My point about FireFox was that it was exceptionally hard to manage, Active Directory or not. When we had a problem with our WordPerfect deployment, I tracked it down to permissions on one registry key. Once I knew what I needed, I simply added an ACE in my Group Policy for all affected machines. I manage Adobe Acrobat Reader much the same way. It comes packaged as an.msi so I can deploy it how I want. I make our site-specific customizations in a transform file (.mst) and push it out there.
I don't blame FireFox for not supporting Windows Installer (though it would be nice). I do blame it for not providing ANY admin tools of ANY sort. What guidelines I found were varied user comments expressing the same frustrations I had, and minimal solutions. I can handle scripting a change for our desktops when the situation warrants it. But I felt like FireFox went out of its way to defy me, resisting control like a cranky 5-year-old.
And centralized home directories on Windows have lots of problems. Just take a look at the registry if you don't believe me. Windows was not built to have remote home directories. Under *nix, the home directory contains the configuration information for that user. Under Windows, that information is in the registry.
Windows has the same model. Just because when you open up regedit you see a monolithic registry doesn't mean that information is represented that way on disk. The users hive is stored in a single file in the users profile (equivalent of a home directory). Roaming profiles had a bad rap from NT4, but most of that was either bad admin'ing or problems that have since been fixed.
In my experience, it takes FEWER people to admin X machines running Linux than it takes to admin X machines running Windows (given similar experience levels). So you would not have to hire 2 more people.
I hear this argument fairly frequently, and I think that it does have a basis in the real world, although it's not a direct cause-effect relationship. Nearly every job I've worked at has simply had bumbling idiots as Windows admins. Most have been extremely bright people, mind you, but they went about administering a network the same way they did their own Windows machine - through the GUI, one at a time. Generally they knew what the registry was, but no idea that registry keys have ACL's just like files, or that it's rather simple to connect to the registry of a remote computer, or even directly edit the registry of an offline computer. They knew that machines had to be patched, but resorted to Windows Update to do it. Most simply have no experience in administering computers the way it should be done.
*nix admins (the ones I know anyway), on the other hand, have generally grown up hand-editing config files and scripting out solutions to their own problems. When they're hired as an admin, they continue using these time-tested techniques, and the time spent pays off. They, too, are guilty of administering the network the same way they would their own workstation, but the procedures scale due to the design of the OS.
Is Windows guilty of making the learning curve extremely short for desktop users? Certainly. Would a clickity-click desktop Linux user make a good admin? Unlikely. The fact that *nix admins are more efficient than their Windows counterparts is an artifact of the skill requisite to be a competent machine owner, rather than inherent difficulties in managing either OS.
I appreciate your suggestions for migrating a network to some sort of centralized configuration, but neither are viable options for laptop users who could be away for hours or months at a time.
What DO Linux admins do anyway? Is every administrator pounding out the same management scripts as his counterpart down the street and across the country? Is there really no single solution for managing computers, users, and applications, and associated policies and permissions across an enterprise?
I am honestly not trolling here, this is a genuine question.
You mention how Linux is great in a corporate setting, specifically how easy it is to remotely administer. As part of our (Windows) desktop rollout last year, I included the then-current Firefox (0.7?) in our images. I quickly realized that centralized corporate administration of the browser was a nightmare. It was a farily intermediate task for me to set proxy settings, home page, et al. before installation, but I found absolutely no way to change such settings on a per-user or arbitrary basis post-install. Worse, I couldn't even script out my own solution to push down my own preferences file, because for some inane reason, preferences are stored in randomly-named directory unique to each install/user?!? (I assume this is done for security reasons, but still... where's the administrator's guide?) After a week of fighting with this, I gave up.
Contrast this with administering IE on domain machines via Group Policy. If our proxy settings change (which they do occasionally, out of our control), I just update the policy. I don't have to worry about writing my own script, fiddling with our Ghost images, checking who's been updated already, etc. Because we've already separated computer accounts into distinct OU's, I know my lab policy won't accidentlly end up on the office machines or laptops.
I bring up this point as an example only. Is Linux desktop administration even remotely like this? Are there easy ways for administrators to "administer" without slodging through the meta-administration tasks (like writing scripts from the ground up, writing logic to determine what groups the computer/user is in, etc.)? I've been admin'ing Windows boxen for close to 10 years now and I'm not afraid of the command line, but if replacing all my desktops with Linux means I have to hire 2 more of me to keep up with the core admin tasks, no thanks.
I'm looking for broad-perspective comments from those who have experience with Active Directory and whatever the corresponding Linux desktop alternative is.
Not personally, no (thankfully management at my complex is very reasonable), but apartment "policies" like you describe are exactly the sort of restrictions this legislation is written to prevent (or pre-empt, rather). Depending on your location and how large your apartment/complex is, there's a good chance management does know of this regulation. I'd suggest pulling up as much as you can on the FCC site and enlisting the help of your proposed satellite provider. Put up your dish and call their bluff!
The regulation he was referring to is 47 C.F.R. Section 1.4000 and essentially prohibits restrictions of antennae placement to receive TV broadcasts.
