Jarred Fehr Blog

Keynote

The keynote speech today was given by Mark Minasi (www.minasi.com).  He covered what Microsoft got right and wrong with Vista/Server 2008.  He covered many of the points that I make to people, but more eloquently.  Great speaker.

Smart Card Show

After the keynote, I ran over to another trade show that is in town: the smart card alliance.  I only had access to the exhibitors hall.  Most of what I saw were people selling these huge machines to manufacture thousands of smart cards a day.  There were also a bunch of products for using a smart card (or your phone!) to make purchases at stores and kiosks.  I know it is already big in Japan, but I'm not sure I'm ready to pay for stuff using my phone.  But I suppose we better get used to it.  I came across this one company that sells printers that will put the UV/holographic images on your smart cards.  I've always wondered what I look like in UV.

Vista/Server 2008 Group Policy

Presented by Derek Melber.  Not too much exciting here.  Microsoft has added about million more policies.  There is a new preferences policy that allows you to set user desktop settings, but they users can make changes if they want.  The other big thing is that Microsoft has allowed you to add your own comments to the policies you set.  That way future administrators can see why you turned a particular setting on.  They even support hyperlinks so you can link to knowledge base articles.  Sweet.

Hardening Windows Security

This session was given my Mark Minasi.  Mark didn't spend a lot of time covering technical security as I thought he would.  Instead, he spent more time covering the real security problem: users.  He stated more than once, "I believe that security is more of a carbon based problem than a silicon based one."  His main point is that if you have even one weak account or even one user who gives away their password, your entire security can be shot down.  We're pretty hard on our users, but I think there is even more we could do.

He also pointed out about creating written security policies.  We have those, but he failed to mention the political aspect of that.  If a higher up wants something his way, security policies be damned.  I think it is important to have a strong CTO who has blackmail information on the CEO.  That should fix most problems.  The rest will take care of itself.

"Wild Wednesday"

Last night they had a geek social event.  There were some contests and humorous question and answer sessions.  Oh... and free alcohol.  I didn't drink anything, but I laughed a lot.  But it was a stifled laugh.  All of the jokes were of a pretty technical nature.  If you weren't an IT nerd, you probably wouldn't get most of them.  Every time I laughed, I realized what a huge nerd I am.

Hacking and Countermeasures

This session was ran by Todd Lammle, CEO GlobalNet Training/Cisco Author.  It was a bit rough since he didn't have his PowerPoint slides due to his laptop being stolen.  Not too much technical info was covered as I had hoped.  The one idea he brought up that I thought was great is IP blocking on the router.  A lot of hacks originate from China, India, Hong Kong, Russia and North Korea.  If your business doesn't do any business with those countries, he said you can just block all the assigned IP address ranges for each one.  Quite a genius idea in my opinion.

Windows Firewall

By Greg Shields, MSCE: Security/Editor Redmond Magazine.  Short version: XP SP2 Firewall = Not great.  Vista Firewall = Good.

He spent most of the time covering SDI (Server/Domain Isolation).  It is possible with Windows Firewall and GPOs to setup Server Isolation, Domain Isolation or both Server and Domain Isolation.  It adds another layer of security to the network.  Important aspects he pointed out were to make sure that DNS was exempt as well as looking at DHCP and DCs.  There is a fair amount of planning needed, but once implemented it makes setting up NAP much easier.

Preventing an Active Directory Failure

Also by Greg Shields.  He began by demonstrating the gpotool.exe from the Resources kit.  It checks all DCs and verifies that GPOs are set correctly.  Or more accurately, it resolves broken GPT/GPC linkages.  I can only guess how many we have. 

DNS aging and scavenging:  This is something I haven't come across before.  Granted, I haven't had to deal much with DNS problems.  It is one of those things that when setup correctly "just works".  When problems occur, then you have to be aware of where to start looking.  I'm not sure if we using aging and scavenging, but it is an interesting topic.  I'll look into it later.

Remove lingering objects from AD using repadmin.exe from the support tools:

Find the GUID of a DC:

- repadmin.exe /showrepl

Check for lingering objects before actually removing anything:

- repadmin.exe /removelingeringobjects * <DC GUID> dc={mydomain},dc={com} /advisory_mode

Remove lingering objects by running the above command without /advisory_mode.  Fun!  He covered several other topics, but I think I've bored with enough details.

Final note about the presenter, Greg.  He admitted that he loved Vista.  I was shocked.  I saw him later in the evening on the receiving end of a super wedgy from a roving band of Mac users.  I could have helped him, but I'm in Vista stealth mode.  All ports are closed.  I'm not returning ping requests.  Good day!

