Deleting Windows $NTUninstall Folders

Posted by Richard on

I like a clean computer. Thanks to prolific security patches from Microsoft, there are hundreds of files and folders cluttering up my Windows folder, forcing me to wade through garbage every time I search for something. How do you safely clean them up without messing up the already fragile operating system?

© Richard D. LeCour

First, what is all that junk? The $NTUninstall directories are created after the installation of a Microsoft Service Pack, a software hotfix, or a security update. They contain the uninstall information for each of the Microsoft updates, therefore if you delete the files and folders you will be unable to uninstall the updates. The corresponding log files are files that show the details of all the changes made during the patch installation. But if you simply delete them, Windows still has a record of them and expects them to be there.

If you have a registry cleaning tool such as CrapCleaner, you can simply delete the folders and run the cleaning tool.

If you can’t (or don’t want to) install a registry cleaning tool, here’s how to safely remove the $NTUninstall folders manually:

  1. Delete selected $NTUninstallKB folders. The names will look like $NtUninstallKB822603$ and $NtUninstallKB899587$. Keep track of the numbers after the KB of the folders you delete. Usually they’re sequential so hopefully you can just jot down a range, but there will always be a few outlying exceptions.
  2. Open the registry editor, and navigate to HKEY_LOCAL_MACHINE -> Software -> Microsoft -> Windows -> CurrentVersion -> Uninstall.
  3. Find the keys for each of the folders you deleted, and delete them, too. No way to do them in bulk, unfortunately. However, you can get a nice repeating rhythm of DEL, ENTER, DEL, ENTER. Just don’t forget to stop!
  4. Delete the desired KBNNNNNN.log files from the Windows folder.

Leave mentions of the updates within HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates alone. These mentions of the patches indicate that the patches have been properly installed. Removing these keys will confuse Windows into thinking that the patches have not been completed. Your only remedy after that point would be to reinstall the patches. Safer just to ignore them.

With just a couple minutes of effort, I’ve just freed up 400MB on my laptop, and another 500MB on one of my desktops!

Common Résumé Mistakes = Trash

Posted by Richard on

There are times that I have to interview a lot of Engineering candidates. Unfortunately, many are clearly unqualified, yet somehow sneak past the first-line screeners. My standards are fairly high, and I expect prospective employees and contractors to possess strong attention to detail. Most do not.

The first step I take is to get out my blue ink and yellow highlighter pens. Everything interesting on the résumé I circle in blue, while every mistake or potential issue I highlight in yellow. If, after a page or two, I see more yellow than blue, the résumé is trashed — which, in HR speak, means that the résumé is kept for six months in a manilla folder marked “Never, Ever Hire!” [OK, not really, but the idea has its appeal.]

Spelling Mistakes

It seems that many candidates don’t bother to click the “Check Spelling” button.

  • A recent applicant failed to capitalize her street name; misspelled both her cities of employment and residence; proclaimed expertise in Java, JAVA, and java, building J2EE and j2ee component “pachages” using “J-builder” and “Jbuilder“; was “well experienced” in both Oracle and oracle; and “was thorough” in Javascript, java script, and Java Script (none of which are correct).
  • If you proclaim yourself as a “Sun Certificied Java Progrmmer” or you have a “Masters in Business Adminstration“, well… kthxbye.
  • I am frequently amazed by the numbers of “extra-cuccicular activities” that candidates do.
  • It seems very few can spell the word “architecture”. One Stanford-degreed engineer “ported code to PowerPC architcture.” Another worked on “the design & architucture of the latest release.” A third “created and oversaw all information arcitecture and Flash developement.”

Nonsensical Grammar

In the unlikely event that all the words in a résumé are spelled correctly, it does not mean the words actually go together.
  • If something is “reputed”, it is something that is generally considered or believed; it has nothing to do with “reputation” or being “reputable”. Candidates frequently erringly claim to have been “trained by reputed companies”, “worked for reputed organizations“, or just dreamed “to work in a well reputed organization.” I most often see this on résumés from engineers trained in India, not surprisingly because job positions in India are often similarly misdescribed, further reinforcing the problem.
  • One programmer’s objective was to obtain “a challenge job in software engineering that has growth opportunity.” And further down, “Lead the offshore development team and explain them the key features.” They were clearly part of the offshore development team.
  • Someone claimed that they “learnt various technologies fast in pace with requirements of the project demands.” I will accept all valid spelling, even if considered archaic or uncommon in the United States, as long as the words are spelled consistently throughout the document, but the rest of the sentence still has to make sense.
  • You know you have a “winner” when they describe their job as, “Evaluate our systems to decide which system performance the best” and “Doing research on high risky accounts”.

Résumé Padding

I typically go against the hiring norm by holding less importance to education and technical knowledge than having the essential ability to reason. One of the best Java developers I ever hired had never previously coded in Java; his prior experience was all development on mainframes. Candidates possessing a degree from MIT most likely had smart, successful parents, but it doesn’t actually say anything about their own abilities.

If someone makes it past the at-home, written test (creating the résumé) and graduates to the in-person interview, at a minimum they will be asked a few soft-ball technical questions on subjects about which they have claimed expertise in writing.

