you carry around and can plug into various "carriers" that embody the I/O, display, etc.
And you pray that nobody has hooked up a tap to the input on that item to record your keystrokes...
Or at least, you'd only be able to plug into docking points that you trust. Or end up carrying some sort of fold-up keyboard (like has been available for small PDAs for a while).
when WIFI was rolled out it was placed on the Big I instead of the little i
So someone can sit out in the parking lot, or a neighboring building and hijack your connection to the big internet?
That'll be amusing when the feds come knocking on your front doors looking for the person sending and receiving illegal content.
(I don't know which is scarier some days... hackers bypassing the firewall or snooping on internal communication, or the risk of abuse and getting investigated by the authorities.)
Configuration is in plain text files, one for each device on the network. I have these as an subversion working copy, which gives me the ability to track changes and easily roll back any configuration problems.
That's a big strength of Nagios (using plain text files). We use FSVS on our servers, with a SVN back-end. It's so nice to be able to track changes and do easy diffs between versions.
(We use FSVS because it doesn't create.svn folders. It's more suited for version controlling things like/etc or even the entire server.)
If you environment is big enough so you can employ at least 1 person to fully work with Nagios, then it's a great product. But out of the box it needs too much time to become usable. I'm talking of Nagios 2, I have no experience (yet) with Nagios 3.
We use it for about two dozen hosts, a few hundred services, and a handful of technical support users.
All of which took about a week to get up and running. But other then small re-configurations when we move systems around or change the network, it's very much a "setup and not worry about" tool.
Such a great tool - we know there's a problem before the users do (usually). So when our phones start ringing, we're not scrambling in the dark wondering what is actually broken. It gives upper management the impression that you're on the ball and have your finger on the pulse. So even when things break, being able to tell your boss that you know what is broken and you're already working on it can pay off.
Plus there's a side-benefit... can we set things up well enough that we never see Nagios alerts more then once a week? It becomes a bit of a game.
Network and server monitoring is critical for a small, overworked support staff. Setup warning thresholds, and you'll never be surprised about a disk running out of space, or a server running out of memory again. Or at least, you'll be warned in advance and have a bit of time to address the issue before it takes something down. Small staff don't have the time or people to sit and check on things like disk temperatures, free space, server loads, process counts, size of the mail queue, etc.
It's a lot like any other tool. The more you put it to work, the more you'll value it.
My personal experience is that Nagios is probably the LEAST easy to use of any piece of software, period. I hope they changed it in a major way, because last time I tried to use it I was forced to dig through configuration files and learn syntax just to get the thing to see if some server was responding to pings.
Nagios is not that difficult, especially v2.
The key to a good Nagios rollout is to start small. As in, a few contacts, a few services, and a single host. Learn what the various objects are. Put the configuration files under version control (extremely useful, try FSVS if you're using Subversion in your company). You should be up to speed and have a good grasp of how everything fits together in under a week.
After that, Nagios configuration is mostly about organization. Don't keep everything in a single file, or even a single directory. Create a directory for templates, another for contacts, split your hosts across multiple directories by some loose classification. Put each host configuration in its own file.
WoW - The BIG CHEESE of MMOs. Or, as my wife calls it, "MMO for dummies". Lack of expansion content is starting to hurt them some, as are the continual moves to force more folks into the Arena model of PvP. Probably the game that has blended PvE and PvP together the best, but the PvP aspect still causes too many problems to trickle down into PvE. The most immature crowd of the major MMOs.
On the upside, those of us with jobs and other commitments can actually (slowly) move forward in WoW. Those of us who started about a year ago, are just making our way into the Tier 5 content (current content tops out at around Tier 6 1/2 in difficulty).
The emphasis on Arena PvP, however, is troubling in the upcoming expansion. A lot of us have no desire to do arena, but find it enjoyable to go to a battleground and be one among 40 (in Alterac Valley). If we're forced into doing arena PvP in order to obtain gear upgrades from the BC PvP sets... it's not going to be pretty.
(Arena PvP is a zero-sum game. Losing games lowers your arena rating, locking you out of the ability to purchase better gear. Which leads to losing even more games because you're outclassed on gear. In battleground PvP, you still earn honor and battleground marks, although at a reduced rate, allowing you to eventually purchase better gear.)
(shrugs) WoW gets things about 90% right for casual gamers. And if you play on an RP server, there are additional policies and rules in place that can eliminate a lot of the immaturity found on other realms. But only if people report the violations to the GMs.
