Blog - ManageOps | Woodinville Managed IT Services

Blog Authoring tool Verdict

April 13, 2010/0 Comments/in /by

This is my second test of a Blog Authoring tool or as this one is called a “Blog Entry Poster” for the Linux Gnome Desktop Environment. This post is uploaded to our WordPress blog site using Gnome Blog Entry Poster on a Sabayon Linux machine.

I have only tried two Blog Authoring tools, and so far I like them both. Windows Live Writer is a fine product with a nice array of features and Gnome Blog Entry Writer is a simple app that lives in the Panel on my Sabayon Linux desktop. It’s spartan (or better yet it “has a simple elegance!”), but it does at least have a spell checker, the single most important feature I would say! Both of these applications make it easy to send off a blog post from my desktop and are a breeze to use!

Windows Live Writer First Impressions

April 13, 2010/0 Comments/in /by

Windows Live Writer worked so well it brought a tear to my eye! (phrase farmed from www.centernetworks.com/wordpress-desktop-blogging).

How’s this thing work? or….. What can i do for a half hour while i wait for the next mini project to start!

April 13, 2010/0 Comments/in /by

Today I am looking for ways to use technology to improve my life! Actually now that I think of it I do that most every day! I find that if I provide myself the right working environment, so that I enjoy working on something, then the whole process is improved, AND I have more fun doing it!

It might sound like i am trying to justify going out and buying an iPad, but actually I am happy to simply download a free app and save my money! Besides I have a lovely tablet that I have been using for five years. In fact it has been the only thing that made my MAC friends envious!

Several years ago after several family events where the topic seemed always switch to “look how cool my new MAC is”, I pulled out my Motion Tablet and started writing on the screen and as they looked on my handwriting turned to text and the same thing happened when I started speaking to it. They were like “Dang you can do that with WinDOZE and i was like “Nah, this is x64-Vista baby!”.

So today I went searching for Blog Authoring Tools and here is my first test. I am writing this blog entry today using Windows Live Writer, and so far, I am reasonably impressed and the fun level is pretty good.

My next endeavor if I have time before my XENServer 5.0 to 5.5 Upgrade this evening is to try a a Blog Authoring tool on one of my Linux Desktops. (Testing one two three……..)

I Can’t Wait for XenClient!

April 9, 2010/1 Comment/in /by

First, a mea culpa: Yesterday I was in a customer meeting, and brought up the subject of the soon-to-be-released XenClient. I told the customer that if they wanted to see some really cool “Citrix TV” videos of what it could do, they should just come to this blog site, because I’d linked to them here. When I got back to the office, I started feeling insecure about that, and found that, sure enough, I hadn’t linked them here…I had linked to them on our Facebook fan page. Oops. But I decided that I probably should link them here because they’ll be easier to find. Hence this post.

I think I’m looking forward to the XenClient content at next month’s Citrix Summit/Synergy events in San Francisco more than I am to any other aspect of the conferences. In my opinion, this could prove to be the “killer app” that drives a lot of VDI. Why? Because of the constant struggle over locking down the desktop OS.

If you talk to anyone who has to manage desktop PCs, you will nearly always find that this is one of their biggest pain points. They want to lock down the desktop…but when they do, they end up with an upper-level manager in their faces because s/he can’t install iTunes. Or they find out that there’s one critical line-of-business application that’s so poorly written that users have to have local admin rights for it to work properly. So they back down and grant some level of local admin rights, and what happens? The users break the desktops (or worse, they let malware into the network). Then the poor admin has to fix them.

But just ask them, “What if you could have two desktops running side by side: one business desktop that’s completely locked down, and a personal desktop that the users can do whatever they want with? They can hotkey back and forth between them, and if they break their personal desktop, you can just wipe it and push out a fresh one.” Then watch their eyes light up as they consider the possibilities!

So…consider the possibilities as you watch the videos below. (They’re all fairly short, and worth your time, I promise.) First, a brief overview of the concept:

Client-side virtualization involves challenges that really aren’t an issue for server virtualization, like how to arbitrate access to high-performance graphics adapters. Here’s a demonstration of the “HDX” high-definition video performance of XenClient:

This video demonstrates the concept of hotkeying between business and personal desktops:

Finally, check out this demonstration of “Secure Application Sharing.” It shows how you can not only present, on the personal desktop, an application that’s actually running on the business desktop, but also have it protected such that even if the personal desktop has been compromised with a keylogger, that keylogger is unable to capture information that’s typed into the window that’s displaying the secure application. Pretty cool.

I’m sure we’ll have a lot more to say about XenClient after Synergy, but hopefully this will whet your appetite!