However, the management of the institution would have been well within their rights to deny the resident the privilege of mounting an antenna on the roof, as the roof does not belong to the resident.
The FCC has a very helpful Fact Sheet regarding the issue. For those too lazy to click, renters can install an antenna on the private area of their residence (indoors or on a private balcony or porch) but public areas (shared walkways, balconies, and roofs) do not fall under the scope of this legislation. As such, management may impose restrictions on the mounting of such permanent structures as television dishes.
I would highly recommend any renters read the link above. Many apartment complex owners are not aware of the legislation (or even worse, are acutely aware of it!) and will attempt to bully you into submission by flatly prohibiting any sort of dish installation. The FCC order is rather strong ammunition in such cases.
Verisign acquired Thawte in late 1999. Though they acknowledge the fact on their corporate website, they don't exactly make it obvious they no longer compete with Verisign.
/. automatically rips the underscores out of URL's (or out of yours anyway), so the URL to which you want to direct readers does not work. Try copying and pasting the following:
http://fahrenheit_fact.blogspot.com/
Note: This post was going to be dedicated to pointing out the sad state of your linking skills. Until I hit the preview button and realized my corrected link was no better. Carry on.
There are several ways to accomplish what you're doing. Note that instead of specific instructions (install patch X, Y, Z) that will be out of date very quickly, these instructions are meant to be general and apply to Win2000/WinXP/Win2003 now and in the future.
First thing I would recommend is slipstreaming the latest service pack. At the time of writing, Service Pack 1 is the latest available for Windows XP. Service Pack 2 is not yet here but two release candidates have been published. Expect the final to be out in a month or so. (Note: despite the marketing brouhaha about how much "more secure" SP2 will be, it looks like they've got a lot of things right. I would definitely download it and re-slipstream when it comes out.) Slipstreaming is the process of combining newer patched files with your original install files such that when you run your install, the update is already applied. There are plenty of instructions on the net, google for "slipstream windows service pack" or something similar. This one process (that boils down to mostly getting the files in the right place and running one command line) will save you hours of waiting, download, and patching later. Invest the time to do it now.
Second thing is to download the latest patches. This is much more difficult as you're never sure which patches apply, which ones have been superceded, which ones are relevant or have to be installed separately, etc etc etc. For Windows XP, start with Rollup 1 for Windows XP and work your way up from there. The Microsoft Technet Security Bulletin Search is a good reference point. At a minimum, you'll want to locate the latest IE patch (these are usually cumulative) and the latest patch dealing with RPC (this is the vulnerable component exploited by Blaster/Welchia), and the latest patch dealing with LSASS (this is the vulnerable component exploited by Sasser).
Third, prepare yourself. Burn relevant patches to CD. Physically disconnect your workstation from the network. Only now should you initiate your install.
Post-install, apply all the service packs/patches you've accumulated FROM CD. Notice we have not connected to the network yet. Some patches have optional reboots (ie, they require a reboot to take effect but do not a force a reboot as part of the patching process). Make sure you have rebooted after applying the last patch. If you're on Windows XP or 2003, enable the firewall for your network connection. Look in the properties of your Internet connection - the procedure varies slightly for Windows XP, XP SP1, XP SP2, and Server 2003.
NOW you can plug in your net connection. Hit Windows Update first. I'm not sure which guidelines recommend turning off your firewall, but ignore those unless you experience problems. Windows Update will operate just fine with only HTTP (80) and HTTPS (443) access. Get all the latest patches, and reboot. When installing applications, make sure to patch those along the way as well and you should be protected. Depending on who will be using the computer and how proactively you will be admin'ing, I would turn on the Automatic Updates feature now - download AND install automatically.
An excellent tool to help you along the way is the Microsoft Baseline Security Analyzer. It's meant to scan for not only patches but security misconfigurations and other potential vulnerabilities as well. It's packaged as a.msi but once it's installed you'll find mbsacli.exe in the install directory, which you can burn to CD (along with supporting.dll files) to serve as an offline, command-line scanner. I make it a point to grab the latest
Windows users don't tend to care. They don't read Windows news sites daily, they don't subscribe to mailing lists that send out warnings as soon as a vunerability is found. They don't patch when Windows tells them to.
You know why? They don't care, they don't want to "break" anything, or they don't even know that the little icon in their taskbar is any different from their 1000 other ones in the tray.
The observation you make is correct. The group you apply it to is incorrectly targeted. Do you suppose that if all of the sudden the vast majority of these Windows users migrated to a more favored OS, they would magically read relevant OS news sites daily, subscribe to kernel mailing lists, and patch when their OS told them to? Of course not. Users are users. They're not interested in OS news or maintenance any more than they absolutely have to be (which, given the nature of modern technology, is practically nil). The fact that most computer users run Windows is largely an artifact of business dealings, not some concious decision on the part of the users.
No, the way to solve such problems for the computer users of the world is by providing better defaults, ie, automatic patching turned on out of the box. If you're part of the tinfoil hat crowd, go ahead and turn off automatic patching. If you like to patch manually and can be trusted to do it, go ahead and turn it off. But if you're part of the unwashed masses, your computer just takes care of itself.