  • Unfortunately, sometimes the first time I see a résumé is within ten minutes of being forced to interview them because they’re already inside the building. The same candidate above who couldn’t spell the name of her own city claimed to have created custom tag libraries for JSPs, but had no idea what a TLD file is. She also indicated she was very knowledgeable in the use of regular expressions, but couldn’t create the most basic regex to replace the word “cat” with the word “dog” in a sentence.
  • Contrary to popular advice, do not sprinkle keywords throughout your résumé unless you truly have expertise in those areas. Usually the sprinkling is way too obvious, and you just come across as deceptive and dishonest during the in-person interview.
  • Never let someone write your résumé for you. Many “professional” résumé writers simply cut and paste work experience from one résumé to the next. Their pre-formed descriptions most likely do not match your expertise, thereby essentially padding your résumé with lies. On a single day, I received twelve near identical résumés from different candidates, all with the same spelling, formatting, and grammatical mistakes. It’s simple: if you won’t bother writing your own résumé, I won’t bother hiring you.

Common Sense

When people can’t be bothered to write, proofread, and triple-check their own résumés — which are theoretically used to sell themselves in the absolute best light possible — it tends to mirror the work they do on the job: mistake-ridden, buggy, and with a lack of attention to detail.

Your résumé is your most important sales tool. It is a reflection of you, and it should be perfect. Spell check your résumé, then show it to friends or colleagues (preferably native English speakers) and ask them to proofread it.

The simplest mistake can make the difference between receiving an offer letter and being delegated to the round file. I usually won’t trash a résumé of an engineer due to a few minor spelling or grammatical mistakes, especially when the applicant simply misused a homophone or capitonym that any spell checker would miss. However, technical writers are obviously held to even higher English language standards, while designers quickly lose marks for visual errors such as misformatting or inconsistencies in font weights, sizes, and styles.

Oh, one last piece of advice: if you manage to get past the résumé filter and the phone screen, try not to be a complete moron. A recent candidate was late to an interview because he had forgotten to push the ninth-floor button in the elevator. After a few minutes of inactivity, the lights went out to save power, and he stood there in the dark for 20 minutes. Noticing that he was late, our receptionist called him on his cell phone, at which point he reported that he was stuck on the sixth floor with the lights out. He neither had the insight to try pushing our floor button, or even to call anyone for assistance.

Uhh, thank you for your time. Don’t call us; we’ll… (ahem)… yeah, we’ll call you. Sure we will.

Changing Your WordPress Table Prefix

Posted by Richard on

This blog was recently crippled by a hacker using a known SQL injection exploit. Most likely, all that pain and suffering I went through during restoration could have avoided if I’d followed three simple procedures.

  1. Keep up with patches. Relying on my old version of WordPress was a big mistake, especially after many security patches had been issued to fix several known exploitation methods.
  2. Change the WordPress table prefix. Virtually all successful SQL injection exploits require knowledge of the database table prefix. Since at least 99.99% (a number I pulled out of thin air but is unfortunately realistic, if not low) of all WordPress installations still use the default “wp_” prefix, it’s not hard to guess. Even changing them won’t fool the more sophisticated hackers, but it will slow down or stop those who just know the basics or those relying on automated bots to quickly hack hundreds of blogs at the same time.
  3. Remove any text that identifies WordPress or the version of WordPress being used, especially when using an older package. Why advertise your vulnerabilities? In my case, I write a lot about WordPress so I’m unfortunately committed to providing that bit of knowledge, but I stopped displaying version numbers long ago.

If you do decide to change the table prefix, set aside the proper time to make these modifications. You don’t want to have to quit in the middle, as your blog will be completely down until finished. Do not attempt these modifications if you are not at least reasonably familiar with phpMyAdmin (or a similar utility) or MySQL, or basic SQL commands — have a trusted friend do this instead. Before you do anything, back everything up. Deactivate all your plugins until finished.

Ready? OK, let’s change your table prefix now!

In your wp-config.php file, change the table prefix to whatever prefix you want. There may be a length limit, so don’t go nuts.

$table_prefix = 'wp_'; // Only numbers, letters, and underscores please!

Rename the tables names in your database with phpMyAdmin or your favorite MySQL admin tool to reflect the new prefix.

Yay! Done! The blog works exactly as it did before.

Until you try to log in. Then you get the “You do not have sufficient permissions to access this page” message. Ah, dåmn.

Many blog owners have run into the same problem and give you somewhat helpful advice to rename several options in the {new_prefix}_options and {new_prefix}_usermeta tables: In the {new_prefix}_options table , rename the “wp_user_roles” option_name to “{new_prefix}_user_roles”. In the {new_prefix}_usermeta table, rename the following three meta_keys with your new prefix: wp_capabilities, wp_user_level, and wp_autosave_draft_ids. If you don’t have wp_autosave_draft_ids, that’s OK. It only shows up if you’ve ever saved a draft while editing.

What other websites failed to mention during my switch (and that I had to painfully figure out for myself) is that the {new_prefix}_user_level meta_key may be missing. For some reason, it is required for the administrator account when using a new table prefix. The easy solution is to add a new row in the table for {new_prefix}_user_level with the meta_value field set to 10.

Now everything should work fine! You may still need to change more rows in the {new_prefix}_options table that were created by plugins that store the prefix as part of the option_name, but I can’t help you with that.

This how-to was written for WP 2.3.3, but should work with most future versions.

This information is provided as-is, without any warranty of any kind, express, implied or otherwise, including without limitation, any warranty of merchantability or fitness for a particular purpose. In no event shall I be liable for any special, incidental, consequential or indirect damages of any kind, or any damages whatsoever resulting from loss of; use, data or profits, whether or not advised of the possibility of damage, and on any theory of liability, arising out of or in connection with the use or performance of this information. This worked perfectly for me, but it might not work for you. You backed your stuff up, right?