The human brain is an amazing computer. It can store almost infinite quantities of data, it has near instant recollection to enable you to recognise people, places and perform the essential day to day actitives of breathing.
So why does it let us down in the middle of a crisis when you need to have that vital bit of information or when you remember seeing a tech note on the very problem you are fixing but can't recall the technical notes reference number.
The answer is simply to do with the way the human mind has evolved, Our technological prowess has evolved quicker than the brains ability to deal with this new landscape. When we, as a specics, were huddled in caves a crisis required the 'fight or flight' response and today when you have a crisis in the office that same reaction kicks in and all of a sudden you have trouble recalling technical details yet when the crisis passes you will be doing something else when the brain, still working on the problem in the background, will kick in.
The military actually have special training programmes to allow test pilots and others under extreme pressure to continue to think rationally. It is a very special SKILL.
so, why do we all have problems saying 'I don't know' and recording those oh so useful technical notes when we have the chance?
In the IS industry there seems to be a huge amount of pride in relying on ones memory to get people through a bad day. Checklists and procedures only seem to come into force for the day to day working practices - I have yet to see a company have an emergency procedures checklist.
Tuesday, May 29, 2007
Wednesday, May 23, 2007
Death of a Domain Controller
My home network has just a single domain controller on it. This domain controller runs a few other servers such as spam checking email and so on.
A few weeks back when the server was started it would always do a disk check but it would never find any problems so as a precaution I backed up the system state data - I don't use two domain controllers because I just don't see the need for it on a small home network.
Good thing I took the backup as the server decided it had had enough and blue screened with 'INACCESSIBLE BOOT DEVICE'.
At first I thought the fix would be simple enough, Just build a new Windows 2000 Domain controller because the original was windows 2000 and run DCPROMO /ADV to restore but Windows 2000 Active Directory doesn't support it then I hit upon the idea of building a Windows 2003 domain controller and running DCPROMO /ADV but I don't know if it will be able to restore a Windows 2000 Active Directory database to Windows 2003 - Something I will test very soon.
The safest option and the one I'm following is to build a Windows 2000 server and drop it it into Active Directory Services restore mode and then restore the system state from backup and THEN DCPromo the new windows 2003 server.
A few weeks back when the server was started it would always do a disk check but it would never find any problems so as a precaution I backed up the system state data - I don't use two domain controllers because I just don't see the need for it on a small home network.
Good thing I took the backup as the server decided it had had enough and blue screened with 'INACCESSIBLE BOOT DEVICE'.
At first I thought the fix would be simple enough, Just build a new Windows 2000 Domain controller because the original was windows 2000 and run DCPROMO /ADV to restore but Windows 2000 Active Directory doesn't support it then I hit upon the idea of building a Windows 2003 domain controller and running DCPROMO /ADV but I don't know if it will be able to restore a Windows 2000 Active Directory database to Windows 2003 - Something I will test very soon.
The safest option and the one I'm following is to build a Windows 2000 server and drop it it into Active Directory Services restore mode and then restore the system state from backup and THEN DCPromo the new windows 2003 server.
Friday, May 18, 2007
The week from hell
Ok, so it's more nine days than a week but you know how people say trouble comes in three's? Well, I've almost had three lots of three over the past nine days. I'll go into further explanations for some of the more technical ones but so far this is the list of problems from just over a week!
1. Power supplied died in my Freeview box
2. My DVD player died (Ok, It's been on the way out for a while)
3. Weekend works did not go as planned due to an oversight
4. I found two bugs in Data ONTap (NetApp's proprietary operating system). One caused a filer panic
5. My Domain controller at home died and the backup image for it is causing me problems
6. An upgrade of a server caused a database to go bad. That took three days to get back and it's still playing up a bit
7. I got run over by a cyclist who are (according to the police) running people over in order to snatch phones.
8. Work Laptop
FreeView Box
I have a Digivsion FVRT150 freeview box, This has an internal 80GB hard disk which is great for recording programmes and has worked flawlessly up until a week ago when all sorts of odd noises started coming from it which was caused by the unit not having enough power to work. Apparently it's a common problem and there is a site called XtendedPlay that sell replacement power supplies. I bought one and it's all working perfectly now
DVD Player
After having a lot of issues with videos I bought a combination DVD & Video player a couple of years back. The DVD player on this works but the mechanical rollers which allow the tray to eject have died so I bought a new slimline dedicated DVD player from Amazon. The prices on these have REALLY come down as it cost just £17.
