Frizbits’ Bits

February 24, 2009

DNSSEC slowly becoming a reality (Updated)

Filed under: Uncategorized — frizbit @ 9:48 am

Although its not the full featured implementation we would all like, DNSSEC seems to be more than just something on the drawing board now.

DNS is one of the more fragile pieces underpinning the internet.  Translating names to IP addresses seems pretty trivial.  Its just a big phone book right?  Well imagine the fraud that would ensue if people could change entries in the phone book.  Anywhere.  For anyone.  More than that even, that number you always used to dial to pay your cable bill?  One day you dial the same number and as always someone happily takes your payment details but was it really the cable company?  I could go on and on with examples but lets just say that security on the internet should get a big boost from this.

To greatly simplify, DNSSEC allows us to cryptographically sign DNS records.  Someone retrieving this record can then verify that yes this record is valid (cryptographically, not necessarily accurate).  The idea is the DNS root would be signed (by the Dept of Commerce which controls ICANN right now) and the security could flow down from there.  The reality is that politics is slowing down the process.  ICANN has a temporary workaround in place that will allow top level domains (countries, etc.) to sign their namespace and have a central area to exchange these cryptographic keys.  The key exchange is a simple list right now.  This isn’t the robust solution we need to scale to cover the entire internet but its a start.  The article below points out that there is a concern that with this in place the better more permanent solution may be delayed.

There is some meat here for those of us with actual domains to manage.  VeriSign hasn’t announced their plans for .net and .com yet.  But again a workaround solution is available in Trust Anchor Repositories.  This, similar to above, gives lower level domains the ability to sign their records and publish the public keys for everyone to validate.  Again, not a permanent scalable solution but better than nothing and a step in the right direction.

Of course all this has one catch.  Just like SPF records intended to validate the source of email, publishing them does nothing until our clients and servers are prepared and configured to check for the information and then act on it.

Full article from Network World here.

Update:  VeriSign has released a statement saying they will support DNSSEC but that .com will likely be the last to get it due to its size.  They expect to have it in 24 months.

Advertisements

February 16, 2009

IE RSS feeds stop updating

Filed under: Internet Explorer — frizbit @ 10:44 am

I recently started using IE8 RC1 but I remember having this same problem with IE7 a while ago and couldn’t find a fix at the time.  This week there was a power outage while I was away and my computer didn’t gracefully shut down.  Everything was fine when I turned it back on except my feeds in IE.  None of them were auto updating anymore.  I could click they sync button and they would manually update but then no further updates would happen.  A quick search turned up a fix and I though I’d include it here if anyone else runs into it.

See the original post from the Microsoft RSS team here.

The portion that fixed it for me is below:

Check if task is corrupted

schtasks /query | findstr /i "user_feed"

Look for

ERROR: The task image is corrupt or has been tampered with.

ERROR: Task cannot be loaded: User_Feed_Synchronization-{..

If corrupted, then delete and re-create the task

msfeedssync disable

msfeedssync enable

February 8, 2009

How does Virtualization Licensing work? Tech Brief answers

Filed under: Uncategorized — frizbit @ 6:32 pm

When we deal with virtualized workloads we are usually concerned about the operating system licensing.  But what about the application licensing for the server apps running in our virtualized datacenter.  It’s usually straightforward when dealing in an all Microsoft shop but when you mix in other virtualization platforms it can get pretty hairy.

Fortunately I recently found this Volume Licensing Tech Brief that covers all kinds of scenarios for both Microsoft and non-Microsoft platforms.  I’ve never seen this laid out in such plain English before.  It was almost hard to believe this was a licensing document.  I did a quick search to find a good link to this document to post here and what did I find? There are Licensing Tech Briefs on all kinds of technology.  Cold server backup DR, Apps running on Terminal Services, license transfer, reimaging rights, work at home licenses, etc.  The list goes on and on.

Check it out for yourself.  I’ve already found a treasure trove of information I didn’t know before.

Of course you can always go straight for the virtualization doc that led me here in the first place.

January 30, 2009

P2V Migration experiences with SCVMM 2008 (Updated)

Filed under: Hyper-V, SCVMM, Windows Server 2008 — frizbit @ 11:21 am

I’ve recently been working on a project to migrate several older machines to virtual machines.  I thought I’d talk a little about the experience to give others insight as well as the resources I used.

