What's new on shawnbass.com

Default location for VM creation in Virtual PC 2007

shawn@shawnbass.com — 7/9/2008 2:15:18 PM

A client of mine has standardized on Virtual PC 2007 for desktop virtual machine needs (not for their VDI or Server VMs, but just simple desktop VM needs).?? They recently created a transform for customizing the default install, but after deployment noticed that there was one major issue with the package.?? The issue is that VPC picks a subfolder of "My Documents" named "My Virtual Machines" as it's default store location when creating a new virtual machine.?? This would obviously be a very bad choice when using Group Policy enforced managed folder redirection (just imagine how slow the VMs would be if they were stored on the network!, not to mention issues around home drive quotas, etc).?? Anyway, the packaging team couldn't find an option in the app, nor a registry setting anywhere to change the default folder location for this.?? Also, since we're dealing with a network location, you can't get by with a subst command or junction point.?? While I didn't know the answer myself, I figured Google might.?? After a quick search I came across a blog entry from Mr. Virtual PC Ben Armstrong.?? Ben states that the solution is to create a system environment variable named MYVIRTUALMACHINES and set it to a path on local disk.?? So as an example you could create a path named C:\VMs and then set MYVIRTUALMACHINES to C:\VMs.?? Thanks Ben!

Citrix Delivery Center Visio Stencils

shawn@shawnbass.com — 7/3/2008 3:43:55 PM

Daniel Feller from the Citrix Worldwide Consulting Solutions group has posted a nice set of Visio Stencils for the new Citrix Delivery Center components.?? This includes visio shapes for all the new XenApp branded components as well as XenDesktop, XenServer, Password Manager, Netscaler, WANscaler, Branch Repeater, etc.?? I definitely recommend picking up a copy if you frequently do Visio diagrams of Citrix infrastructure components.?? And thanks to Daniel for sharing this with the community.

I've been selected by Microsoft as a Terminal Server MVP

shawn@shawnbass.com — 7/2/2008 1:14:44 PM

I received an email yesterday that I was nominated and approved for a Microsoft MVP in Terminal Services.?? What can I say other than I'm honored to be included in such a great group of people who contribute so much to the community at large.?? Thanks to everyone for their support.?? My MVP page can be found here.?? One of these days (when I get free time) I'll actually update my profile to include all the relevant info.?? Also, Congrats to the other new Terminal Server MVPs:?? Seung Heun Noh: Terminal Server: Engineering, Greg Shields: Terminal Server: Author, and Joe Shonk: Terminal Server: Architecture.
??

Virtualize a Citrix server?

shawn@shawnbass.com — 7/1/2008 3:28:24 PM

The age old question of whether or not you should virtualize a Citrix server.?? It use to be a diffcult question because the virtualization platforms were not very optimized for a Terminal Server workload.?? Many things have changed in this regard, and now it's not such a crazy decision anymore.?? There are certain use cases where it's a no brainer (license servers, web interface, secure gateway, etc).?? However, for pure Presentation Servers it was always a bit of a toss up.?? On one hand you have a situation where you know you're going to get less users than on physical hardware, versus the other side that says since 32-bit Windows is limited to 2 GB of kernel memory, then virtualizing some Citrix servers on a 16GB or 32GB server carved up into several Terminal Server VMs will scale more users than a single physical instance on th equivalent server hardware.?? But that's comparing a physical install using 32-bit Windows, not 64-bit.?? Still, it does make a lot of sense to at least consider virtualizing your Terminal Servers on a VM platform.?? Now, which platform to choose??? While VMware clearly has more experience (read: existence) in doing this, XenServer has an advantage which is that they have the developers of Citrix (and to some degree Microsoft) at their disposal.?? With some of the recent optimizations that Citrix has made in XenServer, they've been able to bring the overhead of virtualization down to 7% on 64-bit Citrix XenApp.?? The virtualized 64-bit XenApp was able to host up to 70% more users than the virtualized 32-bit instance.?? This isn't that big of a surprise though since the 64-bit instance isn't limited by kernel memory like the 32-bit instance is.?? I recommend checking out this blog entry over at Citrix for some more details on how they conducted their testing if you're interested in this.

Process Monitor has been updated to support the latest SoftGrid / App-V Release Candidate

shawn@shawnbass.com — 7/1/2008 3:24:00 PM

I recently came across this blog entry posted on the App-V blog stating that Process Monitor was recently updated to support the new App-V Release Candidate that was just released last week.?? You can get version 1.35 of Process Monitor here.???? Also, did you know that you can launch the SysInternals tools directly from the web by visiting live.sysinternals.com?? Check it out, it's pretty helpful.

Al Solorzano on Group Policy Preferences

shawn@shawnbass.com — 6/2/2008 9:52:24 AM

Al Solorzano recently posted a nice article on Group Policy Preferences over here.?? If you're not familiar with Group Policy Preferences, it's the technology that Microsoft acquired from Desktop Standard.?? GPP is a nice way of extending management reach to registry settings that were previously not able to be managed by Group Policy (at least not without those PITA Administrative Templates anyway).?? There's also some powerful capabilities for filtering that are largely lacking from Group Policy.?? While out at Citrix Synergy a little over a week ago, I had the pleasure of some great conversation with Al at a group dinner outing.?? Al is extremely knowledgable about a variety of technologies and I highly recommend following his blog (if you don't already).?? Al's blog can be found here.

Attending Synergy? Then borrow video camera, make cool video, and get free video camera...

shawn@shawnbass.com — 5/14/2008 11:09:41 PM

Vishal Ganeriwala from Citrix has recently posted a blog entry about a social networking contest that's being conducted at the Citrix Synergy event next week in Houston.?? If you happen to be attending, here's how the process goes:

You comment on Vishal's blog entry stating that you'd like to borrow one of the FlipVideo cameras.
You record some 5 minute video segment capturing your thoughts (or someone elses if you don't have any LOL) regarding the Citrix Synergy event.
You turn the camera back into Vishal the following day.
All the videos get uploaded to YouTube.
The top 5 most viewed submissions will receive the FlipVideo camera for free.

I'll be at Citrix Synergy, and this blog gave me a good idea to bring my FlipVideo camera.?? Only I won't have to adhere to all those crazy "rules".?? I'm such a rebel... Oh yes, I will be videotaping analysts...oooh.....?? And I might even upload videos to my site, or maybe even some other site....???? Uh-oh?? now I've gone and said it...

TechEd video describing new features in SoftGrid / MAV 4.5

shawn@shawnbass.com — 5/14/2008 9:39:35 AM

Justin Zarb recently blogged about a video he found from a TechEd session where John Sheehan gave an overview of the new features in SoftGrid / MAV 4.5.?? I'd love to give all sort of nice comments about the video, but I'm plagued by the Silverlight Download Error 4001 so I can't even watch the video.?? Anyway, I'm passing it along in case you haven't seen Justin's blog entry about it.

XP SP3 officially re-released

shawn@shawnbass.com — 5/6/2008 3:47:44 PM

Microsoft has officially re-released Windows XP Service Pack 3 today.?? Get the full download here.

The ultimate guide to Citrix MFCOM SDK

shawn@shawnbass.com — 5/2/2008 10:36:45 AM

Vishal Ganeriwala from Citrix sent me a tip that Dr. SDK (head Citrix MFCOM jockey) has updating his SDK Guide "Scripting MetaFrame".?? The new guide can be found here and is a must read for anyone attempting to use MFCOM from VBScript/PowerShell, etc.

Taking a long time to launch your Citrix apps? Maybe you need to try Citrix FastLaunch...

shawn@shawnbass.com — 5/1/2008 3:39:24 PM

Gus Pinto has blogged recently about a utility developed by the internal IT organization at Citrix that was used to assist in minimizing the amount of time required to get people into their Citrix apps.?? You can see a "veedio" [ LOL @Gus ;) ] of this in action here.?? Gus also did a follow up interview with the creators of the utility here.

