I was about to submit a request for a feature in the webmail software I use when I got lost in link-land.  I stumbled upon the “Executive Blog” for VMware.

http://blogs.vmware.com/console/2010/01/vmware-to-acquire-zimbra.html

It turns out that today my webmail suite was purchased by VMware.  In the blog VMware’s CTO explains how the acquisition of an open-source email is directly in line with their vision of advancing cloud-computing and simplifying IT for everyone.  I couldn’t agree more on this cause, as everyday computing has become too complex and for everyday users to make sense of.  There are far too many applications written for systems today for any one user or administrator to wrap their heads around.  While all of these great new applications are innovative in many ways, the issue of information overload continues to grow in direct proportion to the number of new applications.

There is no longer any time for a system administrator to become intimate with a piece of software.  Particularly if that system admin is required to use an additional dozen applications to help maintain that single piece of software.  The best example of this is Exchange.  All email systems are generally the same, I just happen to have the most experience with Exchange.  Not only do I have to understand all the inner workings of Exchange, it is generally a requisite of an email admin’s job to know the client software.  So now I need to understand Outlook, Thunderbird, and Entourage.  And of course Outlook Web Access.  And don’t forget the different versions.  Some places still have Outlook 2000 and XP clients. 

So I have the server software and half a dozen client applications to understand.  There is also the need to maintain consistent and reliable backups.  So that is at the minimum another application.  In an enterprise environment third-party software is likely used since Windows Backup isn’t the greatest solution available.   Regardless of the backup solution, knowledge of an additional application is necessary. 

And since I’m using email administration as my example, I can’t forget to mention spam.  Spam and junkmail are accounting for up to 90.4% of the traffic running around the internet!  (see previous post Permanent Link to Junkmail has to be stopped).  With this much junkmail you MUST have some sort of antivirus and spam filtering software on your servers.  Another application is added.  Sometimes spam and junk filtering isn’t enough, you have server-level A/V on your systems that needs to be managed, and you might have a firewall to contend with, SPF filters, reverse dns records, disclaimer products, mobile devices, Blackberry Servers, archiving, e-discovery, and the list goes on.  Not only do you have all this software that goes into making a reliable, functional, distinctive, and hopefully seamless solution for your customers, but you also have all that support software you have to call up when something goes wrong.

Coming back around to the original topic of cloud and whether it is a bad thing, I heard the argument recently that cloud will destroy the competitive nature of software, and stifle innovation.  The argument supporting this follows the logic that once everyone agrees on a particular platform such as linux, and agrees that all code from here until the end of time will run on linux, that innovation and creativity will lapse as a side-effect.  The direction the argument was making is that cloud computing will not come to fruition, and once companies realize this they will stop pursuing cloud, and refocus on what makes their software solutions different. 

My argument doesn’t take an entirely contradictory stance to this idea.  I do believe that if a common platform is ever agreed upon, that innovation in that platform will slow down.  This will mainly be due to any innovations made to the core platform will likely be excluded from the majority of systems.  Because any innovation outside of the core platform will not be beneficial to every single system the innovation is therefore superfluous to the core.  There would be likely few if any dramatic recreations or modifications of that single core platform.

Where my argument differs is that the core platform itself, and IT as most people have come to think about it will stop existing as we know it today.  I don’t believe that large companies, corporations or institutions will ever outsource their IT infrastructure completely.  Regardless of the price savings of software as a service, large entities will always want in-house and custom tailored solutions that can provide a competitive edge against their rivals.  Where cloud computing and software as a service are really unstoppable is the consumer market.  No regular consumer wants to worry about upgrading their motherboard every time a new OS comes out.  With as many stories floating around about everyone not having enough time, people will start to realize that having to manage their own computers is a daunting chore.  And that chore is going to continue to get worse and worse for the end consumer.  As the OS field gets more and more fragmented between Linux, Mac, Windows, and Google, fewer and fewer people will be able to call in their friends in IT to help with a problem.  This will lead to a revolt on the current business model by word of mouth spreading between non technical people as to what is easiest.  I don’t think it will take more than 5 to 10 years before consumers have figured out that their time is being robbed by having to know what the heck a driver is.  Why should a standard user ever have to know what a driver is!  Why should they?  So they can update it themselves?