Try using the native Win32 wget and PuTTY. Both have no problems on SP2 build 2055 or 2082. Cygwin is just too much bloat for me.
That said, I wouldn't install a beta SP on my production box ever. I have run through several scenarios on VMWare though, including upgrading to SP2 as well as simply installing a clean SP2-slipstreamed copy. Starting to like the changes I see. The few applications that may break are worth the collective security of the Windows population at large.
Let's put it this way: it happens so often with Microsoft's competitors that it seems likely that either Microsoft is deliberately sabotaging rivals who code for Windows or Windows itself has some serious issues and causes a lot of programs to glitch. Either way it doesn't look good for Microsoft.
If you really do think this, I'd suggest reading Raymond Chen's blog. Raymond is a Windows shell programmer (and author of the famously popular TweakUI) and has been working with Windows since long before Windows 95. He's constantly adding entries on "why we did this" or "why it works like this" that shed a whole new light on the internal workings of Windows. Some of the more interesting articles are on his archived site, like The Story of the Shell Folders Key or What about BOZOSLIVEHERE and TABTHETEXTOUTFORWIMPS? Raymond does actively monitor comments to his blog postings and if you have a coherent question or comment, he will usually respond.
What functions does the 614+ lack that you are looking for in an AP? I didn't set them up, but I believe in addition to our 900AP+'s, we have a few of the 614+'s functioning as access points. We just plug a crossover cable into LAN port 1 and we're good to go. Mostly we have this sort of setup in conference rooms where the extra wired ports are quite handy in the middle of the room.
I'm curious as to the reason you are dissatisfied with D-Link. I had an SMC wireless broadband router for a while and it did the job. I eventually gave that one away and bought a D-Link DI-614+ to replace it and have been extremely pleased with it. I especially appreciate how configurable it is - the SMC I owned seemed limited and restricted in comparison. We use D-Link routers, access points, and wireless cards at work and I haven't ever had a reason to complain.
Is this pen really discontinued? I started buying this exact pen sometime in 1994 and have never bought any other kind since. I noticed though that Staples/Office Depot/etc don't seem to carry them anymore (used to be about $7 for a 5-pack, came on green cardboard), although I do believe my college bookstore has quite a few left at like $1.75 a pop. Is now the time to stock up? Or what's the closest pen to it?
It seems as if you are only familiar with the GUI method of setting network properties. While it's easy to make fun of Windows XP for all its gaudiness, Microsoft finally added a whole slew of great command line tools which are often overlooked. netsh for example is a great command line, hierarchical interface to network adapter properties and settings. Spend a little time with it and you'll never go fishing through those silly dialogs again. diskpart is another great addition that should have been there long ago. sc for service configuration and bootcfg for making changes to your boot.ini - the list is pretty extensive. More info in %systemroot%\help\ntcmds.chm.
Microsoft has contemplated this for years as it is a fairly common request. Raymond Chen, whom you might know better as the creator of the wildly popular TweakUI, has been a Windows developer for several years. He has a blog entry describing why they've never done this. On a side note, I've come to realize that Microsoft only makes products for 2.1 audiences:
1. Home/Inexperienced/Novice Users. This is your corporate drone, your mother, and the kids at school. They all want to get on the PC, get the email, write some documents, and surf the web. Don't care much for how or why things work, only that they do. This is why we end up with the gaudy Fisher Price interface and wizards and all sorts of unfunctional junk.
2. Systems Administrators. Your friendly neighborhood BOFH. He's just gotta keep the servers going, the desktop machines running, the database functional. Plenty of options, tweaks, dull grey backgrounds, policies, ways to make things work if you're sitting at the server console.
2.1 Developers. Yadda yadda yadda... need apps to sustain a monopoly... the whole bit. They get things their way inside Visual Studio and not very much else.
What I object to is there's no class for the ever-growing market of Techies. People who understand the desktop machine they use every day. Many of these are programmers or systems administrators so they know what's going on, they know how they want it done, and they know how they want the computer to do it. Unfortunately, theirs is a life of constantly changing unfunctional defaults to more efficient alternatives, which is of course a mind-numbingly difficult task after you've done it more than once. If we can have predefined security templates that apply to a machine to change a slew of default options, why not expert templates?
You tell people what you're thinking about, or you're too quick to answer questions in class, because it's *fun* getting the answer right and they kick your ass at recess. I guess you come off as arrogant and you can't fight back so you learn to STFU
I realized sometime in middle school that the reason the other kids made fun of me and excluded me was I came off this way at school/play all the time. Once I made the connection that the brainiac-instant-answer-to-everything guy was not really a quality that other kids liked I made a deliberate effort to curb my behavior. I MADE myself stop to "think" or stutter or say words like "um" and "like" where I never did before. I could kick myself now. I don't think I'll ever be able to rid my speech of such stupid-isms ever again.
