The Realm of the Verbal Processor

Jarvis's Ramblings

Why I Do Not Want a Mac

A bit of background…I’m an IT professional. My expertise is in the arena of enterprise level systems management. I have been working with Microsoft systems for approximately thirteen years. Occasionally I’ll get asked something similar to “why don’t you want a Mac”, “don’t you wish you had a Mac”, etc. Normally I just politely answer that, no…I don’t want a Mac…and go about my business.

I’ve been considering this blog post for a while and finally decided to write out the primary reason that I do not now…or any time soon…want a Mac.

Primarily…the reason I do not want a Mac…certain Mac users…not all of them…just the arrogant ones. Everyone knows the ones I’m talking about. They aren’t just Mac users…they have joined the Cult of Apple. They proselytize on behalf of a computer. (To paraphraseFake Steve“.) And…way too often…they treat non-Mac fanatics like they are idiots…people who simply aren’t bright enough to see that Apple is in all ways superior.

It can’t possibly be that some people actually prefer a PC. It can’t possibly be that Microsoft has ever done anything right. Can’t possibly be that there are valid reasons for a user to want a Windows system instead. And heaven forbid…don’t dare say that Windows might actually be better at something than a Mac…that’s heresy punishable by a flogging with iPod earbuds. No…the simple answer for Mac Cultists is that Windows users are just stupid. Give them a condescending pat on the head and send them away…maybe they will get a real computer someday.

And as for Apple…the company seems to want to foster that mindset. Their “I’m a Mac, I’m a PC” commercials certainly lend themselves to this.

Now I have to say…not all Mac users are like this. I am referring to the Mac cultists. Those who are snobby about their computer choice. Those who treat non-Mac people with disdain. Those who can’t speak of a PC except with a condescending tone of voice. Perhaps they don’t realize that they are treating people this way. Perhaps they simply don’t realize what they sound like. It might do them good to read this essay by C.S. Lewis on how we should treat those around us. (It would do all of us good to read that article…I know I need to be reminded often…even as I write this post.) And honestly…when people act like that…they just aren’t a lot of fun to be around. I’m not an idiot…I just have a different computer preference.

If you want to win people over to using a Mac…you’d be more successful by being nice.

So…with all that said…do I want a Mac? Simply…no.

Advertisements

November 28, 2007 Posted by | tech | 5 Comments

Mac Leopard Firewall Holes

Mac’s new Leopard operating system included an “upgraded” firewall. However, according to security researchers (Leopard Has More Holes Than Spots), it’s not exactly an upgrade. Matter of fact it had some serious issues. Such as shutting off by default (even if you had the firewall turned on before upgrading). Such as having fewer options than the previous version for what to allow or block. Such as the “block all” firewall option not actually blocking everything.

Apple has since released a flury of patches to fix many of the issues, but it begs the question…why on earth did they think it was a good idea to turn OFF the firewall by default? Again…going back to a statement I made in my iPhone vulnerabilities post…didn’t they learn anything from mistakes Microsoft made in the past and fixed years ago…going back to XPSP2?

Another note: the patches that Apple released on November 14-15. There were 41 (yes, forty-one) patches released on the 14th to fix issues in OS X and Safari. Another three patches on the 15th to address firewall issues. [Note: in the comments below, nak mentioned that these numbers may be incorrect. I got the numbers from the article linked to above. I honestly don’t know who is right…nak or the article.] Never heard any uproar about that. Now…if Microsoft released 43 patches over a period of two days to fix a single OS…I am positive that there would have been all kinds of bad press about the “demon software giant” that keeps releasing shoddy software and has to release 43 patches in two days to fix it. In particular, I am confident that Mac users would have been gloating about the “idiots” running Microsoft software.

However…Apple gets a pass. No uproar. Nothing. Heck…I didn’t even know that there had been that many patches until an hour ago. For certain my Mac friends weren’t about to say anything to me!