One thing to know up front about this utility is that it will be released to the web as an unsupported utility on CDN.?? It won't be an "official" Citrix product.

Now before I comment on this, let me first state that I have no inside knowledge of how this thing was developed, nor am I an expert at the inner workings of it.?? That being said, let me state some assumptions about how I *think* this thing is working and some potential shortcomings of it.?? I'm certainly encouraging any/all corrections/clarifications to these assumptions.

First an overview of my understanding of the utility:

1) Windows boots up and the user logs in.

2) There's a Start Menu startup folder shortcut that links to this utility written by the Citrix IT guys.

3) The executable starts up and initializes a connection to a Citrix server.?? If the user had existing disconnected apps on that server, the apps would immediately show.?? If the user didn't have any apps running, they would just see their desktop.

4) Upon launching their next Citrix application, it would immediately appear via the magic of session sharing.

Ok, so what's the catch?

1)?? First of all, since this is a utility that runs in the startup menu of the client system, you've got to have some way to get it there.?? If you're using PN/Web client you're a bit SOL since you'd need some type of ESD or script solution for pushing the shortcut in their start menu.?? If you're using PNA, you could use the Citrix infrastructure and PNAgent to place the shortcut into the Start Menu, but you'd still need to stage the utility onto the machine.?? That means there needs to be some type of out of band management mechanism of getting it there.?? For most people with internal corporate desktops, this would be pretty easy through their existing ESD and/or Group Policy.?? For external users, you probably don't want sessions auto-launching in the background for security reasons.

2) What this utility is actually doing is automatically invoking an ICA session on a ~~Presentation Server~~ oops I mean XenApp server.?? This has implications in a few different areas:

?????? a) Licensing.?? Unless Citrix has developed a way of not actually counting these "auto-launch sessions" you'll need to have enough licensing to accomodate every single user that has this utility deployed.?? At the client site I'm at right now, they have about 1500 ccus of PS4.5e, but a pool of about 6k total users.?? So if this is really an issue, then they would need to buy 4500 more licenses.

?????? b) Server capacity.?? Everyone knows that one of the biggest hits to a Terminal Server environment is session initialization.?? All of the logon script processing, printer mapping, and process initialization is brutal on the Citrix server front.?? I see two issues here.?? One is major blackhole effect when shifts change.?? If you've suddenly got two to three thousand simulatanous Citrix logins vs normally seeing 500 max, that's a pretty significant rise that you might not be ready for.?? Secondly, does your Citrix farm have the capacity to accomodate the number of users that have FastLaunch deployed??? Going back to my example of having 6k total users with 1500 max ccus.?? If the farm can handle 1500 total users, but you've just thrown 6k sessions at it are you going to stress it beyond it's capabilities?

?????? c) Reliance on the magic of session sharing.?? Session sharing is a beautiful thing.?? It's a technology that in it's most basic form instructs the Citrix server to simply spawn a new user process for XYZ application within the existing TS/Citrix session instead of launching a whole new session.?? Now, there a many reasons why session sharing might fail.?? But the first (and most obvious) reason is that the application being requested isn't installed and published on the server that your session is running on.?? There are still many Citrix environments that are highly silo'd.?? The reason why an organization is in a silo situation may vary from company to company, but the bottom line here is that if your in a silo'd architecture, this FastLaunch may offer you no benefit on launch wait time if the application requested has to be fulfilled from an alternate server silo.?? Now, if your infrastructure is built such that you're using application virtualization (a.k.a. Citrix Streaming, Microsoft Softgrid, VMware Thinstall), then you might be able to get by with about 80% of your apps being serviced by the same server that you've initialized your startup session on.

Overall I think the concept behind FastLaunch is a good one.?? I think it could get even better if Citrix was to start tracking user experience patterns to know that XYZ user typically launches these applications initially and therefore we should spin up a session on XYZ silo, etc.?? But considering that this is an internally developed utility and is being provided for free, you can't exactly complain.

To wrap up I want to say the following things:

1) I'm not an expert on this particular utilty so I'm certain that at least 1-99% of this blog entry is completely wrong. :)

2) The type of thinking behind this utility is EXACTLY what Citrix needs to keep doing.?? There are tons of people out there with similar ideas/concepts.?? Citrix needs to find the ones that are game changing (or disruptive technology as they like to call it) and jump on them.

3) Offering this stuff for free is cool and all, but come on....this kind of stuff deserves real consideration for corporate backing.?? If the licensing, server performance, and session sharing issues are problematic then you just haven't thought hard enough about alternatives to make it better.

Lots of SQL injection flying around the internet...Are you performing input field validation?

shawn@shawnbass.com — 4/29/2008 4:56:57 PM

For those not familiar with SQL injection, it's in it's simplest form a method of injection a SQL statement into a database server by way of hiding it in a web parameter.?? There's a more detailed explanation here.

Anyway, I wanted to throw together a quick blog entry on this because SQL injection is a very common issue that affects a large number of public websites.?? Most of the webmasters are not even aware that their web site exposes them to SQL injection.?? Recently, there's been a flurry of activity and news on the Internet about a large amount of SQL injection attacks that are being used to spread malware.

This particular form of SQL injection appears to have been done by a bot and it also appears that most of the sites were targetted by their page rank in search engines.?? Hah!?? Sometimes it pays to be the little guy.?? Anyway, there's various mentions on the Internet on how to know if you've been compromised so I'm not going to go into that.?? What I would like to bring up is that this is NOT a Microsoft problem per se.?? It's a problem with poorly written web applications, which one could possibly attribute to Microsoft for making development so easy but I don't think that helps the situation.?? Microsoft did publically acknowledge this issue here and stated that it's not a particular vulnerability with IIS or SQL (which is actually true).?? However, what they don't state is that this is a developer education issue and people need to start taking responsibility for teaching their developers safe coding practices.

For those interested in learning more about SQL injection, check out the links I posted above.?? Also check out some of the SQL injection toolkits located here.

Finally, for information on how to combat SQL injection, here's a few things that may help:

Scott Guthrie on Guarding Against SQL Injection

MSDN Patterns & Practices on How-To Protect Against SQL Injection in ASP.NET

One final thing:?? While most of this article talks about things from a Microsoft ASP/SQL point of view, SQL injection is not exclusive to Microsoft products and can occur on a variety of web and SQL platforms.?? Things just tend to get a bit more sensationalized when dealing with MS products.

Barry Flanagan posted up a list of technical sessions that will be at Citrix Synergy

shawn@shawnbass.com — 4/29/2008 8:26:56 AM

With only three weeks to go before the Citrix Synergy event in Houston, TX Barry Flanagan has posted up a list of technical sessions from the Citrix Synergy conference.?? While anything could happen, I'm getting the general feeling like this might just be the most technical Citrix iForum ever.?? Even if not, I'm just happy that Citrix is actually publically recognizing the Citrix Technology Professional program as opposed to treating it like the ugly red-headed stepchild (no offense to ugly red-headed stepchildren).

View the list of technical sessions in Barry's blog entry.