Interesting... lag in major PvP engagements was one of the biggest peeves. Or getting black-screened in Jita because the system was too busy to login or undock.
Having played WoW for about a year, I'd put it more at about 25% of the content as being aimed at level 70 players. The Outland is quite large, and there are 7 regular dungeons, 13 heroic dungeons and all of the tier4-tier6 raid zones (9?). Plus the recent Isle of Q, which adds about 90 minutes worth of daily quests that you can do for gold/faction.
Not sure how the new expansion will work out. I suspect, that like Burning Crusade, they'll need to patch in content periodically in order to give players new things to do while they prep the next expansion.
Because if you've already successfully chewed through 8GB of RAM, having an extra 256MB of swap available just in case isn't likely to be a very meaningful stop-gap.
Exactly.
On most systems, especially servers, swap is there so that if things go wrong, there's room (and time) for recovery before the system crashes completely. Given today's disk speeds, I feel like that's somewhere between 4 and 8 GB of swap... give or take a few GB.
(You can probably blow through 2GB of swap in about 1 minute on today's drives if things are really going pear shaped.)
That's (from my standpoint) because the managers and developers can't stop screwing around with the URL scheme for documents. It seems like there are people at MS who are paid by the page to produce documentation.
Their documentation system is seriously screwed up and has been for 5+ years.
When your WHOLE COUNTRY is behind a firewall? NAT the hell out of that! Flatten it to a/8 network in 10.0.0.0 and put it all behind one public IP. Problem solved!
The big issue with NAT is the limited # of possible ports (65k or so) due to the use of a 16-bit unsigned integer for port numbering.
200-400 people who are doing a bit of heavy browsing along with IM and other background can easily eat up all 65,000 available ports for NAT. (That's assuming 20-30 active connections per person - which is no longer "a lot".)
(Personally, I like NAT and private IP address space, because it makes things simpler for a lot of non-technical folks. I can tell them to get a NAT/firewall, and it does a good job of protecting them from a lot of nasty stuff. It's not perfect, but it's useful.)
We've used DNSMadeEasy for quite a few years as well and I find them to be very good service.
They also support TXT records, which is something that a lot of DNS providers don't do (or don't do well). So we were able to publish SPF records for our domains without much trouble.
How about running your own master DNS server, and having your provider slave from that.
That's the ideal way to do it. Setup your own master server using BIND or whatever, and you get the best of both worlds. You can script access to your DNS server entries, make updates however you want to, and make it as secure as you want to.
Then let the DNS provider simply serve as secondary servers for your DNS domains. Even if your primary DNS server is down for maintenance, the NS records on your domains are pointing at the DNS provider's pool of servers which are geographically separated.
(Alternately, you could try a service like DNSMadeEasy, which allows you to make API-style updates to your DNS entries. Unfortunately, security is a bit thin and you have to hard-code usernames and passwords.)
How often do you get spam where the "From" address is someone you know? Nothing is stopping you from doing this today - in fact there are many packages providing "greylisting" which improves on it by sending a message back allowing the sender to "prove" they are not a spammer - no real spammers take the hassle (if the from address is even genuine).
That's not graylisting, that's challenge-response.
Which is a fundamentally flawed system because the majority of spam uses a forged address for the from/reply-to. So all the C/R systems do is annoy the person who's e-mail address was used for the forgery. (In fact - it's easy to envision a DDoS attack by abusing mail servers that send out C/R e-mails.)
I had a similar situation with SPF when the other mail sever was misconfigured and we were rejecting the mail (as instructed by their server). We did inform the other mail admin, but to date, it's still misconfigured. The end result of it I was I was instructed to remove SPF from our mail servers since it was "blocking business e-mail."
Before implementing any sort of "block" at the mail server level, always make sure that you have a way to whitelist senders to get around the block.
As exceptions occur, you can then quickly whitelist senders without having to strip out the entire blocking action.
From doing a bit of traveling with older laptops ('01-'05), leaving a laptop in sleep mode doesn't use all that much power over hibernate (suspend to disk).
However, I've not had to deal with TSA goons who pull battery packs out.
My level of interest... in the game dropped off after I saw it wasn't being developed by Infinity Ward.
And after seeing what IW did to the CoD franchies in CoD 2 - my interest level has been "don't give a crap" for a while now.
