One point twenty one jiggawatts! Yesterday (March 8, 2010) the OpenSSH project released version 5.4 and naturally will start hitting the various distributions and platforms soon, and again there are some great things to be interested in:
- Although many distributions of OpenSSH have SSH1 disabled, the project is now shipping with SSH1 disabled by default.
- There is the ability to revoke keys (host and user) in both sshd and ssh.
- Netcat mode connects stdio on the client to a single port forward on the server. For example the following would connect to smtp.server.example.org on port 25, and redirect the output to stdio on my client side. Useful if you need to test connectivity to a mail server, but can't from your direct location, but can from your SSH server (my.ssh.server.example.org).
ssh -W smtp.server.example.org:25 my.ssh.server.example.org That has pretty much bags of possibilities, ranging from simple connection tests to piping a file to a remote server that you can't get to directly. - sftp-server has gained a read only mode!
- Passphrase-protected SSH2 private keys are now protected with AES-128 instead of 3DES. This counts if you reencrypt your key or create a new one.
- Feb 04, 2010 by the_angry_angel
- Geek, Windows and Work
Licensing is a pain in my arse. There are whole companies full of people who can tell you that you're doing it wrong. Personally I cannot stand licensing, and the only thing that I find more annoying (in this field) than the proliferation of Open Source and Free Software licenses (and figuring out what I'm allowed and not allowed to do and what is an "arms length" exactly - but thats another rant for another time), is the software licensing by Microsoft and other vendors who shall remain nameless for this article.
To try and make things easier at work two and a half years ago I put together a very small document/cheatsheet describing the licensing terms for various Microsoft products and virtualisation. Yesterday Microsoft released an updated document for Windows Server 2008 R2, and interestingly not much has changed for Window Server, with the exception of a few new products. The table below should help out a bit if you're confused .
| Instances |
|---|
| Server Product | License Type | Physical | Virtual |
|---|
| Windows Server Foundation (2008 only) | OEM | 1 | 0 |
| Windows Server Standard | OEM, Retail, VL, SPLA | 1 | 1 |
| Windows Server Enterprise | OEM, Retail, VL, SPLA | 1 | 4 |
| Windows Server Datacenter | OEM, VL | 1 | Unlimited |
| Windows Server Web | OEM, Retail, VL, SPLA | 1 | 0 |
| Windows Server HPC | OEM, Retail, VL, SPLA | 1 | 1 |
I decided to check the licensing for other products, just incase I'd missed any changes. It doesn't look like it, so here the run down (as I understand it).
As a general rule, for anything per processor licensed, if you're running it in a virtual environment it will simply count the number of virtual processors you assign it.
It gets a bit complicated with SQL 2005 and newer. To quote Microsoft:
When licensed per Server or CAL Workgroup and Standard editions allow you to run any number of instances of the server software in one physical or virtual operating system environment on the licensed server at a time. Previously, only the Enterprise edition of the Server license allowed multi-instancing. When licensed per Processor Workgroup, Web, and Standard editions for each server you have assigned the required number of per processor licenses, you may run, at any one time, any number of instances of the server software in physical and virtual operating system environments on the licensed server. However, the total number of physical and virtual processors used by those operating system environments cannot exceed the number of software licenses assigned to that server. For Enterprise if all physical processors in a machine have been licensed, then you may run unlimited instances of SQL server 2008 in one physical and an unlimited number of virtual operating environments on that same machine.
As far as I'm aware anything else licensed per server doesn't currently have any special rules regarding virtualisation; so this includes Exchange, Sharepoint, and so on.
- Jan 27, 2010 by the_angry_angel
- Geek and Work
I've not been doing anything that could be considered interesting with Cisco kit recently, although at work do have have some of their products in use. Before rolling out the solutions simulators were rather handy to try out different scenarios, but it seems that this may become a bit of an issue from IOS 15 - at least at the moment.
If you want to know more I'd suggest taking a gander at Strech's article on the need for educational IOS licensing.
- Jan 05, 2010 by the_angry_angel
- Geek, Windows and Work
Over Christmas we had to do a bunch of VMWare to Hyper-V conversions at work. Once you've sufficiently prepared the VM, there are a whole bunch of ways you can do this, ranging from raw converting the vmdk, to mounting the vmdk and a blank vhd and then copying the contents between. We chose it as an opportunity to play with Disk2VHD from SysInternals.
If you're using SCSI disks in your VMWare VM then you will first need to ensure that you add the IDE controller driver, to hopefully avoid a BSOD when you boot under Hyper-V for the first time. Why don't you just set Hyper-V to use SCSI disks? Sadly because Hyper-V cannot boot from SCSI. Once you've added the driver and rebooted to ensure that it's stuck we simply ran Disk2VHD and pumped the VHD off to a network share.
Interestingly Windows 2003 x64 and 2008 were a lot more resistant to the change in "hardware" than older Windows versions, which needed a Windows repair, however I can't fault Disk2VHD for that as it was something I was expecting anyway.
What worried me most was that the first run we did Disk2VHD produced a mangled VHD which I managed to repair and get working by doing the following;
- Mounted the VHD and declined Windows offer to format the partition it could see.
- Extended the partition so that it filled the VHD (for some reason it had left a whole load of space free - none of the other conversions did this). I chose to use diskpart, but whatever you're comfortable with.
- Ran TestDisk to ensure that all was ok with the partition. In this case it threw up some weird error that I failed to note down and right now I can't 100% remember for sure if TestDisk helped or not. A chkdsk /f was definitely able to, however. After this the VHD was in perfect working order.
Fortunately all other conversions didn't seem to have this issue, and as much as I would've loved to investigate why this happened, I just didn't have the time.
- Dec 18, 2009 by the_angry_angel
- Geek, Work and Mindless Hatred
If you're even slightly geeky you will have seen any of several articles in the last 2 years that state "the URL is dead". With the inclusion of the search box in many browsers this is starting to become true, and is starting to present some interesting support challenges.
Every now and then you will need someone to visit a specific site, and you might not be able to connect to the user's device to assist. The solution in most cases is to politely educate the user (or get another user to assist) and move on, but I have had a few users who have been unable to understand the concept that the address/location input is actually what we're looking for. Perhaps the user has removed or shrunk the location bar so that its really insignificant, or perhaps they're just really too stressed to follow simple instructions.
For publically accessible websites the answer is to ensure that your site can be reliably found via all the major search engines, and have a link if necessary. This means that SEO becomes an important feature of your support framework. This is scary but something that very well will become a genuine systems and support concern.
Things get worse for internal-only addresses. In theory you shouldn't be in the position where you're not able to remotely assist a user inside of your own network, but lets face it, shit does happen - or it might be a guest/embedded device (such as a WiFi enabled phone). Whats the answer in this instance? Application level filtering and redirection in your proxy server(s)?
