Microsoft virtualization license rules for Windows 2003

I recently came across some new licensing rules for Windows 2003 Server in regards to virtual images.

The virtualization use rights vary by edition of Windows Server. Standard Edition grants the use rights to run a single virtualized instance of Windows Server Standard Edition. Enterprise Edition grants the use rights to run four instances of Windows Server that may be a mix of Standard Edition and Enterprise Edition. Datacenter Edition is licensed per processor and grants use rights to run an unlimited number of virtualized instances of a mix of Standard Edition, Enterprise Edition and Datacenter Edition.

You can try out Microsoft's own licensing calculator and learn more.

IE7 and pishing filter works

It is good to see that that technology works for you. I got this warning today when I opened an email that I knew was spam.

Unfortunately I did not get this warning before I tried to log in with my username "fuck" and password "you". But better late than never I say. At least you know if you screwed up...

Tags: pishing, IE7

Side by side installation of WSS2 and WSS3

Side by side installation of WSS2 and WSS3 on the same server is possible as long as you choose not to upgrade the existing installation. This is the first option you get when you try to install WSS3. Microsoft has even written a document on how to do so. I have done as described and did not encounter any problems with the installation.

Tags: Sharepoint, WSS2, WSS3, WSS

Fortigate with high CPU time

I recently had an incident with a customer firewall where the CPU load averaged at about 93% as seen from the GUI. The network monitoring tools (that is Smokeping) also reported higher response time than normal even though network throughput seemed to be normal. There were no indications about any packet loss in the network during the period.

The solution used was to boot the firewall. The Fortigate firewalls seems not to have an easy way to find out what processes use CPU time.

The customer runs two firewalls in a HA configuration. As so there were almost no downtime during the reboot. I had 6 packets that did not get through during the reboot.

Tags

• Fortigate
• Fortinet

Google blogs

Google is the company everyone loves - and hates. It is tough to be a big company. There are lots of people watching everything you do and whatever you do someone will always disagree with you.

I really like lots of what Google do for you. They have lots of cool products and some of them are good as well.

I have found a few blogs (in addition of Google's own blogs) that you should look at. Some of them are positive and writes about what Google can do you you, and some are more skeptic and tell the story Google don't want you to read.

I believe in making my own mind and try to read up on both sides on a story before I decide on something.

Some blogs

• Gevil.org - this is a new site and they seem to be very skeptic about Google.
• http://www.google-watch.org - also a site that is skeptic.
• Google Operating System - a blog that really knows what happens at Google. You can read about new features and so here.

My sources

I use Google Reader myself and you can see what I read from my shared tags.

• Google official blogs - I try to follow up on as many of them as possible. These are the ones I have found.
• Google related blogs - those I read.
• Google search - search on Google's own blogsearch for the past month.
• Google tag at Technorati. Google is a hot tag so it can be hard to find useful information.

GNU/Linux to the rescue (Again)

For a while ago I talked about how I recovered from a blue screen scenario using GNU/Linux tools. Yesterday I came across a Windows 2000 server that did not boot. When I booted up the server it froze at Preparing network connections.

I tried to boot into safe mode, and got this error:

Directory Services could not start because of the following error: There is not enough space on the disk. Error Status: 0xc000007f. Please click OK to shutdown this system and reboot into Directory Service Restore Mode, check the event logs for more detailed information.

Ok, what now? It seems like we got a drive that is out of disk space. And if I can't boot - how can I delete some files?

Luckily for me there is an effort to make a good NTFS implementation for Unix freely available. And since ntfs-3g came with a SystemRescueCd it took only a few minutes to delete some files so I could boot the server.

About GNU/Linux rescue CD's

There are lots of Linux boot disks available on the marked. I have tried some and most of them are small images made for only one purpose, like changing Windows passwords and so on. But you can also find other boot disks that are general purpose. Here you can find a small collection I know of.

Ubuntu	Small GNU/Linux CD with lots of support. Can boot and run from a CD or memory stick. Every thing you need of software is easily installed from the Internet.
SysRescueCD	Description: SystemRescueCd is a Linux system on a bootable CD-ROM for repairing your system and your data after a crash. It also aims to provide an easy way to carry out admin tasks on your computer, such as creating and editing the partitions of the hard disk. It contains a lot of system utilities (parted, partimage, fstools, ...) and basic ones (editors, midnight commander, network tools). It aims to be very easy to use: just boot from the cdrom, and you can do everything. The kernel of the system supports most important file systems (ext2/ext3, reiserfs, reiser4, xfs, jfs, vfat, ntfs, iso9660), and network ones (samba and nfs). From their homepage
Trinity Rescue Kit	Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues. It is possible to boot TRK in three different ways: As a bootable CD which you can burn yourself from a downloadable isofile. From a USB stick/disk (optionally also a fixed disk), installable from Windows or from the bootable TRK cd. From network over PXE, which requires some modifications on your local network. TRK is a complete commandline based distribution, apart from a few tools like qtparted, links, partition image and midnight commander. From their homepage
Offline NT Password & Registry editor	This is a utility to (re)set the password of any user that has a valid (local) account on your NT system. You do not need to know the old password to set a new one. It works offline, that is, you have to shutdown your computer and boot off a floppydisk or CD. The bootdisk includes stuff to access NTFS and FAT/FAT32 partitions and scripts to glue the whole thing together. Will detect and offer to unlock locked or disabled out user accounts! It is also an almost fully functional registry editor! From their homepage

Tags

Linux, bootcd

The importance of choosing the right SSL certificate issuer

In a previous post I have talked a little about where I prefer to buy SSL certificates. Comodo Group have this site called www.instantssl.com that is

• Cheap.
• Fast.
• Good service.