Why I love GotoAssist Express Beta

shawn@shawnbass.com — 4/27/2008 1:31:51 PM

I have been a long time supporter of the Citrix Online GotoAssist product as an excellent way for organizations to provide remote support to their internal associates, but specifically for their remote office workers, work from home employees, and third party customers/partners.?? Whenever I'm able

Mark Templeton's advertisement to Citrix Synergy calls out reference to Brian Madden

shawn@shawnbass.com — 4/16/2008 10:26:23 AM

Never in a million years did I ever expect to hear a reference to Brian Madden in a public video from Mark Templeton, but that day has come.?? I was reading a blog item from Jeffrey Muir where he mentioned a video that Citrix was sending throughout the company as a commercial advertisement to re-enforce the reasons why people should attend Citrix Synergy.?? Jeff posted a link to the video and I gave it a listen.?? Surprisingly, Mark talks about the Geek Speak Live section of the conference that several of the Citrix Technology Professionals (including myself) will be speaking at.?? This is a great thing as it's becoming clear that Citrix is really beginning to recognize the CTP program and evangelize it within the organization.?? If you're going to Synergy, I recommend you stop in on the Geek Speak Live sessions.?? I'm sure they will be great.

Back to the Brian Madden reference.?? If you watch the video Mark mentions Brian's name at 1:19.?? Who would have thought?

Odd issue with Citrix hotfix that hangs on COM+ Registration of CitrixLogServer.dll

shawn@shawnbass.com — 4/16/2008 8:21:57 AM

I have a customer that is performing an upgrade to Presentation Server 4.5 right now.?? The way I setup their deployment is that the server is built with 2003 SP2 and then an unattended build of PS 4.5.?? Then after the server is joined to the farm, there's an Installation Manager package group of about 50 core components that are pushed to the server.?? From a Citrix hotfix perspective, the following items are deployed:

PSE450W2K3R01.msp?? - Hotfix Rollup Pack 1

PSE450R01W2K3003.msp
PSE450R01W2K3004.msp
PSE450R01W2K3007.msp
PSE450R01W2K3008.msp
PSE450R01W2K3009.msp
PSE450R01W2K3010.msp
PSE450R01W2K3029.msp
PSE450R01W2K3033.msp
PSE450R01W2K3036.msp
PSE450R01W2K3042.msp

PSE450R01W2K3032.msp -?? Limited Release hotfix

These hotfixes were generally deploying well to all servers, but I've noticed an odd situation that's sometimes occurring when I push the entire package group to a brand new server.?? It seems that during the deployment of PSE450R01W2K3008.msp it sometimes stalls the installation of the IM Package Group (i.e. it does ever seem to finish).?? Upon further investigation of the MSI log, I'm seeing where the problem is occurring.?? Here's a snippet of the MSI log with the relevant MSI action that's hanging the install:

MSI (s) (08:30) [11:11:00:350]: Executing op: ActionStart(Name=CtxComPlusAppRegister.E289452F_B008_4882_ABB2_77E22692D9C4,,)
MSI (s) (08:30) [11:11:00:350]: Executing op: CustomActionSchedule(Action=CtxComPlusAppRegister.E289452F_B008_4882_ABB2_77E22692D9C4,
ActionType=3073,Source=BinaryData,Target=CtxComPlusAppRegister,
CustomActionData=CitrixLogServer.E289452F_B008_4882_ABB2_77E22692D9C4=key_app_name=CitrixLogServer
key_type=2
key_component=C:\Program Files\Citrix\System32\CitrixLogServer.dll
component_tlb=C:\Program Files\Citrix\System32\CitrixLogServer.tlbcomponent_psdll=component_install_state=3component_action_state=3
key_role=__allrole_install_state=3role_action_state=3key_user=networkserviceuser_domain=nt authority
key_property=Identityproperty_value=nt authority\networkserviceproperty_type_value=6)

So the stall in deployment seems to occur when the COM+ Registration for CitrixLogServer.dll is attempting to happen.?? So what now?

So I've narrowed down my issue to a COM+ registration issue, now what?

One word....Google :)

After search for this COM+ registration issue, I came across a Citrix Support Forum thread with the same MSI error that's happening to people when trying to install PS 4.5 straight up.?? So people seem to have this problem during the installation of PS4.5 and not from a specific hotfix like I'm having.

In response to that support thread, Citrix has published CTX113639 where they acknowledge an issue with PS 4.5 installation during the COM+ registration of the CitrixLogServer.dll.?? Citrix supplies a custom MSI transform (MST) to install PS 4.5 with if you're having this issue.

So there's definitely a COM+ issue, but why?

I opened a private support thread with Citrix to find out what specifically is contained in that MSI transform that's allowing the installation to proceed where it otherwise would not.?? I received a response from Citrix that stated the issue with the original install and what is being resolved by the transform is that the installation routine is attempting to resolve the SID of the Network Service account using a Win32 API call named LookupAccountName.?? According to Citrix, when this call is being made there are certain situations within AD environments that will cause this lookup to take a long time to resolve.?? Something about broken domain trusts, blah blah blah.?? Well I was pretty certain that there weren't any domain trusts in this environment, but I wanted to try and validate what Citrix was telling me.?? So I got some source code that utilized LookupAccountName from Advapi32.dll.?? I ran the code and performed a SID lookup on NetworkService.?? It returned S-1-5-20 within a fraction of a second.?? Well, either I was misled or there's something else going on.

Dealing with the stalled hotfix deployment

Since I was unable to determine the root cause of the COM+ registration issue in my first attempts, I decided to see what I could do to resolve this issue without having to spend tons more time debugging it.?? I began with the obvious choice, I rebooted the server with the stalled deployment.?? To my surprise, after the reboot Installation Manager re-targetted PSE450R01W2K3008.msp against the server where it was previously stalled, but this time the installation completed within seconds.?? Hmmmmmm.?? So now what?

Bring on HRP02

Considering the combined issue that I really didn't want to reboot the servers during the IM package group deployment AND Citrix recently released HRP02 which includes PSE450R01W2K3008.msp, I decided to at least investigate using HRP02 as a solution to my issue.?? I'm pleased to say that HRP02 installed on both existing servers with the older hotfixes, as well as fresh servers without any Citrix hotfixes without a hitch.?? The other great news is that Citrix seems to have resolved the issue that plagued HRP01 where MSI self-healing would trigger because of Speedscreen Browser Acceleration when deployed on servers that had a larger E: drive than C: drive.?? I know it's an obscure problem, but it happened to me and at least a few other people out there based on the support forum threads.

So now I'm rolling with HRP02 and PSE450R02W2K3001.msp.?? So far, there's been no issues.??

NEWSFLASH! Application Virtualization does not shield you from your own stupidity...

shawn@shawnbass.com — 3/4/2008 3:43:38 PM

I'm at a client side right now working on a large SoftGrid implementation project. I'm going through the motions sequencing applications when I came across one application from Reuters named StockVal. While I initially figured that this would be a slam dunk sequencing process, I discovered that it was anything but that. You see it's become apparent to me that application virtualization doesn't actually save you from your own stupidity. What do I mean by this? I mean that one of the biggest challenges with traditional software packaging is that packagers do stupid things. What kind of stupid things??? Well here's some that I've personally solved over the last year:

1) Packager snapshots MDAC 2.5 RTM version registry key (the Data Access version key) and distributes said package to over 3,000 desktops. Those desktops that attempt to install anything that requires MDAC 2.7+ fail as they are stating that the machine needs MDAC 2.7. Well XP doesn't come with MDAC 2.5, so you begin to realize that the packager just made a mistake by not properly auditing their package for a mistake like this.

2) Packager creates an application package for some line of business app that requires Oracle. When they created the package, they neglected to audit the contents of the package and found that it included the System Path environment variable. Upon deploying that to workstations and Citrix servers, every single Oracle app ceased to function since Ora bin directory was no longer in the path.

3) Packager creates an application package for a line of business app. Packager neglects to utilize merge module and instead captures oleaut32.dll into the package. When desktops with this application were upgraded to XP SP2, Internet Explorer randomly crashes while using other applications.

Now all three examples I listed above are situations where someone used snapshot-like technology for package authoring and is largely not a problem when following MSI best practices. However, the whole point of application virtualization is that you do not have to be as careful when creating your packages because this situation isn't going to break other applications on the machine. While this is generally true, the question is can you be competely carefree about what you're doing while creating a virtualized application. The answer, of course, is no.

