Beware of automatic updates and hosted virtual machines

This content is 17 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Whilst many organisations will have strict policies regarding patching, others will not and I’ve lost count of the number of times I’ve found myself troubleshooting strange errors in a virtual machine, only to find that the underlying host operating system has automatically updated itself and is waiting for a restart. Consequently, it’s worth mentioning that automatic updates and hosted virtualisation server products (e.g. Microsoft Virtual Server or VMware Server) do not mix well. Of course, those running a non-hosted virtualisation solution (like VMware ESX server) won’t have this issue; although even ESX needs patching from time to time.

Microsoft’s support policy for software running in a non-Microsoft VM

This content is 17 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I’m troubleshooting some problems with my Exchange server at the moment and the ExBPA led me to a knowledge base article about running Exchange Server in a virtualised environment. Whilst reading that, I can across Microsoft knowledge base article 897615, which discusses the support policy for Microsoft software running in non-Microsoft hardware virtualisation software.

I’ll paraphrase it as “If you have Premier support and you use our virtualisation software, we’ll try and work out what the issue is (we use Virtual Server 2005 R2 to do that anyway). If you don’t have Premier support, then you should, and you need to proove that it’s nothing to do with virtualisation (i.e. can you replicate the issue on physical hardware). If you have a Premier agreement but you use another vendor’s virtualisation software then we’ll try our best, but you’ll probably have to proove the problem is not caused by the virtualisation software”. The crux of this is the statement that:

“Microsoft does not test or support Microsoft software running in conjunction with non-Microsoft hardware virtualization software.”

This might be worth considering whilst selecting which (if any) virtualisation platform is right for an organisation.

WSUS 3.0 delivers huge improvements for the deployment of Microsoft updates

This content is 17 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I’ve been an advocate of Microsoft SUS/WSUS since the v1.0 release. Sure, there are better enterprise software deployment products out there (Microsoft even has one – Systems Management Server) but as a low cost (free) patch management solution for Windows, it’s hard to beat Windows Software Update Services (which, since version 2.0, will update more than just Windows – WSUS 2.0 can act as a local cache for all updates that are available through the Microsoft Update servers). Except that now it has been beaten – by Windows Server Update Services (note the subtle name change) 3.0.

WSUS 3.0 was launched a couple of months ago and I finally installed it this afternoon. Not only does it include some great new features (like e-mail notification, improved reporting and computer management) but it finally gets an MMC administration interface (a huge improvement on the previous web administration interface). There are database changes too – WSUS no longer supports SQL Server 2000/MSDE (after all, those products are shortly to be retired), although it will upgrade an existing database.

The only downside that I can see is that the product still relies on clients connecting to the server and pulling updates (there is no option to force updates on clients – at least not as far as I can see). That’s fine but it does introduce some latency into the process (i.e. if there is an urgent patch to deploy, then WSUS is probably not the right tool to use); however, for the basic operational task of keeping a Windows infrastructure patched (for Microsoft products) and reporting on the current state, WSUS is definitely worth considering.

Further Information

WSUS 3.0 distributed network improvements (white paper).
WSUS 3.0 Usability improvements (white paper).

Crowdsourcing for advice on PC security software

This content is 17 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

What would you do if you received a message that started like this?

Hi chaps,

In a somewhat strange experiment, you have found yourself BCC’d on this e-mail as the people whose technical and professional opinion I value the most. If that doesn’t feel right to you, perhaps Outlook auto-complete ended up selecting the wrong person from the GAL or my Personal Address Book! ;-)

If your spam filters hadn’t already picked it out you might stop reading right there, except that this was the start of a message from one of my colleagues, who was experimenting with an alternative method of gathering information – crowdsourcing. The theory is good – after all, why spend hours reading lots of highly subjective reviews of software, probably biased by the vendors public relations efforts, when you can ask some trusted colleagues to spend ten minutes telling you what they think (in this case, which anti-virus/anti-spam/personal firewall products they use and why they use them?). For those who are unconvinced by this method of research and say that those ten minutes are valuable and that you could be doing something worthwhile instead, think about this… we’re talking about people who trust one-another’s advice here – one day that favour will be returned.