Anyway, thinking about all of this finally got me motivated to write a post I’ve been contemplating for a while now…Why I do not want a Mac. And my reasoning has absolutely nothing to do with the technology…

November 28, 2007 Posted by | tech | 5 Comments

Google online storage? Gdrive anyone?

Just saw an article stating that Google is looking to enter the online file storage market. That could be very interesting. I’ve previously written about online data backup (here and here), and this could be another option for that depending on what it looks like when/if it is actually released. I’m very curious as to what the price point will look like with Gdrive or whatever they end up calling it. When my Gmail account currently has over 5GB of free space…I’m very intrigued about what this will look like.

You can read more about it in the Wall Street Journal article that I saw.

November 27, 2007 Posted by | tech | 1 Comment

Securing Hard Drive Data with firepower

When a computer is decommissioned / thrown away / given away / etc. how do you wipe the hard drive to ensure that the data on the HD is unreadable? This is a topic that comes up from time to time. Knowing that there is a good liklihood of Quicken data, Social Security numbers, or a myriad of other personal data that could be mined from an old hard drive, what can be done to secure it?

There are many great programs for this out there. I have personally used DBAN (Darik’s Boot and Nuke). It works well and is free. Honestly, I haven’t looked beyond that one for a software based hard disk wiper. It works and is free. It wasn’t worth my time to look elsewhere.

However…while it works well, it takes a bit of time…and well…it lacks panache. So, a few of us have had a bit more fun with the process of securing the data on our hard drives. So, what could we do to both secure the data and have fun at the same time? How about if we add some firepower to the process? Like maybe a .45 Auto? Below is a video of my wife helping in one of our “Data Security Sessions”. She’s about 4’11” and sub-100 pounds. She is holding a Sig Sauer P220 in .45 Auto. What you see Continue reading

November 5, 2007 Posted by | guns, tech | | 4 Comments

SCCM and WSUS issues

[Update June 3, 2008: Refer to this post for issues related to SCCM and WSUS as well. The info in it might be more relevant.]

Lately I have been working with System Center Configuration Manager 2007 (SCCM)…the latest version of Systems Management Server from Microsoft. Wow is this thing powerful. I enjoyed SMS 2003, but SCCM is a huge improvement. The process has not been without speed bumps, but overall it is just simply an awesome framework for computer management.

The most significant speed bump I have had lately has been in the area of computer patching. SCCM uses WSUS (Windows Server Update Services) for its patching component. Basically you install WSUS and SCCM manages WSUS. There are several settings that need to be lined up for this to operate. Links to those settings can be found here, here, and here.

A couple of the things to make sure are in order are:

  1. Proxy settings on the SUP properties are set correctly. (Use it or not, and if so make sure it is pointing to the right place.)
  2. On the SUP component configuration, ensure that the port numbers are correct. If WSUS is installed to the default web site, the ports should be 80/443. If it is using a custom web site, it defaults to 8530/8531…unless you told it something different. Open IIS Administration to check the properties on the WSUS Administration web site to see what it is set to. Make sure the ports in IIS and the SUP component match.

I had all of those settings lined up per the documentation (no proxy required…ports configured correctly), but was still getting errors. I first reported these issues on myITforum.com and a TechNet forum.

Basic gist is that after setting things up per documentation, SCCM was not able to successfully connect to WSUS and manage the WSUS settings. The SMS_WSUS_SYNC_MANAGER log shows that the synchronization failed because of an HTTP 401 “unauthorized” message. This is followed by another log entry that states “SMS WSUS Synchronization failed” because “WSUS Server not configured”. It also gave the incredibly helpful [sarcasm] error code of “214500037: Unspecified error”.