Here's the scenario. While sequencing this StockVal application I launched the application during the monitoring phase. I typically do not do this, though other SoftGrid experts do advocate executing the application during the monitoring phase. Why don't I like to execute during the monitoring phase? Because I've seen way too many applications that create user preferences on first launch that I often to not want to get captured in the sequence. If you're good about auditing your packages, you'll usually find these things and correct them before they become an issue. However, back to this application. I DID execute it during the monitoring phase. This particular application runs mostly remote node off a UNC share and contains some DAT/IDX files on that share that it accesses when it starts up. During the monitoring phase all was well and the application ran as expected. I completed the sequence and copied it up to the SoftGrid VAS server and imported it for publishing. Now on to app owner testing...

The app fell flat on it's face with some bizarre error message about the database files being corrupt or some such nonsense. I followed the traditional troubleshooting steps of creating a debug OSD and invoking it under the user credentials and verified that I could in fact get to the UNC path where the application was run from and that I could read the database files (the DAT/IDX) files off the UNC path. Hmmmmm....what's wrong here? I fired up FileMon/RegMon to look for anything suspicious. Everything in the FileMon/RegMon looked the exact same as it would for a regular execution of the app in a non-virtual form. Finally I jumped back into the sequencer to take a peek at the project file. In looking at the Virtual File System tab, it became immediately clear what went wrong. If you remember what I said earlier, I ran the application once during the monitoring phase to make sure it was working. The SoftGrid sequencer captured the access to the database files on the App Server's UNC and decided to virtualize that file I/O. When I then in turn tried to run this in a virtual form I was getting a "virtual" copy of the real database file instead of the real database file on the app server. Now, there are people out there that think that the SoftGrid sequencer shouldn't be capturing these types of items as the possibilities for damage are high.?? Since the sequencer does capture file I/O from network shares, my only advice is don't assume that virtualization safeguards you against your own stupidity.?? You still need to check your work...?? :)

Whole Disk Encryption ineffective?

shawn@shawnbass.com — 2/26/2008 9:48:11 AM

There's a lot of buzz in the security industry right now after a paper was published by some researchers from Princeton University that demonstrates how whole disk encryption systems can be completely thwarted by obtaining the encryption keys from a laptop's RAM.?? How is this possible??? Well, when an Operating System is in sleep mode the decryption keys are stored in memory to allow the operating system to boot back up and continue accessing the encrypted disk.?? In addition, different RAM chips decay their memory contents at different rates when power has been removed from the RAM chips.?? Cooling the RAM chips can slow that decay rate upwards of 10 minutes by using a simply air duster can turned upside down.?? Once the RAM chips are cooled, their contents can be dumped by booting to a USB disk with memory extraction tools, or if you're unable to change the boot order, the chips can be removed and transferred to another system where the contents of the RAM chips can be extracted.?? Once the contents of RAM is extracted, code can be run to retrieve the encryption keys which can then be used to decrypt data off the disk.?? Scary eh?

The original paper by the Priceton researchers can be found here.

There's also coverage of the issue by the SANS ISC here (including a video that demos the issue) and here (provides guidance for known whole disk encryption software).

Currently known affected products are Microsoft Bitlocker, Apple's FileVault, and TrueCrypt.?? At the second ISC link, there's information that PGP WDE and Utimaco SafeGuard are also vulnerable.?? No news yet from CheckPoint PointSec.?? However, one would assume that almost all whole disk encryption vendors would be vulnerable to this.

How do you safeguard against it??? Power down your system instead of sleeping or hibernating.

Citrix announces Workflow Studio tool for automating repetitive tasks. Is this FullArmor in disguise?

shawn@shawnbass.com — 2/14/2008 9:06:51 AM

Citrix has recently announced a new product called Workflow Studio that is a tool for putting together a visual workflow for completing repetitive tasks.?? This workflow would then leverage PowerShell scripts to complete the individual tasks.?? What's interesting about this tool is that Citrix has mentioned that it came from an unmentioned technology acquistion/partnership.?? From my perspective, it sounds an awful lot like FullArmor's Workflow Studio product that was announced in July 2007.?? It's also got the PowerShell community wondering the same thing.?? Folks like Karl Prosser of the amazing PowerShell Analyzer and PowerShell Plus products questions the same thing in a blog entry on his site.?? For those looking for more information on Workflow Studio, Rich Crusco from Frameworkx.com put together a multi-part series on Workflow Studio.?? Is this the Full Armor product or what?

Exchange 2007 SIS and Entourage 2008 new features

shawn@shawnbass.com — 2/11/2008 6:11:11 PM

A ton of things have been happening in the Exchange world that I've not been keeping up with very well, but I did come across two items that were of particular interest to me that I thought I'd share.

First, the MS Exchange Team has put up a blog item discussion a feature of Exchange that's been around a long time (Single Instance Storage).?? SIS is a technology that was introduced in Exchange 4.0 that allows for an email to only exist once in the Information Store for multiple different users (if those users are on the same system).?? So if an email (especially an email that contains attachments) is sent out to 10 different users, the Exchange server will only keep one copy of the email and all users will reference that copy.?? There are some changes with SIS in Exchange 2007 namely that it only performs Single Instance Storage of message attachments, not of message bodies.?? This makes perfect sense when you think about it considering that most of the storage that you'll consume on your Exchange server is related to attachments more so that simple text.?? Simple text is small and generally irrelevant whereas attachments kill you.?? This is particularly true since 90% of the organizations I've consulted for seem to think that Email = File Server.???? You can read further about the reasons why the Exchange Team made this decision in the blog post here.?? Ultimately it came down to a trade off between storage savings and IO Operations.?? Ultimately storage is cheap, IO is not.

The second thing I want to cover in this blog item is a discussion about the newly released Office 2008 for the Mac and Entourage (the Outlook equivalent for you the non-Mac people out there.?? Office 2008 for Mac is a completely new beast versus Office 2004 for Mac.?? Luckily Amir Haque from Microsoft has written about many of the new features in Entourage 2008.?? The two part blog item can be found here:?? Part 1 and Part 2.?? An excellent read.

Microsoft makes $44.6 billion dollar merger bid with Yahoo

shawn@shawnbass.com — 2/1/2008 8:30:23 AM

According to Microsoft's Press Pass website, Microsoft has extended another offer to Yahoo for a corporate merger.?? From the sums of money involved, it would seem that Google is a bigger threat to Microsoft than VMWare is.?? The question is, would this truly position Microsoft in better territory to fight Google??? I'm not so certain of that, but they would definitely get a higher chunk of the advertising revenue that's out there.

Al Solorzano's review of Citrix XenServer 4.01

shawn@shawnbass.com — 1/20/2008 1:36:11 PM

Al has a very nice overview of Citrix XenServer 4.01 and areas that it compares/differs to VMWare ESX.?? It's a great read.

Rocking Citrix Xen and Microsoft Hyper-V for $800US

shawn@shawnbass.com — 1/19/2008 8:19:37 PM

A few weeks ago I set out to get a test rig running for lab VMs running under Citrix Xen and Server 2008's Hyper-V.?? However, my lab (READ: basement) already has 4 rack servers, a Citrix Access Gateway, several routers, a 1.5TB NAS, and a 3000kva UPS.?? I was a bit concerned that bringing another rack server that sounds like a jet turbine into the basement might be a bit too much for the boss (READ: wife)

Since I wanted this rig to be used only for lab VM (my prod VMs run on the redundant rack servers), I decided that a simple white box system with a good proc and sufficient RAM should do the trick perfectly.?? The biggest concern that I had was I knew that both Citrix Xen and Server 2008 Hyper-V require that you use 64-bit CPUs (not a big deal today) and a BIOS that supports setting Intel-VT or AMD Pacifica to enabled (this is the setting that will often leave you with a whitebox system that won't run Windows virtualization).