I agree. I find 'casual' conversation very difficult, but if the conversation turns to more of a discussion, where different ideas are presented and debated, I find it much easier. Many people accuse me of being 'combative' because of this. They do not realize that I am not out to "win" the debate, but merely discuss different viewpoints and expand my thinking
While our high school never had a debate team, I think I would have enjoyed it. My best friend and I used to sit in the back of Latin and pick something to argue about every day. We'd each pick a position and try and convince the other by the end of the hour. When it got really interesting was when we decided to swap roles at the halfway point. I rather enjoy a thoughtful conversation with someone even if the matter is trivial. But the mindless chatter I'm almost expected to take part in whilst riding the elevator or when running into an acquaintance is excruciatingly difficult if not painful for me - so much so that I'll take steps to avoid such confrontations.
The first thing I thought of, is "Why doesn't Microsoft distribute electronically?"
The licensing for this sort of thing scares the hell out of them. How would anyone who downloaded an iso prove that they are the legal owner of the license? License verification nowadays still relies on the holographic CD and the Certificate of Authenticity that is either on the box or your computer case if purchased from an OEM.
On the other hand, it obviously is tempting. The very first (non-free) Microsoft product available in a pay-and-download format is Plus! Digital Media Edition. It's obviously an experimental technology, since it wasn't even a real product before this. I'm sure they're trying to gauge acceptance and how well their product activation technology is working. If things go as planned, we could see the next version Windows iso available on microsoft.com - but it'd probably still be quicker to hop on your favorite p2p net...
Have you checked out POPFile yet? Latest version lets you "whitelist" (they call it "magnets") on the To/CC/Subject/From fields easily and have as many buckets as you want. It's amazingly accurate - I'm at 96.73% accuracy right now. Most of the errors are from the first two weeks when I trained it. Currently I have mine set up to divide mail into 3 buckets - Genuine, List, and Spam.
On a side note, perhaps the reason most filtering products use a spam/notspam model is because genuine mail is so easy to filter. The only hard part is getting the spam out. Once that's done, it's trivial for any rule-based system to separate out mail from auntie_mae@hotmail.com or really_big_list@ubergeeks.org.
"Five nines" leaves you only 5 minutes 15 seconds of annual downtime (0.001% of a year).
I guess if you're running your entire infrastructure off of one measly little server then you only have a little more than 5 minutes a year of downtime for your enterprise.
On the other hand, if you're really in a situation that requires 5 nine's of reliability, you probably know about things like clustering and load balancing, redundant backups, and hot-swapping.
In the end, it's not the uptime of one machine that matters so much as the uptime of the service. Don't confuse the two.
I believe you may be confusing the content of the updates with the legal agreement associated with it. The scenario I imagine is creating a slipstream installation of Windows 2000 SP4. When I slipstream the SP4 update, I am provided with all the current fixes, in the form of the most recent binaries. However, the only EULA I am agreeing to is the SP4 EULA referenced above. The EULA's for previous SP's are *not* included. Then when I install the Windows 2000 SP4 product on any computer, I agree to the original Windows 2000 EULA. At no time does the prohibitive SP3 EULA manifest itself, and I can find nothing in the agreement that states that I am bound to previous, not-included EULA's.
sucks because typing long names with spaces at a command line is unfun? (Cygwin saves my sanity with bash tab completion... how hard would it have been to call it \Programs, and leave the extra word out?)
Command line completion has been a native feature of Windows since Windows 2000. Simply add a registry key [HKEY_CURRENT_USER\Software\Microsoft\Command Processor] "CompletionChar"=dword:00000009 to use the tab key for auto completion. You can also add the key to the HKLM tree to apply to all users. Just make sure you're using the real command processor (cmd.exe) and not its bastard step-sibling from the 9X line (command.com).
On a side note, the reason this is not the default is because the programmer in charge of this area thought that there may be users with a legitimate use for typing a tab on the command line, like grep'ing for something with a tab character. Someone made the point that 1) there is probably a significantly larger number of users who would gain more use of the tab key for completion and 2) those users who *would* want to actually type a tab character are probably the ones savvy enough to change this setting to their liking. The point was taken, and the tab key is indeed the default completion character in Windows XP and above.
...they also need to put into patches the ability to slipstream them with new installations...
If you look close enough (google for "slipstream windows hotfix") you can find multiple ways to deploy hotfixes. Specifically, you can batch script ANY hotfix with a command line (I have yet to find one I absolutely *need* to send any keypresses) but extracting the command line from MS support might require you to open a (free) support incident. If you're interested in slipstreaming patches, it's a little more work, but it can indeed be done. Scroll down to the heading "Installing Windows 2000 with Windows 2000 Hotfixes Using Svcpack.inf" in the previous link for all the gory details. It looks like a lot but it's not really too bad once you dig in. And making a CD with the latest service pack AND hotfixes significantly reduces your deployment time, so I consider it time well spent. Note that the procedure can be used on Win2000 SP2 and above, including XP.
You also may want to look into deploying SUS as it will make your patch deployment headaches go away. You'll still have to decide which patches you want to install but after that the deployment is all taken care of.