Lunch

So there was a group lunch thing today.  I sat at a table with a few other sys admins.  What an odd group.  There wasn't much conversation.  I can't say I helped at all.  I just kind of sat back and kept looking at each of them.  Sure I could have began questioning them about what they do, where they work, blah, blah, blah.  But I just wanted to go back to my room and rest for a bit.  So yeah... I get an F for networking today (of the social variety).

Oh!  Speaking of grades... I got A's in all four of my classes for Spring semester.  Yea me! lol  It was a difficult semester to say the least, but I stayed focused and it payed off in the end.  I will definitely be taking a lighter load for summer semester... which starts next week even.  Blimey!

This week I'm in Orlando for the Microsoft TechMentor conference.  My flight here was pretty uneventful.  However, the drive from the car rental place to the hotel deserves some comment.  What is it with the tolls here?  I don't think I could go even 5 miles without hitting another toll.  I realize that Florida prefers to tax out of staters as much as possible, but can you let me go at least 20 miles before a stop?  I feel a bit sorry for the residents here.  Not only do they have high gas prices, but they also have to pay $10 in tolls whenever they want to go any where.  The madness!

Windows PowerShell

The first session I went to was in introduction to Windows PowerShell.  Before I get into it, I want to comment on the presenter, Don Jones.  Don does not work for Microsoft.  He is the lead trainer for another company.  He definitely knows his material and is an excellent speaker.  However, more than once he bad mouthed Windows Vista.  He even had the gall to do his presentation on a MacBook running an XP VM.  At one point I was ready to jump over the table and smash his beloved MacBook over his head.  I was hoping to go one week without having to hear someone say something negative about Vista.  Thanks Don for ruining that and setting the tone for the rest of my week here.

Regarding PowerShell: It appears that Microsoft is really pushing this to all of its product groups.  Exchange 2007 is already pretty integrated with PowerShell.  According to Don, in the past the GUI for all of Microsoft's products was designed first with the command line added in later.  Now, all future products have to be able to be administered by PowerShell 100%.  GUI is second.  (This is me looking at my future self as a command line guru.  Should I have just cut the chase and become a Unix admin years ago?)  In the end, I'm pretty impressed with the direction they are going.  I think it is the right thing.

Windows Deployment Services

I attended the last half of the WDS session.  I am pretty familiar with it since I have been using it to push out Windows Vista/XP to the clients at work.  There was only one thing that I learned that I wish I knew beforehand.  Not anything that will make a major difference in what I've done, but it would have been a bit more efficient.  I did learn that I didn't have the multicast option on.  This will be one of the first things I do when I get back to PBP.  It should speed up the deployment to multiple clients even more so.  (I only wish I had done it before our CS rollout.) 

The one thing I have had a problem with is the Windows answer file for WDS.  I found the tool pretty complicated, but I was able to generate an answer file.  However, I was never able to get it to work.  And I wasn't sure why.  The presenter said that everyone hates the new answer file tool and Microsoft is aware of it and working on something better.  Granted, most 1.0 products from MS are never great.  They usually get much better with 2.0 stuff and nail it with 3.0.  I felt good that I wasn't the only one having problems with it.  I was able to learn how to troubleshoot it and I have the website of the presenter.  It is a bit late now, but this is something I certainly want to get working for the future.

CityWalk

For dinner tonight I went over to Universal CityWalk.  This is the shopping/entertainment district of Universal Studios.  I ended up eating at Bubba Gump Shrimp Co.  The coconut shrimp was most excellent.  I treated myself to dessert as well.  They had something called "That Chocolate Thing".  Yeah... that's what it is called.  It was awesome.  I couldn't finish it though.  That made me a bit depressed.  I can always finish dessert.  WTF? Or at least I used to be able to.  I wonder if my cutting back on sweets the last few months has weakened me? 

My neighbor stopped by tonight and offered up some extra tickets she had to a "do-wop" concert playing at the Fox.  All I had really planned was to take Greg and a few friends out to dinner.  Even though she gave us about 5 minutes notice before the show started, we were able to get dressed in record time and make it not long after the show had started (living in-town rocks!). 

The show was really fun.  It was several groups from the 50's performing the hits of their times.  Not all the groups had all original members, but there was at least one or two in each one.  I was impressed how well many of them had held up.  The Flamingos had only one of the original members, but he owned the stage.  Great singer as well.  There was also one member of the Crystals present.  I'm sure she had sung "The Do-run-run" a million times, but it was still fun.  The show ended with the Drifters.  I have always been a fan of "Under the Boardwalk".  I used to sing it all the time in high school for some reason.  There were many other bands present and it was cute how they had the matching outfits and dance moves.