So I decided to roll my own whitebox solution that would allow me to experiment with Citrix Xen and 2008 Server Hyper-V for a low cost.?? I also wanted to get a system that was small and quiet.?? I'm a huge fan of Shuttle XPC systems and I have several of them in my home operating as HTPC systems (yet another "hobby" of mine).?? Shuttle systems are very well constructed, they are sleek, small and very quiet.?? It seemed like the perfect system to host my new lab VM beastie.?? Aside from wanting the system to be small, I also had a few other requirements:

Quad-core proc (while CPU isn't the biggest limitation on a virtualization platform, it certainly doesn't hurt to have extra.?? Only the newest models of the Shuttle systems support quad-code procs, so my choices were a little limited.
4 GB of RAM.?? I know from previous experience that many Shuttle's max out at 2 GB of RAM.?? So again, I needed to ensure that the system I chose supported 4 GB of RAM.?? RAM is the biggest limitation on a VM platform.
SATA/300 with enough disk space for plenty of VMs - SATA/300 is about the fastest IDE disk you can get and you'll need plenty of disk space if you want to run lots of VMs.
64-bit CPU support and Intel-VT or AMD-Pacific BIOS support.?? As I mentioned before, many whitebox systems don't have a setting in the BIOS to enable the hypervisor, without it you won't be able to run Hyper-V and you won't be able to run any Windows VMs under Citrix XenServer.

With these constraints, I settled on the following:

Shuttle SG33G5B Barebones Case and Motherboard - $294.99 from Newegg.com

Intel Core2Quad 6600 2.4Ghz Socket 775 OEM CPU - $260.00 from Newegg.com

Mushkin 4 GB (2GB x 2) DDR2 800Mhz Dual Channel RAM - $122.99 from Newegg.com

Western Digital Caviar 320GB 7200rpm 16MB cache SATA 300 hard drive - $89.99 from Newegg.com

Sony Optiarc Dual Layer DVD Writer SATA - $28.99 from Newegg.com

Total price:?? $796.96 US - I realize there will be shipping, but there were also rebates on some products, so you're still under $800US.

I assembled the system in about 10-15 minutes, but I'm pretty good at assembling Shuttles, so perhaps it might take a person new to Shuttle's 30-60 minutes, but they are very easy to work with.?? It's basically remove the case, case fan and ICE heatsink, install CPU and a little dab of CPU compound (use sparingly).?? Then attach the ICE heatsink and reattach the case fan.?? Then install hard disk, DVD, RAM and slap the case back on.

I've installed both 2008 Server RC1 (with Hyper-V Beta) and XenServer 4.1 Beta on the system, however I found out that the Marvell Yukon GB Ethernic NIC onboard on this system is not supported under Citrix Xen.?? I happened to have a RealTek 3189 10/100 NIC laying around that I popped in which was detected and supported properly for Xen.?? Server 2008 RC1 detected the Marvell GB NIC out of the box without having to load drivers.?? Also, for Citrix Xen to see the onbound SATA controller properly you need to set the BIOS to use Legacy mode instead of AHCI.?? The legacy mode works fine for both Xen and 2008.?? I presume the AHCI mode works for 2008, but I didn't bother testing it since I wanted to use both OSs.?? Also, don't forget to ensure the Intel-VT (Virtualization) support is enabled in the BIOS, as it's required for 2008 Hyper-V and Xen (when running Windows VMs)

My ultimate plan for this system would be to configure it as a dual boot configuration with Xen and 2008 Server, but I'm not entirely sure how easy that would be since Xen insists on blowing away all partitions and the MBR on the disk and 2008 Server must be installed into the primary boot partition.?? However, I'm going to keep after it to see if there's a way to do it.?? Ultimately even if you can't, it's pretty easy to stand up another system exactly like this for $800.?? Granted, it's not nearly as redundant or well performing as a rack mount server from Dell or HP, but then again it's a fraction of the price.?? For simple lab VMs, it fits the need perfectly.

In case someone is wondering, VMWare ESX 3.5 and 3i doesn't appear to work on this rig.?? The first limitation appears to be the NIC (it didn't detect either NICs and I didn't happen to have a supported NIC to try to see if I could get past that, but I presume the SATA storage would be the next issue.?? I know that ESX 3.5/3i supports SATA storage, but I think you need specific controllers.?? I could be wrong on that.?? To be honest, with VMWare you probably want to stick with a system on the HCL as it's pretty picky when it comes to drivers.?? Xen is based on CentOS and has more drivers, and Windows 2008, well you can't get many more drivers than that...

Microsoft publishes guide on how to implement SoftGrid 4.5 Beta

shawn@shawnbass.com — 1/14/2008 10:43:52 AM

From the SoftGrid Team Blog I learned that Microsoft recently published a guide that provides information on how to setup Microsoft Application Virtualization 4.5 (formerly SoftGrid) and how to implement the different modes of Streaming/Virtualization that are available in 4.5.?? The guide can be found here.

My Macbook Pro keyboard WILL live to see another day thanks to a Software Update

shawn@shawnbass.com — 12/20/2007 9:21:14 PM

If you've been following my blog you'd know that I'm a recent Mac ~~convert~~ trial (can't call it a convert when I have 15 other Windows PCs in the house).?? Anyway, when I bought my Mac it came with OSX 10.4 on it, but there was a 10.5 Leopard disc that was shipped in the box as a free upgrade.?? Well, you can't go sticking a free software upgrade in the box and let it sneak by me without immediately installing it.?? So I've been using Leopard since I first got the MacBook Pro.?? Generally I've had a lot of success with it, aside from a minor nuance with the wireless that never seems to work unless I reboot my wireless router (seems to be Mac related though since other Windows systems are able to use the wireless router during this time).?? The inexcusable problem though has been a frequently occuring loss of keyboard functionality that varies from 30 to 60 seconds.?? During this time, the touchpad continues to work but no keyboard keys register (including the function keys).?? For a while I considered that maybe my inept ability with Mac left me in some weird function key toggled mode, or I had a stuck key or something like that.?? Or even that my usage of VMware Fusion was somehow leaving my keyboard in a VM-controlled state or some such nonsense.?? However, a quick Google search tells a different story.?? TONS of Mac users are experiencing the issue since their upgrade to Leopard.?? Anyway, I finally spent a few cycles today investigating this issue and I found out that Apple has released a patch for this two days ago.?? You must have upgraded to 10.5.1 in order to use the patch.?? I've applied it and so far (crossed fingers) I haven't had any keyboard loss.

VMware Infrastructure v3.5 is released

shawn@shawnbass.com — 12/11/2007 4:48:19 PM

VMware has recently released version 3.5 of their Virtual Infrastructure suite.?? This release proves yet again that VMware is king in the virtualization space.?? I'm not going to go into details of all of the new features as it's already been well covered on other sites.?? Here are two great overviews of the new features from VMblog and Virtualization.info.

Aaron Parker's final thoughts on Adobe Acrobat and SoftGrid virtualization

shawn@shawnbass.com — 11/28/2007 5:21:14 PM

Aaron Parker posted a follow up article to his initial work in trying to get Adobe Acrobat 8 as a virtualized package under SoftGrid.?? It seems as though Aaron has decided that it's just not going to be practical to deploy Acrobat via SoftGrid as there are a lot of technical issues that involve separation of the app and it's not practical for real world deployment.?? What's interesting about this is that Aaron was able to get Acrobat 8 working in Altiris SVS.