Let me put it to you this way:  How many people know how to change the oil in their car?  A few.. maybe even half of the people who own cars.  But how many people actually change their own oil?  I imagine the number is far less than half.  People can pay an insignificant fee every 6 months and have someone else do all the work.  There is an argument that you could save a few dollars by doing it yourself.  But I believe that having someone else do the work, and particularly having a “professional” do the work for you, frees you from something that would have spent your free time, and caused you to have to learn something completely outside your passions and professional career.  Unless you work on cars either for a hobby or for a living, I doubt you change your own oil with much frequency.

It is that realization that consumers and end-users do not need to know what is under the hood of their computer, which makes me believe that cloud is coming and it is a force to be reckoned with.  It will not hit large corporations.  It will not hit institutions that have dedicated staff who make the IT decisions and strategies for them.  It will hit consumers and small businesses.  People that are spending more and more of their time doing less and less of what they need to be doing so they can live their lives and make a paycheck.  Cloud is coming with a vengeance if you are not looking out.

I envy the future of the IT consumer.  IT will become a household utility no different than gas or electricity.  Just like the TV it will be synonymous with the American household, and no one will have any need or idea how to fix it themselves.  But unlike the TV there will be no need to call the “computer repair man” because the cloud company that leased the unit, provided the internet connection, and supports the device, has already received a notification that there is a problem, and there is already a technician on the way.

I say pay the professionals to deliver a service!  Let them deal with knowing and understanding what applications there are.

NOTE: I have only verified this topic with Windows server 2003.  I expect the same or similar behavior from Windows XP.  It is possible that Windows Vista, 7 , server 2008 and everything after is affected if you use only the simple GUI.  I doubt this will be an issue with the “advanced config” tool.

There is a scenario with a GPO that allows traffic on lets say port UDP 8081.  You computer has the GPO applied and has been restared.  Inside the GUI you would see the GPO defined port exception listed.  And if your GPO settings allow you to add an additional local exceptions, you could add an additional local exception for UDP 8081.  Perhaps deviating from the GPO by only the scope.  The port exception will show up in the GUI in bold and all seems well.  But then you restart you computer and the newly added local exception disappears from the GUI.  When you try to re-add the exception you receive the error

“The Port ‘EXCEPTION NAME (43)’ cannot be added.  An entry for the same port ‘EXCEPTION NAME (PROTOCOL PORT)’ already exists.”

 

No it doesn’t… it’s not in the GUI!  As it turns out the rule does still exist.  As you add host-based port exceptions that operate on the same port as the GPO, you will need to look elsewhere for your disappearing rules.

You can try in the registry:

check the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\
(continued)Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

Or you can try the command-line interface for the firewall:

1. open a command prompt and run command “netsh”
2. type “firewall” to switch to the firewall interface
3. type “show portopening”
4. if your port exceptions are already defined  you will seem them here.

If you like you can delete them here using the command:

type “delete portopening NAME_OF_EXCEPTION” example “delete portopening TCP 9898″ and then recreate your port opening in the GUI.

Even if you do recreate your rule in the GUI it will disappear from there the next time you restart.  Become familiar with the CLI if you plan on using Windows Firewall with GPO’s and local port exceptions.

This flaw does give me a bit of pause to consider the security ramifications of this. If I were aware of this flaw it would be very easy to hide a firewall rule from the average user under the above circumstances. It’s a good thing that most people who are part of a domain using GPO’s do not use Windows Firewall as the sole mechanism blocking malicious traffic. This also shows that Linux admins are right when they talk about needing to know the CLI for your OS.

Thanks to DJ JohnnyK for helping on this!