I look forward to them all coming back to the Fox next year.  My friends and I were the youngest people there, but we all enjoyed it.  I hope to bring my parents next time.  I'm sure they'd have had an even better time seeing all these artists they grew up with.  Do-wop, do-wop! ;-)

Frontline is doing a story about healthcare systems around the world.  Charlie Rose interviewed the head journalist doing the story.  It is short... but very educational.

You must watch this video.  I am just blown away by this.  This elephant paints a picture of itself.  Not only that, it paints far better than I could ever hope to. 

Wow... just wow.

Quote

Elephant Paints Self-Portrait


An elephant puts non-artist humans to shame by effortlessly painting a self-portrait.

• A guy was swallowed by a fish/whale and lived inside him for three days.
• The entire earth was flooded.
• A boat built to hold two of every animal on the planet and stored food for their entire stay.
• Water turned into wine.
• Talking snakes.
• Human female become spontaneously pregnant- asexually.
• Burning bushes that talk.
• p is equal to 3.
• The sun moves around the Earth.
• A man is killed and then comes back to life three days later and then goes... ummm... up.

That's just a few off the top of my head.  I think these would make for really good episodes.  What I'm not sure of is why they haven't done this yet.  Is it because it would destroy their ratings? Is it because this stuff is so preposterous that to try to prove it would just be laughable?  Is it that they just accept this stuff if patently false and don't even qualify as "myth"?  Or do they believe this is all true and find no need to test it out?  (If they did do this episode and I just missed it, please send me the link.)

I have had cable Internet from Comcast for a long while now.  A couple weeks ago, I turned it off.  You read that right.  For the past two weeks I have not had Internet at home.  I did this for several reasons.

1.  Thru Comcast, you can get Internet and TV for $100 a month.  To me this is a stupid amount to pay, especially since I don't really watch much TV.  The plan I was on said that the TV was about $50 a month and Internet was $40.  I tried calling a few months ago to go down to just Internet.  The lady on the phone told me that that was OK, but then my Internet would go up to $60.  I was confused.  She told me to read the disclaimer more closely.  It says that the Internet at $40/month is a discounted rate.  Ugh.  So I told her to just leave everything as it was.

2.  Since I started school this semester, I'm hardly home at all any more.  The $100 a month was getting on my nerves like never before so I said... to heck with it.

3.  I read on another friend's blog about Internet addiction.  I wanted to test myself to see if I could go without Internet at home.  I did pretty well actually.  But it isn't a great test because I have Internet at work and at school.  So it wasn't like I couldn't do what I needed to do during the day. 

4.  I get pretty pissed about the state of Internet availibiltiy and cost here in the States every other week.  Most American's don't know this, but in other countries that don't have Cable and Telco monolpolies, Internet is way, way faster AND cheaper than here.  For example, Comcast charges $60/month for 6Mbit (Megabit) service.  In Korea, they get something like 100 Mbit for $5/month.  I read yesterday that Japan is working on rolling out 250Mbit service to their cell phones.  CELL PHONES!!!  By 2009 they expect to have 5Gb (Gigabit) on the cell network. WTF???

After adding up those reason's and a few others, I just couldn't justify the expense any more.  Out the door Comcast went.  It felt good.  I just want to send a big "F--- Y--" to Comcast and the other Telco's.  I did look at ATT and other DSL providers, but they require you have pay for in home phone service.  Forget that.

Or so I thought.  I was talking to Nicole last week and she was telling me that she had DSL sans the phone line (aka Naked DSL).  As a part of the approval for ATT to merge with BellSouth, the FCC required ATT to start offering Naked DSL (which they did last November).  The thing is... they are not advertising it.  Doing some research I found there is a special number you have to call and then use some magic words.  Or you could go to one of the ATT wireless stores and ask a rep there directly.  The catch is they only offer a slightly-better-than-dial-up speed for $10/month or 3Mbit for $37 a month.  No 6Mbit or faster.  3Mbit?  I'll take it.

On Monday I went to my local ATT store and inquired about "Naked DSL".  The lady replied, "Sure, I'd love to help you with that.  We have a great package deal that includes phone, DSL, etc, etc, for $100/month."  Uh-oh.  I knew I should have remembered to bring the FCC's number with me.  Clearly, I'm going to have to take down ATT single handedly.

Me:  "THAT'S NOT WHAT I SAID.  I SAID NAKED DSL. NA-KED!"

She rushed me over to a corner away from earshot of the other customers.  She pulled out a dusty book from the bottom of a drawer in the back of the store and processed my order.  A few short minutes later, I was out the door with order in hand.  My welcome kit arrived last night and I was surfing along at 3Mbit in no time.  It doesn't seem that much slower from what I can tell.  But I haven't really started downloading big time yet.