Information about joeware mixed with wild and crazy opinions...
Microsoft Surface – http://www.microsoft.com/surface/
Tabletop computers. MSFT is saying they came up with this, but I swear I recall seeing a show a couple of years ago on this and the work was being done on it at a university. Match concept up with OLED and we have something cool. Wall displays, desk displays, etc that can interact with you.
Microsoft Silver Light – http://www.microsoft.com/silverlight/
Flash replacement, very pretty demo. Love the logo. Very futuristic.
Microsoft gives Vista’s Windows Mail the heave-ho
Beta of Windows Live Mail replaces Vista’s, XP’s built-in e-mail
So anyone who used Windows LiveWriter, beta 2 is now available. Looks quite a bit different. More complex. Doesn’t open a new window for every new blog post which is nice. I keep seeing my CPU on my laptop spike up to 80-100% for bursts with WindowsLiveWriter.exe as the culprit when using it though. Not sure what that is about. Still can’t publish images to WordPress either now that I have upgraded to WordPress 2.2. I looked around and some people are saying it is an issue and others are saying it isn’t an issue. I fully suspect it is something in WordPress because multiple versions of LiveWriter could publish images to the previous version of WordPress I was running (something quite old, I don’t recall now) and the instant I upgraded to 2.2 it all broke.
Go get the new LiveWriter here —> http://windowslivewriter.spaces.live.com/blog/cns!D85741BB5E0BE8AA!1272.entry#comment
I would recommend keeping the old install binaries around just in case you want to go back….
I tried to upgrade a Vista RC2 to RTM last night, it didn’t work so well. Normally I don’t upgrade, I don’t trust upgrades. It wasn’t my computer though and there was a bunch of installed software and I didn’t want to mess with it. RC2 had been running fine and it wouldn’t have needed an upgrade only the time bomb is May 31 and it was about to die.
So I said, MSFT says upgrades work fine now… So I tried… It loaded up and then started blue screening only it was bouncing so fast I couldn’t even read the blue screen message and nothing was being written to the harddrive even though it was all configured. I booted in safe mode and it during driver loading it listed crcdisk.sys as the last loaded but no clue what it did after that when it crashed again. I tried a repair, nothing, tried chkdsk, nothing, got a command prompt from the repair screen and the drive was working just fine as I could read anything I wanted. Nothing funky with the system that I could ascertain, no additional drivers needed for the disk drive, etc.
Performed an upgrade rollback which went quite well. Started unloading any “touchy” software such as Daemon tools, etc. Cleaned up the disk really well, told it to update everything to latest versions, etc. Ran upgrade advisor which said everything was perfect. Started upgrade again, went beautifully until I notice the machine rebooting over and over again. Same issue. I told it to rollback again and went to sleep.
Next morning (i.e. today) I started into it again and removed even more software and told it to export the settings for the users (using the Migration wizard stuff to a file – pretty cool) and also Windows Mail account and messages exports. Upgraded again, still no joy. Rolled back, then told it to install a clean second copy of the OS. That worked flawlessly… damn upgrade.
So I installed a clean version on the original partition and just went on from there where I likely should have started in the first place. As you can imagine, I am no closer to trusting upgrades. I spent the better part of the day reloading all of the software and getting the settings right.
Some complaints:
1. The settings export missed things like backgrounds, etc. Still trying to work out everything it missed.
2. Windows Mail lets you export accounts and messages. Message import worked great. Account import blew up with some odd error. I then try to set the account up manually, it is a hotmail account… Guess what, Windows Mail in RC2 lets you access hotmail, Windows Mail in RTM doesn’t… Beauty. I found a tool called FreePops which helped out here. Loaded it and then configured Windows Mail to get my hotmail through the freepops localhost server. If I hadn’t found that, the mailbox would have been converted over to GMAIL with Hotmail just autoforwarding. No clue why Microsoft thinks it makes sense to turn off POP3 like that. Not like they are delivering anything else that would make someone choose them over one of the other free email providers.