Slashdot Mirror
My point about FireFox was that it was exceptionally hard to manage, Active Directory or not. When we had a problem with our WordPerfect deployment, I tracked it down to permissions on one registry key. Once I knew what I needed, I simply added an ACE in my Group Policy for all affected machines. I manage Adobe Acrobat Reader much the same way. It comes packaged as an .msi so I can deploy it how I want. I make our site-specific customizations in a transform file (.mst) and push it out there.
I don't blame FireFox for not supporting Windows Installer (though it would be nice). I do blame it for not providing ANY admin tools of ANY sort. What guidelines I found were varied user comments expressing the same frustrations I had, and minimal solutions. I can handle scripting a change for our desktops when the situation warrants it. But I felt like FireFox went out of its way to defy me, resisting control like a cranky 5-year-old.
And centralized home directories on Windows have lots of problems. Just take a look at the registry if you don't believe me. Windows was not built to have remote home directories. Under *nix, the home directory contains the configuration information for that user. Under Windows, that information is in the registry.
Windows has the same model. Just because when you open up regedit you see a monolithic registry doesn't mean that information is represented that way on disk. The users hive is stored in a single file in the users profile (equivalent of a home directory). Roaming profiles had a bad rap from NT4, but most of that was either bad admin'ing or problems that have since been fixed.
In my experience, it takes FEWER people to admin X machines running Linux than it takes to admin X machines running Windows (given similar experience levels). So you would not have to hire 2 more people.
I hear this argument fairly frequently, and I think that it does have a basis in the real world, although it's not a direct cause-effect relationship. Nearly every job I've worked at has simply had bumbling idiots as Windows admins. Most have been extremely bright people, mind you, but they went about administering a network the same way they did their own Windows machine - through the GUI, one at a time. Generally they knew what the registry was, but no idea that registry keys have ACL's just like files, or that it's rather simple to connect to the registry of a remote computer, or even directly edit the registry of an offline computer. They knew that machines had to be patched, but resorted to Windows Update to do it. Most simply have no experience in administering computers the way it should be done.
*nix admins (the ones I know anyway), on the other hand, have generally grown up hand-editing config files and scripting out solutions to their own problems. When they're hired as an admin, they continue using these time-tested techniques, and the time spent pays off. They, too, are guilty of administering the network the same way they would their own workstation, but the procedures scale due to the design of the OS.
Is Windows guilty of making the learning curve extremely short for desktop users? Certainly. Would a clickity-click desktop Linux user make a good admin? Unlikely. The fact that *nix admins are more efficient than their Windows counterparts is an artifact of the skill requisite to be a competent machine owner, rather than inherent difficulties in managing either OS.
I appreciate your suggestions for migrating a network to some sort of centralized configuration, but neither are viable options for laptop users who could be away for hours or months at a time.
What DO Linux admins do anyway? Is every administrator pounding out the same management scripts as his counterpart down the street and across the country? Is there really no single solution for managing computers, users, and applications, and associated policies and permissions across an enterprise?
I am honestly not trolling here, this is a genuine question.
You mention how Linux is great in a corporate setting, specifically how easy it is to remotely administer. As part of our (Windows) desktop rollout last year, I included the then-current Firefox (0.7?) in our images. I quickly realized that centralized corporate administration of the browser was a nightmare. It was a farily intermediate task for me to set proxy settings, home page, et al. before installation, but I found absolutely no way to change such settings on a per-user or arbitrary basis post-install. Worse, I couldn't even script out my own solution to push down my own preferences file, because for some inane reason, preferences are stored in randomly-named directory unique to each install/user?!? (I assume this is done for security reasons, but still... where's the administrator's guide?) After a week of fighting with this, I gave up.
Contrast this with administering IE on domain machines via Group Policy. If our proxy settings change (which they do occasionally, out of our control), I just update the policy. I don't have to worry about writing my own script, fiddling with our Ghost images, checking who's been updated already, etc. Because we've already separated computer accounts into distinct OU's, I know my lab policy won't accidentlly end up on the office machines or laptops.
I bring up this point as an example only. Is Linux desktop administration even remotely like this? Are there easy ways for administrators to "administer" without slodging through the meta-administration tasks (like writing scripts from the ground up, writing logic to determine what groups the computer/user is in, etc.)? I've been admin'ing Windows boxen for close to 10 years now and I'm not afraid of the command line, but if replacing all my desktops with Linux means I have to hire 2 more of me to keep up with the core admin tasks, no thanks.
I'm looking for broad-perspective comments from those who have experience with Active Directory and whatever the corresponding Linux desktop alternative is.
Not personally, no (thankfully management at my complex is very reasonable), but apartment "policies" like you describe are exactly the sort of restrictions this legislation is written to prevent (or pre-empt, rather). Depending on your location and how large your apartment/complex is, there's a good chance management does know of this regulation. I'd suggest pulling up as much as you can on the FCC site and enlisting the help of your proposed satellite provider. Put up your dish and call their bluff!
Oh, and do let us know the outcome...
