Introduction to virtualisation

This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

When thinking of IT security, there are a few names which immediately come to mind. One of these is Bruce Schneier, another is Rafal Lukawiecki and another is Steve Gibson. I recently began to listen to Steve Gibson’s Security Now podcast with Leo Laporte and originally I thought a security podcast would be dull – although it does seem to me that this one is as often about new hardware and software technologies as it is about security – but I was pleased to discover that it’s enjoyable listening as Steve does a very good job of describing security issues in basic terms (he can be very outspoken though and does sometimes let himself down on his broader knowledge of the non-security elements).

I’ve written a lot on this blog about virtualisation technologies but never really covered the basics of what virtualisation is. I had thought of writing a blog post on the topic but, as there are a number of Security Now podcasts that do a better job, I recommend listening to (or reading the transcript for):

Security Now episode 50: Introduction to virtualisation (transcript).

I found this particularly interesting, describing the history of virtualisation technology, from 1960s IBM mainframes right up to the present day. If that whetted your appetite then the following episodes may also be interesting:

Security Now episode 53: Virtualisation part 2 (transcript).
Security Now episode 54: Blue pill (transcript).
Security Now episode 55: Application sandboxes (transcript).
Security Now episode 57: Virtual PC (transcript).
Security Now episode 59: Parallels (transcript).

I should point out though that I did notice a few errors:

It’s a shame that these errors crept in as it would have a huge effect on the overall positioning of Microsoft’s virtualisation products in the Virtual PC podcast (episode 57). Having said that, Virtual Server does has a number of issues when it comes to managing it in a cross-platform environment – it may have a web interface but it relies on ActiveX (so, requires Internet Explorer on Windows) and the Virtual Machine Remote Control (VMRC) client is not available for non-Windows platforms (despite using port 5900, suggesting it may be related to VNC, I can’t seem to get it working using a VNC client).

VMware may well have a more advanced product set (with Workstation, Virtual Infrastructure 3 and VirtualCenter 2) but from my experiences of dealing with the company it seems that they are going through some growing pains and I am sure that Microsoft will catch up over time. What seems to be certain, is that virtualisation is more than just the buzzword of 2006.

Ripping analogue recordings using GarageBand and iTunes

This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

In common with many people, I’m in the process of digitising my music collection – and my collection is not small. At last count I had something like 250 compact discs (CDs), 500 CD singles and a couple of hundred compact cassettes and MiniDiscs as well as some vinyl, a few VHS cassettes and digital versatile discs (DVDs).

Of course, ripping CDs is no big deal – iTunes takes the pain out of that for me (I rip as 192kbps MP3s – maybe not the ultimate quality, although good enough for most people’s ears) but the analogue content is not so easy. Over the last week or so I’ve worked out a method to rip from analogue sources, using standard software on my Mac… this is how it works:

  1. Firstly, open GarageBand. I’d never used this package before but it’s amazing – only a few years back this sort of application would have cost thousands (and I’d have been mixing using a standard mixing desk and recording to MiniDisc, not a computer). GarageBand looks scary at first, indeed I originally used iMovie to record my analogue feed and then transferred that to GarageBand but that step is unnecessary – simply create a new real instrument track and set it to record as you play the analogue source through the line in jack on the computer.
  2. Using GarageBand, edit the recording to cut out unwanted sections, adjust volume levels, etc., then view the Podcast track and add episode artwork and other information. You can also add markers for chapters within the recording.
  3. Set the audio podcast settings to Higher Quality in the export preferences. Optionally chose a Composer Name and Album Name in the general preferences (these can be changed later in iTunes).
  4. Once the recording is complete, save it, and then either select Export Podcast to Disk… or Send Podcast to iTunes from the Share menu in GarageBand (the result is the same – an MPEG 4/AAC file with an .M4A extension – but depending on the menu item selected it will either be in the chosen folder on the disk or within the iTunes Library).
  5. Open the recording in iTunes and edit the ID3 tags using Get Info option on the File menu.

That’s all that’s required for an AAC recording, but if you want to convert to MP3 (unfortunately this means double compression, leading to further clipping and a slight loss of quality), check that the advanced preferences in iTunes are set to import (yes, import – even though the conversion is an export process) using the MP3 Encoder at Higher Quality (192kbps). Finally, select Convert Selection to MP3 from the Advanced menu in iTunes. You can also use a similar method for Apple Lossless, AIFF or WAV conversion.

There are a couple of extra points to note: whilst AAC supports markers for the chapters added on the Podcast track these will be lost as part of a conversion to MP3; and GarageBand recordings are limited to 1999 measures (1 hour, 6 minutes and 16 seconds at 120 beats per minute) – to capture longer recordings it is necessary to adjust the tempo (beware of the Follow Tempo & Pitch checkbox on each track/region).

Will Vista’s 3D effects work in a virtual machine?