Did you panic when you first saw

“Service Unavailable”

A recently released update KB 973917 from Microsoft that relates to the “Extended Protection for Authentication” Architecture first added in KB 968389 is causing issues with some Win2003SP2 servers.  If the installation of Service Pack 2 on the server did not complete entirely, then some IIS related DLL files were never updated properly.  These older DLL’s were never an issue until now, and there was no obvious way of knowing that the SP2 install didn’t completely successfully.  Fortunately a resolution has been found for the application pool stopping… reinstall Service Pack 2.

 

KB relating to incomplete SP2 install
http://support.microsoft.com/?kbid=2009746

KB973917
http://support.microsoft.com/kb/973917

Extended Protection for Authentication
http://support.microsoft.com/kb/968389

The Author was mentioned in a different book “The Future Files” that I read a few months ago.

Starting early in the morning the latest update for Avast has been tagging .exe files as a rather old trojan.

Of course the easiest thing to do is panic! Unfortunately in this case practically everything is being tagged with “Win32:Delf-MZG [Trj]“. This was brought to my attention when someone tried to run Rosetta Stone. After ignoring the first warning, this was brought up again when trying to run the updater for Rosetta Stone.

A quick search on the web found that multiple users are having trouble with this. The issues seem to stem from VPS version 091203-0 downloaded 12/03/2009. This VPS version is affecting at least the home version and the professional version.

There is an updated VPS version 091203-1 that has been released which will correct this issue. Please update your Avast by Right-clicking the “A” icon in your system tray, go to Update and select “iAVS Update” You should see a summary screen similar to this that indicates you are updated.

The official explanation from Avast for this can be read at:
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=377

I received the worst junkmail I believe I have ever read today. Not only did it attempt to discredit www.snopes.com, it attempted to do so using www.wikipedia.org as its reference.

Ignorance is out of control, and people who forward worthless email should be held accountable for spreading their ignorance.  This cycle of mass idiocy as spread through email can only end through educating the people that send these pieces of worthless mail to us in the first place.  As such the launching of an entirely new class of junkmail is about to happen.

THE INTERNET IS NOT YOUR PLAYTHING

The over usage of email has only allowed the under-educated to speak with a louder voice than ever before. When was the last time you checked your email and one of your friends, family, or coworkers had sent you a bunch of falsified, uncited, and worthless drivel through email.

We have seen virus warnings that have told us our dog was going to set fire to the swimming pool if we accidentally opened it. We have read that Microsoft and Bill Gates has made everyone but you and I billionaires by tracking our emails around the globe. We have also read that Obama is Muslim and George Bush was the antichrist. There are no limits to the number of people believing that wishes will be granted if they forward email to eveyrone on their contact list.

Neither prayers nor wishes get sent in email. God has a website, but not an email. At least not one that he checks and reads your email from.

• George Bush is not the antichrist.
• Barack Obama is not Muslim.
• I am not rich. Are you?
• Your dog will not ignite the swimming pool.

It was bad enough when all we had to deal with was spam about Viagra and Angelina. Now we are getting more junkmail from our friends who have signed up for email accounts.  Do you know why?

 

Spam filters do not check for stupidity.

And since they do not, there is only one remedy. Send this email to *ONLY* the people who bug the heck out of you and send absurd amounts of idiocy. These people operate under the guise of being well informed, when in fact they are a bunch of idiots. Do the rest of us a favor and DO NOT send this to those people who respect email, and forward only with discretion.

With those simple rules in mind. If you have received this email, you have a problem. You are addicted to spreading stupidity and lunacy, and you should stop. Please don’t forward this to your friends, and please don’t forward *ANYMORE* email *EVER*

I can only pray that by fowarding this to you my wish for less stupidity in my life is answered by sending this email.

 

---

So there is is.  The Anti-Forward Forward.  Please forward with discretion.  Perhaps a phone call is a better choice when you want to tell someone about this behavior.  If you need assistance you can visit sites like The Internet Traffic Report.  That site can give you metrics on how fast or slow the internet is, and can be a fun place to look at 8am on Monday after the next “First Snowball of The Year” starts. 