The regulation he was referring to is 47 C.F.R. Section 1.4000 and essentially prohibits restrictions of antennae placement to receive TV broadcasts.
However, the management of the institution would have been well within their rights to deny the resident the privilege of mounting an antenna on the roof, as the roof does not belong to the resident.
The FCC has a very helpful Fact Sheet regarding the issue. For those too lazy to click, renters can install an antenna on the private area of their residence (indoors or on a private balcony or porch) but public areas (shared walkways, balconies, and roofs) do not fall under the scope of this legislation. As such, management may impose restrictions on the mounting of such permanent structures as television dishes.
I would highly recommend any renters read the link above. Many apartment complex owners are not aware of the legislation (or even worse, are acutely aware of it!) and will attempt to bully you into submission by flatly prohibiting any sort of dish installation. The FCC order is rather strong ammunition in such cases.
Verisign acquired Thawte in late 1999. Though they acknowledge the fact on their corporate website, they don't exactly make it obvious they no longer compete with Verisign.
/. automatically rips the underscores out of URL's (or out of yours anyway), so the URL to which you want to direct readers does not work. Try copying and pasting the following:
http://fahrenheit_fact.blogspot.com/
Note: This post was going to be dedicated to pointing out the sad state of your linking skills. Until I hit the preview button and realized my corrected link was no better. Carry on.
There are several ways to accomplish what you're doing. Note that instead of specific instructions (install patch X, Y, Z) that will be out of date very quickly, these instructions are meant to be general and apply to Win2000/WinXP/Win2003 now and in the future.
.msi but once it's installed you'll find mbsacli.exe in the install directory, which you can burn to CD (along with supporting .dll files) to serve as an offline, command-line scanner. I make it a point to grab the latest
First thing I would recommend is slipstreaming the latest service pack. At the time of writing, Service Pack 1 is the latest available for Windows XP. Service Pack 2 is not yet here but two release candidates have been published. Expect the final to be out in a month or so. (Note: despite the marketing brouhaha about how much "more secure" SP2 will be, it looks like they've got a lot of things right. I would definitely download it and re-slipstream when it comes out.) Slipstreaming is the process of combining newer patched files with your original install files such that when you run your install, the update is already applied. There are plenty of instructions on the net, google for "slipstream windows service pack" or something similar. This one process (that boils down to mostly getting the files in the right place and running one command line) will save you hours of waiting, download, and patching later. Invest the time to do it now.
Second thing is to download the latest patches. This is much more difficult as you're never sure which patches apply, which ones have been superceded, which ones are relevant or have to be installed separately, etc etc etc. For Windows XP, start with Rollup 1 for Windows XP and work your way up from there. The Microsoft Technet Security Bulletin Search is a good reference point. At a minimum, you'll want to locate the latest IE patch (these are usually cumulative) and the latest patch dealing with RPC (this is the vulnerable component exploited by Blaster/Welchia), and the latest patch dealing with LSASS (this is the vulnerable component exploited by Sasser).
Third, prepare yourself. Burn relevant patches to CD. Physically disconnect your workstation from the network. Only now should you initiate your install.
Post-install, apply all the service packs/patches you've accumulated FROM CD. Notice we have not connected to the network yet. Some patches have optional reboots (ie, they require a reboot to take effect but do not a force a reboot as part of the patching process). Make sure you have rebooted after applying the last patch. If you're on Windows XP or 2003, enable the firewall for your network connection. Look in the properties of your Internet connection - the procedure varies slightly for Windows XP, XP SP1, XP SP2, and Server 2003.
NOW you can plug in your net connection. Hit Windows Update first. I'm not sure which guidelines recommend turning off your firewall, but ignore those unless you experience problems. Windows Update will operate just fine with only HTTP (80) and HTTPS (443) access. Get all the latest patches, and reboot. When installing applications, make sure to patch those along the way as well and you should be protected. Depending on who will be using the computer and how proactively you will be admin'ing, I would turn on the Automatic Updates feature now - download AND install automatically.
An excellent tool to help you along the way is the Microsoft Baseline Security Analyzer. It's meant to scan for not only patches but security misconfigurations and other potential vulnerabilities as well. It's packaged as a
Windows users don't tend to care. They don't read Windows news sites daily, they don't subscribe to mailing lists that send out warnings as soon as a vunerability is found. They don't patch when Windows tells them to.
You know why? They don't care, they don't want to "break" anything, or they don't even know that the little icon in their taskbar is any different from their 1000 other ones in the tray.
The observation you make is correct. The group you apply it to is incorrectly targeted. Do you suppose that if all of the sudden the vast majority of these Windows users migrated to a more favored OS, they would magically read relevant OS news sites daily, subscribe to kernel mailing lists, and patch when their OS told them to? Of course not. Users are users. They're not interested in OS news or maintenance any more than they absolutely have to be (which, given the nature of modern technology, is practically nil). The fact that most computer users run Windows is largely an artifact of business dealings, not some concious decision on the part of the users.