In this case, my colleague returned the favour by sharing the information – and allowing me to post it here! What follows is the Garry Martin guide to selecting PC security software:

Anti-virus
Most of you swear by AVG Free and those that don’t, use “commercial” products instead (such as those from Symantec, McAfee or Microsoft etc.) that were either free, or that they have paid very little for under various special offer programmes. Only two of you appear to have paid retail prices for a product. Whilst there was some anecdotal evidence of issues with different programs, no one strongly warned me away from a particular product or manufacturer.

Anti-spyware
Again, most of you use the free Windows Defender (http://www.microsoft.com/athome/security/spyware/software/default.mspx) and those that don’t, use the anti-spyware capability of their “commercial” suite products (Symantec, McAfee etc.). Some of you supplement this real-time scanning with the occasional run of Ad-Aware 2007 Free or the freeware Spybot – Search and Destroy just to be sure. Many of you have found things that Windows Defender has let through using this method.

Firewall
Most of you are happy with the Windows Firewall built in to Windows XP and Windows Vista. Those of you that use something different do so generally because it is part of your “commercial” suite. Many of you mentioned that you were happy anyway as you were also behind the hardware firewall of your ADSL router.

Content Filtering
Only one of you uses web content filtering. This use is primarily to protect the prying eyes of little ones, and the product used is CyberPatrol.

Others
One notable mention from me is that I also use the freeware CCleaner to clear my tracking cookies on every boot and through a batch file when required. CCleaner allows you to tag cookies you want to keep, so is very effective in protecting your privacy. I’m sure it has hundreds of other features, but this is the only one I use it for and it works very well.

So in summary, my personal “crowdsourcing” experiment worked, and worked very well. I didn’t need to research this myself, and hopefully in the process have put together some useful information for all of you. Result. Oh, and hopefully my PC is now at least as secure as your PC is!

[I was one of the mugs who paid retail prices for a product… although in fairness it was for my wife’s business…]

Garry’s experiment doesn’t have to stop there though – if you have any views on either the crowdsourcing concept or on PC security software, please leave a comment on this post.

Totally protected

Don’t just take photographs – make them!

This content is 17 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

For a long time now, I’ve been intending to start a photography blog, but as made the move to a digital workflow, my photography is inevitably becoming more technology-focused and I’ve decided to post the occasional photographic item here (those who are interested in just the photographic items can point their browser/feed reader to the Digital Photography tag).

Mark Wilson and Charlie Waite in 2003Four years ago, I got to meet one of my photography heros – Charlie Waite – who gave a very interesting presentation at the Talking Pictures ’03 event in London. Last night, I found my notes from that talk and whilst they are far from clear now (so I’ve missed out whole chunks that I no longer understand completely), I thought it might be worthwhile posting them here.

Charlie Waite makes the distinction between taking photographs and making photographs – to make a photograph, it is necessary to “place oneself in the midst of the photographic experience”

When I used to take photos on film, I used to think myself lucky if I got 3-5 images that were good enough to keep from a roll of film. Of course, a professional’s idea of “good enough to keep” would be different to mine (my photos consist of family snapshots, holiday memories and the odd landscape – if I made photographic images for a living then my standards would need to be much higher). It is said that the renowned American photographer Ansel Adams used to reckon on 12 good photographs a year. Indeed, Charlie Waite compared a professional photographer to a top chef who thinks that nothing is ever perfect. The chef’s guests love the meal but he thinks the beans are not quite al dente!

So what makes a good image?

Firstly, being photogenic is nothing to do with good looks – it’s about “letting you in” to the the subject. Think about a travel photographer’s image of a wizened old man – he is rarely attractive in terms of beauty and yet there is something interesting about his face, his expression, or the situation. Similarly for landscapes, industrial scenes can make great images, although they would rarely be referred to as attractive.

Most people have the artistic view that is required to take good pictures. If something is less than ideal, think about compromises. What if it was composed differently? Perhaps change the point of view? (Charlie Waite recommends using a ladder to look over the foreground and reveal more focal planes) Or try cropping the image (preferably in-camera, not in Photoshop afterwards).

