One month with the iPhone

The Internet is full of Apple iPhone reviews but at least three people have asked me what I think of mine so I thought I’d write a post about my experiences over the last few weeks.

Firstly (and mostly for the benefit of those who compare the iPhone to a Windows Mobile device) – the Apple iPhone is not a business phone. Period. It’s very definitely a consumer device – if only because O2, who have an exclusive agreement with Apple for iPhone service provision in the UK, specifically state in their iPhone terms and conditions that:

All [mobile data and Wi-Fi] usage must be for your private, personal and non-commercial purposes.

[O2 iPhone Terms and Conditions]

So what about the feature set? Well, despite rumours to the contrary before the European release of the iPhone, there is no 3G model (yet – although O2’s CEO has indicated that there will be a 3G model in the second half of next year). There’s also no GPS chipset. No removable/user-replaceable battery. And at £269, unsubsidised, on an 18-month contract, it’s not cheap either (here in the UK we are not used to paying high prices for handsets as they are generally subsidised by the airtime agreement – possibly why the iPhone hasn’t sold too well in the UK), especially when you consider that none of the available tariffs are particularly generous (e.g. unused inclusive voice calls do not roll over from one month to the next.

But none of that matters because, unlike every other mobile handset that I’ve ever owned, I enjoy using my iPhone. Not very long ago, I sold my HP iPAQ PDA because I didn’t use it. I never really got on with a Symbian smartphone and, whilst a Windows Mobile device would be perfect for work, the iPhone seems to have struck the right balance for me in my personal life. Apple products are often praised as being intuitive and the iPhone is no exception – maybe it’s down to the touch-screen interface (and “pinching” works really well) but something about the iPhone just feels right. Even so, I still have a shopping list of features that I’d like to see (and there’s no reason why some of these shouldn’t be provided in a software update):

  • A keyboard update to show lowercase letters in lower case mode and upper case letter in upper case mode (I know there’s a highlight on the shift key, but entering wireless network keys is a right pain!). A Caps Lock key would be useful too.
  • Cut and paste functionality.
  • Undo options (e.g. my fat fingers accidentally touched the wrong part of the screen and deleted my email signature, which I then had to re-enter manually).
  • A character count on SMS messages (so that I know when I’ve hit the 160 character limit and actually sent multiple messages).
  • Multimedia messaging services (MMS – what’s the point in having a camera phone that can’t send picture messages?).
  • Browser support for popular plugins (Microsoft Silverlight might be asking a bit much, but what about Adobe Flash?).
  • Screen rotation in all applications.
  • The ability to save files on the device and access them through the iPhone interface (e.g. a PDF with a list of The Cloud hotspots).
  • To-do lists.
  • The ability to set different e-mail autocheck values (the iPhone does not have push e-mail) for Wi-Fi and cellular networks.
  • The ability to use my normal earphones – the standard Apple earbuds are still uncomfortable.
  • Voice-activated dialling.
  • A cradle for integration with fully-fitted in-car handsfree equipment.
  • The ability to set up my own ring tones without charge (an alternative to paying for ringtones via iTunes is iToner from Ambrosia Software).
  • Third party application support (an SDK is due in February 2008).
  • Freedom to choose networks!

So, what else have I found?

  • Knowing that I have unlimited data has stopped me from worrying about the costs of using a phone to access the ‘net. In practice, I’ve found that I don’t use that much at all for the odd web page, autochecking e-mail once an hour, etc., although it is easy to rip through a couple of megs when you do need to look something up (this is the real Internet with full-size pages – not specially formatted pages for the mobile web, although the iPhone Safari implementation is prone to hanging when it encounters a page with unsupported content – e.g. Flash). Today is the last day of my billing period and I’ve used around 52.7MB of data on O2’s EDGE network this month but I spend most of my day with a notebook computer and it would be easy to double or triple that if you used the iPhone as a primary communications device.
  • EDGE and GPRS status bar icons