Weekend Works
The company I work for planned a maintenance weekend to upgrade a FAS940 filer with a clustered FAS3070 unfortunately no one took into account the vFiler which is part of the existing filer.
For those that don't know NetApp, filers are basically bit storage cabinets of disks and they allow some clever tricks such as iSCSI, proper quotas and so on.
They also allow the creation of vFilers. A vFiler is a virtual filer or a 'filer within a filer' and its useful for segregating data. Unfortunately vFilers and VIF (which are multiple interfaces joined aggregated into one connection) don't work together. The new clustered environment was planned to use nothing but VIF's.
During the work the onsite engineer from NetApp decided to create a single VIF, that is a single connection as part of a VIF group so that when the vfiler was migrated elsewhere the connection it freed up would be able to be added into the VIF group and it should all just work.
Wrong. It turns out due to a probable bug in the Operating System a single interface in a VIF group will not work.
Second filer bug
One thing filers do quite well is pretend to be windows boxes (via CIFS or Samba if you prefer) or pretend to be linux/solaris boxes via NFS. Unfortunately there is a bug in the version of the operating system that we run which can, under rare occasions, cause the filer to panic in certain CIFS operations.
Somehow we triggered that situation and the filer crashed. Fortunately the cluster worked and the second filer head took over the load.
My domain Controller
In several articles I've said that I only run one domain controller and back it up roughly once a week as rebuilding the server is quite easy. Well, it looks like I might have to go back on that as my domain controller died in the week and I can't access the data in the backup. Fortunately I do have a VMWare image of the server which is working but DNS is broken so recovering the domain controller is proving to be 'fun'..... Obviously, I shall re-evaluate that second DC!
Database upgrade
During the aforementioned maintenance weekend the decision was made to install SQL 2000 SP4 onto all the SQL servers and onto all instances on the SQL servers. This went well but one system we use - bindview, which is a delegated access tool took a turn for the worse. It was then we found out that no one knows the password that bindview uses to talk to SQL. Ok, simple. Change the password and reset it in bindview but you can't do that without reinstalling the software and you can't reinstall the software on our bindview server because it's REALLY only meant for NT4 and not the active directory (but NT4 emulated) environment. One hell of a restore later (sever, database) and a clever hack of the hashed password out of sysxlogins and it was fixed but it was an interesting time.
Run Over!
On the way home the other night a cyclist went into the back of me then after a slinging a punch went dashing off. I reported it to the police and was told that it's becoming common. The idea is by riding into the back of someone they either knock the phone out of the persons hand or knock the person over and they can then grab the phone and ride off. Right now, I'm sporting a lovely set of cuts down the back of my leg which have all been treated and should heal up quickly.
Work Laptop
for some reason the laptop I use at work decided to go slow, Firefox locked the processor at 99%, killing it then locked another process at 99% and so on until winlogon locked the processor at 99% - Something was obviously interfering and causing problems. I'm now in the process of rebuilding the laptop.
And the week is not yet over!!
1. Power supplied died in my Freeview box
2. My DVD player died (Ok, It's been on the way out for a while)
3. Weekend works did not go as planned due to an oversight
4. I found two bugs in Data ONTap (NetApp's proprietary operating system). One caused a filer panic
5. My Domain controller at home died and the backup image for it is causing me problems
6. An upgrade of a server caused a database to go bad. That took three days to get back and it's still playing up a bit
7. I got run over by a cyclist who are (according to the police) running people over in order to snatch phones.
8. Work Laptop
FreeView Box
I have a Digivsion FVRT150 freeview box, This has an internal 80GB hard disk which is great for recording programmes and has worked flawlessly up until a week ago when all sorts of odd noises started coming from it which was caused by the unit not having enough power to work. Apparently it's a common problem and there is a site called XtendedPlay that sell replacement power supplies. I bought one and it's all working perfectly now
DVD Player
After having a lot of issues with videos I bought a combination DVD & Video player a couple of years back. The DVD player on this works but the mechanical rollers which allow the tray to eject have died so I bought a new slimline dedicated DVD player from Amazon. The prices on these have REALLY come down as it cost just £17.