Yet Another Article About Apples New iPad…Kinda

April 8, 2010/3 Comments/in /by

Before I get too far into this post there are two things that I must disclose.

I’m a PC
I have not been one of the lucky bloggers out there that has received a free iPad to review, so I have never actually played around with one.

As of right now I have no intention of buying an iPad. That’s not to say I will never own one or that I am not interested in trying it out, but the fact of the matter is that despite all the great toys that Apple makes, they still don’t like to share with the other kids. I simply don’t like the idea of being in technology lockdown. Apple holds strong to its closed proprietary control over all things Apple. This has been slightly improved with third party apps, but again your app’s fate is still left to Apple to decide. The more popular Apple devices become, the more and more I hear “I would love to not use Apple but the iPod/(iPhone) is the best portable media device/(phone) available.” So, in exchange for locking you in, Apple has been able to connect with consumers on a whole new level and create some of the best user experiences. But that doesn’t mean I like being locked in.

Will the iPad be a technology hit and another win for Mr. Jobs? I don’t know. Weak prediction, I know. Yet I do think that this is a big step forward as far as how we, the consumers, want to access technology. One need only to look at the growing number of internet capable devices. Facebook’s popularity has surpassed Google and porn. Conversations are starting with “Do you follow <insert screen name here>?” Clearly we want to be “connected” and smart phones and netbooks have given us this ability. We have opened Pandora ’s Box wirelessly and there is no going back.

If you have yet to use an iPhone or iTouch you don’t know what you’re missing. Multi-touch interaction is awesome. Now some of you out there are saying, “My smart phone with Windows mobile has a touch screen, so what?” To which I say, “Would you rather drive a Ferrari or a Kia on the autobahn?” (side note: this is not to say that Kia does not make a fine automobile, it’s just…it’s a frakin’ Ferrari people!). The secret sauce is the user experience. It’s simple, it’s clear, it’s easy, some might even argue that it is dumbed down a bit, but most of all it’s fun to use. Video sharing on YouTube, Facebook status changes, Twitter updates, ESPN RSS feeds, or just surfing Craigslist are just some of the ways end users are trying to add fun to their boring workday. Fun sells!

Then there is the growing remote workforce. It is becoming less and less necessary for employers to provide a physical workstation to its employees. Companies like Citrix are starting to move to a BYOC (Bring Your Own Computer) program and simply provide a remote desktop to its users (read more of the blog or contact us to learn how this is done). More and more, the hardware we use for work is becoming the device we use for personal stuff. The line is getting blurred and devices that are coming out today need to be able to bring our work and personal lives together on a single device.

I am all for trying to keep the two separate and maintain a healthy balance between them, yet this is the exact reason they should be on the same device. Access your files from the gym or local coffee shop. Update your Twitter feed or look at family pictures on a cross country business trip. As the business world becomes smaller it is becoming difficult for us to disconnect from our jobs even while driving (and please use a hands free device if you do indeed do business from your car – and for your children’s sake, lay off the email and text messaging…a big traffic ticket is the least you’re risking).

Unfortunately, as consumers are becoming connected and getting used to doing business from anywhere, it forces businesses, and therefore their employees, to be on call. The demand for quick response has grown as more and more information is available to anyone, anytime, and at their finger tips. There is no longer a gatekeeper to information. If you are trying to grow your business and be a leader while still maintaining a nine to five model, you are fighting a losing battle. We already see how individuals have started to embrace the always-on mentality. They have found the freedom to work when and where they want while accomplishing their own personal goals. (This of course is not an overnight switch and there will always be jobs that will never be able to offer this offsite option.)

So the biggest news to me is not the iPad release but rather the shift in what consumers want/expect from technology and the fact that we are getting closer to that. Always connected, easy to use, and can help me work and play from anywhere. The iPad’s fate is one that time will tell but I don’t really see its business application so I’ll pass for now. (And, yes, I know that you can run the Citrix Receiver on your iPad and connect to a XenDesktop or XenApp farm. But you can also do that from a netbook that can also do stuff that today’s iPad can’t do.)

XenApp 6 Worker Groups

April 5, 2010/0 Comments/in /by

In case you missed the announcement, about a month ago, Citrix announced the release of XenApp 6. This is the version of XenApp that will run on Windows Server 2008 R2 – but there are also a lot of features in XenApp 6 that will make your life a lot simpler if you have to manage a XenApp farm. One of those is the concept of “worker groups.”

Over the years, Citrix has added the ability to control more and more XenApp features through policy settings – either through Active Directory Group Policies or through Citrix policies. But some things were still fairly tedious to manage.

For example, when you published an application on your XenApp farm, the information of which servers that application was published on was part of the application properties. If you had a set of applications published on a set of servers, and you wanted to add (or remove) a server from that set, you had to edit the properties of each application in the application set.