3. Trying to clean up the old instances of Windows was terrifically painful. Well the old instance on C: wasn’t too bad, the cleanup tool cleaned it right up. But cleaning up the temp copy on D:, the cleanup tool completely frelled it up and missed most of it. I then had to go in, take ownership of many folders including Windows, and several under Program Files and then after taking ownership set the ACLs so that I had FULL CONTROL so I could delete the damn things. Took me a while to figure out why I had 2GB missing until I realized the hibernation file had to be taken out the same way.
4. I went looking for the background image and found on the new install that it should be in a specific folder in the users folder of the old install which was, nicely enough saved (until I smoked it). Well I went into the folder and sure enough, MSFT doesn’t feel you should see that stuff so hides it by default, luckily I had the path so I went in anyway. Then once in the folder structure, I tried to search for all JPGs, it couldn’t find a thing. I do the search from the command prompt and I hit several hundred JPG files…
I don’t know about you, but Vista is getting too much up into my grill and assuming too much about what I want it controlling. Getting to be time for my yearly FreeBSD check up. I mean I am thrilled about many of the underlying security enhancements in Vista but the “for use by computer newbies” enhancements that I cannot shut off are too much. If Microsoft continues to assume all of its users are morons, that is, in fact, what will happen as the non-morons get sick of being treated that way and wander off and use other OSes.
joe
I have an issue with Cell Phones… Or maybe how they are marketed. I realized I wasn’t carrying my Cingular 8125 around very much unless I was working and had to because, quite honestly, it is a big fat brick and sounds crappy without my Jawbone BT Headset[1] which means something else I have to carry. We are talking about someone who pretty much doesn’t want to wear any more than a pair of shorts and a t-shirt, no shoes, no socks, no nothing else. Even my wallet is annoying, can’t wait to embed a chip in my arm with my ID info and credit card info[2]. You can imagine the overwhelming desire I have to carry a brick of a phone and a BT Headset that I have to keep in my pocket because if I wear it my family all start laughing at me for being a dork and yes… When I walk around with a stupid piece of electronics hanging from my ear, I see their point. When I am working, invaluable, any other time, dork.
So the plan I have through Cingular allows me to add additional lines for like $9.99 and uses the same minutes (of which I have like 10,000 rollover minutes banked) so I was looking over the phone selection. Not a single phone said “Great voice quality, outstanding phone to talk to people with, you will think they are standing right there!”. No it was all, this phone can send text messages, use it as an MP3 player, a phone, web surfing device, paint your house, clean between your toes, etc etc etc ad nauseam features that have nothing, nothing I say, to do with talking to people. When I HAVE to talk to someone on the phone, the only thing important to me is that I can do so clearly. So I ended up ordering a small little Motorola (candy) bar style phone. No I didn’t get the Razr… I know it is the cool thing but I used one before and wasn’t thrilled with it. The phone has the camera and MP3 features and probably bunch of others, my hope though is that it just sounds decent.
joe
[1] Thanks to Ryan Dunn for recommending this… I love it. Bought two in fact.
[2] But will wait until it is actually secure. I want to have to pinch my hand really hard in a special pattern or something else like that in order for that info to be disclosed and depending on which pattern I use, different pieces of info are disclosed.
I was perusing some of the newsgroups today and ran across such a (IMO) well written response by Joe Kaplan (JoeK as I normally refer to him) to a question asked about LDAP authentication that I wanted to share it.
——– Original Message ——–
Subject: Re: Authenticate against AD + other DS
Date: Fri, 25 May 2007 17:56:15 -0500
From: Joe Kaplan <joseph.e.kaplan@removethis.accenture.com>
Newsgroups: microsoft.public.active.directory.interfaces
References: <1180116673.063188.255780@g4g2000hsf.googlegroups.com>The only common authentication method supported by all of these LDAP
directories is the LDAP simple bind (hopefully also protected by SSL).
