 01, 2007

The new PayPal buttons...

...are the ugliest things I've ever seen. The people PayPal has employed are clearly not graphics artists. And also don't have the web developer in mind.

About a couple weeks ago every business customer received a "teaser" e-mail from PayPal saying to get ready for new logos and buttons for use on websites. Mentally, I thought, "Sweet! Maybe they won't stink like the current ones." Today, PayPal sent every business customer an e-mail saying the logos and buttons were ready for use on websites and sent us all to their website via a link.

I clicked the link and, lo and behold, awful-looking images stared me in the face that are worse than the old ones (but that isn't saying much). The image above is the worst of the lot, but they are all pretty bad. Let me name off my reasons:

1) Every last image is a GIF image. Which makes the gradient look awful, severely limiting color choice, and offers extremely limited transparency options. PNG - enough said.

2) There is an ugly white border around the entire image. This makes it impossible to put the image on any color without making the ugly border instantly stand out.

3) Placement of the "icons". Oh where do I begin? It looks like a 'V' shape which just makes everything feel awkward. The icon sizing looks like a child did it. At least make them all the same size - bicubic scale them up to the largest length/width in each direction and then scale down. Yes it will make them look funny. But there is this tool called Photoshop that can do magical things like edit the images to extend them. At that size, no one will notice and everything will be pixel-aligned.

4) Speaking of Photoshop. Let us have PSDs of the logos and buttons already. That way WE can decide what the buttons look like and what file format. And, surprise! We don't like your buttons. You stink at graphics arts. Go back to school.

5) What is up with the extra inner space - especially all that space under "Bank"?

6) Putting PayPal above the icon work is just a bad idea. Sure it emphasizes that PayPal is being used, but it is completely unnecessary. All people want to know is "What sort of online payment methods does your business accept". Put PayPal first for all I care in the ordering, but PLEASE do not look ugly while doing it. Either completely encase the PayPal logo in the orange border or put it inside the box and make the border at the top thinner. What you have currently is plain ugly.

7) 3 of 5 of the icons have borders (natural or otherwise). Make them all have borders even if they normally don't. The "Visa" icon, in particular, looks awful against the orange background.

Digg this