Monday, May 26, 2008
AVG released a new version of their flag-ship security products and will discontinue the current 7.5 version by end of May 2008. Starting next month, computer that still has 7.5 version installed will not get updated anymore including the virus definition. So it's vital to get this one upgraded. Fortunately, AVG still offers the free edition for private use only, though it isn't that obvious to find out on its website. Here is the shortcut.
http://free.grisoft.com/ww.download?prd=afe
One nice feature in this new version is LinkScanner that scans all links on search engine results page and indicates which links are good and which are dangerous. A very nice way to protect your computer. It works with all major search engine providers on both IE and Firefox.
And yes, of course, this feature eats your bandwidth quite a bit. So to disable if you want to, you can simply check off the option "Enable AVG Search-Shield" on Advanced AVG Settings under LinkScanner tab.
Friday, May 16, 2008
Support from VMware is pretty good. I submitted the support ticket after having encountered two "purple screens", and got reply almost immediately the same day with the request asking me to run a built-in tool called VMware-support on ESX server to collect all log information first.
Since ESX is based on Red Hat Linux, I had to run the diagnose tool right on the server and used WinSCP to download the result file to my laptop and uploaded it to their FTP server. While I was waiting for the news from VMware, I noticed that there were some warning messages popping up during the boot process telling me something about the BIOS, "machine type mismatched" more accurate. I thought it might be the reason causing the "purple screen", so I just went ahead and updated the BIOS for the server, and the server was running fine the rest of day without any further "purple screen". Next day, I got the answer from VMware that proved my thought as the log file I collected specifically pointed that there were hardware incompatible issue on the server.
It turns out, the purple screen shouldn't happen at all if the hardware are all compatible with ESX. Since the ESX server is heavily relied on the hardware layer, it would be good and healthy 1) make sure all hardware are compatible; 2) firmware for the hardware needs to be up-to-date.
Another lesson has to be learned and remembered.
Tuesday, May 13, 2008
Apparently, settings described in my previous post isn't good enough to make it work, it wasn't quite right indeed. There are a lot more stuff needed to be figured out. Google isn't much helpful in this case, which is a little bit surprise, maybe this case is just so rare.
To recap what I need, I have a simple impersonate set to true web form that collects information and email them into a distribution group that receives email from Authenticated User Only in Exchange. It might be easy when impersonate is set to false because then you can simply set up the user info and get authenticated in Exchange when sending the email. I had it work without any problem in ASP.Net 1.1 but not so easy in 2.0.
It turned out the only way of doing so is:
1. hosting the form on the same server as Exchange,
2. set the deliveryMethod to "PickupDirectoryFromIis" in web.config file.
And then, the permission to do the PickupDirectoryFromIis started confusing me as I have no idea what permission should be granted. For now, I just put whoever needs to use the form to local administrator group, which appears working fine. But that can't be permanent, only temporarily.
Mission still has yet accomplished.
Thursday, May 08, 2008
Blue screen is the trademark for Microsoft Windows, so the purple screen is for VMware ESX? Can't believe it failed on me like this.
Monday, May 05, 2008
Stole from PCWorld.ca's one of latest article. Check it out. The Internet Connectivity Evaluation Tool from Microsoft and NirSoft's free WirelessKeyView are quite interesting.
The Internet Connectivity Evaluation Tool only can be run in IE, as expected. You will have to download and install a special ActiveX before actually running it. I ran and tested my home router to see if it can find out Why can't get my wireless identified in Vista? Unfortunately, it passed all the tests, which at least should have failed in one or two. However, Microsoft provides you a list of Vista-compatible routers you can find on the market after the test was done.
WirelessKeyView is a free tool from NirSoft, that reveals all the WEP/WPA keys stored on the computer and save them to text/html/xml file. It should be quite handy for people like me who often brings my laptop to various places.
By default, in an AD-based network, the domain controller gets its time from the BIOS clock and all computers in the domain including servers synchronize their time with the domain controller. The BIOS clock can be wrong for many reasons so it's a good idea to set up the domain controller, primary one specifically, to synchronize with the external time server. To do so,
First, pick up one or two rock solid SNTP time server. Here is a list that you can look at.
Second, log in to the primary domain controller and synchronize the time server for the domain controller with an external source. In short,
w32time /monitor - to check what has been set up?
w32time /config /manualpeerlist: /syncfromflags:MANUAL - to configure.
w32time /update - to update the time services on the server.
w32time /resync - to re-synchronize with the external time server that was set up earlier.
