Tuesday, December 22, 2009

Numbered Policy Docs and MS Word

In the BLAME THE TOOL category, stands Microsoft Word 2007.

Now, I got over the sticker shock, and I got everyone trained up on Office.
Were' getting along with the annoying Ribbon interface. But Word's numbering, styles and numbered lists are the most pain I have willingly subjected myself to in a long time. (That's saying something since I just shoveled out from a blizzard.)

I've spent a few days writing policies now, computer security stuff. But I have spent more time trying to get Word to do anything useful. And this is the end. I need another tool. Html alone will do an easier job for this.

The emperor has no clothes. Maybe the answer is to write this stuff with GoogleDocs.

I just can't believe Word 2007 is so totally lame after so long. The numbering interface is just awful. Touch one thing and everything else in the doc is screwed up. EEEEEEEVVILLLL,

Tuesday, July 7, 2009

Intel DG31DL Power Settings

This motherboard is pretty easy to set up for WOL, but it came from the shop with S1 standby mode enabled. We really want S3 standby mode. My Kill-a-Watt meter shows the following on this average core duo machine:

On

S5 (Off)

S3 (Sleep)

S1 (Sleep)

67 Watts

6.03 Watts

7.37 Watts

40.2 Watts


So trolling throughthe BIOS we find:



On Board LAN is on


Wake on LAN from S5 is Power On
EIST (speed step) is enabled for additional power savings
Suspend state is S3
The 'Wake system from S5' option is a clock based startup feature (disabled)




Back in the windows NIC adaptor properties:

The power management tab is showing, so WOL is enabled in the BIOS.
Allow the computer to turn off the device to save power is checked
(wake on lan still seems to work anyway)
Allow the device to bring the computer out of standby is checked.
Only allow management stations to bring the computer out of standby is checked.
(wake on lan still is tested to work)


A couple more settings in Windows:

Here on the advanced tab we can check that only "Magic Packet" is selected and not "Directed Packet" which tends to bring the machine out of standby any time it receives a broadcast packet.


This is the Wake on Link setting. It's disabled. Strange idea. Suppose you could boot 100 or 1,000 PCs by just turning on your network hub this way.

Intel D865GLC

Had trouble finding documentation on how to set up Wake On LAN with an Intel motherboard. We've got a few different motherboards so I will try to document them here.

Here are some BIOS settings to take advantage of WOL and standby mode on the Intel D865GLC motherboard...

BIOS Screen:

















Plug and Play OS needs to be enabled.

This enables the power management tab in the NIC driver settings under windows.






























OnBoard LAN enabled

The Power management settings are hidden under ACPI:
















We are using the S3 sleep mode.
And Wake on LAN is set to Power On.
















We want to disable USB Boot for security reasons...
If there is an option to wake the PC from USB, that may be used to allow the mouse to wake the PC from S3 sleep mode. But sometimes it causes the PC to come out of sleep mode when that was not desired. This BIOS does not have that option...

















Now we just have to set the NIC power management settings in Windows.

Note you get the power management tab in the adaptor properties.
It's hidden unless you turn Wake on LAN on in the BIOS under ACPI.

We turn on Wake on Magic Packet and disable directed packet. (Leaving directed packet on causes our PCs to boot themselves as soon at the NIC receives a broadcast packet. About 30 seconds after shutdown...)

































That should do it. Now test from a management station or magic packet software to be sure it works.

Tuesday, April 28, 2009

CITRIX Customer Service? What's that?

Amazing to me that the largest growing trend in Customer service today is having the agent hang up on you and close the case.

Citrix support is awful. I understand why they steer you to a reseller.
They've renamed the products such that no-one understands what they do.
And then, the (admittedly very nice sounding) customer service person just hangs up on me.

I'd believe this was random telephone line issue.  But I logged a case last week and they have never contacted me to resolve it at all.  This time the agent closed the case after he hung up on me (I checked online).

This just rankles.  Idiots.
The product works.  But the support contract is worthless.

I won't be recommending Citrix anytime soon.  Sassin frassin robots!

Monday, January 26, 2009

Micro-Lending as a Stimulus

The president is continuing to implement an economic stimulus program. A program of epic proportions. But from what we hear on the news, much of this money will not have an effect on the economy for years to come. What could perhaps help would be a government sponsored program of Micro-Lending.