  • Whilst on the subject of data – free Wi-Fi is not very common in the UK and O2’s EDGE coverage seems patchy so I seem to spend a lot of time with a blue box (no E) indicating a plain old GPRS signal, which is painfully slow. EDGE is just about fine for Google Maps and downloading e-mail messages but 3G broadband would make a big difference for Safari and YouTube (which only works on EDGE or Wi-Fi connections).
  • I’ve resisted buying a TomTom for years now (I have a £9.99 mapbook in the car together with a very good knowledge of a fair chunk of the road network in England and Wales!) but I really like the iPhone implementation of Google Maps – even without GPS (which I have to admit would be handy). I would also like it to do some of the things that the web version does – like dragging to adjust the route – and providing public transit/traffic information (which seem to be a US-only features). Also, searching for places seems to be very much biased towards the US (when I’m on a UK network and I search for “Reading” I probably mean the town in Berkshire, not Massachusetts).
  • Leaving the original screen protector in place is not a good idea as I found when I nearly returned my iPhone for replacement beacuse I could hardly hear people calling me, then I realised the problem was that the speaker was covered by a piece of plastic! Apple and Carphone Warehouse both sell screen protectors (I bought the Carphone Warehouse ones for £4.99).
  • The camera is possibly the worst digital camera that I’ve ever used, with a huge shutter delay, slow focus, low resolution and apalling image quality – even considering that it does have a tiny lens.

For Apple’s first attempt at a phone, the iPhone is pretty damn good. Sure, it’s been overhyped and there is a lot that the iPhone doesn’t do but what it does do, it does well. I can’t help thinking that Apple is learning that mobile telecommunications is a cut-throat business and, as I wrote back at the start of the year:

“Now it’s Apple’s turn for hard lessons – to find out that telcos don’t want what consumers want – instead, they want to control the platform, lock down functionality, introduce their own unique selling points, and encourage customers to upgrade to the next greatest device, in the process locking themselves into another lucrative airtime contract, as soon as the current one ends.”

(Oh yes, and to play on consumers insecurities in order to sell them overpriced mobile phone insurance that they probably don’t need.)

I think The Times summed up the iPhone perfectly when they described it as:

“Expensive but exceptional”

[Jonathan Richards, Times Online, 8 November 2007]

Even so, I’d like to finish up by quoting the eccentric but eloquent wordsmith, Stephen Fry:

“We spend our lives inside the virtual environment of digital platforms – why should a faceless, graceless, styleless nerd or a greedy hog of a corporate twat deny us simplicity, beauty, grace, fun, sexiness, delight, imagination and creative energy in our digital lives? And why should Apple be the only company that sees that?”

“All the big guns want an iPhone killer. Even I [Stephen Fry], mad for all things Apple as I am, want an iPhone killer. I want smart digital devices to be as good as mankind’s ingenuity can make them. I want us eternally to strive to improve and surprise. Bring on the iPhone killers. Bring them on.”

[Stephen Fry, “Devices and Desires”]

“The rest of the world can mock as much as it likes. If you’re going to have a phone/video player/slideshow/music centre/web browser/camera in your pocket, is it so wrong to want one that makes you grin from ear to ear? Not with smugness […] but with delight.”

[Stephen Fry, “Not sensible, but, oh, the joy of it!”]

Windows Server 2008 moves a step closer to release

I don’t normally cover new product releases here but there are one or two products on the horizon that are what might be considered "significant releases".

The first of these is Windows Server 2008 and around about now, Microsoft is due to announce release candidate 1 (RC1), marking another step forward towards product release (and launch in February 2008).

Windows Server 2008 RC1 doesn’t include any major build updates (compared to RC0) but it also coincides with Windows Vista service pack 1 (SP1) RC1, effectively bringing Windows Vista onto the same codebase as Windows Server 2008.

Also on track for launch in the same timeframe as Vista SP1 is Windows XP SP3 (whilst I’ve not seen any details yet on the ship date for this, I expect it to be made available at around about the same time as Windows Vista SP1 and Windows Server 2008).

Active Directory and relative identifiers

Last night, I wrote a post about how a little logical thinking was required in order to resolve some issues with the dcdiag.exe utility from the Windows Server 2003 Support Tools.

