I'm 4 weeks into my Grand Apple Experiment, and I've had to officially visit the Genius Bar.  Yuck.  One of my early concerns with getting into this with Apple is that they provide no onsite support for business customers.  If issues like this keep continuing, Apple won't get any of my company's future business, despite their good hardware.

My company makes money directly by billing hours to my clients.  If I'm not working, I'm not making money, simple as that.  When my MacBook Pro started making a horrifying grinding noise, I was worried.  Not a little worried, as this wasn't a "little" noise, but a lot worried.  I was able to reproduce the noise on multiple occasions, so off to the Genius Bar I go. 

Bad fans, it turns out, and I believe it's either a bad bearing or some missing piece that is causing the fan to get out of alignment.  This is not a sound I want my 4 week-old computer making, and it's very likely that a bad fan will cause early failure of other hardware.

The nearest Genius Bar is a 25 minute drive from anywhere.  That plus the wait plus the diagnosis plus the drive back easily puts me at 2 hours of lost work.  The new fans came in within a week, so off to Apple I go again, (25x2 + 2 hour bench time) for another 3 hours of lost work.  That's 5 hours.  Gone.  Not good.

The Genius Bar did a fine job and my computer no longer makes unexplainable noises.  That said, Apple really needs to provide on-site service to business clients for me to consider more hardware from them in the future.

I've been on a vacation from making posts recently, mainly because I've been so busy at work and home.  Certainly not because I don't love my readership... all 3 of you.

Anyway, I thought I'd take a peek at my Google Analytics statistics and found that - despite my absence - my readership is growing healthily, getting bigger by the day.  How wierd is that?

Well, there might be an answer to this: Grisoft's AVG v8.0 virus protection.  It turns out that the latest version (optionally) installs a browser plug-in, called "LinkScanner", that will ping all search result websites to determine if the site is malicious.  Although it's an interesting idea, many statistics are gathered from web logs, and these logs are getting artificially inflated due to this extra ping.

I'm not sold that Google or Microsoft analytics are getting artificially inflated, but it certainly could be something to watch, as web masters get more riled about their unnecessarily inflated bandwidth.

More reading:

• The Register: AVG disguises fake traffic as IE6
• Grisoft: LinkScanner FAQ

There's much rumbling going on in the internets this morning due to the story about the MacBook Air being the computer to be compromised (hacked) during the PWN2OWN contest being held at the CanSecWest conference this week. 

The rules were fairly simple; the first to hack a machine would win the hacked computer and $20,000 if done via a network, $10,000 if done via the internet (via a browser), or $5,000 if accomplished via an installed program.  The interesting sub-topic of this is that Vista's IE7 was not the first of the three machines being bombarded.  The third computer is running Ubuntu.

I expect Vista's IE7 to fall soon, but the fact that Safari was the first, and possibly the easiest gateway to gain access has caused much gnashing of teeth and redirection of the facts of the case.  In my reading, Apple lost this round; plain and simple.  Have no fear, Vista will get it's share sooner or later.

What's interesting is the reaction from the pro-Apple crowd.  The fanboys are not used to this kind of disappointment:

"...but has anyone even bothered to try the other two computers... [or] are the two other computers Dells and nobody wants them?"

"Big deal."

"...if the same interest and effort are put to exploit Vista... that would have already happened."

"Let's face it: if the prize is the laptop you hack then everyone would be trying to hack the Mac: who the [expletive] wants the shame of walking away with a Dell under their arm?"

Everyone needs to calm down and recognize what happened today:  Holding all other things equal, modern operating systems are pretty secure (borne out by the fact that nobody took home the $20,000 prize) and on any day you can be hacked if you're not careful, regardless of your computer and operating system.  In short, be careful on the internet.  There are people who pay money to gain ownership of computers, and yours can be owned unless you take care, patch often, and keep anti-virus programs up to date.

More reading:

• http://arstechnica.com/journals/apple.ars/2008/03/28/macbook-air-compromised-in-2-minutes-for-10000
• http://apple.slashdot.org/article.pl?sid=08/03/28/0126221
• http://security.itworld.com/5013/mac-hacked-first-in-contest-080327/page_1.html

Nightly care and feeding of your Visual SourceSafe database is a must.  If you are working with a project or multiple projects of any size, this is an important task.  The challenge is that Microsoft makes it a little difficult to find the right tools to help you keep your database tuned.

The process I created and describe below has worked for me for years.  It is a bit of overkill, but has produced a stable database night after night, and has continued to work through 3 VSS version updates.

