theangryangel.co.uk

If Xen is your thing, Cory von Wallenstein's relatively recent article on IPv6, Ipv6, and ARP on Xen might be of interest to you.

I'm unsure if his patches have been merged into the main Xen source, but it's still an interesting read and useful if you're wanting to secure Xen domU's, or experiment with IPv6.

...the stupid are everywhere.

It's an old joke from the days of Red Dwarf, and I'm sure I've used it before many times. However, reading utter uninformed crap from a school teacher, regarding free and open source software warrants the usage again, in my mind.

I can understand that some one has a difference in opinion and I can understand the right to complain. What I don't understand is why you'd write such a thing if you appear to know absolutely nothing about the subject†.

The thing I most love about the article is that it ends in such a childish way. The 9 year old nerd in me loves that.

† Scrub that. All you need to do is take a look at the BBC's open comments to see why.

I tend to buy geek and nerd related books for two main reasons: 1, because I don't like taking my laptop to the bog and reading, and 2, because there's nothing really like a book. There are a few others, which orientate around being able to read a book away from the computer or laptop, relaxing on the sofa, or in the garden, but they aren't as important to me - but mostly only because I do my best thinking in the bathroom.

Anyway. 'Running Xen' was on the few books I had delivered a few days ago. To clarify this is a book on running Xen, the open source hypervisor. Like all books I was hoping for something that delivered a little bit more than the man pages and online docs. Sadly this wasn't really the case.

Now I'm not saying that 'Running Xen' is a bad book. It's not. It's just missing that "something more", that "je ne sais quoi" (I cannot believe I've just typed that and not removed it). If you're going to somewhere without man pages or online docs, then it's an invaluable reference.

Worth £21 (it's current cost on Amazon)? Without reading more books on Xen, I honestly don't know, but despite feeling as I do, I am glad that I've got it.

Mostly because I've had some awesome ideas, whilst on the bog with it.

...redirected App data directories, and causes a crash (Visual C++ Runtime error). Unfortunately after updating one or two of our customers at work it appeared that a few user accounts still had a redirected app data directory, presumably because they weren't around when it was removed.

Thankfully fixing it is pretty easy (although potentially time consuming depending on your setup), if the redirection policy isn't active and is simply a case of changing the relevant entry under HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, and then logging off and back on, and migrating the redirected files back into the local profile directory.

As far as I'm aware the affected products are;

• Adobe Acrobat and Reader 9
• The entire CS4 suite

If you're not using redirected app data directories any more then this is obviously a handy fix. If for whatever reason you're still using redirected directories and not roaming profiles, then you're screwed as it appears that Adobe aren't planning on fixing this.

Things like this really piss me off and just make me feel like the majority of my work is working around bug, flaws or oversights and is just why I prefer open solutions and platforms; at least I'd have the possibility of trying to fix it in-house.

This one really had us at work and really threw us massively. Imagine a customer who has recently had a number of non trivial modifications to their network. Now imagine several users, whom have Outlook over HTTP RPC (Outlook Anywhere) configured and enabled for slow networks only, and get asked for authentication when accessing a handful calendars. On the same site as the servers (i.e. on the fast network). Disabling Outlook over HTTP RPC completely, or enabling it for slow and fast networks, and the problem would not occur. With no useful logs what so ever.

The main problem was that so much stuff had changed it was difficult to know where to start, and even harder with nothing useful being logged. It wasn't hitting the proxy server, which had recently had authentication forcefully enabled, it wasn't the IIS and Exchange box.

Turns out that the affected calendars that people were trying to view had recently had their mailbox moved from one storage group, to another, and we were obsessed with it being something else to the point that we'd dismissed this without looking into it. Without HTTP RPC enabled redirection happened without trouble, but with it on it required authentication. But the weird thing was that you could actually see the calendar if you selected Open other user's mailbox, rather than using the "shortcut" (i.e. tickbox) that had already been added in the calendar view.

Simple solution - remove and readd the affected calendars. Our best guess is that this is stored with various pointers or references to not only the mailbox, but also the storage group. After all, it would make sense from a performance point of view if you didn't have to look it up each time.