Since then, I’ve been examining the dcdiag test results and was a little alarmed to find that two of the domain controllers (DCs) for the domain that I intend to migrate several hundred users into were reporting a lack of available RIDs:

Starting test: RidManager
   * Available RID Pool for the Domain is 17352 to 1073741823
domaincontrollername.domainname.tld is the RID Master
   * DsBind with RID Master was successful
   * rIDAllocationPool is 14352 to 14851
   * rIDPreviousAllocationPool is 12352 to 12851
   * rIDNextRID: 12849
   * Warning :There is less than 1% available RIDs in the current pool
domaincontrollername passed test RidManager

For anyone who doesn’t appreciate the potential significance of this, relative identifiers (RIDs) are necessary in order to create new Active Directory objects.  Because Active Directory uses a multi-master model, any DC can create an object, which is then replicated between the various DCs in the organisation.  Objects are actually identified by their SID, part of which includes the domain identifier, and part of which is the RID.  In order to maintain uniqueness, the generation and allocation of RIDs is controlled by the DC holding the RID Master role for the domain, allocating pools of 500 (by default) RIDs to DCs for use when generating the SIDs for new objects.  Still with me?  Microsoft knowledge base article 305475 has more details.

Active Directory DCs (at Windows 2000 SP4 and later revisions) request a new RID pool from the RID master once the pool is 50% depleted, so 1% of available RIDs concerned me somewhat.  Other tests had confirmed that replication was working, and switching the RID Master role to another DC didn’t appear to make any change.  I also checked to see that there were no duplicate SIDs in the domain.  As it happens, everything was working normally but the labels, and the warning, are very confusing. This is what I found:

  • rIDPreviousAllocationPool is not, as the name suggests, the last pool that was used – it’s actually the RID pool that is currently being used.   So, in the example above, 12352 to 12851 is the list of RIDs currently being allocated. When this becomes exhausted (rIDNextRID gives an indication of how soon this will occur), Windows copies rIDAllocationPool into rIDPreviousAllocationPool and starts using the new RIDs as needed. There is a global RID pool size limit that the RID Master can allocate from (the Available RID Pool).
  • rIDAllocationPool is the next batch of RIDs to be used (supplied by the RID Master).  In this case, 14352 to 14851 will be the next batch of RID numbers (500 in the pool) for this DC.  This is generated automatically via a request to the RID Master once the pool is 50% depleted.
  • rIDNextRID is the last RID allocated (not the next one to be allocated).  So the next object to get created in the example above will get RID 12850.

I tested this by creating some new users and running further tests with dcdiag.exe, observing the DC reach the end of the pool and then start using the next pool (originally called rIDAllocationPool):

Starting test: RidManager
   * Available RID Pool for the Domain is 17352 to 1073741823
domaincontrollername.domainname.tld is the RID Master
   * DsBind with RID Master was successful
   * rIDAllocationPool is 14352 to 14851
   * rIDPreviousAllocationPool is 12352 to 12851
   * rIDNextRID: 12851
   * Warning :There is less than 0% available RIDs in the current pool
domaincontrollername passed test RidManager

Starting test: RidManager
   * Available RID Pool for the Domain is 17352 to 1073741823 
domaincontrollername.domainname.tld is the RID Master 
   * DsBind with RID Master was successful
   * rIDAllocationPool is 14352 to 14851
   * rIDPreviousAllocationPool is 14352 to 14851
   * rIDNextRID: 14352
domaincontrollername passed test RidManager

Once I have created another 249 or so users, I should see a new rIDAllocationPool generated.

Screenshot showing the RID as part of a SID in the additional account informationJust to be sure that I understood this fully, I installed acctinfo.dll, after which I could clearly see the RID at the end of the SID for the test user account (when viewing the Additional Account Info tab on the user properties in Active Directory Users and Computers).