That is the only thing that is specified in the LDAP V3 spec and is thus the
only thing they all have in common.Any of those directories may support other LDAP authentication mechanisms
such as different SASL methods that use Kerberos, or Digest or whatever and
may also support client certificate authentication. However, that will
vary by directory. AD supports a SASL mechanism called GSS-SPNEGO that allows
“Windows negotiate auth”, which is the normal Windows authentication
protocol that selects between Kerberos and NTLM. When you use
“AuthenticationTypes.Secure” in S.DS, you are using GSS-SPNEGO which
translates to Kerberos or NTLM. AD also support SASL Digest auth and
client cert authentication.To authenticate against AD in Windows, you don’t need to use LDAP. You can
just talk to the negotiate protocol directly using SSPI as you said or call
the LogonUser API, which eventually does the same thing under the hood.I recommend against using S.DS for LDAP authentication as it scales very
poorly. The design of ADSI works directly against scalability for this use
case as ADSI opens up a new connection for new set of credentials it sees
and you can basically just run out of sockets if you try to do too many in
too short a time. If you must use LDAP auth in .NET, use S.DS.Protocols so
that you can control the connections directly. This is what the Active
Directory membership provider in ASP.NET 2.0 does.The big problem with LDAP simple bind is that it is not secure as it uses
plaintext credentials. In order for it be secure on the wire, you must
secure the transport itself, usually with SSL. However, not all
directories have SSL support. AD supports SSL but doesn’t come configured
with it by default.The other big problem with LDAP simple bind is that the LDAP spec only says
that the user name for the authentication must support the full
distinguished name. Other names may be supported, but the DN is the only
common denominator. However, most users don’t know their full DN in the
directory or wouldn’t want to type that, so you may need to accept a
shorter user name, search for the object in the directory to get the DN and then
execute a bind with the DN you found. However, that requires a service
account to do the search, which creates a configuration issue, as you must
store those credentials securely. Some directories like AD allow you to do
a simple bind with other user name formats and might allow you to skip the
searching step, but you can’t necessarily count on that.So, this problem is hard to solve in general. You might consider creating
some sort of a provider model that allows you to plug in different models
that work slightly different for different directories and give you
control.
Another way to look at it is to turn the problem on its head. If you
designed your application for federated logon, where you accept some
sort of signed SAML token from a trusted partner, then you can push the
authentication of the end users off on the partner. Problem solved. 🙂Best of luck!
Joe K.
—
Joe Kaplan-MS MVP Directory Services Programming
Co-author of “The .NET Developer’s Guide to Directory Services Programming”
http://www.directoryprogramming.net
—
<weinjare@msu.edu> wrote in message
news:1180116673.063188.255780@g4g2000hsf.googlegroups.com…
> Hi,
>
> I am working on some C# to authenticate against an AD, but also among
> other types of directory services, namely openLDAP, Novell eDirectory,
> and SunONE DS, and I am curious to hear if there are already solutions
> published for this.
>
> I am currently using S.DS to authenticate, and switching the
> AuthenticationTypes depending on the type of DS I am authenticating
> against.
>
> I have heard some mentions of using SSPI, but I doubt that there is
> support for authenticating against non-Microsoft directories with
> SSPI.
>
> Does anybody know of best case solutions for authenticating against
> multiple directory servers with different setups (such as Kerberos,
> SSL/TLS)?
>
Why is it that people think they can say, “Yeah I am getting Event ID 1000, do you know why that is?”
For the record, Event IDs are not UNIQUE. You need to know the Event Log, the Event Source, AND the Event ID.
Maybe it is the only Event ID 1000 that person who is asking the question has ever encountered, but why…. why would they assume that that is only possible Event ID 1000 that could possibly exist? If that is the only one you have encountered, the only thing you can assume is that you don’t have a clue if there are others. Assuming it is unique is hell of an assumption coming right out of the gate. It is like assuming because you saw a penguin as your first bird that all birds were flightless, black and white, ate a lot of fish, and are really good in movies…. THINK PEOPLE!!!