Weekend Works
The company I work for planned a maintenance weekend to upgrade a FAS940 filer with a clustered FAS3070 unfortunately no one took into account the vFiler which is part of the existing filer.
For those that don't know NetApp, filers are basically bit storage cabinets of disks and they allow some clever tricks such as iSCSI, proper quotas and so on.
They also allow the creation of vFilers. A vFiler is a virtual filer or a 'filer within a filer' and its useful for segregating data. Unfortunately vFilers and VIF (which are multiple interfaces joined aggregated into one connection) don't work together. The new clustered environment was planned to use nothing but VIF's.
During the work the onsite engineer from NetApp decided to create a single VIF, that is a single connection as part of a VIF group so that when the vfiler was migrated elsewhere the connection it freed up would be able to be added into the VIF group and it should all just work.
Wrong. It turns out due to a probable bug in the Operating System a single interface in a VIF group will not work.
Second filer bug
One thing filers do quite well is pretend to be windows boxes (via CIFS or Samba if you prefer) or pretend to be linux/solaris boxes via NFS. Unfortunately there is a bug in the version of the operating system that we run which can, under rare occasions, cause the filer to panic in certain CIFS operations.
Somehow we triggered that situation and the filer crashed. Fortunately the cluster worked and the second filer head took over the load.
My domain Controller
In several articles I've said that I only run one domain controller and back it up roughly once a week as rebuilding the server is quite easy. Well, it looks like I might have to go back on that as my domain controller died in the week and I can't access the data in the backup. Fortunately I do have a VMWare image of the server which is working but DNS is broken so recovering the domain controller is proving to be 'fun'..... Obviously, I shall re-evaluate that second DC!
Database upgrade
During the aforementioned maintenance weekend the decision was made to install SQL 2000 SP4 onto all the SQL servers and onto all instances on the SQL servers. This went well but one system we use - bindview, which is a delegated access tool took a turn for the worse. It was then we found out that no one knows the password that bindview uses to talk to SQL. Ok, simple. Change the password and reset it in bindview but you can't do that without reinstalling the software and you can't reinstall the software on our bindview server because it's REALLY only meant for NT4 and not the active directory (but NT4 emulated) environment. One hell of a restore later (sever, database) and a clever hack of the hashed password out of sysxlogins and it was fixed but it was an interesting time.
Run Over!
On the way home the other night a cyclist went into the back of me then after a slinging a punch went dashing off. I reported it to the police and was told that it's becoming common. The idea is by riding into the back of someone they either knock the phone out of the persons hand or knock the person over and they can then grab the phone and ride off. Right now, I'm sporting a lovely set of cuts down the back of my leg which have all been treated and should heal up quickly.
Work Laptop
for some reason the laptop I use at work decided to go slow, Firefox locked the processor at 99%, killing it then locked another process at 99% and so on until winlogon locked the processor at 99% - Something was obviously interfering and causing problems. I'm now in the process of rebuilding the laptop.
And the week is not yet over!!
Monday, May 14, 2007
Roving Mars
This Sunday I had the pleasure of visiting the IMAX to see the Roving Mars presentation. Whilst this is not in 3D the movie is pretty spectacular on the huge screen at the London IMAX - The delta II launch vehicle looks and sounds fantastic even if it is mostly CGI animation it really needs to be seen on the big IMAX screen with that surround sound system.
If you have a free hour and are close to an IMAX it's worth checking out.
If you have a free hour and are close to an IMAX it's worth checking out.
Friday, May 11, 2007
Nimda, Slammer and the like
Now that Microsoft have released a patch for the recent DNS RPC vulnerbility IT Admins should be deploying it as quickly as possible - I was talking to a friend about this today and we got to talking about how the threat landscape had changed over the years.
Many years ago a vulnerbility would be announced on bugtraq or the like, Microsoft would rush a patch out and then few people would deploy it - IT Admins would brief easy because a patch was out and things would continue.