The original IW folks came from Medal of Honor's team and decided to do things better in CoD (version 1) then MoH's style. Meaning, no more endlessly spawning waves of enemies until you reach the next checkpoint, and things like that.
Guess what lame tactic they reverted to in CoD 2? Yep - infinitely spawning enemies until you reach the next checkpoint.
IW sold out years ago and the CoD franchise has been crap ever since.
One nice thing about the (current) WoW client is that you don't *have* to install it when moving from one system to another. Just copy everything in the C:\Program Files\World of Warcraft\ folder to the new machine and you'll be off and running.
Or just make sure that you keep a backup copy (or two) of that folder in case you ever want to reinstall.
You do know that there are not currently any stable browsers with threaded tabs, don't you? There are exactly two browsers attempting this that are both in early betas. You speak as if it's been common for years and Fx is way behind the game.
Firefox is way behind the game.
One of the things that users (who drive adoption) have wanted for quite a few years now is to get rid of the problem where one slow-responding tab slows down the other tabs. It drove me up the wall starting back in the FF 1.x days, where you'd tell a link to load in the background - and it would freeze the foreground tab until it was done processing.
Which really, really, really annoys me. If I had wanted to wait on the new tab to load, I'd have loaded it in a foreground tab. Part of the whole point of being able to open links into new background tabs is so that you can keep working with the foreground tab without interruption.
So, if we were asking for this since the FF 1.x days... why are the developers still putting their heads in the sands on this issue in FF 3.1 days?
(Yes I know it's hard - but now there are 2 competitors who are trying to make it work. So it must not be impossible. And it's not like FF 2.x wasn't already a bit bloated.)
Similar reasons here for switching to CentOS (from other Linux distros) for our servers.
It's a lot easier to find a local tech-head who knows RHEL and plop them down in front of a broken CentOS box then it is to find someone who knows (your favorite niche linux distro). Or at least there's far better odds that your local linux support shop folks will have heard of CentOS/RHEL.
Plus, if we every do decide to go all official-like... the migration from CentOS to RHEL should be fairly painless.
2GB in 2008 is *not* a lot of RAM. We've been buying dual-core, 2GB RAM, 250GB HDs for our corporate desktops for almost 3 years now. And other then a small price hike in memory prices about 18 months ago, they keep getting less and less expensive.
4GB is a bit more uncommon, but RAM prices on DDR2 memory have fallen so far that we're considering buying the new PCs with 4GB RAM.
Hell, quad-core CPUs are getting below the $150 mark, so we'll probably start buying them soon as the normal desktop. Right now, we're only buying them for the power users.
Basically, if you've bought a PC in the last 2 years and didn't go for dual-core and 2GB of RAM, you've shot your own foot.
I'm not sure what the vector is, but it's comming from both HTML injection and infected SPAM (bogus e-cards).
It's a Javascript injection attack. Either they send out e-mails with the infective bit of Javascript, or else they hack the FTP password for a website and inject their Javascript into all of the HTML pages on that site.
It really really sucks, because you can't tell users "don't browse bad websites". But not letting users run with local administrator rights on the machine stops it cold (it tries to infect, does display a few messages, but a reboot and virus-scan will kill it).
We've tried blocking it at the firewall... but my squid-fu is lacking (I need to get Squid v3 installed and tie it into ClamAV).
1) Take out the disk, hook it up to a 2nd PC (via USB enclosure or whatever) and run a current virus-scan on it. That will generally nullify it enough that you can then put the disk back in the original PC and use WinXP's system restore to go back a week or two.
But really... once a machine has been compromised, it is no longer trustworthy. There may be other things installed that you *don't* know about and that don't show up in a cursory scan. So the proper fixes are either:
A) Restore from the original WinXP install media.
B) Restore a known-good snapshot created with a program like Acronis TrueImage, Norton Ghost, or Linux NTFSDisk(?).
In order to prevent that happening in the future, do NOT run accounts that have Administrator level privileges in Windows XP. There's too many damn browser exploits out there right now that sail right past IE 7 and Firefox 3 and will infect your machine. (Worse, these infections are present on a lot of mainstream websites, so it's no longer an issue of browsing the darker side of the net.)
Seriously, spend the $40 or whatever for Acronis and learn how to make images of your system disk. It saves a lot of time down the road when you can just restore to a known-good point in time.
Slashdot Mirror
you carry around and can plug into various "carriers" that embody the I/O, display, etc.
And you pray that nobody has hooked up a tap to the input on that item to record your keystrokes...
