Friday, March 23, 2007
Time recording is something I consider an annoying yet essential task. It is useful to know how long it takes to build a server, to review a document, to configure a network switch and so on.
Proper project time planning is based on the knowledge of how long a task took previously, Anything else is a wild stab in the dark and this is why too many IT projects complete late. In many cases the project managers take wild guesses at how long a task will take to accomplish. Its easier to say "Deploy a server" then it is to accurately break it down into sub tasks of installation, configuration, application installation, application configuration, racking, cabling, firewall processes, change control processes, etc.
Breaking the task down like this allows time can be more accurately recorded and later analysed.
Crucially it will also provide a better estimate of how long those tasks will take to perform next time and thus allow better planning for future projects.
There is only one place that I know of where major tasks are broken down to individual components and where a task is practiced and recorded until the person can almost do it blindfolded in a set amount of time and that's NASA.
Obviously, no company can compete with the sort of resources that NASA has on tap but the ability to record time taken for tasks and use it for planning future projects is straight forward enough for a company to do so why are so many so poor at project time planning?
Friday, March 16, 2007
Sounds familiar? How often do you hear those words or something similar?
It seems to me that all too often managers and users think that by adding the word 'urgent' to any request it will magically get done quicker. Well, here is a bit of news for you:
When everything is urgent, NOTHING can be urgent!
Urgent as a word starts to lose it's meaning. Tasks get completed in a normal time scale because everything is urgent and so prioritization becomes useless.
It almost seems that the word urgent is tacked on to the end of every request simply because people are scared that if they don't add the tag then the task will never get done - No doubt this is because of the high volume of urgent work flooding the team!
The problem with using the term urgent is similar to that of the boy who cried wolf. I'm sure that there have been occasions when genuinely urgent problems have been ignored because that person has cried urgent too many times. Demanding something urgently also has serious implications on quality. Often my response is "Do you want this right or right now?" The bemused look as people try to figure out what I mean is a picture.
In many ways the cry of 'it's urgent' comes from people who have real trouble understanding something I term 'real time' that is, the amount of time a job will take to complete. These are the people who can't understand why it takes half a day to deliver a fully secured, configured server and hence add in the 'it's urgent!' comment.
If these people really do have a valid urgent need EVERYTIME they ask for something then somewhere, something is terribly wrong and probably very badly planned to boot.
I know that right now there will be a bunch of people complaining that it's not their fault, they just pass on requests from above and that may well be true but somewhere an urgent need for something trivial has developed.
In many cases, the company has lived with the item/fix/software/whatever since it's inception so WHY is that very item suddenly so urgent? Most annoyingly the results of many urgent requests have a habit of dying a quiet death only to resurface years later as another urgent request.
Next time you need something urgently have a think. Is it REALLY urgent or is it just you don't want to have to wait?
Wednesday, March 14, 2007
If this release follows Microsoft's standard practice of current minus one then Windows 2003 gold (i.e. no service pack) will no longer be supported for security updates.
For the really curious there is a tech note in the Microsoft Knowledge base that details all the fixes in this service pack.
The service pack will work with both Windows 2003 and Windows 2003 R2 releases.
Tuesday, March 13, 2007
One of the first document management systems I ever used was called soft solutions and it was by Novell. It integrated very easily into Wordperfect and made finding documents a very simple task. Since then I've been after something similar for personal usage. I have thousands of PDF's on various things along with thousands of documents and it's getting to the point where I'm bored of recreating the same document!
Microsoft and IBM both currently offer products to fit this market, Microsoft offer Sharepoint Portal Server and IBM has Document Manager. Both products will do the job but both are quite 'weighty' in terms of pre-requisites which is no surprise as both are designed to be used by enterprise sized companies.
What I was after was something lightweight. After some searching I found Knowledge Tree which comes in both a commercial and open source version. The open source copy is free for use.
In a future blog entry I will go through the process of setting up Knowledge Tree and importing documents.
Friday, March 09, 2007
The idea was greeted with thunderous silence. I'm sure most of the people in the meeting with me were thinking the same thing "As an IS department and as a SERVICE COMPONENT of the business-at-large weshould be following this model anyway?!".
Certainly there will be projects that IS needs to concentrate on that the business will not directly use and/or see no value in. Those projects are things like networking monitoring and infrastructure upgrades. The business-at-large do not benefit directly from the project but they benefit from the knock on effect of having the IS department respond to problems reported by a good monitoring system before the business feels the impact and they gain by the increased speed/benefits of a better infrastructure.
Ultimately, whatever projects an IS dept runs will need to be justified to the business, sometimes on a case-by-case basis and sometimes IS can lose out - For example, if a web monitoring system is delivered in place of an upgraded payroll system IS can be moaned at for choosing a system that hinders as the priority over a system that will help.