Other information can be obtained by searching for how much email is actually spam.  As of May 2009 it was estimated that 90.4% of all email sent was spam. 

90.4 percent of all email sent is spam!!!

And that means that a significant amount of our bandwidth is simply being thrown away.  Are you sick of paying $55 a month for faster internet service?  I know I am tired of that much money being spent for service.  Do the rest of us a favor and stop junkmail before it starts.  Ask your friends to “Think before you forward!”

It is an unavoidable trught: The iphone has become a status symbol of smart phones.  Other phones try to compete with it, 75,000 applications exist for it,  and iphone owners are fanatical about them.  I just don’t understand at all what is so fantastic about them.  What do they do that other phones don’t?  What can’t they to?  I have a lot of animosity towards owners and defenders of iphones, as they can’t clearly tell me what is better about them, instead of a different device.

Since I’m not an iphone user I will point out the things I find great about it, and the things I find less than great.  This article in no way claims to be unbiased, but I am trying to not be such a hater.

What makes the iphone great:

• Large 3.5″ screen.  Damn nice screen.
• Fast.  Where everyone says the inability to run multiple apps suck, I disagree as that is how the iphone keeps running so damn fast.  If the other OSes ran a single app, they would be just as responsive.
• Consumers get it.  This is great to see technology in the hands of many.

What I dislike:

• You have to use iTunes to work with it.
• You can’t tether it.
• No RDP
• No SD card slot
• Proprietary USB cord
• No physical keyboard
• Unremovable battery

None of these items make the device a show stopper for most people.  So why can’t I just let it go that more and more peole are popping up with iphones?  I feel rather like a Linux administrator trying to tell all the windows users that there is a better alternative.

I really hope someone can give me some concrete examples of why I should think the iphone is so great.  I would also really like to finid out more information on what the iphone doesn’t do.  I have seen the Droid commercials and also read the critiques of how inaccurate they are.  So what doesn’t the iphone do?  A few months ago it wouldn’t show you free/busy information from an Exchange server.  They fixed that now so I can’t point that out as a shortcoming.  As I find more and more things that I dislike about the iphone, and hopefully more and more things I do like about it, I will add it.  If nothing else so there is at least a list in one place instead of having to surf a dozen different sites.

For several hours I’ve been trying to retrace my steps on how I managed to break our Operations manager 2007 email notifications.  For 2 days now alerts are being triggered and our server’s health states are being updated, but no email was getting out.

I checked the message tracking logs on Exchange and nothing was ever leaving the OpsMgr server.  I tried to telnet to the smtp server and that worked.  I checked the logs and there was an innocuous message about the “Instant Notification” settings I were using, and how it was causing a notification workflow.  The app log message looked like this:

---

Event Type: Error
Event Source: HealthService
Event Category: Health Service
Event ID: 4509
Date: 10/8/2009
Time: 9:38:07 AM
User: N/A
Computer: OPS-RMS
Description:
The constructor for the managed module type “Microsoft.EnterpriseManagement.HealthService.Modules.Notification.Sip.SipNotificationTransportModule” threw an exception. This module was running in rule “Subscriptiond2e36701_7544_4b03_9c18_811f5d34a5fd” running for instance “Alert Notification Subscription Server” with id:”{E07E3FAB-53BC-BC14-1634-5A6E949F9230}” in management group “GROUP”.

 

The exception text is:
Microsoft.EnterpriseManagement.HealthService.ModuleException: The specified Uri : (sip:email@im.vanity.com/home) has one or more invalid elements. A valid sip uri should be of the format sip:user@host.
Parameter name: uri —> System.ArgumentException: The specified Uri : (sip:email@im.vanity.com/home) has one or more invalid elements. A valid sip uri should be of the format sip:user@host.
 

(insert lenghty description of lots of things going crunch)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

---

 

So I decided it was important to revisit my IM settings, since I knew that was what I was working on the day notifications had stopped. And there it was glaring at me in the face. the last thing I changed was added “/home” to the “Return Address” under the notification settings.