In short, if you see a message about less than a certain percentage of RIDs in the current pool, don’t worry about it (as long as rIDAllocationPool is different to rIDPreviousAllocationPool)!  The pool will gradually be used until it reaches 0% and tips over into the next allocation.  The problem is the confusing language used (rIDAllocationPool should really be rIDNextAllocationPool, rIDPreviousAllocationPool should really be rIDCurrentAllocationPool and rIDNextRID should be rIDPreviousRID).


There is a well known phrase in IT security – trust no one (often abbreviated to TNO).  A couple of weeks ago, a United Kingdom government department admitted to having lost a couple of discs containing, among other things, names, addresses, dates of birth and bank account details for my family.  Thanks.  For nothing.

Then, yesterday, a Senior Marketing Manager at Microsoft was not having a good day.  First of all, she sent a survey invitation to a list of "Microsoft Influencers" in the EMEA region but the bulk mailing tool she was using failed part way through dispatch.  After preparing a second message to the remaining recipients, she hit the wrong button and mailed a bunch of people she didn’t mean to.  So far, no real harm done, and an apologetic e-mail was sent to those affected.  Except that somewhere along the way she attempted to recall the message, the names of the recipients went to everyone who received the recall request, and two bright sparks on the list said (in jest, I think) something to the effect of "wouldn’t it be good if I could sell the e-mail addresses of all these people that Microsoft considers influential" (all 884 of them).  So that’s my e-mail address potentially compromised too.

And a few weeks back I had an e-mail from Fasthosts (through whom many of my domain names are registered) letting me know that they had experienced a security breach and that my account may have been compromised (but they couldn’t be sure)… so I could have been subject to a domain hijack if they hadn’t already locked my account for me.

Then there’s the various online and telephone-based services (including banks and credit card providers) that use ludicrously low security, with a myriad of single factors for authentication (and really, what use are my mother’s maiden name and town of birth for "security" questions as both of those items are publicly available information?).

It seems that avoiding identity theft is fighting a battle that can’t be won.  I have to entrust organisations with my personal details but, based on recent history, those organisations (including my government) cannot be trusted.

Maybe it’s time for me to find a new identity?


Microsoft Learning – and plans for Windows Server 2008 certification

One of the most engaging presenters that I saw on my trip to Redmond last month was Lutz Ziob, General Manager at Microsoft Learning, who dispelled all British preconceptions about German humour and delivered an interesting presentation about how Microsoft views its education programmes.

Having personally re-engaged in the learning process recently and with a number of exams planned for the next few months, now seems like a good time to post something about the direction which Microsoft intends its learning programs to take (including certification).

Lutz Ziob has a strong background in the IT industry – having worked at WordPerfect, Novell and CompTIA (where he introduced the Linux+ certification) prior to joining Microsoft.  Starting off by introducing the Microsoft Learning Mission ("Help Microsoft customers and partners realise their full potential by providing them with the necessary knowledge and skills to optimise the adoption and use of Microsoft solutions"), he then went on to add a few analogies of his own:

  • If we believe one car-maker’s marketing message, one should be more intelligent, and more attractive to the opposite sex, because they drive an Audi… is that true?  Almost certainly not but it does show that to use a product (let alone use it well), it helps to know something about it.
  • What about a holiday at Disneyland?  Disney may claim that it will transform your life.  It may lift your spirits for a period – may even may you think differently about travel, but transform your life?  Unlikely.  On the other hand, learning a new skill (such as how to use Visual Studio to write computer software) may well have an impact on your career direction and as a consequence your life may be transformed.
  • Or, moving back to the motoring analogy, switching to a new car may involve a few minutes of working out where the controls are and generally adjusting to the environment – switching operating systems (e.g. Linux to Windows) is a little more involved.

In short, skills are either a barrier or they can enhance an individual’s (and hence a company’s) overall success.

Microsoft Learning claims to be "Microsoft’s centre of excellence for learning" and offers products in a number of areas including:

  • Publishing (Microsoft Press).
  • Certification.
  • Office specialisation.
  • Instructor-led training.
  • E-learning.

Connected in some way to over 11 million learning engagements annually, Microsoft is instrumental to many in their entry, advancement (or just remaining current) in their chosen career.  From Microsoft’s point of view, the goal is to reach as many customers as possible and educate them whilst increasing their satisfaction with Microsoft products (and making money).