I renewed my company's certificate for our mail server yesterday. This is a trivial task and I could not see any challenges with this task.

Oh I was wrong. Our Windows Mobile cell phones did not handle this so well.

How does certificates work?

A certificate is a proof of something. All certificates needs to be issued by a known authority. Common well-known certificates are:

• Drivers license.
• Passport.
• Your identity card.

But how do you validate certificates you do not know? In the computer world we have something called a root certificate store. This store is a list of all issuers that we trust. Unfortunately, this list is maintained separately by each application or vendor. Here are some examples of different applications:

• Opera web browser
• Nokia cell phones
• Sony Ericsson cell phones
• FireFox browser
• Internet Explorer
• Windows CE (with variations; Windows Mobile and SmartPhone). CE does not share root certificate store with Windows. And it can be hard to add new root certificates.

A root certificate is the same as the certificate authority or issuing certificate.

The root certificate store in Microsoft Windows is updated by Windows Update and contains lots of issuers. Some applications, many from Microsoft, are using Microsoft Cryptography Services and benefit from the same root store.

Why the certificate issuer is important

The issuer of the certificate is important, because you need that issuer supported on your target device. On most devices you can add a new root certificate yourself, but if you have 100 devices from 10 vendors this task is time-consuming. And many SmartPhones are restricted from doing so. I came across some HTC phones the other day shipped from Dangaard. If I want to add my own root certificate they have to sign a deployment file. And they will charge me about €500 for the job. Easy money? :)

You should check your target applications for compatibility before you purchase a certificate!

Comodo and InstantSSL

Comodo does not have their own root certificate. Or at least - they are not using it.  But they have access to many root certificates via their own intermediate issuing certificates. In the past Comodo have issued certificates from GTE CyberTrust Global Root, but recently they have changed to AddTrust External CA Root. They claim to have 99.3% browser compatibility.

AddTrust is not support out of the box on Windows CE, and we have lots cell phones based on this operating system...

I called their technical support and asked what to do. They told me to create a support ticket on the web and make a new CSR. I did so and within a few hours they gave me a new certificate with GTE CyberTrust Global Root as the issuing certificate. This is the first time I used their support but it worked out well in the end!

References

• Information about Windows CE (and smartphone, Pocket PC).
• Tags: SSL, InstantSSL, Windows CE

Semantic webs

We all know about Technorati by now, and we see lots of blogs now using tags. I found an old article talking about metaweb and the changes to come. Metawebs are in short webs that describe themselves in a way that computers can understand the content better and provide better search results among other things. Metawebs are also called semantic webs.

This article was written in December 2003, and he expected to see changes 3-5 years in the future.

Tags: semantic web, web 2.0

A Cost Analysis of Windows Vista Content Protection

I found this article talking about the new features in Microsoft Vista. At this point I am still reading this document.

Say you've just bought Pink Floyd's "The Dark Side of the Moon", released as a Super Audio CD (SACD) in its 30th anniversary edition in 2003, and you want to play it under Vista. Since the S/PDIF link to your amplifier/speakers is regarded as insecure for playing the SA content, Vista disables it, and you end up hearing a performance by Marcel Marceau instead of Pink Floyd.

Copy of article is found here

.

Tags: DRM, Vista

Update: Read answers here

Google Reader as an blog reader

Lately I've been looking into Google Reader and I have to say that I am impressed. This is one very useful tool.

For a while ago I wrote an article where I talked about syndication of feeds. Google Reader is one product that is really good at collecting and presentation. A few key features are:

• Mobile reader that is fast.
• GUI for Windows that is readable and easy to use.
• You can share good articles easily by sharing them or give them a star.
• You can share folders (tags) so you can collect and republish blogs that your group (work, hobbies etc) find interesting.

Sharing specific articles

There are two ways to do so. With Google Reader you can give an article an star, or you can share it. You can see my shared page here or you can embed it into your webpage as seen below.

The GUI

The web page looks nice and is easy to work with. You can find screen shots at Wikipedia.

Mobile access

It's to work with and fast as well. For me, I can read whenever I got a spare minute now.

Republish folders

Or tags, as Google chooses to call them. Look at my development folder here. This is all news, not the articles I found interesting as mentioned above. You can also embed this into your page if you want.

Links

Tags: google reader, syndication, aggregation, web 2.0

Fortigate FortiOS 3.0 MR4 is out

FortiOS 3.0 MR4 (build 474) is now out. This is the changes I've found when looking through the GUI.

Full details are found here.