Continue reading

October 23, 2007 Posted by | ConfigMgr, tech | 19 Comments

iPhone Vulnerabilities

Saw these links today about vulnerabilities in the iPhone that I thought were quite amusing given how much Apple users poke at Microsoft about security. Basic gist is that all of the applications on the iPhone run as root. So any exploit that gives you shell access gives you everything. Apparently Apple didn’t learn from the “everybody is an admin” mistakes that Microsoft made in older OSes. This could be really comical to watch…or scary depending on how many of them make it into the office.

http://www.eweek.com/article2/0,1895,2191373,00.asp

http://www.eweek.com/article2/0,1895,2197476,00.asp

http://blog.metasploit.com/2007/10/cracking-iphone-part-21.html

http://blog.metasploit.com/2007/10/cracking-iphone-part-3.html

A couple of interesting quotes from the first article…

“The iPhone has been turned into a “pocket-sized … network-enabled root shell,” said H.D. Moore, thanks to the well-known security researcher having published shell code for the smart phone and instructions on how to use it as a portable hacking platform.”

“A rootkit takes on a whole new meaning when the attacker has access to the camera, microphone, contact list and phone hardware. Couple this with ‘always-on’ Internet access over EDGE and you have a perfect spying device,”

“It’s going to be such good times,” one blogger wrote after Moore published his findings. “…we have the accessibility/vector. What we need are market saturation (some predict 14M sold by end of 2008,) a mesh networking application (or something to cross-connect the myriad of networking options) and an attractive application to encourage the owners to share amongst each other (say, some funky music sharing application or social networking tie-in, or instant messaging.) That’ll lay the ground work for some very effective malware.”

October 18, 2007 Posted by | tech | Leave a comment

Online Backup…encryption

While talking with a friend about the combination of Amazon S3 and JungleDisk, he asked me a simple question…”who holds the encryption key”. Basically the concern is that if the encryption key is known by or obtainable by someone, then the encryption is worthless. It got me thinking and doing a little digging.

By default JungleDisk uses the “Secret Access Key” from your Amazon S3 account. It’s long hairy and convoluted…very secure…but it is also a key controlled by and viewable by Amazon. And since the encryption key is essentially the keys to the kingdom…I don’t want anyone other than me and my wife to know it.

Therefore…I deleted the 5.5GB that I had already uploaded…changed the encryption key…and restarted the upload.

Big thanks to Tim for asking the right question.

Related post: Online Backup.

October 11, 2007 Posted by | tech | 3 Comments

Online Backup

From time to time I get asked about what I would recommend for backup of data on your computer. My answer has changed over time. There are several factors to consider for backup of data…amount of data, worst case disaster recovery, ease of use, etc.

I used to recommend that people get an external hard drive for data backup. The problem with this is that people simply don’t run the backup and typically the drive never leaves the same house that the computer is in. If you have a fire/tornado/etc (worst case), then your backup is destroyed along with the original data.

Now I recommend one of two online backup services. They have different pluses/minuses. NOTE: a high speed internet connection (DSL/Cable Modem) is necessary for this option. If you don’t have that…back up to CD/DVD/Hard Drive…and make sure you always have a copy of your backup at another physical location…preferably a long distance from your home. (Think Hurricane Katrina).

The first one is Mozy.com. VERY simple interface. Automated backup (I think the default is to backup any new or changed file every two hours.). Very reasonable price…for home users it is $4.95/month for unlimited data backup. If your data is less than 2GB…you can use Mozy’s free service. Very nice.

Second is Amazon’s Simple Storage Service (S3). This one has the potential to be significantly cheaper. Just in raw storage, you would need to have 33GB of data to go over the $4.95 that Mozy charges for unlimited. I currently have over 9GB on S3, and my bill last month was $1.46. Now…here’s the trick…it’s not nearly as easy as Mozy. If you aren’t an advanced user…just go with Mozy. If you are more advanced…read on.