SoftGrid Operations Guides post on SoftGrid Team Blog

shawn@shawnbass.com — 11/27/2007 3:15:25 PM

Brian Kelly has posted a two part series titled "SoftGrid Operations Guide" on the SoftGrid Team Blog.?? This two part guide covers some topics that would be useful to any SoftGrid admin such as moving a Softgrid datastore, publishing apps in Citrix, how to preload applications, etc.?? Check out Part 1 and Part 2.

shawnbass.com RSS feed is moving! Please update your feed readers...

shawn@shawnbass.com — 11/21/2007 11:46:38 AM

I'm moving my existing RSS feed as I'm changing modules out that supplies my RSS feed.?? To prevent this kind of thing from happening again, I've setup a 301 permanent redirect of http://www.shawnbass.com/rss.aspx which will permanently link to my RSS feed no matter where I decide to relocate it in the future.?? For now, it will move to FeedBurner, but the above link is what you should point your readers to.

I feel dirty...

shawn@shawnbass.com — 11/9/2007 2:34:41 PM

So my Toshiba laptop started acting up this past week while I was teaching a class in Orlando.?? I didn't want to risk the laptop locking up on me while in class, so I went out one evening and picked up a new laptop.?? I'm writing this blog entry from the new laptop.?? Here's a quick photo of it:

Now do you understand why I feel dirty??? I can't even begin to tell you how much crow I'm gonna have to eat when my sister-in-law (longtime Mac bigot) finds out that I bought one.?? It'll be never ending "I told you so"'s

HD Moore begins first steps to make iPhone a powerful hacking platform

shawn@shawnbass.com — 9/26/2007 8:21:41 AM

HD Moore's Metasploit is an invaluable free tool that's used by many to perform penetration testing of their systems.?? Recently, HD blogged about buying an iPhone and beginning the process of porting pieces of the Metasploit platform to the iPhone.?? What does this mean??? It means a portable handheld pentesting platform!?? Perhaps HD should get a copyright on iSploit now

Read the entire blog entry here.?? Good times ahead!

Where's that Microsoft 'insert team name here' team blog?

shawn@shawnbass.com — 9/22/2007 12:08:15 AM

Microsoft has definitely embraced blogging as a means of providing feedback to their partners and customers alike.?? It's often difficult to know whether or not a particular team within Microsoft has an official blog or not.?? Brandon LeBlanc over at The Windows Experience Blog has created a list of the known official Microsoft team blogs.?? Check out the list here.

Skywing on "Never wake a PC without user intervention"

shawn@shawnbass.com — 9/21/2007 10:43:54 PM

Skywing's debugging/reverse engineering blog is one of many RSS feeds that I ~~keep~~ try to keep current on.?? He posted an entry a few days ago titled "Never, ever, EVER wake a computer from suspend without user consent" regarding a situation where the Windows Update service woke his PC from standby at 3:00am on a Patch Tuesday.?? While waking a PC to apply patches isn't a horrible situation, it definitely becomes one when your laptop is zipped up inside a backpack or laptop carrying case.?? I personally have had this happen to me only once, but it wasn't related to Windows Updates.?? It was related to a failed standby that I didn't notice for an hour or two (when I finally pulled it out of the bag, the laptop was ready for egg frying).?? Anyway, the fact is this is a legitimate issue that should be handled by the operating system.?? The most surprising part of the article for me was the comments that some people left.?? It seems that some posters believe that this is all Skywing's fault and if he had disabled Windows Updates, or changed the way he was suspending, etc. then this wouldn't have happened.?? Guys, you're missing the point!?? The point is that the operating system should be intelligent enough to not wake on it's own to apply patches as the laptop could be in an area that it shouldn't be powered on (i.e. airplane taking off).?? Bottom line:?? Windows Update needs to not wake a PC to apply updates without receiving user confirmation, or at a minimum it should force the system back into the same power state that it resumed from after the updates are complete.

Woohoo! Jeffrey Snover (creator of PowerShell) confirms suspicion that PowerShell 2.0 will include remoting!

shawn@shawnbass.com — 9/3/2007 10:52:57 AM

PowerShell 1.0 was released in November 2006 and has already received over a million downloads.?? I recently came across an article published a few days ago where SearchWinIT.com interviewed Jeffrey Snover (creator/architect of PowerShell) where Jeffrey has confirmed that PowerShell 2.0 will have support for remoting.?? One of the primary limitations with PowerShell currently is that many of the existing Cmdlets and Providers are designed for local operation only.?? Those admins that wish to use it for remote operations are forced to either run the code on the actual remote systems, roll your own via WMI/.NET/COM or rely on third party remoting solutions such as the PowerShell Remoting project on CodePlex.?? I can't wait to see what PowerShell 2.0 will bring.?? Exciting times ahead!

Updated version of DialMee plugin for Meedio posted

shawn@shawnbass.com — 9/2/2007 11:51:32 PM

?????? ?????? So, I'm a huge fan of Vonage VoIP service.?? I'm also a huge home theater PC (HTPC) freak.?? So I had an idea that much like peanut butter and chocolate, these two technologies must merge!?? So a while back I created a plugin for Meedio that allows me to dial telephone numbers in my phone book from the comfort of my couch.?? Ok, so it is completely the laziest thing in the world, but someone had to do it, eh??? Anyway, this update to the DialMee plugin was simply to fix a bug that was causing an error beep on exit of Meedio.?? I described in my previous post what Meedio is all about, if you missed that.

As far as the technical details of what this plugin does, it relies on phone book entries that were previously imported into a Meedio library.?? Once you're viewing your contacts on screen you can press buttons on the side of the screen that allow you to dial the person's home, office, mobile, etc.?? The mechanism used for this is some crazy regular expression matching for attempting to take any inputted US telephone number format and convert it to the 10-digit dialing format that Vonage expects.?? Next, I make a web request to Vonage's Third Party Call Control to initialize the telephone call.?? From an end user perspective, it goes like this:

1) Pick up remote control
2) Find contact in phone book.
3) Click button to dial their home/office/mobile, etc. number.
4) Behind the scenes the web request to third party call control happens and your home telephone line (Vonage) rings.
5) Upon answering the cordless phone (you didn't think I'd get off the couch did you?), the Vonage third party call control then dials the destination telephone number and connects the two parties.
6) You talk...on the couch....in your pink fuzzy slippers.?? Ok, maybe not pink, but definitely fuzzy.

Link to DialMee support thread

Updated version of EvilLyrics plugin for Meedio posted

shawn@shawnbass.com — 9/2/2007 5:29:11 PM

Ok so I'm way behind on the home theater blog, but I uploaded a new stable release of my Meedio plugin for EvilLyrics integration a few weeks back.?? The plugin update contains the fixes for the new release build from EvilLyrics as well as a fix that was causing an error beep when the plugin was shutdown.?? What is this plugin??? It's a fulltime plugin for the HTPC frontend called Meedio (which I run on all of my HTPC systems connected to every TV in my house...yes my wife loves me dearly to tolerate this crap).?? The EvilLyics plugin receives messages from the music player and passes the Artist/Song info to the EvilLyrics COM object, which then performs a web request to retrieve lyrics for the currently playing song.?? When the lyrics are retrieved a COM event is fired and I retrieve the lyrics and publish a datafeed within Meedio containing the lyrics.?? The lyrics are then displayed on screen in the HTPC interface.?? Cool eh, no??? Ok, maybe just geeky.?? Anyway, while Meedio is a dead product as it was acquired by Yahoo over a year ago, there are several developers (myself included) that are continuing to develop plugins for Meedio as well as continuing to work on an open-source Meedio replacement product called MeediOS.