Lighting can be used to create an atmosphere – for example, using side lighting instead on one main light. Personally, I love the warm glow on the landscape from a low sunlight at the end of the day – particularly combined with dark clouds after a rainstorm!

To some extent, the camera used is not what makes a great photo (a good photographer will think about a number of compositional elements whether they use an expensive medium-format camera or a mobile phone) but it can make a huge difference. Charlie Waite described the process as “making a sacred image that you are proud of” and the choice of film/filter/camera can make a huge difference. As a photographer, the subjective and creative endeavour is all yours – you are the lighting director, the producer, responsible for props, etc. and it’s your role to make it all work.

Charlie Waite summed up his talk by commenting that “landscapes are about engaging with the natural world through photography” and his talk certainly opened my eyes to a new perspective on making photographs.

Apache HTTP server on Windows Server 2008 Server Core

This content is 17 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Microsoft’s James O’Neill wrote about how:

“Some bright spark tried running Apache on [Windows Server 2008 Server] Core and having no special Windows dependencies it works.”

I couldn’t find any references to this elsewhere on the ‘net so I had to give it a go – it’s actually really easy:

  1. Install Windows Server 2008 Server Core
  2. Map a network drive, insert a CD or some other media and copy over the Apache HTTP server installer MSI.
  3. Issue the command, msiexec /i apache_2.2.4-win32-x86-no_ssl.msi.

    Not surprisingly, the installer is unable to create application shortcuts:

    Apache HTTP Server 2.2 Installer Information

    Warning 1909. Could not create shortcut Apache Online Documentation.lnk. Verify that the destination folder exists and that you can access it.

    Apache HTTP Server 2.2 Installer Information

    Warning 1909. Could not create shortcut Help, I’m stuck!.lnk. Verify that the destination folder exists and that you can access it.

    Presumably, that’s what causes an error dialog with no message and an OK button at the end of the install.

  4. Open up the firewall with netsh firewall set portopening TCP 80 "Apache Web Server".
  5. Point a browser at the server’s IP address and the words “It works!” should be displayed.

OK, so Apache running on Windows is no big deal but if this one cross-platform application runs on Server Core with no modifications, think what else this stripped out version of Windows can be used for.

Fixing RIS after installing Windows Server 2003 SP2

This content is 17 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

This may be an isolated incident, as I’ve already written about how my Windows Server 2003 SP2 installation appeared to be broken (but was ultimately successful) but ever since SP2 was installed, I’ve been warned about service startup failures and have been unable to PXE boot to RIS.

I haven’t bothered too much – my RIS server is used for XP builds and I rarely need to build XP machines these days but as there are no fully-featured Windows Vista display drivers for my IBM ThinkPad T40, I wanted to rebuild it on XP today.

It turns out that the problem was trivial. RIS has been replaced in Windows Server 2003 SP2 by Windows Deployment Services (WDS). WDS includes something called Windows Deployment Services Legacy – which looks remarkably like RIS to me (it uses WDS binaries to provide RIS functionality). I fired up the Windows Deployment Services Legacy administrative tool and performed a diagnostic check, after which PXE boots resulted in a successful connection to the OSChooser.

Windows Server 2008 Server Core

This content is 17 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Scotty McLeod recently gave a presentation to the Windows Server UK User Group on Windows Server 2008 Server Core. I mentioned Server Core in a previous post but here’s some more on the subject, based on Scotty’s presentation (it’s also worth checking out Micheal Pietroforte’s post on Server Core essentials).