You can read about and sign up for S3 here. What that does is give you the account to be able to upload your data. Amazon does NOT provide a client or mechanism for doing the actual upload. That is where the third party apps come in. I have used two clients. Currently both are installed on my computer. I’m still determining which I will end up using long term. JungleDisk is commercial software that costs $20 and has a lot of functionality. There is a free 30 day trial. S3 Backup is currently at Beta 12. It’s currently free…who knows about after it goes gold code. I have used S3 Backup before and was happy. It had a few quirks (but that was at Beta 9 or 10). There have been some improvements. I am looking at both of them now and will post again with the results of my evaluation.

Related post: Online Backup…Encryption.

October 10, 2007 Posted by | tech | 2 Comments

Interesting "Notebook Accessory"

Just for grins, I was configuring a Dell laptop this afternoon to see what my current laptop wishlist would cost. On the last page, there were a couple of “Notebook Accessories” that I could add to the cart if I wished. One of them was a quite interesting “accessory” for a laptop.

Now…what accessory pray tell would cost nearly $8000? Well, glad you asked…Say what? THAT’s an interesting “accessory”.

August 15, 2007 Posted by | tech | Leave a comment

Access Denied (part 3…conclusion)

[Note: This is part 3 of a three part series. You might want to check out Part 1 and Part 2 as well. This post is verbatim what I posted in a thread on myITforum.com.]

Access is Denied doesn’t always mean you don’t have permission

Over the last couple of weeks I have been experiencing an odd “Access is Denied” issue in SMS. I posted here once and no one was able to help me fix it. I finally broke down and called Microsoft. I got the issue fixed (after 21 hours on the phone over a three day period), and wanted to post it here in case anyone else experiences this down the road.

Description of the problem/symptoms:
While attempting to update distribution points on a package, it fails to update. When adding a new package, I was unable to add a DP to the package. When I checked the SMS_DISTRIBUTION_MANAGER messages and I have a message that looks like:
>>>>>>>>>>>>>>> 
SMS Distribution Manager failed to access the source directory “\\server\share\app” for package “XYZ00099”. The operating system reported error 5: Access is denied.
>>>>>>>>>>>>>> 
 
My site is running Advanced Security, so I have already confirmed that the site system (server name) account has permission both on the share and the NTFS permissions. I even have looked on the “effective permissions” tab and confirmed that the server account has permission. It has Full Control rights to the share/folder.

As part of my troubleshooting, I opened a command prompt as system (“at <1 minute into the future> /interactive cmd.exe” at a command prompt), and then tried to map a drive as system using the pushd command. It got “access is denied”. Again…I had already confirmed that permissions was not an issue…at least in this instance “Access is Denied” did NOT mean “your account doesn’t have rights on the file system”.

As part of the troubleshooting that took place while on the phone with Microsoft, we discovered that if we attempted the command “pushd \\server\share\folder”, we got the “Access is Denied” message. However if we used the FQDN for the same server (i.e. pushd \\server.domain.com\share\folder), it succeeded. So…confirmation that it is not permissions…it is name resolution.

After many more hours on the phone, we were looking at the IP properties on the problem SMS server. On a whim, one of the Microsoft guys asked if we could change the DNS Suffix Search order. After changing the search order and forcing that change to take effect, everything suddenly started working correctly. If I switch the search order back…it breaks. Very easily reproducible.

So…the root cause of the “Access is Denied” messages was a name resolution issue…NOT a permissions issue.

May 24, 2007 Posted by | tech | 3 Comments

Access Denied (Part 2)

[Note: This is part 2 of a three part series. You might want to check out Part 1 and Part 3 as well.]

Spent eight and a half hours on the phone with Microsoft yesterday. We ended up not resetting the secure channel. Another Microsoft guy from the Directory Services team got on the line and wanted to do some more testing. Honestly I was getting perturbed with him because it looked like he was just doing the same things that we had already done the day before. However, three hours into the call…around noon…he discovered something. If we attempted to connect to a 32 bit server, using the netbios name resolution (i.e. \\server1\share1) we got access denied. However, if we connected using the Fully Qualified Domain Name (FQDN) (i.e. \\server1.sub.domain.com\share1) it worked like it was supposed to. So…Access Denied didn’t really mean that we didn’t have permission in this instance. It meant that it couldn’t figure out what I was trying to access.

