Brian's Blog

This isn't really my typical bitch session about Microsoft but rather more of an observation. I'm learning the "wonders" that are Windows 2003 and am going over remote administration. I noticed a web based administration option that you can install and thought it was a cool idea. Having been reminded about Webmin on the The Linux Link Techshow I had web administration fresh in my mind. So, I installed it, checked it out, and found that it falls far shot of being capable of what Webmin is capable of. Webmin seems to have a module for just about anything and everything you would typically want to modify remotely. The list of standard modules is impressive and then there are the third party modules on top of that. So far it seems the Microsoft Web Admin console only lets you do things like change TCP/IP settings, rename the server, administer IIS, modify Local Users and Groups (not domain ones), access and modify event logs, set the date/time and reboot the system. On, you can setup E-mail alerts too which is actually a very nice addition.

So, I'm not sure just when Windows 2003 Server was released but let's assume it was released sometime in 2003 as the name suggests. Let's keep in mind that Webmin was released initially in 1997. That makes Microsoft 6 years behind the 8-ball on this one. Now, granted, the first release of Webmin supposedly only did DNS and nothing else but at this point it seems to be a very nice mature product and blows the socks off of the MS equivalent. I saw on the Webmin site that there is an alpha version of it for Win32, but I'm thinking Microsoft may get theirs up to snuff before Webmin gets there.

Anyway, that was just my observation, that Microsoft is once again imitating something else instead of coming up with real innovations of their own. Nothing that we don't already know really. Even so, I'm glad to see that they are taking into account the good things of other platforms and making an effort to improve upon theirs.

As much as love Linux I don't want to see it dominate the world. The competition between Windows and Linux forces both to improve in ways and at rates that probably wouldn't be if only the one existed.

Well, enough of my useless babble. Time to study.

Success number two for the day. I finally got off my lazy ass and got E-mail notification working so I again know when people leave a comment to a post here. Not that I ever got all that many, and most of the ones I do get are from people I know already, but still. It's nice to know when a comment is made and not find out by chance weeks later when I happen to look.

I finally got around to setting up a mirrored array on my web server today and after 2 attempts I finally got it right! Thank the gods for backups...

I used the advice from Hack #63 - "Migrate to Software RAID" in Knoppix Hacks to get it going. It seems though that this book is in need of an update. As time goes on more and more of the hacks are either different for don't work at all as written. In this case, the RAID related hacks all use raidtools2 for manipulating and created the arrays where as the newer versions of Knoppix only have the newer mdadm tools installed. This wouldn't have been a big deal except that I'm not a RAID expert in Linux and don't know enough to reconstruct the commands to do the exact same thing in mdadm as is being done in the hack with raidtools2. I even checked on O'reilly's Safari pages to see if that was updated and it hasn't been. Ultimately I just grabbed an older Knoppix 3.6 CD and used that to make the RAID.

A summary of the steps are:

1. Boot Knoppix CD
2. Make an /etc/raidtab with your existing drive marked as failed, this lets you create the array without killing your existing partition
3. Create the array then copy the entire contents of your existing drive to the new array
4. Set your existing drive as no longer failed and then add it to the array, causing the array to overwrite your existing drive with the stuff on the array This isn't a big deal since you just copied all your stuff to the array.
5. Modify lilo.conf and run lilo (covered in Hack #52 - "Repair Lilo")
6. Change all the partition in the array from whatever they currently are to type FD which is Raid Auto detect
7. Reboot and hope for the best

BTW, this isn't meant to be a how to and I've left a mess of things out. I just wanted to summaries.

So, after I went though all of this I learned that the lilo in Knoppix 3.6 wasn't happy with my system. I don't know why, but I got a screen full of "LI99 99 99 99 99" stuff. So I booted off a more current Knoppix disc just to discover that I forgot to recompile the kernel with MD support! Argh... I'm an idiot. I tried for about 45 minutes to revert back to just boot off the original drive but no matter what I did it kept looking for an /dev/md0 so I just gave up and restored from backup, then started all over again from the beginning.

Now I just need to figure out how to recover if one of my drives dies!

I was just going to run windows update on my work laptop fully knowing that I should avoid the KB905474-Windows Genuine Advantage Notification update. That particular one is the spyware one that calls home to M$ periodically. While poking around I noticed the ability to check a Don't show this update again option which I readily clicked. Check the screen shot. Microsoft must be feeling the PR pressure.