The process is a 3 step batch file:

1. Run a base Analyze to identify any bad data, backup
2. Rerun using -F switch (fix), backup
3. Rerun using -C switch (compress), backup

Steps 2 and 3 are a bit redundant as they both use the fix (-f) switch.  You may chose not to use that switch both times.

Batch file code:

   1: cd c:\

   2: cd program files\microsoft visual sourcesafe

   3:  

   4: REM *** Set the base variables for directory names

   5: for /F "tokens=2,3,4 delims=/ " %%i in ('date/t') do set d=%%k%%i%%j

   6: for /F "tokens=1,2,3 delims=:. " %%i in ('time/t') do set t=%%i%%j%%k

   7: set B=e:\Backups\VSS\Analyze

   8: set C=%B%\Current

   9: set S=%B%/%d%-%t%

  10: set A=C:/public/VSS/data

  11:  

  12: ANALYZE -V4 -I- -B"%C%" "%A%"

  13: for /F "tokens=2,3,4 delims=/ " %%i in ('date/t') do set d=%%k%%i%%j

  14: for /F "tokens=1,2,3 delims=:. " %%i in ('time/t') do set t=%%i%%j%%k

  15: REN %C% %d%-%t%A

  16: MKDIR %C%

  17: ANALYZE -F -I- -V4 -B"%C%" "%A%"

  18: for /F "tokens=2,3,4 delims=/ " %%i in ('date/t') do set d=%%k%%i%%j

  19: for /F "tokens=1,2,3 delims=:. " %%i in ('time/t') do set t=%%i%%j%%k

  20: REN %C% %d%-%t%B

  21: MKDIR %C%

  22: ANALYZE -F -I- -C -V4 -B"%C%" "%A%"

  23: for /F "tokens=2,3,4 delims=/ " %%i in ('date/t') do set d=%%k%%i%%j

  24: for /F "tokens=1,2,3 delims=:. " %%i in ('time/t') do set t=%%i%%j%%k

  25: REN %C% %d%-%t%C

  26: MKDIR %C%

  27:  

The batch file has some DOS trickery to tease out the current date and time.  This allows me to rename (REN) the "\vss\Analyze\Current" directory to the time the step completed.

The result is a the following file structure in my e:\ drive:
e:\Backups\vss\Analyze\[yyyy][mm][dd]-[hh][mm][am/pm][a/b/c]
e.g.
e:\Backups\vss\Analyze\20080319-0144AMC

This structure allows me to run the backup a weekend evening and if the database goes haywire, I can get any one of the last "good" databases for recovery, even if one of the last good backups was in the middle of this batch script.  It also allows me to delete "old" backups as I see fit.  Of other note, a log file (analyze.log) is placed in the root of each backup directory, in case you want to see exactly what went down during the process.

For the record, my VSS database contains over 55k files, occupies 1.35GB on the hard drive, and this process takes ~2.5 hours to run.  If you run this during the work week (or your dev team has no life), you need to log in to the VSS database and lock it using the Administration tool, then log out.  The FIX (-F) switch will not work if any users are actively logged in to the database.  Sadly, there is no command line to lock the database.

I installed Vista SP1 last night and the install was unremarkable, which is a good thing.  I did not have any issues with any of my development tasks today, and the OS seemed to simply get out of my way.  That's exactly what it should do.  Now that I know SP1 is baked in without issue my next task will be to perform an annual spring cleaning and rebuild this machine.  However...

As has been discussed ad nauseam, many bits of functionality were discussed long ago when Microsoft was hatching Vista.  Some came to fruition, some were abandoned early, and some just disappeared into the ether.  One item that seemed to live into the release of Vista was the idea of "offline updating" or slipstreaming Service Packs into existing disk images (a.k.a. ISOs).  The idea is that when a service pack comes along, you simply unpack it, and copy all of the files into the UPDATE folder in the ISO.  Boom.  Done.  Err... not so fast.  Seems that Microsoft had "ran into some unexpected issues with the servicing stack" for SP1 so no soup for you, system admins; well, unless you consider getting a new ISO from Microsoft a solution.

___________________________________________________________________

I'll admit that the following may not be an SP1 related note, but I only noticed it post install.

At some point along the line, Microsoft changed their warning windows to a layout that looks suspiciously like another application that strikes fear in my heart.  I can't be the only person to notice this?

I've worked with and around networks at many levels for years.  What I haven't done, however, is work as a network administrator.  I've found that most good net admins both look and behave like Jeff Albertson (a.k.a. The Comic-Book Guy).  They just seem to have that special something.