Once I removed that I proceeded to get 2 days worth of back-logged alerts. It is interesting to note that an error with the IM notification workflow actually affected the Email notification also.

I’m just happy I found it and fixed it. In case anyone ever sees the Event ID 4509 on your RMS, I would suggest visiting your notification settings.

For the last week I’ve been backing up data on my DNS-323 for the sole purpose of updating the firmware.  It’s important to have a backup just in case the device takes the RAID set with it like it did a few revisions ago.  I have had luck over the last 2 firmware updates where that wasn’t the case, but better safe than sorry.

Since the NAS is brimming with bits and has barely enough space to hold a text file this process took several hours of my time.  Mostly due to the maximum length allowed for FAT32 filenames on my destination drive.  Not Dlink’s fault in any way.  Neither is the unfortunately slow 1gbps connection which could have been faster.

The entire reason for my upgrade was to enable the use of TLS/SSL for ftp purposes.  I have a DNS-323 in another state where the ability to backup using the scheduled FTP client in the appliance would be really useful so no additional client would be necessary.   2 of the units with scheduled backups going to each other in separate states would give me that great big feeling of DR.  Unfortunately after several more hours of not only reading, but attempting various tweaks to the gamut of FTP clients I could find (including the cmdline) it turns out that the advertised TLS/SSL support doesn’t actually work past a firewall.  Maybe a little more into the RFC of secure FTP than I know, but apparently it has to do with the use of a range of ports used to transfer data aside from the statically configured port in the DNS-323 interface.  What does that mean for me and maybe a dozen other geeks who are speaking out?  It means it doesn’t work as expected.  The directory listing never comes through and nothing ever happens.  Pretty much makes my entire morning and several hours of my week useless.  I finally have something to write about so at least it’s not a total waste.

If this feature hadn’t been advertised I’m sure I would have eventually added the firmware anyway for other fixes.  Dlink is still advertising that the new firmware supports TLS/SSL but isn’t changing it to say “may not always work.”  It’s too bad that my disappointment happened instead Dlink’s success in making a customer happy.   Every time a company puts a product on the marketplace they have an opportunity to create a very pleased customer.  This is no different with firmware and updates.  Dlink had a great opportunity to expand and improve an already fantastic product.  Instead they pulled off a half-hearted attempt at doing what they could without regard to how this might make customers feel.  Perhaps it is viewed from the naive perspective that I have already paid and therefore Dlink doesn’t have to continually impress or make me happy. 

Unfortunately in the world of marketing it is incredibly important to keep the customers you already have happy.  Eighty-percent of a company’s business comes from twenty-percent of its customers right?  So perhaps keeping the customers they already have happy would have been a good strategy for Dlink.   It is too late for that as I’m willing to forgive to an extent the fact that you “can’t please all the people all the time.”  Dlink’s continued advertising of a feature that’s doesn’t actually work can easily be taken as false advertising.  It is too bad for Dlink that they are driving future purchases away from their products simply by an extremely disappointing history with another of their products.  Should the new firmware update come out in a timely fashion that clarifies the issue and resolves it, Dlink will at least save face, but the hope for me recommending another Dlink purchase has become very unlikely.

If a product says it will do a thing, then it *must* do that thing, otherwise a company is selling nothing besides temporary junk and future-disenchantment.

http://forums.dlink.com/index.php?topic=3462.msg49912#msg49912

Any one who knows me farily well, knows that I spent the majority of my youth shut indoors with my face glued to a TV that no doubt had some Nintendo game playing on it.

I just found http://www.virtualnes.com and browsed the lists of games they have. I recognized over a dozen that I’m sure I spent the better part of a week playing each one.

I think the only thing keeping me from playing them now is I get motion sick just watching the antiquated graphics flash by too quickly.

What a way to bring back memories. I’m going to go watch District 9, Cloverfield, ride a boat during a hurricane, and purge all interest in that website. Some things are better left to the past.