It makes me glad I use Linux!

Oh, be sure to do a Custom type of upgrade vs. the Express upgrade or you won't get a choice in the matter and the bad update will just get installed.

Oh yes, this is another one of those earth shattering revelations that I simply could not have figured out on my own if the "Geniuses" at Microsoft didn't tell me. So, here we go...

As you probably know from a previous post I'm working on upgrading my MCSE from 2000 to 2003 as a requirement for work (it comes with a pay raise too which is my real motivation). I complained about the obvious nature of this book before but this one takes the cake so far. Check this out. I'm reading the chapter on Troubleshooting Software Deployed with Group Policy and they have a nice long table of Problem/Cause/Solution info to give you an idea of how to handle certain common situations. That's a good thing and all but when you get this it makes me raise my eyebrows and wonder just how good of a book this really is.

Problem: Published applications do not appear for the user in Add Or Remove Programs in Control Panel.

Cause: The User cannot access Active Directory.

Solution: Check to see whether the user can access Active Directory.

Why YES that's such a good idea! Tell you what, how about a couple of suggestions on why a user can't access AD and how to fix it? Why are we checking to see if a user can do something that we've already established that he can not do in the cause section!?

This isn't the only time this has happened. I have seen this kind of painfully obvious stuff several times so far and this one finally made me sick of it. Looking at the bios of the editors, Dan Holme and Orin Thomas, they sure look impressive with things like "10 Years Consulting" and "clients have included AT&T, Compaq, HP, Boeing, Home Depot and Intel". You'd think they would be better then this.

A tip to M$ here, if you are going to print books from your own publishing company about your own core products they had better damn well be the best books ever on the subject. I don't care if you are paying someone else to write these things for you. Try reviewing the thing before you publish. You are, after all, the creator and supposed highest authority of the products being discussed.

My friend Chris mentioned a desire to play a little Neverwinter Nights when I hang out with him and that Bioware had recently released some nice looking Premium Modules that he'd like to play. Last night I went on over and spend the $8 on Infinite Dungeons which is a randomly generated 10 level dungeon with a minor storyline but includes puzzles and the ability to dynamically adjust to your character or party of characters. Basically, it's a mindless dungeon crawl with essentially zero plot, but that's OK because that's exactly what I bought it for.

So, I downloaded this thing and in the purchase process I had to feed the website my original Neverwinter Nights CD-Key to authorize my key to play Infinite Dungeons. What I found out after I installed it and tried to play is that you absolutely can't play it at all without an Internet connection. The reason being is that it calls home to check it's validity when you start a new game, load a saved game, or save a game. The trouble is, I installed NWN on my laptop and there may be times I won't have Internet connectivity. And, sure enough, searching the Bioware forums came up with a few people who bought it for play while traveling without Internet access. Needless to say they were not all to happy of the situation because Bioware will only refund your money if the module hasn't been activated or played on-line. At least for me, it wasn't painfully obvious that was the case and if I'd want my $8 back I'd be basically screwed. I know, it's only $8 but it's the idea.

I think what I'm running into here is the future of game and possibly application copy protection. I've seen things moving in this direction for quite a long while and am honestly not surprised in the slightest. Since the number of people with out Internet access is so small this sort of thing effects such a small number that, even if Bioware really pisses them off, it will have nearly no influence on their profits for the product.

I've never liked things that phone home. You never be sure exactly what they are up to and what they are sending back home unless you have the skill to put a sniffer on the line and analyze the network traffic. Besides, what happens when the company goes under? Or decides to stop supporting the game? What about people like me who love our retro games? I hope that Bioware has the where-with-all to issue a patch removing such silly check prior to abandoning support.

I'm fairly certain that this sort of protection will be a native part of Neverwinter 2 and that having such drastic phone home methods in the premium modules is simply a test bed to see how well it is accepted.

For some reason Microsoft decided for me that I would like have any document open from an E-mail open in something called "Reading Layout". Reading layout paginates the document so that it will fit the screen better and allow you to view two pages at once side to side on your screen. I personally find this very annoying. And since turning it off wasn't painfully obvious here's how to do it so I don't forget:

1. Click the "Tools" menu and choose "Options".
2. When the "Options" multi-tabbed dialog box appears, click "General".
3. Uncheck "Allow starting in Reading Layout".
4. Click "OK" to close the dialog box.