All other computers in the domain then will get their time synchronized in a timely manner or after the reboot. Or, you can also set up the group policy in AD to force all computers to do so.
Saturday, May 03, 2008
To send emails from web form written in ASP.Net 2.0 to an email address that only receives emails from authenticated users, you need to set defaultCredentials="true" in web.config file with other SMTP settings, see below, or the email sent from the form will just go missing without leaving any trace. For example:
<system.net>
<mailSettings>
<smtp deliveryMethod="Network">
<network host="mailserver" port="25" defaultCredentials="true" />
</smtp>
</mailSettings>
</system.net>
Besides, you might also need to set up security authentication impersonate to true as well in web.config file in order to pass the proper authenticated credential to the mail server.
<authentication mode="Windows" />
<identity impersonate="true" />
<authorization>
<deny users="?" />
</authorization>
For people who don't know how to determine if the email address is set to only receive emails from authenticated users, if you are Microsoft Exchange user, you can easily find out from the following property window.
<update>
please see updated post for more updated information.
</update>
Wednesday, April 30, 2008
This is so damn useful. I can't believe that I wasn't even aware of these shortcuts even existed after I have used remote desktop so much for so many years. Thanks Mark for pointing this out, and sure will save me many days down the road.
Saturday, April 12, 2008
Huge...this is my first reaction when I first saw it a few days ago. Yes, I missed the release day so I wasn't able to enroll in to the first 10,000 candidate to get the first hand experience. That's ok, because I have no experience of using Python either.
Hosting web apps in Google would really hurts those small web hosting companies or whoever doing this type of business. Who wants to run their critical websites on higher downtime percentage while there is a better one out there like Google? Google manages the uptime, backups, and more, it hosts your sites virtually across hundreds of servers so you don't need to care if one of them are down. How often do you see this offered by many other web hosting companies? You either have to share the resources with many others for lower cost or exclusively use one dedicated server but without back-up standby.
However, in order to gain all these benefits you will need to over a few gotchas, as Bex Huff pointed out.
- It only supports apps written in Python. No Java, no C, no .NET. Although, Python rocks...
- The best web application framework option is Django... which is an awesomely elegant framework, similar in philosophy to Ruby On Rails. Existing Django apps can be ported in minutes.
- You cannot write to the file system, you have to use the Google Datastore API
- If your web request takes more than a few seconds to respond, Google will kill the process, and send back an error... so I don't know how they do batch processes...
- Google owns your ass even more.
I am a .Net guy so it would be quite a bit of work to switch around. And first of first, I need to pick up Python if I want to go this direction. It's still in Preview Release right now and I am in the waiting list at the moment but will see how it goes later.
Friday, April 11, 2008
Take look these 7 dirtiest jobs in IT on InfoWorld, and how many of them am I doing now? Sadly, quite a few.
Dirty job No.7, Legacy systems archaeologist, is always part of my life and so far there is no sign I can get away of it. My assistant is doing the dirty job No. 6, Help desk zombie. Thanks to remote desktop, I am not fully classified as an On-site reboot specialist, the dirty job no. 5, but I am an off-site one most of the time. I am not so much an Interdepartmental peace negotiator, the dirty job no. 4, but am occasionally. And fortunately, that's all. So far, I don't need to worry about these other 3 dirty works, Enterprise espionage engineer, Datacenter migration specialist, and Sludge systems architect.
Oh, by the way, if you are a datacenter migration specialist, the dirty job no.2, you better look at and get one of these datacenter containers which sure will clean up your dirty job.
Thursday, April 10, 2008
I am not a creative person at all. My brain just goes plain blank every time when I need to think of something nice and full of imagination. That's why when I decided to register a domain for myself I couldn't think of anything but my name, initials, and computers. However, at least the name I finally picked, KJCTech.net, doesn't fall into the worse name everyone needs to avoid category.
This Top 10 Worst Domain Names and 20 More Unfortunate Domain Names are absolutely a no-no. Take close look at these awful names so next time when we are doing brain storm for the new domain name make sure the name we pick doesn't follow their steps.
Manufacturer of instruments for monitoring temperature, humidity and pressure Dickson didn’t think twice when they choose: www.DicksOnWeb.com
A company selling CAD software and Learning CDs was called ViaGrafix - quite innocent until a blue pill hit the market. The company is now called Learn2 but was www.ViagraFix.com
The small town Winters’ local newspaper is called Winters Express and can be read online at: www.WinterSexExpress.com
An eBay competitor was considering the name Auctions Hit, but found it to be a shitty name: www.AuctionShit.com
And the worst of the worst is Experts Exchange, a knowledge base where programmers can exchange advice and views at www.ExpertSexChange.com. This site always comes in the no. 1 from Google but I never noticed they are actually expert on that.