No, the way to solve such problems for the computer users of the world is by providing better defaults, ie, automatic patching turned on out of the box. If you're part of the tinfoil hat crowd, go ahead and turn off automatic patching. If you like to patch manually and can be trusted to do it, go ahead and turn it off. But if you're part of the unwashed masses, your computer just takes care of itself.
Try using the native Win32 wget and PuTTY. Both have no problems on SP2 build 2055 or 2082. Cygwin is just too much bloat for me.
That said, I wouldn't install a beta SP on my production box ever. I have run through several scenarios on VMWare though, including upgrading to SP2 as well as simply installing a clean SP2-slipstreamed copy. Starting to like the changes I see. The few applications that may break are worth the collective security of the Windows population at large.
Let's put it this way: it happens so often with Microsoft's competitors that it seems likely that either Microsoft is deliberately sabotaging rivals who code for Windows or Windows itself has some serious issues and causes a lot of programs to glitch. Either way it doesn't look good for Microsoft.
If you really do think this, I'd suggest reading Raymond Chen's blog. Raymond is a Windows shell programmer (and author of the famously popular TweakUI) and has been working with Windows since long before Windows 95. He's constantly adding entries on "why we did this" or "why it works like this" that shed a whole new light on the internal workings of Windows. Some of the more interesting articles are on his archived site, like The Story of the Shell Folders Key or What about BOZOSLIVEHERE and TABTHETEXTOUTFORWIMPS? Raymond does actively monitor comments to his blog postings and if you have a coherent question or comment, he will usually respond.
Get your facts straight. The LDS Church hasn't accepted polygamy for over 100 years.
What functions does the 614+ lack that you are looking for in an AP? I didn't set them up, but I believe in addition to our 900AP+'s, we have a few of the 614+'s functioning as access points. We just plug a crossover cable into LAN port 1 and we're good to go. Mostly we have this sort of setup in conference rooms where the extra wired ports are quite handy in the middle of the room.
I'm curious as to the reason you are dissatisfied with D-Link. I had an SMC wireless broadband router for a while and it did the job. I eventually gave that one away and bought a D-Link DI-614+ to replace it and have been extremely pleased with it. I especially appreciate how configurable it is - the SMC I owned seemed limited and restricted in comparison. We use D-Link routers, access points, and wireless cards at work and I haven't ever had a reason to complain.
Is this pen really discontinued? I started buying this exact pen sometime in 1994 and have never bought any other kind since. I noticed though that Staples/Office Depot/etc don't seem to carry them anymore (used to be about $7 for a 5-pack, came on green cardboard), although I do believe my college bookstore has quite a few left at like $1.75 a pop. Is now the time to stock up? Or what's the closest pen to it?
It seems as if you are only familiar with the GUI method of setting network properties. While it's easy to make fun of Windows XP for all its gaudiness, Microsoft finally added a whole slew of great command line tools which are often overlooked. netsh for example is a great command line, hierarchical interface to network adapter properties and settings. Spend a little time with it and you'll never go fishing through those silly dialogs again. diskpart is another great addition that should have been there long ago. sc for service configuration and bootcfg for making changes to your boot.ini - the list is pretty extensive. More info in %systemroot%\help\ntcmds.chm.
On a side note, I've come to realize that Microsoft only makes products for 2.1 audiences:
- 1. Home/Inexperienced/Novice Users. This is your corporate drone, your mother, and the kids at school. They all want to get on the PC, get the email, write some documents, and surf the web. Don't care much for how or why things work, only that they do. This is why we end up with the gaudy Fisher Price interface and wizards and all sorts of unfunctional junk.
- 2. Systems Administrators. Your friendly neighborhood BOFH. He's just gotta keep the servers going, the desktop machines running, the database functional. Plenty of options, tweaks, dull grey backgrounds, policies, ways to make things work if you're sitting at the server console.
- 2.1 Developers. Yadda yadda yadda... need apps to sustain a monopoly... the whole bit. They get things their way inside Visual Studio and not very much else.
What I object to is there's no class for the ever-growing market of Techies. People who understand the desktop machine they use every day. Many of these are programmers or systems administrators so they know what's going on, they know how they want it done, and they know how they want the computer to do it. Unfortunately, theirs is a life of constantly changing unfunctional defaults to more efficient alternatives, which is of course a mind-numbingly difficult task after you've done it more than once. If we can have predefined security templates that apply to a machine to change a slew of default options, why not expert templates?You tell people what you're thinking about, or you're too quick to answer questions in class, because it's *fun* getting the answer right and they kick your ass at recess. I guess you come off as arrogant and you can't fight back so you learn to STFU
I realized sometime in middle school that the reason the other kids made fun of me and excluded me was I came off this way at school/play all the time. Once I made the connection that the brainiac-instant-answer-to-everything guy was not really a quality that other kids liked I made a deliberate effort to curb my behavior. I MADE myself stop to "think" or stutter or say words like "um" and "like" where I never did before. I could kick myself now. I don't think I'll ever be able to rid my speech of such stupid-isms ever again.