Some ages ago I bookmarked a how-to on setting up OpenVPN on IPcop. Basically it shows you how to install ZERINA OpenVPN addon for IPCop and then use the OpenVPN GUI for Windows to connect your Windows system to your new VPN. I'm sure that a Linux client exists but I really didn't look into that because I'm planning on trying this out with my work laptop which, unfortunately, I'm relegated to using Windows on. Perhaps I'll setup a dual boot one day, but I don't have time for that just now.

The how-to made the setup super easy except for one small problem I ran into. Using the default encryption method for the tunnel I kept getting TLS timeout errors when trying to connect. I changed the default encryption method to one of the AES ones and it started working.

I don't know if I'm going to stick with this VPN solution long term. Up until now I've just tunneled ports through my ssh session as needed to access resources on my network or used scp to transfer files so I'm not sure what advantages I will see but time will tell.

Brian in the LVLUG IRC pointed out this article at PCWorld.com that lists the top 25 worst tech products ever. I just find it amusing that AOL is number one on the list. Realplayer is in the top ten along with Windows ME, IE6, Microsoft Bob, and Sony Music CDs (think rootkit). I also find it mildly amusing that 3 of the top ten are Microsoft products.

Remember way back on Sept 24, 2005 I blogged about Barracuda Networks possibly violating the GPL? Well, I've finally gotten a follow up from gpl-violations.org. The resolution was that Barracuda now includes the GPL license text with their products and will provide a source code CD-ROM upon request. They even have source rpm files available here.

I'm glad it was resolved. It's important that corporations realize that they can't just take and use GPL software as if it was in the public domain. I have a feeling that Barracuda wasn't intentionally violating the GPL and just needed a little bit of education. I wish they would have taken the education from me instead of getting gpl-violations.org involved, but corporations are difficult to persuade.

This morning there were 1331 failed attempts to connect to my sshd over the course of 4.31 minutes. That's 5 attempts a second. How annoying. They are getting better though. This time it wasn't full of attempts at names like test or admin all that much. Actually the majority of them were names, like Jack, Marcus, and Stacy. I feel confident that the kiddies won't get in, but it still fills my logs with crap that I'd rather not see.

While listening to The Linux Link Techshow where they interviewed The Security Monkey it was mentioned to change your default port. I always thought changing the port was more security by obscurity than anything else but I tried it anyway. We'll see how much noise it culls from the logs. Perhaps it's wise to change your default port as a small part of your overall security strategy. By itself I'm sure that it is nearly useless, but combined with other things it certainly can't hurt.

Before I go off on my stupid little rant we first need some background. I'm currently reading Upgrading Your Certification to Microsoft Windows Server 2003 from Microsoft Press in an attempt to, well, ummm...Upgrade my Certification. The entire premise of this book is to just give you what you need to upgrade. In other words, review old concepts and cover new ones. Take this excerpt from the introduction for example:

This training kit requires that students meet the following prerequisites:

• Twelve to eighteen months of experience administering Microsoft Windows technologies in a network environment
• Understanding of Active Directory directory services and related technologies, including Group Policy
• Existing Windows 2000 MCSA or MCSE certification

I've noticed quite a few things that really don't need to be repeated in the context of this book since I would take them as something that any MCSE who's been doing the MS thing for a year or more should just know. For example, how to add a snap-in to an MMC. However, I can see that these things can be included for the sake of completeness. I'm fine with this. But then I ran into this one when going over backing up AD in a section called Preliminary Backup Tasks.

For example, if your backup method will involve using a removable media device such as a tape drive, you must ensure that:

• The backup device is listed on the Windows Server 2003 Hardware Compatibility List (HCL).
• The backup device is attached to a computer on the network (or the network itself) and is turned on. If you are backing up to a tape drive using the Windows Server 2003 Backup Utility, the drive must be attached to the system running the Backup Utility.
• The appropriate media is loaded into the device. For example, if you are using a tape drive, ensure that the correct tape is loaded.

Great job Microsoft! You've created a titled section to tell me that I need to use a backup device that will work with Windows, that is turned on and connected, and that I have the correct tape in the drive. Thank you Dr. Obvious! You are targeting this at existing MCSE's with a year or more experience right?