Or at least, you'd only be able to plug into docking points that you trust. Or end up carrying some sort of fold-up keyboard (like has been available for small PDAs for a while).
when WIFI was rolled out it was placed on the Big I instead of the little i
So someone can sit out in the parking lot, or a neighboring building and hijack your connection to the big internet?
That'll be amusing when the feds come knocking on your front doors looking for the person sending and receiving illegal content.
(I don't know which is scarier some days... hackers bypassing the firewall or snooping on internal communication, or the risk of abuse and getting investigated by the authorities.)
Configuration is in plain text files, one for each device on the network. I have these as an subversion working copy, which gives me the ability to track changes and easily roll back any configuration problems.
.svn folders. It's more suited for version controlling things like /etc or even the entire server.)
That's a big strength of Nagios (using plain text files). We use FSVS on our servers, with a SVN back-end. It's so nice to be able to track changes and do easy diffs between versions.
(We use FSVS because it doesn't create
If you environment is big enough so you can employ at least 1 person to fully work with Nagios, then it's a great product. But out of the box it needs too much time to become usable. I'm talking of Nagios 2, I have no experience (yet) with Nagios 3.
We use it for about two dozen hosts, a few hundred services, and a handful of technical support users.
All of which took about a week to get up and running. But other then small re-configurations when we move systems around or change the network, it's very much a "setup and not worry about" tool.
Such a great tool - we know there's a problem before the users do (usually). So when our phones start ringing, we're not scrambling in the dark wondering what is actually broken. It gives upper management the impression that you're on the ball and have your finger on the pulse. So even when things break, being able to tell your boss that you know what is broken and you're already working on it can pay off.
Plus there's a side-benefit... can we set things up well enough that we never see Nagios alerts more then once a week? It becomes a bit of a game.
Network and server monitoring is critical for a small, overworked support staff. Setup warning thresholds, and you'll never be surprised about a disk running out of space, or a server running out of memory again. Or at least, you'll be warned in advance and have a bit of time to address the issue before it takes something down. Small staff don't have the time or people to sit and check on things like disk temperatures, free space, server loads, process counts, size of the mail queue, etc.
It's a lot like any other tool. The more you put it to work, the more you'll value it.
My personal experience is that Nagios is probably the LEAST easy to use of any piece of software, period. I hope they changed it in a major way, because last time I tried to use it I was forced to dig through configuration files and learn syntax just to get the thing to see if some server was responding to pings.
Nagios is not that difficult, especially v2.
The key to a good Nagios rollout is to start small. As in, a few contacts, a few services, and a single host. Learn what the various objects are. Put the configuration files under version control (extremely useful, try FSVS if you're using Subversion in your company). You should be up to speed and have a good grasp of how everything fits together in under a week.
After that, Nagios configuration is mostly about organization. Don't keep everything in a single file, or even a single directory. Create a directory for templates, another for contacts, split your hosts across multiple directories by some loose classification. Put each host configuration in its own file.
WoW - The BIG CHEESE of MMOs. Or, as my wife calls it, "MMO for dummies". Lack of expansion content is starting to hurt them some, as are the continual moves to force more folks into the Arena model of PvP. Probably the game that has blended PvE and PvP together the best, but the PvP aspect still causes too many problems to trickle down into PvE. The most immature crowd of the major MMOs.
On the upside, those of us with jobs and other commitments can actually (slowly) move forward in WoW. Those of us who started about a year ago, are just making our way into the Tier 5 content (current content tops out at around Tier 6 1/2 in difficulty).
The emphasis on Arena PvP, however, is troubling in the upcoming expansion. A lot of us have no desire to do arena, but find it enjoyable to go to a battleground and be one among 40 (in Alterac Valley). If we're forced into doing arena PvP in order to obtain gear upgrades from the BC PvP sets... it's not going to be pretty.
(Arena PvP is a zero-sum game. Losing games lowers your arena rating, locking you out of the ability to purchase better gear. Which leads to losing even more games because you're outclassed on gear. In battleground PvP, you still earn honor and battleground marks, although at a reduced rate, allowing you to eventually purchase better gear.)
(shrugs) WoW gets things about 90% right for casual gamers. And if you play on an RP server, there are additional policies and rules in place that can eliminate a lot of the immaturity found on other realms. But only if people report the violations to the GMs.
Interesting... lag in major PvP engagements was one of the biggest peeves. Or getting black-screened in Jita because the system was too busy to login or undock.