Just for those who think that possibly Event ID 1000 might be unique, I ran a little useful utility I have for myself (I might sell it one day if I get around to it) that dumps all of the events on a machine to a text file. I do that on my Windows Server 2003 laptop I am typing this on and then I run GREP across all of the text files produced for all of the event logs and it comes up with the following counts for Event ID 1000:
File k385002.joe.com – ADAM (instance1).txt:
2 lines match
File k385002.joe.com – Application.txt:
36 lines match
File k385002.joe.com – Security.txt:
3 lines match
File k385002.joe.com – System.txt:
11 lines match
That is 52, yes FIVE TWO, different Event ID 1000 events… 36 alone in the Application log. Say you narrowed it down to just the System Event Log, what do you have then? 11 events with that Event ID…
File k385002.joe.com – System.txt:
“1000” “1000” “” “%1” “c:\windows\microsoft.net\framework\v2.0.50727\eventlogmessages.dll” “System\MSDTC Gateway;System\MSDTC WS-AT Protocol”
“1000” “1000” “” “Your computer has lost the lease to its IP address %2 on the\nNetwork Card with network address %1.” “c:\windows\system32\dhcpcsvc.dll” “System\Dhcp”
“2164261864” “1000” “WARN” “%1” “c:\windows\system32\dmadmin.exe” “System\LDM”
“1000” “1000” “” “Faulting application %1, version %2, faulting module %3, version %4, fault address 0x%5.” “c:\windows\system32\faultrep.dll” “System\System Error”
“1073742824” “1000” “INFO” “The computer has rebooted from a bugcheck. The bugcheck was:\n%1.\nA full dump was not saved.” “c:\windows\system32\savedump.exe” “System\Save Dump”
“1000” “1000” “” “Unable to acquire a license for user ‘%1’, domain ‘%2’.” “c:\windows\system32\termsrv.dll” “System\TermService”
“1000” “1000” “” “The session directory failed to delete all the log files in the “%SystemRoot%\System32\tssesdir\” directory. The error code was %1.” “c:\windows\system32\tssdis.exe” “System\TermServSessDir”
“1000” “1000” “” “Processing media-specific event for [%1!ws!]” “c:\windows\system32\ws03res.dll”
“System\AeLookupSvc;System\Clussvc;System\DCOM;System\DfsSvc;System\Http;System\IPNATHLP;System\MSFTPSVC;System\PlugPlayManager;System\Print;System\RasMan;System\RemoteAccess;System\Service Control Manager;System\Tcpip;System\TermDD;System\TermServDevices;System\TermService;System\TermServLicensing;System\VolSnap;System\W32Time;System\W3SVC”
“2149581800” “1000” “WARN” “Unable to acquire a license for user ‘%1’, domain ‘%2’. Please check Citrix Licensing for diagnosing this issue.” “c:\windows\system32\ws03res.dll” “System\AeLookupSvc;System\Clussvc;System\DCOM;System\DfsSvc;System\Http;System\IPNATHLP;System\MSFTPSVC;System\PlugPlayManager;System\Print;System\RasMan;System\RemoteAccess;System\Service Control Manager;System\Tcpip;System\TermDD;System\TermServDevices;System\TermService;System\TermServLicensing;System\VolSnap;System\W32Time;System\W3SVC”
“3237938152” “1000” “ERROR” “%1” “c:\windows\system32\wshext.dll” “System\Windows Script Host”
“1000” “1000” “” “Processing media-specific event for [%1!ws!]” “c:\windows\system32\xpsp2res.dll” “System\DCOM”
So if you ask me, “Yeah I am getting Event ID 1000, do you know why that is?” and I respond with, “Which Event ID 1000?”, don’t look at me like I’m the one whose the idiot. Better yet, give me the Event ID and tell me the text of the message, that way I don’t even have to go try and look up the text which I will likely have to do anyway. The same machine I took the above info from has 26,199 events registered for it and it doesn’t have any real serious event log apps like Exchange, SMS, etc on it. And although I have had this machine for several years, there are still at least one or two, maybe more, of those events that I don’t have the text memorized for… Let’s be real… Most people aren’t memorizing eventids. The only time this is sort of acceptable is when there is context to a conversation and you are talking about say Exchange and someone is bitching to other Exchange people about say Event ID 9548. That is (or was – depends on your SP level of Exchange) such a huge pain point for people running Exchange in larger environments that it was usually said with a hiss and an evil look and an outstretched arm in the direction of Redmond and the Exchange developers. Context is everything… It is just like if I said “George W is an idiot…”, most people in the world are going to assume it is one specific idiot I am talking about and that I don’t mean the neighbor who lives 4 houses down on the right.