What this tells me is that Microsoft itself apparently doesn't trust it's own experienced certified professionals to know what they are doing. Please, in an upgrade exam book give me what I need to know. Don't teach me what I learned in Intro to Computers 101. The worst part is that in the review the first question was, "What tasks should you complete before attempting to backup Active Directory data?" This shows that they consider this ultra-obvious section to be of significant importance to reinforce.

Today we went and picked up my wife's new car. Well, it's not 100% new, but it's new to us. It's a Ford Focus ES. Check out the pic.

Also, for those who care, I've finally added some pics to the gallery. I was just a little bit behind.

And, for anyone who may have noticed, my server here was down for a few hours. Not that I get enough traffic for anyone to actually notice but still I thought I'd mention it. I was doing some long overdue backups and general TLC on the web server.

I got my iAudio back today from being sent back for repair. So, here we are nearly a month after I bought it and I'm actually getting to use the thing! I've been listening while studying for my MCSE Upgrade for work. (Yeah, I know. Don't say it.) This time I used the cable that came with it and filled nearly all of its 20GB up with tunes. I haven't fully read the manual but the controls are pretty easy and fairly intuitive. And even with the default ear buds it sound great. There is one very odd thing about the ear buds though. The right side lead is maybe about 10 inches longer than the right. A rather odd way to differentiate between left and right and it makes the wire a little short for wearing the player on the right hip unless you swap the ear buds.

Just as before the M5 was recognized as a USB Mass Storage device by Linux and was easily mounted. I went a little further and created a udev rule to give it a constant symlink of /dev/iaudio and modified my fstab to let me running as a regular user mount it without having to su to root. Just for kicks I rebooted into Windows and it also showed up as a new drive letter.

This thing, as far as I can tell, is 100% platform independent on the hardware side. Obviously being a USB Mass Storage device is a big plus, but you can even flash the firmware without any special programs. I just grabbed the latest firmware off of iAudio's site, unzipped it, and dropped the .bin file in the players firmware directory. Once that's done I turned it off, plugged in the charger, and turned it back on. Instead of the normal boot up screen I got an "Upgrading Firmware..." message and a progress bar. In about 1 minute it was done. Of course, the software that the player comes with runs only in Windows based on the documentation it really doesn't do much of anything that can't be done with other programs in Linux. The only feature of the software that seems unique is it's ability to grab lyrics and associate them with the song such that the lyrics scroll on the players screen in sync with the song. That's cool but not something I'd really get into except for a small handful of bands that I'm a fanatical fan of. Though I could see it as a nice thing if you could find a transcript to a speech or lecture you wanted to listen to and read at the same time. But how often does that need arise really?

Related to the player I also put on the zCover I bought. It's a molded silicon case with a hard plastic clear scratch guard for the display and a belt clip. All the holes for the various bits are molted exactly, and I mean exactly, where they need to be. There is even a hole for the built in mic for voice recording and a flap to cover the subpack/cradle port on the bottom. I don't think you could cradle the device with the cover on but I'm not sure since I don't have a cradle to try it in. The only two minor annoyances with the cover are the hole for the sliding power switch is a little deep making it a little harder to get at and the silicon seems to attract dust and hair a little. The switch even so isn't terrible to get at and I think will became easy and second nature after enough use. And the dust thing is kind of to be expected a little since the cover is made of silicone. It could also be the fact that I got the original black cover instead of the newer grayish one which would probably hide the dust much better.

I love the fact that it works in Linux and it even plays my OGG files too! No need to re-encode everything. Just for the record it supports MP3, WMA, OGG, ASF, WAV, and FLAC formats. The USB interface is 2.0 so transfers were fast. The battery is Lithium-Ion so it should last a good long time and have minimal memory effect. In addition to Windows and Linux support it claims to also support OS X. Both Linux and OS X are listed as data transfer only support. And the box claims up to 14 hours of continuous play on a full charge. I don't' know about that but I'm sure I'll find out over the next couple of days.

Time will tell if any annoyances creep up on me as I use this but so far I think it's an awesome player!

Well, it looks like I don't need to hug a porcupine after all. My dead player arrived and is in process. I should have it back in a week or two. Then I'll hopefully get to play around with it for more than 30 minutes before I kill it again.

I need to look into getting a FM Transmitter for the car. It seems, based on Amazon reviews, that not all transmitters are the same. What's a good one to get? I'll have to research it I guess. Or wait for someone to make a suggestion.

HINT, HINT.