The solution we came up with was really pretty slick.  To host these machines we deployed a two node Server 2008 cluster running Hyper-V.  There were several hot fixes you will need if you do this and you’ll have to go get them as Windows Update won’t get them all.  Check out these posts on HyperVoria for Hyper-V updates and SCVMM updates.  There’s also a great list of updates and where they are available here.

The cluster was dead simple to set up.  Almost too easy.  Install the Failover Clustering feature (remember its a feature not a role) and open the Failover Management console.  Here you can validate the cluster (checks storage, network, drivers, hardware…) or create the cluster (which will also run the validation tests.  Give it the name of the machines and the cluster is set up.  That’s it.  Don’t forget the Hyper-V clustering update.

After that we installed SCVMM on one of the nodes.  For this test we are just using the trial version but it works for what we need.  Again there are updates here.  Specifically one that fixes some P2V issues so make sure you get that.  We did have to make one little change to the cluster to get this to work better.  Check out the bottom of this post to see how to move the cluster to node 2.  After this all worked as expected.  A better fix would have been to create a VM with 64-bit Server 2008 and install SCVMM there instead of on the physical cluster node.

Migration in SCVMM itself couldn’t be easier.  A Wizard walks you through connecting to the machine and checking out issues.  There are several ways to migrate a machine.  Offline migration reboots the source machine into a VistaSP1\Server08 based WinPE environment and transfers the system from there.  You may need to make sure you have the right drivers in place on the SCVMM host for the NIC and storage systems.  The other mode which I like to use in testing is Online Migration.  This leaves the source computer on and gets the files through a Volume Shadow Copy Service Agent.  The transfer itself is still BITS based as it is with Offline Migration.  Testing a migration online is great, you can simply opt to leave the destination VM network cards unplugged so it won’t interfere with the source computer.  For many production machines such as domain controllers an Offline Migration is recommended when finally moving the production system.

I’ll try to post some more details and walkthroughs shortly on some issues I saw and a bunch of new features in R2 I cant wait to check out.

I’ve used a lot of these tools separately before but this is the first time I was able to bring it all together. 

Update:  I found the Hyper-V comprehensive update list on Microsoft Technet.  Hopefully they keep it up to date as anything new comes out.

June 26, 2008

ICANN approves new top level domains.

Filed under: Uncategorized — Tags: , — frizbit @ 2:20 pm

Another breaking item in the news recently.  ICANN has approved custom top level domains.  In the past these top level domains (TLDs) were limited to .com, .net, .org (among others) and country codes like .us, .uk, etc.  Over the last few years others have been approved like .info, .travel, and .pro.  When these new rules go into effect an organization can decide on their own TLD.  Imagine a world with not just amazon.com but books.amazon, dvd.amazon, burger.king, among millions of others.  How will we ever find anything anymore?  I imagine in the short term commercial organizations will keep at least their root presence in the traditional .com/.net/.org space.  Long term only time will tell but search engines certainly aren’t going away anytime soon.  Starting a new TLD will consist of jumping through numerous hoops as well as a significant investment in money.  Large registrars like Verisign will probably snap up a few new trendy TLDs to sell… .corp, .law, .whereeverthemoneyis.

One thing everyone seems to wonder is what will happen to .xxx.  This TLD has been repeatedly rejected by ICANN.  Do these rules open it up?  And who will have the corporate might to fight for the money available here?

 

Read more about it here.

Hyper-V RTM

Filed under: Hyper-V, Windows Server 2008 — Tags: , — frizbit @ 11:09 am

Microsoft is releasing the RTM of Hyper-V today.  The download officially starts at noon PST.  I’ll be installing it and taking it for a test drive later today.  The lastest RC was very solid so I expect little difference.

Here’s a video from one of the Hyper-V team.

3:48pm EST.  The link finally works for me.  Get the good bits here.

June 12, 2008

New Ethanol cheaper than gas?

Filed under: Uncategorized — Tags: , — frizbit @ 7:58 am

Robert X Cringely has a great post up about alternative fuels.  He talks about the car as a platform and how it’s impractical to be thinking in terms of a forklift upgrade.  Will we all be driving hydrogen or electric cars in 30 years?  Sure, why not.  Will any of us be drive them next year?  Probably not.