These loans would come in two sizes:
Small personal loans to individuals, from $100 - $1000. The idea is to create a simple way for individuals to make a very small loan, one that is smaller than those normally offered by banks.

Larger 'micro loans' to businesses, from $1000 - $10000. Here the idea is to provide cash for small businesses to establish themselves, or invest as seed money in a new product idea.

Rather than run the program directly, the government could choose a banking provider to administrate the loan program. The program would be implemented in line with economic research on micro-lending, particularly to establish the needed scale of the program and to use guidelines in place in existing micro-lending programs to prevent abuse.

Government itself would provide the seed money to establish the program. But the program would ultimately be self-funded based on revenue from the lending activity.

Don't delay the DTV Conversion

It seems odd to me that some are saying members of the public are not aware of the upcoming DTV conversion. If you watch TV in the US, you have been inundated with messages about upgrading your television to receive the new digital signals for months now.

A coupon program has been running for months to provide discounts on equipment needed to receive the new signals. Some members of congress argue that we should delay the February deadline because the coupon program ran out of funds. We all knew it would run out of funds eventually. So why is it that congress doesn't just increase the funds available for coupons? That makes more sense than delaying a transition that has been well communicated already, and creating confusion in the process.

Come on people, get back to work on something more meaningful than this red herring!

---

Update: the delay turned out to be a good thing. Massachusetts really had minor troubles wiht the transition, but apparently there were many areas of the country which benefitted from the delay and the additional coupons made available.

Sunday, January 4, 2009

Virtualization: A threat to the O/S?

Some recent press has referred to virtualization and browser based applications as a threat to the operating system. As an IT Manager - having lived through a few technology waves - I think the arguments that are being made are unrealistic.

Today's Windows machines have Flash ROM that contains the BIOS code, the low level functions that are required to start a machine and figure out where the actual boot code resides. When they boot up they generaly flail around until they access a boot image - which most often is on a hard drive (but could be on a network drive, or a CD).

If we go to the extreme of providing a Hypervisor on the machine, then we can run virtual machines (various O/S') on top of the Hypervisor without loading Windows or Linux first.
This is great for flexibility, but you'll notice that it doesn't reduce your licensing costs with Microsoft or whomever. It also doesn't reduce the security vulnerability of your box - in fact it increases the threat surface by the number of VMs that are running at once! You might be able to use a snapshot to restore quickly if you are compromised, but that's the only security benefit.

The problem is that virtualizing an O/S just brings you more of the same. All the software related management costs come along with each instantiated machine, along with some additional complexity due to running VMs.

But there is an opportunity here for a different kind of virtualization to make an impact.
A couple examples might make this clear.

1) Take a look at how BitTorrent streams files to multiple recipients. The network traffic is comprised of tiny slices of the file that come to you from many different directions. The BT application breaks the files into slices for shipment and at the client reassembles them into a recognizable file. What is created is close to an internet SAN - but a fairly slow one.

2) SETI at home, and other applications, make use of compute time on internet connected
computers. This "free" CPU resource is used to solve very large problems.

Now what if network speeds reach the point where we can store the boot image for our PCs in the "cloud". Perhaps you would keep a local cached copy of the boot image and refresh it every time you start up the machine. We might be able to produce an O/S that is never "installed" on a PC. The machine could simply run BOOTP - if there were a server waiting to provide the software load.

Well... Of course replacing everyone's home PC with a BOOTP loaded machine is impractical - much as it means that now Verizon and Comcast will have to get in the O/S provisioning business. And there is the little problem of loading the OS down in the clear via TFTP.
Yikes!

But what could happen is that we could create a storage network that runs on the excess capacity of other machines that share their bandwidth. Then, home machines would run a modified BOOTP over something like Bittorrent. The boot loader comes over the wire.

Well - how is this better than what we have today?

I think anything you load at boot time like this would have to be fairly small.
It could be about as complicated as Mac OS 6 - a basic stable OS, but with a browser
built in. But if the OS is not affected by loading programs, and everything is run in a browser
window, then we can reduce the threat of infection to software on the machine (since that would be replaced at each boot)

Need a lot of refinement, of course, but I can see where this might be headed!