Having played WoW for about a year, I'd put it more at about 25% of the content as being aimed at level 70 players. The Outland is quite large, and there are 7 regular dungeons, 13 heroic dungeons and all of the tier4-tier6 raid zones (9?). Plus the recent Isle of Q, which adds about 90 minutes worth of daily quests that you can do for gold/faction.
Not sure how the new expansion will work out. I suspect, that like Burning Crusade, they'll need to patch in content periodically in order to give players new things to do while they prep the next expansion.
Because if you've already successfully chewed through 8GB of RAM, having an extra 256MB of swap available just in case isn't likely to be a very meaningful stop-gap.
Exactly.
On most systems, especially servers, swap is there so that if things go wrong, there's room (and time) for recovery before the system crashes completely. Given today's disk speeds, I feel like that's somewhere between 4 and 8 GB of swap... give or take a few GB.
(You can probably blow through 2GB of swap in about 1 minute on today's drives if things are really going pear shaped.)
That's (from my standpoint) because the managers and developers can't stop screwing around with the URL scheme for documents. It seems like there are people at MS who are paid by the page to produce documentation.
Their documentation system is seriously screwed up and has been for 5+ years.
Even right now you can get the GeForce 8800 GT 512MB cards for around $110-$120.
Which is a darn good price for a card that has reasonable power, isn't a power hog, and gives a lot of bang for the buck.
When your WHOLE COUNTRY is behind a firewall? NAT the hell out of that! Flatten it to a /8 network in 10.0.0.0 and put it all behind one public IP. Problem solved!
The big issue with NAT is the limited # of possible ports (65k or so) due to the use of a 16-bit unsigned integer for port numbering.
200-400 people who are doing a bit of heavy browsing along with IM and other background can easily eat up all 65,000 available ports for NAT. (That's assuming 20-30 active connections per person - which is no longer "a lot".)
(Personally, I like NAT and private IP address space, because it makes things simpler for a lot of non-technical folks. I can tell them to get a NAT/firewall, and it does a good job of protecting them from a lot of nasty stuff. It's not perfect, but it's useful.)
We've used DNSMadeEasy for quite a few years as well and I find them to be very good service.
They also support TXT records, which is something that a lot of DNS providers don't do (or don't do well). So we were able to publish SPF records for our domains without much trouble.
How about running your own master DNS server, and having your provider slave from that.
That's the ideal way to do it. Setup your own master server using BIND or whatever, and you get the best of both worlds. You can script access to your DNS server entries, make updates however you want to, and make it as secure as you want to.
Then let the DNS provider simply serve as secondary servers for your DNS domains. Even if your primary DNS server is down for maintenance, the NS records on your domains are pointing at the DNS provider's pool of servers which are geographically separated.
(Alternately, you could try a service like DNSMadeEasy, which allows you to make API-style updates to your DNS entries. Unfortunately, security is a bit thin and you have to hard-code usernames and passwords.)
How often do you get spam where the "From" address is someone you know? Nothing is stopping you from doing this today - in fact there are many packages providing "greylisting" which improves on it by sending a message back allowing the sender to "prove" they are not a spammer - no real spammers take the hassle (if the from address is even genuine).
That's not graylisting, that's challenge-response.
Which is a fundamentally flawed system because the majority of spam uses a forged address for the from/reply-to. So all the C/R systems do is annoy the person who's e-mail address was used for the forgery. (In fact - it's easy to envision a DDoS attack by abusing mail servers that send out C/R e-mails.)
I had a similar situation with SPF when the other mail sever was misconfigured and we were rejecting the mail (as instructed by their server). We did inform the other mail admin, but to date, it's still misconfigured. The end result of it I was I was instructed to remove SPF from our mail servers since it was "blocking business e-mail."
Before implementing any sort of "block" at the mail server level, always make sure that you have a way to whitelist senders to get around the block.
As exceptions occur, you can then quickly whitelist senders without having to strip out the entire blocking action.
From doing a bit of traveling with older laptops ('01-'05), leaving a laptop in sleep mode doesn't use all that much power over hibernate (suspend to disk).
However, I've not had to deal with TSA goons who pull battery packs out.
My level of interest... in the game dropped off after I saw it wasn't being developed by Infinity Ward.
And after seeing what IW did to the CoD franchies in CoD 2 - my interest level has been "don't give a crap" for a while now.