• Support for VoIP - SIP and SCCP.
• The dashboard is now configurable. You can add content and remove content (web parts) as you wish.
• You can add secondary IP addresses to an interface - each with its own ping server (to check for bad gateways.)
• HA mode now allows you to configure interface priority for heartbeat. This feature went out in the original 3.0 release.
• You now can backup your configuration using SCP.
• You can now "Submit attack characteristics to FortiGuard Service Network to help improve IPS signature quality".
• You now can add "remote" types of certificates. I'm not quite sure what I can use to for yet. But I belive it's used to verify the certificate for the other party in a secure setup.
• You now can add client sertificates as users. This could be done in the CLI on previous releases, but now it seems to  support some kind of user authentication as well. I have not tried out this feature yet, but I'm looking forward to do so.
• The reboot/shutdown/reset swithces are now placed on top of the dashboard making it much easier to to these commonly used administrative tasks.

Tags: fortinet, fortigate

The search of an XSLT editor

XSLT and XML GUIs

In my quest for an XSLT editor that I can work with - this is what I found. I tested several tools I found on the Internet. The tools was mostly found using Google. I have no ideas what I need or want, nor do I know what exist on the Internet. This article is a summary of the profucts I found during this quest. I have not decided yet, but for me it seems like editiX is the product I'll choose.

Requirements

I need a tool to work with XML and XSLT documents. The goal is to speed up development of XSLT documents using a productive GUI environment. Price is also an important factor - I don't want to pay too much.

Visual XPath

Visual XPath is a graphical way of generating XPath query results. It can also be used to generate XPath queries dynamically by select XML nodes shown in the form of Tree. You can also generate queries for individual attributes.

This tool is not an editor but allows you to browse XML documents and get the XPath query to retrieve data. This feature is nice enough but not exactly what I was looking for. All the other tools tested already have this feature built in.

The source is available and the tool is written entirely in C# and .NET.

Xselerator 2.6

This seems to be quite a good tool, but from the copyright notice it does not seem to have been updated the last years. It uses MSXML2 and MSXML3 (given your preferences) and uses IE for rendering. (IE7 not support at this point, but the vendor have promised to fix that.)

This is a Windows application with two main windows. One is the XML document and the other is the XSL document. With one button you can see the output, if case of any error you can quickly see where the syntax error is.

XML Notepad 2007

A tool from Microsoft to edit XML documents. This tool is nothing but an XML editor, but it will transform XML documents (using IE) if you have a matching XSLT document. This product is made to edit XML documents as is somewhat good at it - as there are no free text editing of the XML document. But XML Notepad does not validate the document.

editiX 5.1

This is an Java application, available for Linux, Mac and Windows. This product have lots of features. You can read them all here, these are the ones most important for me;

• Can create DTD/XML schemas from and XML document.
• Can validate XML documents. (And verify that the document is well-formed in case a schema is not available.)
• Different screen layouts optimized for different type of documents.
• Can format the XML document with right indentation.

Comparison guide

A quick comparison between the different products.

Product	Price	Pro	Cons
XSelerator	US$125	Easy to work with	Seems to be out of date
EditiX	US$39 for home/academic use US$85 for commercial use	Lots of features	Takes some time to learn
Visual XPath	free	Source code available.
XML Notepad	free	Easy to edit XML documents and display transforms.

Tags: xslt, xslt editor, xml editor

Avalanche beacons - a primer

I am planning a ski trip to Val Thorens next year and as part of my preparations I'm reading up on what kind of search and rescue systems that exist in case of an avalanche. There are two standards on the marked, each with their own use.

In case of an avalanche the first 15-20 minutes are crucial for saving lives. Beacons are used to locate avalanche victims quickly after the avalanche.

The best ways to handle avalanches is to avoid them! This primer only talks about the beacon, not how to use the beacon or how to become an expert on avalanche rescue!

System	Use
Recco	The system consists of a reflector and a detector. The reflector is a passive chip that is attached to your clothes. Usually you buy coats with a Recco chip sewn in. As this chip is passive there is no batteries to replace or anything to turn on before you ski. (Nor can you test that the chip works...) You can buy the Recco chips, but not the detector. As so, this system is only of any value when on or near the trail at a ski resort. More than 500 ski resorts over the world have Recco detectors. If you get caught by an avalanche skilled rescuers will search for you with the detector.
457kHz beacon	This frequency is an international standard (en300718 or ETS300718) and units from different vendors work together. You buy a unit that is both a transmitter and receiver. (Also called transceivers.) When you travel as part of a group each participant carry one. In case of an avalanche the part of the group that did not got caught by the avalanche can start searching immediately. When skiing off-pist (backcountry) you want to use this kind of equipment.

What to choose?

Between the two systems I choose to use both as they complement each other more than they compete. I have not decided what 457kHz beacon to use yet.

References

• http://www.bcaccess.com/documents/457andFuture_000.pdf
• www.pieps.com
• www.mammut.com
• http://www.rockymountainrescue.org/html/avy.html
• http://beaconreviews.com/transceivers/Comparison.asp

Tags: avalanche, EN300718, recco