With XenApp 6 on Server 2008 R2, you can now create a new AD container called a “worker group.” Settings like computer policies, load balancing policies, and even which applications are published can be set on the worker group, and will be automatically inherited by any server that is added to that group. This literally makes it possible to fully configure a new XenApp server and add it to the farm without even opening the XenApp management console! (And, of course, if you’re using application streaming to deliver the applications to the designated XenApp servers, you don’t have to install those applications – simply assign them to the worker group, and they will be streamed to any server that is part of, or added to, that worker group.)

For a better understanding of how this works, take a look at this “Citrix TV” video by Leo Singleton:

Citrix Buys Microsoft

April 1, 2010/0 Comments/in /by

In a move that stunned the virtualization industry today, Citrix struck a deal to acquire Microsoft Corporation for a price tag rumored to be close to $300 Billion. When questioned about the deal, Citrix CEO Mark Templeton reportedly said, “It seems like every six months or so another rumor surfaces about Microsoft buying Citrix. I just got sick of dealing with that, and decided to end it once and for all by buying them.“

Templeton is expected to take over as President and CEO of the combined corporation, while Microsoft’s Steve Ballmer is expected to head up a newly formed multi-level marketing division. An anonymous source within Microsoft commented, “Have you ever seen Ballmer on stage? Heck, he makes those Amway cheerleaders sound like Linus Torvalds on qualudes!” The two companies’ partner programs are expected to transition to a multi-level model. For example, Citrix Silver Partners will now purchase products from Gold Partners, who will in turn purchase products from Platinum Partners. A similar transition will take place within the existing Microsoft channel with their Registered, Certified, and Gold Certified partners.

Rumors continue to swirl over how Citrix, with a total market capitalization of less than $8 billion, could finance a takeover of a company more than 30 times larger than itself. One industry analyst, speaking strictly off the record, said “Hey, they are in South Florida after all. I’m just sayin’.”

Another possible driver for the deal is the lingering bitterness over the 1997 transition from WinFrame, which was a fully functional Windows server with remote access functionality built in, to the dual products of NT Server, Terminal Server Edition, sold by Microsoft, and MetaFrame, sold by Citrix – a situation that persists to this day with XenApp v6 being sold as an enhancement to Windows Server 2008 R2. “It’s about time,” Templeton reportedly said, “that the two products became one again.”

One thing is certain – this year’s Citrix Synergy conference will be the most interesting in years!

More Windows 7 Tricks You Might Not Know

April 1, 2010/0 Comments/in /by

Every now and then an internal email thread pops up here at the Moose that’s a variant on, “Hey, check this out…” Recently there have been a couple of these threads that were related to Windows 7 tips and tricks. You may know about some of these already, or you may have read about them somewhere else, but I thought it might be useful to gather them into a single post.

So here’s my list of interesting tweaks, stuff that might be helpful to a handful of you, or just stuff that I think is cool. (Cool does not always mean useful – but who doesn’t like cool stuff?)

Most of you have probably seen “Peek” (at least if you have a system that’s “Aero” display capable), but it’s still cool – and if you haven’t seen it, maybe this will be what it takes to get you to splurge on that new video card! If you hover above an application icon on the taskbar, a thumbnail of the app will pop up. If you hover over that thumbnail, you’ll get a “peek” at the full-sized app. And hovering over the “show desktop” icon in the lower right corner (oh, you didn’t know that the unlabeled button at the bottom right would show your desktop?) will temporarily display your desktop.
And have you heard of “shake?” If you have 20 windows cluttering up your screen but only want to focus on one, just click the window’s title bar and hold the mouse button down. Now, shake the mouse from side to side. All other windows will disappear, leaving just the one that you selected. (Yes, you could also click “show desktop” and then select the one window you want to focus on, but that’s not as much fun.)
To open a new instance of a program from your task bar (say you want an entirely separate IE window) you can right click the icon on your task bar and select the app from there, or just hold down shift and left-click the icon.
Toggle between application instances: Ctrl + Click a taskbar icon. Let’s say you have five open Word documents. If you hold down the Ctrl key, you can cycle through them by repeatedly left-clicking on the taskbar icon.
Multitask with multiple monitors: Various combinations of Ctrl, Windows logo key, Shift, and Arrow keys. Do you use more than one monitor at a time? Now you can shift an open window to your other monitor in less than a second by pressing Shift + Windows logo key + left or right arrow. Here are some other combinations that might be handy:

Ctrl + Windows logo key + arrow will move the window to whatever half of the screen you want. (Up arrow sends the window to the top half, right to the right half, etc.)

Windows logo key + Up Arrow maximizes the window, Down Arrow “un-maximizes” it again.