The original IW folks came from Medal of Honor's team and decided to do things better in CoD (version 1) then MoH's style. Meaning, no more endlessly spawning waves of enemies until you reach the next checkpoint, and things like that.
Guess what lame tactic they reverted to in CoD 2? Yep - infinitely spawning enemies until you reach the next checkpoint.
IW sold out years ago and the CoD franchise has been crap ever since.
One nice thing about the (current) WoW client is that you don't *have* to install it when moving from one system to another. Just copy everything in the C:\Program Files\World of Warcraft\ folder to the new machine and you'll be off and running.
Or just make sure that you keep a backup copy (or two) of that folder in case you ever want to reinstall.
You do know that there are not currently any stable browsers with threaded tabs, don't you? There are exactly two browsers attempting this that are both in early betas. You speak as if it's been common for years and Fx is way behind the game.
Firefox is way behind the game.
One of the things that users (who drive adoption) have wanted for quite a few years now is to get rid of the problem where one slow-responding tab slows down the other tabs. It drove me up the wall starting back in the FF 1.x days, where you'd tell a link to load in the background - and it would freeze the foreground tab until it was done processing.
Which really, really, really annoys me. If I had wanted to wait on the new tab to load, I'd have loaded it in a foreground tab. Part of the whole point of being able to open links into new background tabs is so that you can keep working with the foreground tab without interruption.
So, if we were asking for this since the FF 1.x days... why are the developers still putting their heads in the sands on this issue in FF 3.1 days?
(Yes I know it's hard - but now there are 2 competitors who are trying to make it work. So it must not be impossible. And it's not like FF 2.x wasn't already a bit bloated.)
Similar reasons here for switching to CentOS (from other Linux distros) for our servers.
It's a lot easier to find a local tech-head who knows RHEL and plop them down in front of a broken CentOS box then it is to find someone who knows (your favorite niche linux distro). Or at least there's far better odds that your local linux support shop folks will have heard of CentOS/RHEL.
Plus, if we every do decide to go all official-like... the migration from CentOS to RHEL should be fairly painless.
2GB in 2008 is *not* a lot of RAM. We've been buying dual-core, 2GB RAM, 250GB HDs for our corporate desktops for almost 3 years now. And other then a small price hike in memory prices about 18 months ago, they keep getting less and less expensive.
4GB is a bit more uncommon, but RAM prices on DDR2 memory have fallen so far that we're considering buying the new PCs with 4GB RAM.
Hell, quad-core CPUs are getting below the $150 mark, so we'll probably start buying them soon as the normal desktop. Right now, we're only buying them for the power users.
Basically, if you've bought a PC in the last 2 years and didn't go for dual-core and 2GB of RAM, you've shot your own foot.
I'm not sure what the vector is, but it's comming from both HTML injection and infected SPAM (bogus e-cards).
It's a Javascript injection attack. Either they send out e-mails with the infective bit of Javascript, or else they hack the FTP password for a website and inject their Javascript into all of the HTML pages on that site.
It really really sucks, because you can't tell users "don't browse bad websites". But not letting users run with local administrator rights on the machine stops it cold (it tries to infect, does display a few messages, but a reboot and virus-scan will kill it).
We've tried blocking it at the firewall... but my squid-fu is lacking (I need to get Squid v3 installed and tie it into ClamAV).
1) Take out the disk, hook it up to a 2nd PC (via USB enclosure or whatever) and run a current virus-scan on it. That will generally nullify it enough that you can then put the disk back in the original PC and use WinXP's system restore to go back a week or two.
But really... once a machine has been compromised, it is no longer trustworthy. There may be other things installed that you *don't* know about and that don't show up in a cursory scan. So the proper fixes are either:
A) Restore from the original WinXP install media.
B) Restore a known-good snapshot created with a program like Acronis TrueImage, Norton Ghost, or Linux NTFSDisk(?).
In order to prevent that happening in the future, do NOT run accounts that have Administrator level privileges in Windows XP. There's too many damn browser exploits out there right now that sail right past IE 7 and Firefox 3 and will infect your machine. (Worse, these infections are present on a lot of mainstream websites, so it's no longer an issue of browsing the darker side of the net.)
Seriously, spend the $40 or whatever for Acronis and learn how to make images of your system disk. It saves a lot of time down the road when you can just restore to a known-good point in time.
Perhaps what we need is an RFC hall-of-shame... when we find websites that don't support the +, add their domain name to the roster.
Like rfc-ignorant.org?