Regardless, you may still find yourself with the need to perform some basic administration on an Active Directory.  For example, you may need to share a network drive at the logon.  Well, here's how you do just that:

Note: I'm not a net admin.  I only play one when absolutely necessary.  The method below is based on what worked for my environment.  Your mileage may vary.

How to share a user drive at logon

Create the folder & set properties

1. Create the user folder on a server named the same as the user to share it with a dollar sign ($) at the end, e.g. MattB$
2. Right-click, Sharing and Security...
3. Change to Share this folder, then click Permissions
4. Delete the "Everyone" account, and add the user who will own this directory
5. Change their rights to allow Full Control for this user
6. Click OK to get to properties, then click on General tab
7. OK

Create the logon script

1. Start notepad.exe and add the following line:
   net use u: \\servername\%username%$
2. Change "servername" to the name of your server, and change the "u" to whatever drive label you want to use; X: or Y: or Z:, etc
3. Save the file as logon.bat to your desktop
4. Right-click the file and choose "copy"

Edit your group policy

1. Get to the group policy you wish to edit by opening AD Users & Computers, right click the domain, click properties, Group Policy tab, select the GP and click Edit
2. Navigate to User Configuration/Windows Settings/Scripts
3. Double-click Logon, click "Show Files..." then right click and paste the logon.bat file there
4. OK all the way out, and close AD editors

Either wait for your AD to replicate these rules out or go to a command prompt on your AD server and type
gpupdate /force

At logon your user will be auto-shared this device

Other reading:

• http://www.rlmueller.net/LogonScriptFAQ.htm
• http://isweb2.memphis.edu/umad/documents/LogonScript.htm
• http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_22496941.html

Sorry for anyone paying attention, but I had a bit of a DNS issue.  My server was maintaining its own DNS records and the host changed the way they forwarded records.  My site went *poof* and disappeared.

With a wave of my hand, I bring back mattbirmingham.com

At my shop, we've employed Active Directory (AD) to negotiate access to all of the services available on the network.  Although it can be a headache to set up, it really does make security nice and tidy in the long run.  For example, if you want, you can use your AD to replicate security out to your wireless network adapters via RADIUS.

This weekend, I moved everyone from a POP-based mail server to an Exchange 2007 hosted service.  The move was based on pain we were having with timely delivery of mail, as well as not having a SPAM block on the front-end of the server.  I.e. when I would get email via my phone, it would download 200 pieces of SPAM along with my 15 important emails.  Not a good solution.

Since I made the decision to migrate the company, I chose to be the guinea pig for the migration.  I already had Outlook 2007 running, so I closed Outlook, changed my email account (via the control panel) and walked through the Exchange Autodiscover process without issue.  Once complete, I merged my old PST files and within 30 minutes was up and running.  It was all impossibly simple.

That is, until I started the process in earnest with the other employees.  On the first install, I deleted the existing account, told Outlook I wanted to use Exchange and proceeded through the Autodiscover process.  This time, however, there were various challenge-response boxes (that I didn't recall happening to me) and upon completion, Outlook complained with the following error:

Unable to open your default email folders.  You must connect to your Microsoft Exchange server computer with the current profile before you can synchronize your folders with your offline folder file.

After going through the process a few more times, I realized that the clue I missed was the above-mentioned challenge-response boxes.  When I paid attention, I found that both the local AD and the remote server were looking for authentication tickets.  While I don't know what exactly was happening under the covers, my best guess is that the local network was attempting to pass along networking rights and was failing miserably, as would be expected.

So, if you're having this issue, the resolution is very simple.  When you create a new Exchange email account, do not allow Autodiscover to run by checking the box at the bottom of the first screen that says, "Manually configure server settings or additional server types."

At this point, you'll need the FQDN for the Exchange server and the principal name.  The FQDN you'll use in the first screen you get to after supplying your username, email address and password (as seen at the right).  To set the principal name, click on the "More Settings" button on that next screen, then click on the "Connection" tab, then the "Exchange Proxy Settings..." button.  You will find yourself at a window that will look like the following:

It might be easiest to get one machine to Autodiscover correctly then just copy these settings rather than attempt to wade through your provider's help, but if you have the information handy, it just takes a few seconds and you'll be up and running.

You may also want to experiment with the "On fast networks..." setting.  In my network, it does feel much snappier, and was a suggestion by my host to improve Outlook startup and polling times.