Then the virus would hit. It would exploit a hole that had been patched MONTHS before hand. After the problem was fixed, the virus cleaned out and tools or a white paper written on how the bug worked and how slack Microsoft was in making products with security holes in.
Fast Forward a couple of years and look at the operating system. Its resonably secure out of the box, there are templates for making it more secure, there is COPIOUS amounts of documentation on locking it down. How many people ACTUALLY lock down a new server? How many apply the security templates or even take a template and modifty it? Show of hands?
Thought so.
Why do we as IT Admins wring our hands and blame Microsoft for all the security woes on the planet when they provide us with things like security templates that very few use?
The threat landscape has changed. It's highly unlikely there will ever be another SQL slammer, Nimda, love bug or code red style attack. It's just not worth it. With firewalls, IPS/IDS and Anti Virus all over the place writing a virus is actually quite difficult. It's even more difficult to get it unleashed on a network via email or similar because people are aware of it.
The new threat landscape comes from Information Disclosure. It's now routine for applications to phone home and send anonymous information 'back to base' in order to 'improve the application'. I do wonder just what information is sent back. I also wonder just how many applications turn this ability on and do NOT TELL THE USER.
Obviously, If a vendor gets caught sending back a bit too much information from your PC then they will look foolish and it will hurt their sales for a while but is this enough?
The single biggest abuser of the 'phone home' capability is spyware. The little applications that install from some websites. Some of this spyware is incredibly intelligent in how it hides itself and in what it selects to send home.
I firmly think that today, this is our biggest challenge.
Many years ago a vulnerbility would be announced on bugtraq or the like, Microsoft would rush a patch out and then few people would deploy it - IT Admins would brief easy because a patch was out and things would continue.
Then the virus would hit. It would exploit a hole that had been patched MONTHS before hand. After the problem was fixed, the virus cleaned out and tools or a white paper written on how the bug worked and how slack Microsoft was in making products with security holes in.
Fast Forward a couple of years and look at the operating system. Its resonably secure out of the box, there are templates for making it more secure, there is COPIOUS amounts of documentation on locking it down. How many people ACTUALLY lock down a new server? How many apply the security templates or even take a template and modifty it? Show of hands?
Thought so.
Why do we as IT Admins wring our hands and blame Microsoft for all the security woes on the planet when they provide us with things like security templates that very few use?
The threat landscape has changed. It's highly unlikely there will ever be another SQL slammer, Nimda, love bug or code red style attack. It's just not worth it. With firewalls, IPS/IDS and Anti Virus all over the place writing a virus is actually quite difficult. It's even more difficult to get it unleashed on a network via email or similar because people are aware of it.
The new threat landscape comes from Information Disclosure. It's now routine for applications to phone home and send anonymous information 'back to base' in order to 'improve the application'. I do wonder just what information is sent back. I also wonder just how many applications turn this ability on and do NOT TELL THE USER.
Obviously, If a vendor gets caught sending back a bit too much information from your PC then they will look foolish and it will hurt their sales for a while but is this enough?
The single biggest abuser of the 'phone home' capability is spyware. The little applications that install from some websites. Some of this spyware is incredibly intelligent in how it hides itself and in what it selects to send home.
I firmly think that today, this is our biggest challenge.
Thursday, May 10, 2007
3,000 test users
Do you ever have need of a few hundred to a few thousand random names to populate your Active Directory in order to test something?
This is the requirement I had a few weeks back so I dug out about 3,000 random names from the 1901 census and threw them into a csv file that can be read by the addusers tool.
My names.csv file can be downloaded by clicking on the blog article link or by clicking here.
To get the users into active directory copy both adduseres.exe and names.csv to the root of your C: drive and then type in:
addusers /c c:\names.csv
addusers /? will give you a list of other options where you can set parameters for passwords and the like.
This is the requirement I had a few weeks back so I dug out about 3,000 random names from the 1901 census and threw them into a csv file that can be read by the addusers tool.
My names.csv file can be downloaded by clicking on the blog article link or by clicking here.