I’m in the fortunate position that I get involved with many Microsoft products early in their lifecycle (at least from the point of view of understanding what the product does – even if I no longer spend as much time on the implementation aspects as I once did) and one of my frustrations is that I often attend a pre-release training course but have to wait for a while before the certification exam is available.  It was interesting to hear Microsoft Learning’s view on this as their customer readiness program for a new project begins around 12-18 months prior to release.  As the product enters beta testing, books and e-learning are generally available, with instructor-led training following once there is sufficient customer demand (generally after product release) and certification at release.

Microsoft uses the term "unified skills domain" as a methodology to integrate assessment, learning, reference and certification products, recognising that the cost in training is not so much the cost of the training itself but the resource cost of the time taken to attend the training – to which I would add that cost of the training itself is still a significant factor.  Microsoft’s intention is that books, e-learning and classroom training come together as a whole without repetition and compliment rather than overlap (or even worse – contradict) one another (although it has to be said that the trainers I have spoken to recently are unhappy with the quality of the learning materials being provided recently).

Moving on to focus on Windows Server 2008 certifications, it’s worth noting that nearly 4.5 million certifications have been granted over their 15 year history with 2.2 million unique Microsoft Certified Professionals.  What these figures don’t show though is that Microsoft saw certifications peak in the late 1990s and then tail off, although they claim that there has been a resurgence since they added performance-based testing and a new certification framework.

This certification framework sees the replacement of the Microsoft Certified Professional/Systems Administrator/Systems Engineer (MCP-MCSA-MCSE) progression with a new structure of Microsoft Certified Technology Specialist/IT Professional/Professional Developer/Architect (MCTS/MCITP/MCPD/MCA).  Each new qualification has two parts – the credential and the certification (e.g. Microsoft Certified Technology Specialist: Business Desktop Deployment with the BDD).  Most notably: the MCTS is retired with the associated technology; MCITP, MCPD and MCA require re-certification for major technology changes; and the MCA qualification is Microsoft’s high watermark certification that requires proven ability to deliver business solutions, including an interview board with and is broader in scope than Microsoft’s technology looking at wider IT industry issues.

I’m somewhat skeptical about the program as my first-hand experience indicates that some (not all) of the exams represent little more than a piece of paper to indicate that a set of questions was correctly answered – questions that in one recent case were available for purchase on the Internet in the form of a practice exam!  By contrast, Red Hat certification (even at the lowest level) involves correctly configuring a real (not simulated) system.  Microsoft’s architect qualification attempts to address this but is only expected to be attained by a few select individuals and so I was interested to see what Microsoft is planning for the MCTS/MCITP certifications for Windows Server 2008 certifications.

Lutz Ziob explained that, for Windows Server 2008, there are five distinct certifications, three technology-specific and two job-role specific:

  • MCTS:
    • Networking Infrastructure Configuration.
    • Active Directory Configuration.
    • Application Infrastructure Configuration.
  • MCITP:
    • Server Administrator.
    • Enterprise Administrator.

As for previous MCSE upgrades, there are upgrade exams (70-648/70-649) – but only from Windows Server 2003 (the skills gap from Windows 2000 is viewed as too large – I’d better update my MCSE by taking exams 70-292/70-296 before they are retired at the end of March 2008).

And when responding to comment that Microsoft certifications are sometimes too easy to obtain and that experience is what counts, he responded with another analogy – would you rather take a long-haul flight fly with a pilot who is certified to fly a Boeing 747 (for example), or one with many years experience but who has only flown smaller aircraft?  This is equally applicable for a doctor, nurse, lawyer, electrician, architect, structural engineer, etc. so why should IT be any different – why not insist on experience and certification?  I have to admit that I take his point and he positively encouraged the journalists and bloggers in the audience to quote him on saying:

"Certification programs do not replace experience"

[Lutz Ziob, General Manager, Microsoft Learning]


"Experience in itself doesn’t guarantee that someone knows what they need to know"