“We see this all the time in computing where somebody comes up with a clever new idea but for that idea to succeed we all have to get new computers. How likely is that?”

Enter a new fuel.  SwiftFuel.  Simple idea.  Based off Ethanol but processed to eliminate the harsh side effects of ethanol on engines.  Even with current ethanol prices it could sell on the street for an estimated $3/gal.  It’s currently intended for aviation but could be modified for use in cars.

This is a perfect example of something that if it were open source it could change everything.  They just have to find a way for the big refineries and oil companies to profit from it.  They have the large sums of R&D money needed to get this out into the open market.  Suddenly  we wouldn’t be tied to oil from the Middle East.  Although the alternative is a little daunting also.  Currently the third largest producer of ethanol is China.  They are already an economic power, imagine if the middle east has the cohesiveness of the Chinese government to throw their weight around.

Alright, enough musing for now.  Check out the post it’s worth the read.

June 9, 2008

Workstation 2008 change continues…

Filed under: Windows Server 2008 — Tags: — frizbit @ 2:09 pm

After my previous post I went ahead and loaded MS Windows Server 2008 on my main workstation at home.  I followed the advise here as well as elsewhere to do this.  Overall I found the process pretty easy.  Popping the DVD in while Vista was running resulted in a large splash screen allowing me to “Install Now”.  I went ahead and did it their way.  While it was copying files I was even able to Alt-Tab back to IE and surf the web while I waited.  The only downside to this was I missed what was probably a timed reboot notice and suddenly my computer was rebooting.  A short time later Server 08 was up.

I’ve been working the last few days playing and tweaking to get things the way I want.  Drivers haven’t really been an issue since I was already running on Vista 64 previously.  I’ve had a few headaches getting my games to run. (I think its a driver issue that may be straightened out after my next reboot)  One or two quirky pieces of software that won’t install. (complains about server OS)

Overall my experience has been positive.  My next steps will be to set up a VM in Hyper-V (already enabled that first thing) and get a Domain Controller up to start testing out some other features.  I’ll continue to post as things come up. 

June 3, 2008

Replacing Vista with Server08

Filed under: Windows Server 2008 — frizbit @ 8:10 am

So My TechNet+ Direct subscription came through.  I tested it out last night be downloading the bits of Windows Server 2008.  I wanted to get more hands on experience with this OS so I’m going to be reloading my main workstation (from Vista Ultimate).

I was intrigued by the various posts out there about running on Server 2008 as a workstation OS.  Of course something like this seems to come up every now and again (with 2000 and 2003).  The thing that pushed me over the edge is the ability to run Hyper-V.  I’m excited to try this out and finally be able to run a VM or two maybe even full time.  I should be able to use this to test out some pretty complex environments.  All on my little old workstation. (Note: it is neither little nor old)  I’ll be sure and post my experiences afterwords.

May 28, 2008

Office Live

Filed under: Live — frizbit @ 9:07 am

So I’m sure everyone has seen some Microsoft Live product or other.  Windows Live Messenger, Live Hotmail, Live Search, or 50 other products branded under the Live umbrella.  The only real connection between some is that they are all online services.

Office Live has been out in beta status for a while an while not what most would expect from the name it’s not a bad product.  Like me you would probably assume from the name Office Live that it’s some online version of the Office suite.  Similar to Google Docs.  But no its really more of an online repository and collaboration environment.  What you get when you sign up is a basic sharepoint environment.  You can set up document libraries and share them with other users.  I’ve found it extremely helpful to share some planning docs with the fiance.  You can jump on from work and edit the documents pretty easily.

Similar to Sharepoint it supports a number of pre-defined templates when creating a new workspace.  For example a sports team workspace that supports rosters and schedules for managing a team.  In a workspace you can add documents, contact lists, calendar items, notes, etc.  As much as I use it for sorting out some of my own documents I want access to from anywhere, I also use it to demonstrate some of the basic features of Sharepoint to anyone that hasn’t seen it.  Of course Sharepoint adds the infinite expandability of custom development to the mix but this is a good representation of what you can set up quickly and easily out of the box.

I should also disclose that as part of a contest for using the beta I just won a 12 pack of Pepsi Max.  So go sign up for it and get your own Pepsi Max.

Older Posts »

Create a free website or blog at WordPress.com.