joe
…can’t you turn on auditing of the manipulation of share permissions directly either through GUI or code?
By this, I mean the permissions on the share, not permissions on the files and folders in the share. This may seem odd, but maybe, just maybe you want to know WHO is changing permissions on the share.
Just thinking out loud here…
joe
Today is a very green day. Not like the band you numpty, but like the color. Though come to think of it, some Green Day music turned way down would be nice…
Err, back to point… I am sitting upstairs in my palatial mansion (LOL – if 1800 sq ft is palatial) sitting at my laptop which is sitting on a table I keep here in my master bedroom in front of two really big windows looking out over my back yard. It is a nice back yard, I only have about 3/4 acre of property (32670 sq ft) but it is my 3/4 acre[1], well a big nod to the bank there too… but the bank rarely comes over and mows so I will call it my property for the time being…
Err again back to point… I have some nice big green trees in the back yard and I tend to keep the grass on the longer rather than the shorter side. You walk in it, you know you are walking on grass versus say, Astroturf or that cheap looking green patio carpeting. So that means the grass is very green too.
We also have sort of a gray and rainy out as well so that just enhances the general greenness and means I will likely be mowing again in two days because this is the kind of weather that the grass really likes to grow in.
I am basking in this greenness, I really like the color green. No clue why, don’t care why, I just like it. I also like blue a lot, the darker the better. I am also a fan of the various purples and combinations of all three of those colors.
I am also basking in the sounds of the rain falling and birds chirping and my keyboard keys clicking and the occasional vocalization from Trouble the black cat from the suburbs of Hell (about 13.4 miles from downtown Hell she assures me).
I am relaxing today because the last few days of this week at work were trying. Trying, I think, to make me go insane or burst a blood vessel. I was having fun in that I was learning stuff I didn’t know technically, but there were some things that MSFT did in some implementations that were just pissing me off to no end which I may write about later when I am more sedate and have less emotional attachment to the stupidity.
Also, there was a ton of pain being experienced due to management morons. Briefly one or more managers made stupid decisions last December which I and others told them was stupid then and every month we had the opportunity since. The problems that I and others forecast were all coming true and things were getting worse and worse. Management chose to ignore the problems until this week where things escalated into VP levels, etc and then all of a sudden it was all hands on deck oh my god we have to fix this with managers on con calls everywhere discussing how critical it all was but no one mentioning how the techies said months ago we were on a stupid path.
Of course, had we done things properly in the first place (as defined by what I and others said we should have done in the first place), this wouldn’t have become an issue ever let alone a 5 alarm fire issue. To be honest, it really wasn’t my issue and I very likely could have said and gotten away with… “Go away, you made your bed, now try to sleep on the spikes”. But that isn’t me, unfortunately. So this last week had me writing lots of scripts and figuring out various command line tools to make sure we fixed things properly instead of writing up documentation to hand over to a bunch of button pushers who could then inconsistently do the work so we had other issues to deal with. This resulted in little sleep and lots of time working. The fire is still going on but I gave thrown enough water in the air that it should be able to be controllable by the others involved now.