The moral for me personally, since I'd taken quite a lot of this problem on, is to never forget Occam's Razor. I might actually get a representation of that tattoo'ed on my body, whenever I get around to that part of life again.

I guess when a patch of this magnitude gets released for any hosted product, regardless of whether it's a game or business application, you should really expect disruption. Sadly most users won't really "get" that. As much planning can go ahead, but with a fundamental change and introduction of new features you can't really predict just how many of your user base will try to logon at once, and perhaps the financial backing isn't there to prepare for the worst case scenario.

If you're confused as to what I'm rambling on about, then I can safely assume you don't play World of Warcraft. Or if you do then you've not tried logging in today.

If you have, then undoubtedly you've managed to get the final major patch before Lich King drops on your front door mat, and you've also undoubtedly been receiving the "World server is down". If you managed to get into Stormwind, which is relatively busy at the best of times, then you'll probably know one of the few reasons why this is occuring. If you weren't lucky enough, then the following screenshot might help out a bit.



When you do manage to login you'll probably be a bit confused, especially if you've not read the patch notes. You really should skim the patch notes.

Anyway -

• Mounts no longer take up space in your bags, you "use" them, and they get applied to a new area in your character screen
• Your talent points have been reset, the reason being that there are fundamental changes to all classes
• Inscriptions have been introduced, and you can buy the low level stuff from vendors, and higher level stuff from the AH
• Don't like your character's appearance? Goto the Barber. As long as you don't want a new beard (ffs), you should be a-ok! Just try and avoid the mohawk. There are a lot of them about
• Yes, the graphics have been overhauled a tad
• BM hunters can get exotic pets. Two headed hellhounds? Awesome

I'm know there are loads of other things that I've missed, but these are the major things people are whining and asking about in general and trade as of now (only a few hours after the patch was released), and whilst I get few readers who are into WoW, you never know - google might throw them this way.

From a sysadmin point of view I'd absolutely love to see what's behind the World of Warcraft system, and understand just how it's architectured. It's undoubtedly a massive system and on that front I envy the techies behind it. However, I think if I saw the amount of moaning on the forums, my optimism and love for the job would probably be in jeopardy. I certainly know it is when I've been working for hours on a customer's system and they don't feel like things are being worked at fast enough, and my user base at work is tiny in comparison.

This lunch time I've had a bit of a thought about just how much I use Bloglines (beta). In the mornings it's one of the first tabs opened, and it's almost always loaded when I close the browser. For that I can thank chip in particular. And it's a good thing. I think. It's certainly made my life easier and better.

However, if I went back just 2 years ago the whole concept of a feed reader sort of repulsed me - I liked the idea of visiting a site to get the news and bits and bobs that I want, and I almost felt like I should go to the site so that the various writers and owners got a meagre bit of cash from advertising. Whilst I still do that for a small number of sites, in particular Penny Arcade, XKCD and Questionable Content, digg and BBC News, for everything else I now rely on Bloglines.

Not only do I use it to read and keep up to date on what's going on, but also as a way of making and taking mental notes without having to write anything. It's like a wiki, but better, and because of this I rarely update my own personal techy wiki with anything at all. More often than not someone will write about something that I find interesting or want to do, or will be doing shortly. It's brilliant and also somewhat scary sometimes just how many people are on the same sort of page as me in terms of work and personal stuff - which for me very much overlap.

However, the bit that scares me the most is I think that I'm now at the point where if Bloglines goes away that I'll have problems. Ok, I could export all of my feeds out and into whatever I want using the various OPML ex/importers. But these don't export the stuff that I've got pinned or saved, and these are the bits that now make my own little world go around.

Here's another one that caught me out today, but I've never come across before.

Under a DFS share, any linked shares are created as junctions. It appears that the permissions on these junctions do affect the permissions of the data within the linked share. Whilst this is logical, given how junction points work, what really threw me was that the wonderful, wonderful GUI didn't reflect this and the permissions on the junction point had been inadvertently changed.

It's not like you ever need another reason to chalk one up for the command line, but there we go!

I guess I've not come across this before as most of the printers we deploy use the same driver name for client side and server side drivers, but it appears that you can force a Terminal Server to use a certain driver, in place of what the client is telling the server.