This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

As a Windows Vista beta tester who filed at least one bug report, I was recently given a complementary copy of Windows Vista Ultimate Edition (thanks Microsoft); however as I’ve been rationalising my PC infrastructure of late I only have a couple of PCs that could make full use of the visual effects in Vista – my Mac (which runs Mac OS X most of the time) and a 2.4GHz Pentium 4-based PC (which runs Windows Server 2003 and Virtual Server 2005 R2). Consequently I’ve been wondering if the best way to make use of my new Vista license (bearing in mind the restrictions of product activation should I later try to move it between PCs) would be in a virtual machine.

It seems not, as I checked with John Howard, who is a Microsoft Program Manager for Windows virtualisation (and was formerly an IT Pro Evangelist here in the UK) as to the likelihood of ever receiving suitable VM Additions or 3D device drivers within a Windows virtualisation product.

John kindly replied, pointing out that the S3Trio video adapter which is emulated within the Microsoft virtualisation products is nowhere near the level required to support Vista’s 3D graphics. He went on to add that there are no plans to change this within Virtual PC 2007 or Virtual Server 2005 R2 SP1, nor in Windows Server Virtualization (which is seen as a server solution and therefore unlikely to require client-focused features such as 3D graphics).

John’s reply doesn’t fill me with hope and despite VMware’s current push into enterprise desktop virtualisation I’m not sure that their position would be any different. In the meantime, it looks as though 2D graphics will be the limit to those of us who are heavy users of virtualisation on the desktop.

RDP backslash fix for an Apple UK keyboard

This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

A few days back, in my post about typing # on an Apple UK keyboard, I commented that I can’t type a backslash (\) on an RDP session to a Windows server from my Mac.

An anonymous contact very kindly tipped me off about Ira Rainey’s backslasher system tray application which Carl Slater has mirrored on his site (alongside a very nice VW Camper and motocrossing Honda C90s!). It works fantastically on my Windows Server 2003 SP1 system using the Microsoft Remote Desktop Connection Client for Mac v1.0.3 and Mac OS X 10.4.8.

The quick and easy way to create an SSL VPN

This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

A few weeks back, I mentioned to one of my colleagues that I was looking to find a secure method of getting into my home network from wherever I happen to be and he recommended his friend’s SSL VPN product – SSL-Explorer.

I should also add that the aforementioned colleague has since taken a position with 3SP, the creators of SSL-Explorer (good luck Chris), but I have no such conflicts of interest – I’m simply writing about a product that’s I’ve found to be very useful.

According to 3SP:

“SSL-Explorer is the world’s first open-source, browser-based SSL VPN solution. This unique remote access solution provides users and businesses alike with a means of securely accessing network resources from outside the network perimeter using only a standard web browser.”

The community edition of SSL-Explorer is an open source product licensed under the GNU general public license (GPL) and the enterprise edition builds on this to provide additional functionality for organisations who require enhanced features and dedicated commercial support.

I used a (remarkably) similar product from Neoteris a few years back; however that required a dedicated appliance server and was a commercial product. There’s also the OpenSSL project but, despite earlier versions of SSL-Explorer requiring compilation using Apache Ant, the installer I used (v0.2.8_01) required no such effort and I was amazed at how quickly I was able to install SSL-Explorer onto a standard Windows server (I could also have used a Linux box). Furthermore, despite not yet being a version 1 product (and using Java, which I’m not a fan of), SSL-Explorer seems to be remarkably stable.

Through SSL-Explorer, I can provide users with access to file shares (read-only or read-write – and the product only enumerates those folders for which the user has access), reverse proxy to internal web servers (including single sign-on to Outlook Web Access) and access internal servers (using RDP or VNC – other modules are also available). Some features require an agent to be loaded on the fly but the SSL-Explorer product is still a clientless VPN (all interaction is within a web browser). Management is via a web interface and self-signed certificates can be used (for those of us who don’t have the budget to buy third party certificates).

I still have some issues with the remote desktop functionality from behind my employer’s proxy server; however I suspect that is related to the ISA Server configuration in use – SSL-Explorer is working perfectly from other networks. I also operate using a single NATted IP address, so if I want to forward all HTTPS traffic from my firewall to the SSL-Explorer server then I can’t do the same for any other web servers that I might like to expose to the Internet directly (at least not on the same port).

Of course, there are other solutions that may better suit an organisation’s network or security policies; however for many smaller companies and private individuals, SSL-Explorer could be the perfect solution to remote access – it’s definitely worth a look.

Using RIS as a TFTP server

This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Earlier tonight I needed to upgrade the software on an Ethernet switch. Most network administrators will be aware that this generally requires access to a trivial file transfer protocol (TFTP) server and it’s widely believed that to set up TFTP on a Windows server requires third party software. Not so – Microsoft remote installation services (RIS) includes a built-in TFTP daemon and I found that this can be used to serve files to any TFTP client (I’ve written before about using RIS to PXE boot non-Windows images and this was a effectively a variation on the same theme).

All that was required was to copy the binary that I needed to run on my Ethernet switch to the RIS server’s remote installation share (\\servername\RemInst). Once the file had been copied to the RIS server it was simply a case of following the switch upgrade process and supplying the appropriate TFTP server address (i.e. the IP address for the RIS server) and filename.