Here's a screenshot of what the end result of the EvilLyrics plugin does inside Meedio:

Yeah, it's probably just plain geeky

DefCon 15: Day 1 Wrap-up

shawn@shawnbass.com — 8/9/2007 9:43:17 PM

DefCon 15 Day 1 review

Just returned from DefCon 15 - As usual it was a great conference

shawn@shawnbass.com — 8/6/2007 1:52:49 PM

While I've still not caught up (READ: recovered) from the 3 day conference in Las Vegas, I can definitely say that I'm glad I went.?? I don't have all of my thoughts organized yet on the sessions that I attended, but over the coming days I'll be blogging on a DefCon 15 wrap up where I'll cover my perspective on the sessions that I attended...and those that I walked out of ?? Stay tuned.

A guy walks into a bar and asks "What's the difference between a twitter, a blog entry and an article?"

shawn@shawnbass.com — 7/2/2007 8:41:31 PM

Ok, so...

It's not a joke and it doesn't involve a bar.

But it is a burning question of mine.?? What exactly consitutes a twitter versus a blog entry versus a full-fledged "article".?? There are a variety of websites/blogs/article columns, etc. out there that have differing content.?? When does a simple twitter become a blog entry??? When does a blog entry become an article??? And finally how does one avoid joining in on the throng of bloggers who do nothing more than aggreggate content that's found on thousands of other blogs??? While I find myself re-reporting some of the same content that may be available elsewhere, I should make it known that I only post information on about 1 out of every 20-30 things that I read elsewhere.?? Why is that??? Simply because I feel that there's enough other people already reporting on a particular topic that it's really not valuable to increment people's RSS counters one more time for me to say the same crap.?? Seriously!?? I track (and sometimes even read, no really!) about 100 separate RSS feeds.?? I can't tell you the countless times that I see the same information repeated ad naseum on 10 different blogs.?? Obviously there's much truth in the "content is king" concept.?? At the same time, there's no sense in blogging/writing if there isn't anything worth saying.?? So my question(s) are this:

1) When is a twitter a blog entry?
2) When is a blog entry an article?
3) When is an article a book? (ok, I'm joking here)

Aside from all of that, how does one avoid the desire to repost the blog fodder from everywhere else to feel as though there needs to be something posted within this number of days?

Shawn

Network Monitor 3.1 is released!

shawn@shawnbass.com — 7/2/2007 8:37:23 PM

NetMon 3.1 is released and available on the Microsoft Connect site (the final release on the MS Download site will be posted in a few weeks).?? Here's a rundown of the new features:

Wireless (802.11) capturing and monitor mode on Vista ??? With supported hardware, (Native WIFI), you can now trace wireless management packets. You can scan all channels or a subset of the ones your wireless NIC supports. You can also focus in on one specific channel. We now show the wireless metadata for normal wireless frames. This is really cool for t-shooting wireless problems. See signal strength and transfer speed as you walk around your house!
RAS tracing support on Vista ??? Now you can trace your RAS connections so you can see the traffic inside your VPN tunnel. Previously this was only available with XP.
Right click add to filter ??? Now there's an easier way to discover how to create filters. Right click in the frame details data element or a column field in the frame summary and select add to filter. What could be easier!
Microsoft Update enabled ??? Now you will be prompted when new updates exist. NM3.1 will occasionally check for a new version and notify you when one is available.
New look filter toolbar ??? We've changed the UI related to apply and remove filters. You can now apply a filter without having to UN-apply it first.
New reassembly engine ??? Our reassembly engine has been improved to handle a larger variety of protocol reassembly schemes.
New public parsers ??? These include ip1394, ipcp, ipv6cp, madcap, pppoE, soap, ssdp, winsrpl, as well as improvements in the previously shipped parsers.
Numerous Bug Fixes ??? We've taken your reported problems on the connect site and fixed many of the confirmed bugs.
Faster Parser Loading ??? We've significantly improved the time it takes to load the parsers. Now rebuilding takes a fraction of the time it used to.

For those of you who are huge Ethereal/Wireshark fans, you really should checkout NetMon as it's really shaping up to be a nice product.?? Plus you don't need to buy SMS to use it anymore

Shawn

Google adds route customization to Google Maps

shawn@shawnbass.com — 7/2/2007 8:27:58 PM

So how many times have you plotted directions between two points and thought to yourself, I really wish these directions showed me taking this highway instead of that, etc.?? While planning a trip to head down to Citrix's offices later this month, I noticed that Google had added a new option in Google Maps that allows you to do just this!?? While viewing a resultant map, you can simply drag and drop the designated highways to choose an alternate route path.?? How cool is that?

See the Google Maps help site for more info on this and other features (such as their traffic info that was recently added).

Shawn

Are you preparing for the pandemic?

shawn@shawnbass.com — 7/2/2007 6:01:16 PM

The Spanish Flu (aka 1918 flu) was a worldwide pandemic virus killing between 50 to 100 million people worldwide within 18 months.?? These numbers completely dwarfed that of World War I which was occuring during the same time.?? Arguably, World War I contributed significantly to the spread of the 1918 flu due to the increased mass movement of people worldwide.?? Mortality rates varied greatly between countries, but one thing is known for sure:?? Those countries that limited their maritime travel had significantly less mortality than those that did nothing to control the travel of people.?? For example, Japan had a 0.425% mortality rate from the flu due to restrictions in travel.?? Many other countries had mortality rates in the 5-10% range or more.?? With increased global travel is the world of today equipped to handle such a lockdown on travel?

The 1918 flu is also known as the Spanish Flu, but recently developments suggest that it actually first appeared near Fort Riley, Kansas and then spread worldwide.?? There are many parallels between the 1918 flu (H1N1 family) and the current H5N1 Avian flu.?? While the H5N1 seems to not be as virulent and does not transfer as readily as H1N1, there's the possibility that it may mutate in the near future and repeat the destruction of the 1918 flu.?? While many people have some built-in protection to the H1N1 virus, few people would have any built-in defenses against the H5N1 strain.?? The current estimates for % mortality if H5N1 turns pandemic is approximately 2-7.4 million worldwide.?? While this number is significantly less than the 1918 flu, it doesn't mean that the next pandemic will be the H5N1 virus.?? The next pandemic could be a more virulent strain equaling or even exceeding that of the 1918 flu.

With advances in medicine, isn't this a Chicken Little / Boy Who Cried Wolf scenario?
When I hear the term pandemic virus planning, the first thing that pops into my head is the movie scene from "Ice Age" where the young Moeritherium (baby elephant creatures) are playing in the mud (oil??) pits and are repremanded by their parents.?? They then say "We were only playing extinction".?? Many view pandemic planning as FUD exercises, but unfortunately we've already seen such pandemics happen.?? Also, despite advances in modern medicine we still don't have adequate protection against extremely virulent strains (like the 1918 flu).?? While many people get their annual flu shots, they are created for the flu strains that are circulating that season and may/may not be effective against a flu that mutates.?? In addition, current flu shots are derived from chicken eggs which would be in a reduced production during any bird flu spread.?? Technically flu vaccines are being produced today without the aid of chicken eggs, but to my knowledge a majority of them are still produced via eggs because of production costs/difficulties in the artificial methods (Note to self: more research needed here).

We already have a Disaster Recovery / Business Continuity plan.?? Why is this any different?
Assuming that the Avian flu (H5N1) is capable of becoming such a killer virus, how long do you have to prepare a plan of action to continue your corporate operations??? The answer is nobody knows.?? The Avian flu could mutate and begin worldwide spread tomorrow, or it may never happen.?? To properly prepare an adequate pandemic plan, the average enterprise would need between 6 and 18 months.?? If you haven't started planning already, get to it.?? Why pandemic planning is different from a DR plan is because of the scope.?? In a DR exercise, you're usually planning for a particular site failure.?? In case of failure, you have IT processes and people processes in place to arrange for the technology to operate out of an alternate data center, and in many cases for your people to converge at an alternate place of work.?? In the case of a pandemic scenario, having many people report to an alternate location would not be conducive to minimizing the spread of the virus.?? In addition, there's guaranteed to be a large amount of fear and uncertainty on behalf of your employees to show up to this alternate facility when there's a killer virus on the loose.?? Some organizations have adopted a work from home strategy for their DR/BC plans which fits in nicely for a pandemic scenario as it allows the employees to be close to their family/homes and at the same time be able to perform most of the duties of their jobs.