KB239088 details the process. I found that the wizard wasn't much use at all - but it's not like the process is particularly complicated. Doing it manually also demonstrates that deploying the "fix" over multiple servers is childs play.

As 64 bit Terminal Servers become more common, and clients with printers stay at 32 bit (i.e. home or remote workers) I can see this becoming more relevant over the next few years.

This popped up on the Bath and Bristol LUG mailing list a few days ago, from Shevek, and I thought it was pretty "cute" -

Scientific method is the process of experimentation and observation. Computer science is therefore defined as "Let's try it and see if it works." Computing, on the other hand, is doing it, knowing that it will work. Never trust a computer scientist.

Since my DSL went active I've been using the Linksys WAG160N, with mixed opinions. After running OpenWRT and DD-WRT on my other routers over the last few years I may've been somewhat spoilt, however I'm finding the web GUI for the WAG160N absolutely crap. I'm also finding the stability of the thing to be somewhat sketchy. I've tried all the various firmware revisions and it's made no difference. Would I buy it again? Right now I honestly don't know. I was going to see what I could do to patch OpenWRT to get it running, however since I use this router for work and personal, and I can't really justify spending the same again on a play box this makes doing so somewhat hard to convince myself to do.

For many of our customers we redirect a user's My Documents to a directory of the same name, on a Windows share. For example, the user 'JMcCockFaceTheIII' may have their My Docs redirected to "\\FILESERVER\Home\JMcCockFaceTheIII\My Documents", which are stored in a local path of D:\Data\Users\JMcCockFaceTheIII, on FILESERVER. Obviously you can switch \\FILESERVER\Home for a DFS share, etc.

In some instances you might have a significant number and for whatever reason the permissions may have been altered, and the Group Policy defaults don't quite suit your requirements.

In days of old we'd sort this with a batch script and it would be ok, but might take a while to run. Powershell has changed things though. The script we've popped together (below) runs lightning quick in comparison, and we thought someone else might also find it useful.

Just save it in a ps1 file, and invoke it from powershell, providing your directory path that you want to "fix".

To use our example from above, you'd call the script on FILESERVER, from Powershell:

PS C:\Users\Karl> C:\path\to\scripts\fix-perms.ps1 "D:\Data\Users"

The script would then go over each directory and try and add that user to the ACL with Modify rights - i.e. the JMcCockFaceTheIII user to the D:\Data\Users\JMcCockFaceTheIII directory.

In our scenario we required ourselves, a specific group, SYSTEM and each user to have access only - So we pushed the common permissions from the parent, and then ran the script to add the individual users.

# Fix-Perms
# Iterates over all child directories, and adds the user, with the same name as the directory, to the ACL with modify rights
# Usage:
# Fix-Perms "C:\Path\To\Directory"
# Or, for the current directory
# Fix-Perms "."

# our parameters, throw a warning if we get none
param (
[string] $dirpath = $(throw "Please specify the full path to the directory!")
)

# get list of all child directories, in the current directory
$directories = dir $dirpath | where {$_.PsIsContainer}

# iterate over the directories
foreach ($dir in $directories)
{
# echo out what the full directory is that we're working on now
write-host Working on $dir.fullname using $dir.name

# setup the inheritance and propagation as we want it
$inheritance = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
$propagation = [system.security.accesscontrol.PropagationFlags]"None"

# get the existing ACLs for the directory
$acl = get-acl $dir.fullname

# add our user (with the same name as the directory) to have modify perms
$aclrule = new-object System.Security.AccessControl.FileSystemAccessRule($dir.name, "Modify", $inheritance, $propagation, "Allow")

# check if given user is Valid, this will barf if not
$sid = $aclrule.IdentityReference.Translate([System.Security.Principal.securityidentifier])

# add the ACL to the ACL rules
$acl.AddAccessRule($aclrule)

# set the acls
set-acl -aclobject $acl -path $dir.fullname
}

There's no warranty on this, so use and test at your own risk - I can tell you it works in our scenario, however.

Any similarity to actual persons, living or dead, is purely coincidental. I should also probably point out this was also published on $company blog, but with a few obvious alterations.