So, why was I still on the phone for another five and a half hours? Because our files are not specifically on a standard server share. They are on a Distributed File System (DFS) share in Active Directory. This is a share at the domain level…not at the server level. That name is already an FQDN…yet it still gave access denied. That issue is still not resolved. The Microsoft guys will be calling me back on Monday afternoon to continue working. I really hope we are able to resolve this soon. I’m honestly tired of working on it…and it’s not like I don’t have a LOT more work that I could be doing!

One funny note from Friday. We are using an “Easy Assist” session for this troubleshooting. This is a way that the Microsoft guys can see the system and even allows me to give them control, so that they can “drive” the session. Over the course of the day, we kept opening more Remote Desktop sessions to other servers, more Explorer windows, more command prompts, etc. At one point it struck me how many windows we had open, so I counted them. At that time we had 23 windows open. It kept going up and down by a few for the rest of the time. It was comical to see that many windows open at once.

May 19, 2007 Posted by | tech | 3 Comments

Access Denied

[Note: This is part 1 of a three part series. You might want to check out Part 2 and Part 3 as well.]

Okay…warning to the non-technical…this will be the most technical post I have made to date.

I am an SMS Architect for Campus Crusade for Christ. Our SMS 2003 environment is in Advanced Security mode. The way that Advanced Security operates is that to get access to other SMS servers or access to network shares and resources, it uses the computer account of the SMS Site Server. (i.e. if the SMS server is named Server1, it uses the computer account named “Server1” for accessing resources…not a user account which is the normal way.) Note: this is all in layman’s terms…

So recently we had an issue in our site where the SMS server (I’ll call SMS1) suddenly was no longer able to get to the source files of the Microsoft patches. These source files exist on a separate server that I will call File1. File1 has a folder that is shared (Share1). SMS1 (the computer account) has permission on this share/folder. This has been working fine for nearly two years.

So…the problem comes last week. Suddenly SMS1 is getting “Access Denied” when it tries to connect to the share. After checking the permissions, I have determined that the perms are correct…SMS1 does have permission, but it is still getting access denied. So, I set up other shares on other servers to test with. I got the same result on all of them…well, all but one. On one mysterious server the permissions worked as they should. After a couple of days of trekking down the wrong trails, I finally realized the difference. All of the servers that failed were running 32 bit versions of Windows Server 2003. The one that worked is running the x64 edition. I found another x64 server with the same result.

So…today I was on the phone with Microsoft support…for nine and a half hours. I had at least two and up to four Microsoft engineers on the phone with me all day today. Tomorrow morning, we are picking up where we left off. The next step is to reset the secure channel on the SMS1 computer account. Honestly, I’m not sure exactly what that means. I will say this…I was glad for the Microsoft PSS guy that was the lead on the issue today. All I know about him is that he is from Dallas and his name is Ed Walters. Ed…you are professional, friendly, and you do a great job of explaining the process that you are going through in troubleshooting. It also was very nice to have a PSS who listened to the process that I had already been through and didn’t make me go back through the same troubleshooting that I had already done. Good job, and thank you.

May 17, 2007 Posted by | tech | 2 Comments

Microsoft Certified Professional

Thanks to encouragement from my friend Tim…who is freezing in Minnesota…I registered for and took my first Microsoft certification exam. I took 70-089 (Planning, Deploying, and Managing Microsoft Systems Management Server 2003) this morning. I passed with a score of 921…which makes me officially an MCP.

January 31, 2007 Posted by | tech | Leave a comment

SearsPhoto…WHAT are you thinking?????

Got this e-mail from searsphoto.com. Note that they included full login info (name AND password) in the e-mail…SENT IN CLEAR TEXT ACROSS THE INTERNET!!! What are they thinking??????