ELMAH, the Error Logging Modules and Handlers, is a error logging system that I used on every website I made to capture every exceptional error page. It's very easy to plug into your web application, just throw in the DLL file into the bin folder and put a few lines of code in web.config file, and works like charm. It's extremely vital when launching the new website but also very useful and handy to have on the go.
However, it becomes not so useful when HackerSafe, an online service that tells people the site with its seal on it is bullet safe, joins in. Because HackerSafe needs to scan your site and do a series of automated security tests every day, it sure generates tons of errors from the website. If the ELMAH logs the error in database, the errors HackerSafe generate eat database space like crazy. Worse, if your database has the quote assigned, it will be shutdown pretty quick and the website that rely on this database will be down the same time too. And more, if you set up to receive the notification when every error is generated, your email box soon will be full and stopped working pretty soon too. It's absolutely nightmare.
And yes, I just had been through this nightmare not so long ago. Because HackerSafe has more value to have on the site at the moment, I have to say good-bye to ELMAH for the time being until I figure it out a way to accommodate these two the same time.
Wednesday, April 02, 2008
If not, check out this one, Super Pii Pii Bros, which might get you.
Product Features:
- Video Game for Nintendo Wii Provides a Virtual Peeing Experience
- Amazing Realistic Pee Fluid Dynamics
- Imported from Japan
- Comes with game disc and Wiimote belt harness
- Includes cross regional boot disc to allow play on US Wii consoles
- Minimal Japanese text makes game easy to understand if you can't read Japanese
- Over 100 different peeing environments with multiple toilet and urinal styles
- Up to two players can compete with dueling pee streams
And this one, PTeq - USB Pregnancy Test, for sure will get you if the one above doesn't.
Saturday, March 29, 2008
The three-day PWN to OWN contest at the CanSecWest security conference finished today here in Vancouver. The contest this year includes three laptops, running the most up to date and patched installations of MacOS X Leopard, Windows Vista, and Ubuntu Linux on MacBook Air, Fujitsu U810, and Sony VAIO, respectively.
All of them are survived after day 1 which only allows remote pre-auth type attack. MacBook Air was the only one compromised on day 2 because of one vulnerability in Safari browser. Vista was defeated almost the last minute in the last day because of the hole in Adobe Flash. Sony VAIO with Ubuntu smiles in the end.
Not bad, all OS are very good in security. I thought Vista might be the first one being compromised but thank to IE7 team who did a good job to lock down the browser, which kept Vista alive for the first 2 days in the contest. The result should give more people the confident to use computer but also warned that human, not computer self, is the most thread to the computer system. It also sent message to all 3rd party software providers that be careful of designing your products or you will be next one to blame.
Friday, March 28, 2008
My assistant forwarded this to me today, well he actually forwarded to SPAM. And yes, we have a distribution group called SPAM in our office for this type of purpose.
For those of you who are aware, Canada will soon (or already does) have an official Do-Not-Call registry, whereby you can register your phone number and telemarketers are not allowed to make unsolicited calls to you anymore. There's a catch with our version of the Do-Not-Call registry, and that's that many companies are exempt from it. Lots of telemarketing companies, charities, etc are all legally allowed to make cold-calls to you even if you register with the Do-Not-Call list, simply because they lobbied hard when the law was up for discussion.
Now we have a solution...
Dr. Michael Geist (yes, THE Michael Geist) has come up with a website (http://ioptout.ca) that allows you to sign up with your name, phone number, and email address and then lets you pick which companies to opt out from. When you're finished, you submit your info and the site generates an email for each company stating your info and the fact that you'd like to be removed from their cold-call list. This is the ultimate Do-Not-Call registry because companies that are exempt from the usual law are still required to remove you from their lists if you specifically ask. Now you don't even have to ask, the website does all the work.
I had my home phone number changed three years ago because of the spam calls. I wish and hope this would work out and finally stop these annoying, sometimes rude, calls. But meanwhile, I a bit doubt if it would. Remember the unsubscribe or remove me from the list link in the spam emails? Did it ever work if you went and asked to get your name off the list? It had welcome more spam if you did it. Will it happen the same if we provide our info to them and beg them for not calling? Always think twice every time when handing out your personal information.