I agree. I find 'casual' conversation very difficult, but if the conversation turns to more of a discussion, where different ideas are presented and debated, I find it much easier. Many people accuse me of being 'combative' because of this. They do not realize that I am not out to "win" the debate, but merely discuss different viewpoints and expand my thinking
While our high school never had a debate team, I think I would have enjoyed it. My best friend and I used to sit in the back of Latin and pick something to argue about every day. We'd each pick a position and try and convince the other by the end of the hour. When it got really interesting was when we decided to swap roles at the halfway point. I rather enjoy a thoughtful conversation with someone even if the matter is trivial. But the mindless chatter I'm almost expected to take part in whilst riding the elevator or when running into an acquaintance is excruciatingly difficult if not painful for me - so much so that I'll take steps to avoid such confrontations.
The first thing I thought of, is "Why doesn't Microsoft distribute electronically?"
The licensing for this sort of thing scares the hell out of them. How would anyone who downloaded an iso prove that they are the legal owner of the license? License verification nowadays still relies on the holographic CD and the Certificate of Authenticity that is either on the box or your computer case if purchased from an OEM.
On the other hand, it obviously is tempting. The very first (non-free) Microsoft product available in a pay-and-download format is Plus! Digital Media Edition. It's obviously an experimental technology, since it wasn't even a real product before this. I'm sure they're trying to gauge acceptance and how well their product activation technology is working. If things go as planned, we could see the next version Windows iso available on microsoft.com - but it'd probably still be quicker to hop on your favorite p2p net...
Have you checked out POPFile yet? Latest version lets you "whitelist" (they call it "magnets") on the To/CC/Subject/From fields easily and have as many buckets as you want. It's amazingly accurate - I'm at 96.73% accuracy right now. Most of the errors are from the first two weeks when I trained it. Currently I have mine set up to divide mail into 3 buckets - Genuine, List, and Spam.
On a side note, perhaps the reason most filtering products use a spam/notspam model is because genuine mail is so easy to filter. The only hard part is getting the spam out. Once that's done, it's trivial for any rule-based system to separate out mail from auntie_mae@hotmail.com or really_big_list@ubergeeks.org.
"Five nines" leaves you only 5 minutes 15 seconds of annual downtime (0.001% of a year).
I guess if you're running your entire infrastructure off of one measly little server then you only have a little more than 5 minutes a year of downtime for your enterprise.
On the other hand, if you're really in a situation that requires 5 nine's of reliability, you probably know about things like clustering and load balancing, redundant backups, and hot-swapping.
In the end, it's not the uptime of one machine that matters so much as the uptime of the service. Don't confuse the two.
I believe you may be confusing the content of the updates with the legal agreement associated with it. The scenario I imagine is creating a slipstream installation of Windows 2000 SP4. When I slipstream the SP4 update, I am provided with all the current fixes, in the form of the most recent binaries. However, the only EULA I am agreeing to is the SP4 EULA referenced above. The EULA's for previous SP's are *not* included. Then when I install the Windows 2000 SP4 product on any computer, I agree to the original Windows 2000 EULA. At no time does the prohibitive SP3 EULA manifest itself, and I can find nothing in the agreement that states that I am bound to previous, not-included EULA's.
sucks because typing long names with spaces at a command line is unfun? (Cygwin saves my sanity with bash tab completion... how hard would it have been to call it \Programs, and leave the extra word out?)
d Processor]
Command line completion has been a native feature of Windows since Windows 2000. Simply add a registry key
[HKEY_CURRENT_USER\Software\Microsoft\Comman
"CompletionChar"=dword:00000009
to use the tab key for auto completion. You can also add the key to the HKLM tree to apply to all users. Just make sure you're using the real command processor (cmd.exe) and not its bastard step-sibling from the 9X line (command.com).
On a side note, the reason this is not the default is because the programmer in charge of this area thought that there may be users with a legitimate use for typing a tab on the command line, like grep'ing for something with a tab character. Someone made the point that 1) there is probably a significantly larger number of users who would gain more use of the tab key for completion and 2) those users who *would* want to actually type a tab character are probably the ones savvy enough to change this setting to their liking. The point was taken, and the tab key is indeed the default completion character in Windows XP and above.
...they also need to put into patches the ability to slipstream them with new installations...
If you look close enough (google for "slipstream windows hotfix") you can find multiple ways to deploy hotfixes. Specifically, you can batch script ANY hotfix with a command line (I have yet to find one I absolutely *need* to send any keypresses) but extracting the command line from MS support might require you to open a (free) support incident. If you're interested in slipstreaming patches, it's a little more work, but it can indeed be done. Scroll down to the heading "Installing Windows 2000 with Windows 2000 Hotfixes Using Svcpack.inf" in the previous link for all the gory details. It looks like a lot but it's not really too bad once you dig in. And making a CD with the latest service pack AND hotfixes significantly reduces your deployment time, so I consider it time well spent. Note that the procedure can be used on Win2000 SP2 and above, including XP.
You also may want to look into deploying SUS as it will make your patch deployment headaches go away. You'll still have to decide which patches you want to install but after that the deployment is all taken care of.