To get the users into active directory copy both adduseres.exe and names.csv to the root of your C: drive and then type in:
addusers /c c:\names.csv
addusers /? will give you a list of other options where you can set parameters for passwords and the like.
Wednesday, May 09, 2007
Rejoice for it's patch Tuesday
Once again patch Tuesday rolls around and this time we have a total of 18 patches released across five security updates. It's good to see that MS07-029 is the much anticipated fix for the DNS RPC Vulnerability.
Slightly more worrying is another Internet Explorer Cumulative roll up. This patch covers Internet Explorer 5, 6 and 7. If fact, the bulliten goes as far as to say that the new Internet Explorer vulnerabiltiies are only rated as Moderate on Windows 2003 server but as Critical on Windows Vista. It's dissapointing to see Vista not being able to offer the same levels of protection as Internet explorers enhanced security mode on Windows 2003.
Slightly more worrying is another Internet Explorer Cumulative roll up. This patch covers Internet Explorer 5, 6 and 7. If fact, the bulliten goes as far as to say that the new Internet Explorer vulnerabiltiies are only rated as Moderate on Windows 2003 server but as Critical on Windows Vista. It's dissapointing to see Vista not being able to offer the same levels of protection as Internet explorers enhanced security mode on Windows 2003.
Friday, May 04, 2007
The law of the 6 P's
When I first started out in the IT industry I was fortunate enough to work with someone who was incredibly well versed in Windows and taught me a lot about transitiing networks from NetWare to Windows.
One of the things he told me was 'The law of the 6 P's' which stands for:
Proper Planning Prevents Piss Poor Performance.
This is something that has stayed with me over the years. In different companies I've worked in I am still amazed at how little coordiantion and planning goes on. Warnings go ignored, procedures dont get followed (often because no one knows they exist) and eventually a crisis forces the IT dept to pull out all the stops to achieve something. Because much of the knowledge exists in a few peoples heads they are the ones that always get asked to fix things, sometimes this is self inflicted yet most of the time its because they have initative and get on with things.
A lot of the problem stems from a lack of quality. Everyone I work with in the IT industry wants to do a high quality job but often they are not allowed to because the client/boss/other wants its NOW. It's often a choice between doing something right and doing something right now.
One of the things he told me was 'The law of the 6 P's' which stands for:
Proper Planning Prevents Piss Poor Performance.
This is something that has stayed with me over the years. In different companies I've worked in I am still amazed at how little coordiantion and planning goes on. Warnings go ignored, procedures dont get followed (often because no one knows they exist) and eventually a crisis forces the IT dept to pull out all the stops to achieve something. Because much of the knowledge exists in a few peoples heads they are the ones that always get asked to fix things, sometimes this is self inflicted yet most of the time its because they have initative and get on with things.
A lot of the problem stems from a lack of quality. Everyone I work with in the IT industry wants to do a high quality job but often they are not allowed to because the client/boss/other wants its NOW. It's often a choice between doing something right and doing something right now.
Wednesday, May 02, 2007
Tiddly Wiki's
For a couple of projects I'm working on it's nice to have 'scratchpad' type area where information can be quickly written and accessed. A wiki is perfect for this type of information because it can be easily uploaded and modified by people working on the project WITHOUT a need to purchase an horrendously expensive server and a copy of Groove or SharePoint.
GTDTiddly Wiki has some very nice features - It doesn't need to be installed as it's just an index.html file. Java is needed to add in the functionality but beyond that there is no server side configuration needed. I've not yet unleashed any of the three wiki's I have created on a server.
GTDTiddly Wiki is a nice little applet, With the right configuration I don't see why it couldnt be used on a server and as such you can use it for all sorts of quick and dirty project/note keeping websites and these sites can be developed in next to no time.
GTDTiddly Wiki has some very nice features - It doesn't need to be installed as it's just an index.html file. Java is needed to add in the functionality but beyond that there is no server side configuration needed. I've not yet unleashed any of the three wiki's I have created on a server.
GTDTiddly Wiki is a nice little applet, With the right configuration I don't see why it couldnt be used on a server and as such you can use it for all sorts of quick and dirty project/note keeping websites and these sites can be developed in next to no time.
Subscribe to:
Posts (Atom)