The solution here is to ensure that ALL projects you are running are fully visible to the business. Let them see what's going on. Let them see WHY the web monitoring system is more important than the new payroll system. SHOW THEM why infrastructure in one area needs to be upgraded to support the new payroll system.
The more IS communicates with the business and justifies actions the more the business will come to trust the IS dept as a bunch of people who know what they are doing.
Everything in IS seems to be a juggling act but there should always be room for clear, unambiguous English.
Thursday, March 08, 2007
Recently, this server has been running incredibly slowly. Its actually taking 8 minutes to boot.
As this server has been giving sterling service for a couple of years I decided it was probably time to replace the server with something a little faster and a lot cleaner.
Building the replacement domain controller was simple enough, An autobuild of Windows 2000 server then DCPROMO it to be a domain controller.
The FSMO roles transfered over no problems as did the DNS.
DHCP proved to be slightly more problematic.
All DHCP records are held in a database file under %systemroot%\system32\dhcp - Copying this database to the new server didn't work so it was time to hit Technet's knowledge base.
The knowledge base pointed me in the direction of a tool called DHCPEXIM which despite the clunky interface is actually very easy to use. Just highlight the scope(s) you want migrate and click on Export.
On your new DHCP server run DHCPEXIM, select import and point it to the file you just exported. It will display a list of the scopes it knows about and bring them all into your DHCP server.
Note that your DHCP server can already have scopes configured but if you try to import a scope and that scope already exists on your server then the import will fail.
This was tested out on Windows 2000 server to Windows 2000 server but the docs say it should work on NT4 and Windows 2003 as well.
Wednesday, March 07, 2007
Another option is to join the VM to the live network and DCPromo it as another domain controller, Snapshot, DCPROMO it down then restore the snapshot. This would work but I've heard of problems with errant entries in DNS when this approach is used.
After some head scratching I found a free tool on VMWare's site that does Physical to Virtual conversion (P2V) and it's free for single machines to VMWare workstation or VMWare server. If you want to convert to ESX server or convert a bunch of machines then you need a licence.
I've installed the software onto my Domain controller and I'll have a go and running the conversion this week and report back on how good or bad the process is.
Tuesday, March 06, 2007
Longer answer - When the PC boots NTLDR knows where it's boot volume is. On that boot volume resides hiberfil.sys - The operating system will take a look at the file and if it's valid and active then the system will use restore the machine to it's hibernated state. If the hibernation file is not active then a normal boot process will occur.
Many people think that a registry hack will allow them to move the hibernation file to another volume but this is not possible because the registry is not loaded at the time NTLDR does the check for the location of the boot volume and the check for valid, active hiberfil.sys - the registry is not loaded and so the hibernation file must be located on the boot volume.
Friday, March 02, 2007
Now this alone is bad enough but what I was told next was worse. I was told that the bank would have contacted me to verify transactions against my account if they had my phone number.
This gave me pause for thought. The bank would have phoned me up and asked me to confirm transactions against my account.
"How would they have know it's me?" I asked, "Oh that's simple Sir. We would have asked you some security questions" he replied.
"How do I know that it's actually my BANK calling and not some stranger trying to compromise my data?" was my next question.
I went on to explain "You ask me security questions to validate that I am who I say I am but I how do I validate that YOU are calling from the place you say you are?"
After some struggle he said that they could confirm they were from the bank by getting me to confirm some transactions but after more pushing he admitted that BEFORE they confirm any transactions they would need my security data.
The upshot of this is that I am expected to give out my confidential security data to a total stranger who may or may not be from my bank. I have no way to verify they are who they say they are.
There is one way the bank could prove it's them contacting me but the person on the other end of the phone never thought about it and neither did I until afterward. I'll leave the validation process as an exercise for the reader!
This whole exchange got me thinking about setting security standards then requiring exceptions that blow those standards out of the water. The classic is the faithful password. We are told time and again that passwords should NOT be revealed to anyone yet I know of one ISP that requests your password as a SECURITY CHECK, OK you have called them but it still promotes bad practice.
In any security configuration you are going to need exceptions, e.g. if your policy stats that all passwords expire once a month you will need exceptions for service accounts. The key to a good security policy and good security practice is to make sure those exceptions are well documented, well understood and sensible. To set a policy and then have a practice that routinely violates that policy is worse than not having one in the first place.
Thursday, March 01, 2007
With the announcement of Windows Mobile 6 at the Barcelona Smartphone and despite a false start on 12th February the Mobile 6 SDK is finally available for download from here.
This is the full SDK and requires Visual Studio 2005 to be installed before you can install it. Microsoft has promised a standalone emulator release although they have not given a date for the release.
They also announced that there will be an update around 1st May which should see the 'final' version of the SDK being released.