  • Contrary to popular belief, Server Core still has a GUI. There is no Start Menu, no Explorer, no Internet Explorer (it is entirely command-line driven), but the logon screen is graphical and some GUI applications can be used (the latest beta includes an old version of notepad.exe that has very few dependencies and rundll.exe can be used to launch some GUI hooks). It is rumoured that, because some of the product teams didn’t follow Microsoft’s own application development rules, it’s too difficult to remove the GUI from Windows without breaking it completely.
  • At present, the Server Core image is about 600MB in size – small enough to facilitate some interesting potential deployment scenarios – and, because of its small size, Server Core installs quickly.
  • The number of supported roles for Server Core is growing quickly – that could be seen as a potential weakness but even so, the basic principle of providing a reduced attack service for common server scenarios still holds true. Interestingly, one of the roles (and potentially the most problematic of them all) is as an (IIS) web server – only for ISAPI/ASP applications (i.e. no .NET Framework – yet) but rumour has it that Apache will also run on Server Core and a cut-down IIS allows the installation of PHP for a Windows alternative to a LAMP web server (this lends itself to an unfortunate acronym though – WIMP – Windows, IIS, MySQL, PHP).
  • Because there is no .NET Framework for Server Core at this time, there is no ability to run PowerShell scripts.
  • After installation, Server Core has a blank administrator password. This must be changed at logon but can be changed to another blank password; however keeping it blank will prevent remote access to the server.
  • Core server has huge potential, but still seems to be a little disjointed on the administration front (ironic, given what a huge improvement has been made in the full installation through the introduction of the Server Manager tool) – it seems that the recommended approach is to use a full Windows Server 2008 server as a management server for the various Core Server installations around the enterprise.

Spreading some link love

This content is 17 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

The rel="nofollow" attribute on HTML anchors was supposed to help prevent comment spam. Unfortunately, as Michael Hampton explains at length, NoFollow hasn’t worked – at least not based on the volume of comment spam that Akismet has removed since I moved to WordPress (1096247 spam comments detected as you read this post).

U comment.  I follow.Randa Clay has created an alternative – the I Follow Movement – sites that acknowledge the contribution that commenting makes to the blogoshere (avoiding the need to specifically add links to a blogroll in order to spread some link love). I figure that if NoFollow is not preventing comment spam, the least I can do is let the information people leave here in comments work for them in the search engines (at the risk that a few spam comments will still make it through).

Following Owen’s example, I’ve implemented the DoFollow WordPress plug-in on this site so URLs in comments will now (hopefully) be picked up by the Googlebot, Slurp, MSNbot, Teoma and others. Incidentally, if I specifically add rel="nofollow" to a link, it still works – so it’s still possible to block links that you really don’t want the bots to follow (robots.txt directives are unaffected too).

So, please, comment away – and consider doing the same on your site.

The Photoshop book for digital photographers

This content is 17 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

It’s been a busy year. My family blog hasn’t been updated in a very long time and we’ve been accumulating digital photos of the boys at an alarming rate. Last night my wife and I and I went through some of them to work out which ones to print (we still have paper-based albums because they are easier to look at) and we still have a lot left to sort out.

I don’t print the photos at home because the high street labs can do it more cost-effectively (sure, they screw up the colours more than I would like for some of my work but remember we’re only talking about the family album here). Even so, there are some edits that need to be made before I send the photos to the lab, and whilst the free tools with Windows or OS X will help me, I prefer the control that a tool like Adobe Photoshop gives me.

The Photoshop book for digital photographersThe trouble is, Photoshop is not always intuitive. I want to understand what I’m doing but half the time I don’t – and the local adult education Photoshop classes run in the daytime (when I’m at work). That’s where the Photoshop book for digital photographers comes in handy. I asked Santa to bring me this as a Christmas present a couple of years back and it’s been great. The main difference between this book and any other Photoshop book that I’ve seen is that instead of telling me what the various features are in Photoshop and how to use them, it takes me through an example (like instant red eye removal, colour-correcting images, or stitching panoramas together), with illustrations. I suppose now I need the traditional manual to teach me how Photoshop works (I’m considering buying the Adobe Photoshop CS3 classroom in a book), but this book gets me going – in effect it teaches me how to do things, not why a particular method works. I still have to ask my friend Alex for help on the more complex stuff (he does pre-press work for a living and really knows his way around Photoshop, Xpress, etc.) but at least with this book I can be self-sufficient for 95% of my digital photo edits. I should probably point out that the version of the book I’m using is based on Photoshop 7.0 but the techniques still seem to work for me with CS2.

If only real life was like Photoshop, I could use the book techniques to remove dark circles under my eyes, whiten teeth, remove love-handles, generally slim and trim myself. Sadly, life’s not like that – so another big push with Weightwatchers and some more exercise it’ll be then…