On the one side it was pretty fun, I am an adrenaline junky at heart and enjoy trying to pull off miracles to see how far I can push myself and still deliver. Also my mind comes up with interesting solutions to problems in cases like that, stuff I may not have come up with previously under normal circumstances. It felt very much like I was back in the fire doing operations (prior to the last operations job that was done properly because I got to help define what we did) because honestly, it was an operational fire drill based on management stupidity. Not my closest direct report to management, but other higher up management.
Unfortunately, I don’t get nothing near to what I got paid when I really did operations support which means I really shouldn’t be doing anything involved with OPs that I don’t like. You don’t want to hire me for an ops guy unless you are very serious about ops and you have the money to spend on it. Ops is hard to do right and I won’t do it wrong which means you need to pay me. 🙂 There are much easier ways to make the money (at least for me) that most people make doing ops so it makes no sense for me to do ops – unless I am paid properly.
So the good side was the adrenaline and fun. The bad side was the same issue that tended to occur to me when I did ops… I become single focused, everything else in life stops… I wake up at 6:45AM on a Friday (after going to bed at 3-3:30AM) and I sit down at my laptop and besides grabbing occasional peanut M&Ms and sips of Coca Cola sprinkled with restroom visits I don’t really stop until after 10PM and then I pass out. The house could collapse around me at any point in that cycle and I likely wouldn’t notice it. I don’t spend time looking out the window, I don’t spend time appreciating the singing of the birds, I don’t even get to appreciate my cat whapping at my leg because if she is, I don’t notice it. If someone asked me to summarize everything I did yesterday including phone/con calls, emails, and other stuff I couldn’t even begin. I just know this morning that just one of the scripts I put together quickly in the afternoon yesterday is just under 500 lines of code because it was sitting on my desktop when I sat down at my laptop. That is one of several scripts I put together and doesn’t include any of the testing and working out of other things which were simply me indicating how to get a command line tool to do something for us versus having to write a script. Hmm I just looked at email, I sent something like 53 emails as well. And many aren’t short, they are detailed technical brain dumps with opinion about where we are and how we got there and where we need to go sprinkled generously throughout and I wasn’t being gentle… LOL.
Yep, I am now missing 2-3 days but at least today is nice and green. 🙂
joe
[1] I have a leads on 13 acres (566280 sq ft) and 21 acres (914760 sq ft) nearby that I need to dig into though…
I love perl, absolutely adore it. I love how I can take one small exe and one small DLL and take it anywhere and get just buttloads of functionality out of the core language. Well I needed a script to tear through and document ACLs on a file system. Now I didn’t expect the core perl functionality to handle this but figured one of the modules that come with it would do the trick… sure enough, it looks like Win32::FileSecurity will do what I need. Simple example…
Aww crap, it can’t get the Security Descriptor on a file that is opened by someone else… WTF… Not only that but the module blows you right out of the script, no chance of capturing the error… I look closer at the docs and sure enough down in Known Issues / Bugs – “Errors croak, don’t return via $! as documented.”. WTF people. If you write a module you should NEVER die or croak from out of that module… Return to the script and let it decide what it wants to do. What could have and should have been a nice simple task is now going to be a bit of a pain.
So I look at CACLS and XCACLS and seriously, they are pretty poor especially if you are trying to parse the info in a script. This means I am now stripping the Security Descriptor code out of AdFind so it can be standalone and added the one line needed to get the SD from a file/directory instead of from AD. Then add a couple of printf’s[1] to write the output the way I would like it for scripting…
I have had this on the list of things to write for a long time, so good to be getting it done now. I am trying to make it as flexible as possible so I can use it for any ACL type, not just files/folders. Far handier that way.
joe
[1] Well not really but that is the basic idea, I am actually using ConOut’s and ConOutNL’s but those are my special output functions.
[joeware – never stop exploring… :) is proudly powered by WordPress.]