Employee Absenteeism and Maslow's Hierarchy of Human Needs
During a pandemic scenario, there is going to be massive confusion and uncertainty for a company's employees.?? Many employees will be fearful of going to work the next day.?? Many people will be more concerned about their families more than their jobs.?? Employee absenteeism is something that companies will have to expect in the days/weeks following a pandemic outbreak.?? Depending on the severity of the outbreak, many people many not even have the sanity to call in their absense.?? Abraham Maslow proposed a psychological theory in 1943 called the Hierarchy of (Human) Needs.?? In Maslow's pyramid of needs, he states that human beings will attempt to obtain basic physiological needs first and then will seek successively higher needs as the lower needs are met.?? At the lowest level of needs are basic physiological traits such as the ability to breathe, eat, drink, sleep, etc.?? It's your basic survival necessities.?? Only after satiating these basic survival needs, would a person become concerned about the safety of their family, home, work, etc.?? While I generally agree with Maslow's pyramid, I personally think that most people would separate their need for security of their jobs from the need for security of their homes and families.?? I believe that only after security the safety of your family and home would someone start worrying about their job security, etc.?? However, once that does enter into a person's mind, they will seek a minimum common ground with their employer so as to not risk the safety of their loved ones.?? Because of this, you have to assume that a number of employees would be absent from work.?? The absentee ratios would have everything to do with the media reports of the spread and mortality / effectiveness of the virus.?? Since no one knows how deadly a virus will be, you have to make rough assumptions at how many people of a particular job function will be unwilling to come into work.?? The only mistake commonly made in calculating this is assuming a linear percentage of workers based on their role.?? What I mean here is that some people may be less willing to come into work if their job role involves a greater amount of personal interaction with others (specifically I'm referring to people in retail, and especially people in healthcare since they are even more likely to be exposed to the virus).?? Rather that make assumptions about what percentage of people will be absent for a given role/job, what's probably more effective is to assume everyone could be absent and identify whether or not their jobs could be performed remotely.?? You're much more likely to receive cooperation from an employee who is told that they can operate from a remote site / home and perform their duties.?? This secures your ability to get the work done, and still provides the employee with a sense of control over Maslow's 2nd tier of the pyramid of needs.

This is the first post in a series of blog entries that I'll be commenting on pandemic planning.?? This is stemming from some pandemic planning exercises that I'm providing input on for a client of mine.?? I hope you've enjoyed my thoughts on this, and if this topic interests you, you might enjoy some of these links for further reading:

Phases of Flu Pandemic
Human Mortality of H5N1
Global Spread of H5N1
Social Effects of H5N1
Bird Flu in India
Pandemic
Maslow's Hierarchy of Needs
Hugh Tonks: Maslow and Organizational Needs

Shawn

Google Maps adds Street View functionality

shawn@shawnbass.com — 5/31/2007 9:41:25 AM

Via Scott Hanselman's blog I learned that Google has recently added Street View support to Google Maps (basically it's stitched together photos at street level view of major cities).?? While this type of technology is going to take a while to provide this kind of detail for many of the major cities, I think it's a really cool concept.?? Of course, the REAL value of something like this would be to have it available in a mobile form with good network bandwidth and a GPS unit.?? You'd never get lost

Here's a URL to part of Times Square in NYC to get the hang of it.?? I really love how you can use the arrow keys to basically walk around the city.?? Again, really fascinating stuff.

Shawn

Google Adsense vulnerable to CSRF (Stealing your Adsense account)

shawn@shawnbass.com — 4/5/2007 2:24:59 PM

I came across this blog post on Jungsonn Studio's blog the other day where they demonstrate how Google Adsense is vulnerable to a type of cross-site scripting attack that when the suspect javascript code is executed and you visit your Adsense account in another browser tab, they are able to switch your Adsense account over to them.?? Pretty interesting find, and it really makes you think about all the times that you authenticate into a variety of different sites within different browser tabs all the while having done lots of surfing of other pages (of which you don't know that you can trust).?? It's definitely something that all of the bloggers out there that use Google Adsense should be thinking about when they pop into their account from a browser tab

Shawn

Windows 2003 Server SP2 is a critical update and will begin to be forced on June 12, 2007 via Automatic Updates (there is an opt-out though)

shawn@shawnbass.com — 4/4/2007 4:04:00 PM

If you haven't had a chance to test 2003 SP2 AND you're configured to automatic updates, you may be interested in knowing that Microsoft has a fix that will allow your servers to bypass the forced install of 2003 SP2 that will begin on June 12th, 2007.?? If you're interested in using this opt-out, visit Microsoft's download site here for the download and instructions.

Shawn

The exact reason why you should not allow PST files on the network

shawn@shawnbass.com — 4/4/2007 3:29:56 PM

I've always known that you're not supposed to use PST files across the network (LAN or WAN), but up until recently I did not have the specific proof as to the magnitude of problems it can cause (outside of corruption in the PST).?? I was recently looking for this information to pass to a client of mine, and I came across a great blog article from the Server Performance Team at Microsoft.?? Turns out there's all sorts of issues from I/O deadlocking to paged pool depletion, etc.?? Head over their blog and view the article.

Shawn

Microsoft releases out of band patch (MS07-017) for Animated Cursor vulnerability

shawn@shawnbass.com — 4/3/2007 3:37:17 PM

MS07-017 is a re-release of an earlier patch against a vulnerability in Animated Cursors.?? Apparently when the code was created for the first fix, the rest of the code wasn't audited and another vulnerability was recently found.?? The patch can be found on Microsoft's website over here

This vulnerability affects all versions of Windows from 2000 through Vista, so you'll definitely want to patch this one.?? Also, there's at least 4-5 public exploits available for this one.?? You can be certain that it's being exploited in the wild.

Shawn

The Metasploit Project has officially released version 3.0 of the Framwork

shawn@shawnbass.com — 3/27/2007 11:50:37 AM

The Metasploit Project has just officially released version 3.0 of the framework on their website.?? 3.0 is a complete rewrite of the framwork and is written in Ruby.?? It currently contains 177 exploits, 104 payloads, 17 encoders, and 3 nop modules.?? It is a fantastic tool for penetration testing, and best of all -- it's completely free.

Read their blog entry on the new of the 3.0 release here

And get yourself a copy of Metasploit 3.0 over here

Enjoy!

Shawn

IIS 7.0:Explore The Web Server For Windows Vista And Beyond

shawn@shawnbass.com — 3/20/2007 9:04:41 AM

MSDN has a great review up on IIS 7.0.

Some of the highlights of the new IIS 7.0:

Lean server core component (similar to server core in Longhorn).?? Additional components can be enabled on an as-needed basis.?? This of course helps to reduce the attack surface of the server.
No more metabase (finally!).?? All settings for IIS are now in an XML-based config file (much like the asp.net .config files)
IIS Manager has been completely redone.?? I personally think this is a huge improvement over the old admin tool.
Improved diagnostics and tracing facilities for quickly locating problems in your web server or application pools.
Improved performance through caching (ASP sites are dynamic which unfortunately leads to performance issues if the content has to be generated dynamically all the time.?? IIS 7.0 has features that allow for output caching to reduce the amount of database calls, etc.
Lots of other things...follow the link above for more info.

Thanks to blog.baeke.info for the link.

Shawn