January 16, 2007 Posted by | tech | Leave a comment

Outlook 2007 RSS Feeds installed by default

Ran into this this morning. It appears that by default, Outlook 2007 installs with a few RSS feeds being pulled down. (See the screenshot below taken from a co-worker’s computer.) I didn’t realized that this was going on. The M$ at Home and M$ at Work are pre-populated with stuff going back to January 2005. The MSNBC News one starts when you install. I installed September 27, 2006. I had over 1000 items in that folder (MSNBC News)…taking up 5MB of my mailbox…and I didn’t know it was there!!!

Unless IT people disable this early on in their deployment of Office 2007, this could quickly eat up a lot of users’ mailbox space that users don’t know about and/or don’t care about. This shouldn’t have much effect on Exchange disk space because of single instance storage. I’m more concerned with users’ mailbox limits. In three and a half months, this grew to over 5MB on my system…In one year, this would be 20MB. My mailbox limit is 60MB. That would be a third of my mailbox taken up with garbage that a typical user wouldn’t even know is there…or care if they did know it was there.

January 15, 2007 Posted by | tech | Leave a comment

Two Cool Utilities

I don’t do a lot of exploring of new computer utilities. I am pretty content with whatever I am currently using unless I get to a point of true frustration in trying to do something. My co-worker (Philip) does do a bit of exploring…and I have asked him to let me know when he finds something that I might be interested in. He did so recently.

Frustration #1 that I have had recently is a photo manipulation program. Something that goes beyond basic cropping and red-eye reduction. I had used GIMP for a while. It is very powerful…but “user friendly” is not on it’s feature set. Philip recently told me about Paint.net (www.getpaint.net). WOW. This program has a LOT of power and features…but is very easy to use. I won’t go into the feature set, but it is very good and best of all….FREE.

Frustration #2…desktop search. I have been using Google Desktop search for a while, but was frustrated that when I wanted to look for some random file (.exe, .bat, .vbs) I couldn’t use Google Desktop…it didn’t index those files…or it had to be set up special to do something like that. Enter Philip’s latest find…Windows Desktop Search (http://www.microsoft.com/windows/desktopsearch/default.mspx). Plain and simple…this thing rocks. It is customizable for a typical user to only search My Documents and E-mail, or for a more advanced user like myself to search the entire hard drive plus e-mail/etc. Once it is done indexing, it is really fast. Really, really fast. Personally…I’m sold.

August 29, 2006 Posted by | tech | Leave a comment

Zero to Expert in One Week

So…our office is being reconfigured. Long story, but new office furniture is in the works. It has been a long plan. Well a week ago last friday, we get the realization that no planning has been done on how the wiring of the new furniture is going to take place…we need to plan it and quick.

Immediate emergency mode.

Philip came up with the statement that we have gone from zero to expert on physical network planning in one week. It has definitely been a lot of work. I have looked at the floor plans for dozens of hours at this point. My initial estimate of cable for the west half of the office is 17,000 feet of cable. Yep… 3.2 miles of cable. Lots of long hours. Lots of work. But strangely satisfying.

July 23, 2006 Posted by | tech | Leave a comment

computer rebuild

Weird thing…files just started disappearing from my desktop. They were there when I shut down. They weren’t there when I turned it on the next morning. Happened on two seperate occasions. Can’t trust it anymore…time for a rebuild.

Stinky thing is that I just rebuilt the thing in March. This may be the shortest life a computer rebuild has had with me. Bummer is that after the “standard” office install…I have more than 30 other programs and modifications to make for my install. Special text editors, plugins for Outlook, system admin programs, etc. Not to mention that backing up my data took well over an hour this morning. I’ve got a lot of “stuff” that needs to be culled.

I also think I’m going to change how I use my personal area on the network. Instead of syncing offline, I’m going to experiment with saving everything to the “My Documents” area and using RoboCopy to back it up to my personal area…with compression if RC supports that. We’ll see.

July 7, 2006 Posted by | tech | Leave a comment