[Lutz Ziob, General Manager, Microsoft Learning]

So where is Microsoft heading in respect to improving the learning experience?  New initiatives in what Microsoft refers to as the learning plus services model include:

  • Performance based testing: the main complexity here is the need to simulate incorrect configurations too and so here are some limitations; however Windows Server 2008 certification makes use of virtualisation technology to allow the monitoring of what a candidate is doing – working in a "real" situation on a "real" system.
  • Virtual classrooms: Microsoft Official Distance Learning (MODL).
  • Re-inventing the classroom experience: moving away from an instructor leading a roomful of passive students – trying to bring online services into classroom so that the trainer becomes a coach with the ability to adjust materials on the fly (e.g. add/remove modules).
  • Ability to provide documentation in both printed and soft (e-book) formats (however when asked for assurance that Microsoft Press would not completely abandon printed books, Ziob replied that there are no plans to phase out printed books).

For anyone considering learning about Windows Server 2008, more information is available at the Windows Server 2008 learning portal.

Time to think logically

I’ve been working with a customer to perform a healthcheck on their Active Directory in order to (hopefully) mitigate the risk of issues as they migrate users and mailboxes between domains. One of the things that concerned me was that dcdiag.exe – one of the Windows Server 2003 Support Tools that I was using as part of the healthcheck – was crashing part way through.

I was pretty stumped, so I used one of the support incidents on our Microsoft Premier Support contract… and as my expert colleagues in Fujitsu’s Enterprise Support team guided me through the troubleshooting process towards a resolution (which was obvious to anyone thinking clearly), I realised that I should have been able to work this through by myself.

Now that the issue is resolved I’m kicking myself for effectively wasting an incident on what should be straightforward but that’s what happens when you spend so much time talking about technology and designing solutions and so little actually resolving problems (it probably also has something to do with spending so much time travelling and so little time sleeping).  So, at the risk of embarrassing myself in years to come with a post that proves what an idiot I can be, I decided to post a little lesson on troubleshooting incidents like this, in the hope that someone else finds it useful…

  1. Don’t panic.  OK, so you’re on a client site, on your own, and the customer is paying for your expertise but (as one of my customers taught me many years back – thank you Andy Cumiskay if you’re reading), an expert does not necessarily know all the answers.  An expert knows how to analyse a situation and ask the right questions to find the answer.  Stop and think.
  2. What are you doing?  In my case I was running dcdiag /e /c /v /f:dcdiag.log and it was aborting.  So, what was I actually asking the computer to do?  Well, /e means for all servers in the enterprise – so what if I run the command against individual servers? Does it affect them all – and is there a pattern to the failure? /c means comprehensive – is there just a single test that’s failing?  /v is verbose – that’s probably fine, and /f for logging to a file, no problem there either.  Using this method, the problem was narrowed down to a single domain controller.
  3. Could this be done another way? In my case, I was running the command from a remote server – what if I run it from the target computer?  In my case, the problem existed whether run locally or remotely.
  4. Having narrowed down the problem, look at the diagnostic evidence.  At first , the errors in the event log didn’t seem to tell me much.  Or did they?  What about the version number of the faulting application?  Does it match the version of the installed operating system.  In my case the application log had an error message where the description read (in part): "Faulting application dcdiag.exe, version 5.2.3790.1830, faulting module ntdll.dll, version 5.2.3790.3959, fault address 0x0002caa2".  So, ntdll.dll is the service pack 2 version (3959) and dcdiag.exe is at service pack 1 (1830) – i.e. not at the same service pack revision.  If the event logs don’t give this much information, try looking at file version information in the file properties.
  5. Is an alternative version available?  Google (or Windows Live Search, Yahoo!, Ask, etc.) is your friend.  After downloading and installing the service pack 2 version of the Window Server 2003 Support Tools, dcdiag.exe stopped crashing.  Problem solved.

All it needed was a little logical thinking.  Thanks to Richard and Alastair in Fujitsu Services’ Enterprise Support group – not just for the diagnosis but for reminding me how to solve problems.