Windows 7 “God Mode” (use with caution): Right-click on the desktop, and choose “New Folder.” Then re-name that folder:
“GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}” The icon will change. When you double-click it, you’ll get a window with direct links to just about every configuration option imaginable. Yes, they’re all available elsewhere, but it’s kinda cool to have them all in one place.
Finally, if you’re missing the old Windows “Quick Launch” area (which Sid prefers over pinning icons to the task bar, because it takes up less space):
1. Make sure you’ve got Explorer configured to show hidden files and folders
2. Right-click an empty space on the taskbar, and select Toolbars -> New Toolbar
3. Browse to C:Users%username%AppDataRoamingMicrosoftInternet
  Explorer (Why would this setting be under Internet Explorer? It’s just one of life’s great mysteries.)
4. Highlight the Quick Launch folder and click the Select Folder button.
5. To get rid of the title and text associated with your Quick Launch icons, unlock the task bar, right-click your new Quick Launch toolbar, and uncheck Show Text and Show Title. You can also choose View -> Large Icons if you prefer.
Note that Win7 will put the Quick Launch toolbar on the right end of the taskbar (next to the System Tray) rather than on the left.

Microsoft Word 2007 Freezing Upon Exit

March 29, 2010/4 Comments/in /by

Recently, my Word 2007 program started experiencing some weird behavior. When I had a document open and would go to close Word, I’d be greeted by this:

Also, since I’m running Windows 7, when I tried to Right-click the Word icon that I pinned to my taskbar and open a recently opened document, Word would open, but not the document. I would have to explicitly open the document from within the application.

Initial reports I read pointed to a recently installed patch, but instead of going through my “Programs and Features” uninstalling patches one-by-one, I found an even easier solution on Ed Bott’s blog.

NOTE: The following instructions deal with editing the Windows Registry, which is not for the incautious or faint of heart. It would be a good idea to back up your Registry and/or create a restore point before trying this.

If I haven’t scared you off, open Regedit, navigate to HKCUSoftwareMicrosoftOffice12Word and delete the “Data” Key. (I did export the “Data” key first, just to be on the safe side.) After deleting the key, Word appeared to open and close properly. I right-clicked the Word icon on my taskbar, chose a document to open and it opened right up. So far, so good.

I then merged the backed-up reg key back into the registry and tried opening that same recently-used document from the task bar – Word opened, no document. Then upon closing Word, it crashed again.

From the information in Ed’s blog entry, the cause appears to be related to having Word running at the time a particular “Important” update is applied to the system. Removing this reg key fixed it right up! I saved at least 30 minutes by avoiding having to uninstall and reinstall Office.

Compelled Certificate Creation Attacks

March 26, 2010/0 Comments/in /by

Last October, we published a three-part series on SSL certificates: what they are, how they work, and how they’re used to secure transactions over the Web. You’ll find the series listed in our “Security” category. For most of us, this process has worked pretty well for a long time. But I recently ran across a paper by Christopher Soghoian and Sid Stamm that points out a vulnerability that, frankly, hadn’t really occurred to me before.

NOTE: I’ve chosen to place a copy of this paper on our own Web site, because I believe that the material is important enough that I wanted to ensure that it would be available even if the link I used to find it should no longer be valid. I believe that this is permissible under the Creative Commons Attribution license cited by the authors.

As we discussed in the previous series, the security of the public key infrastructure (“PKI”) that we’ve come to rely on ultimately depends on the trustworthiness of the Certificate Authorities (“CAs”) that grant the certificates. In general, a public CA (e.g., VeriSign) assumes some responsibility for verifying the identity of the person or organization requesting an SSL certificate. The level of verification performed depends on the type of certificate purchased. A small business purchasing a certificate that will be used to secure their Outlook Web Access site can get one pretty cheaply, and typically the issuer will only require that the requester be able to reply to an email message sent to the domain in question. On the other hand, Bank of America will go through a much more detailed process to get an “Extended Validation” certificate for one of their on-line banking servers (as well they should).

But if a bad guy could somehow obtain, from a trusted CA, a certificate for a Bank of America server, and then trick a user into visiting their fake BofA Web server, there would be no easy way for the user to know that something bad was going on – because the browser would indicate that a valid SSL session had been established.

Of course, any CA that knowingly issued such a certificate would risk irreparable harm to its reputation, punitive lawsuits, and potentially have its trusted status revoked by the major Web browser manufacturers. But, as Soghoian and Stamm point out in their paper, there are no technical restrictions that would prohibit a CA from doing so. So the integrity of the entire PKI and the security of millions of users’ communications ultimately depends on hundreds of CAs around the world choosing to do the right thing.

Now, I’m not particularly worried about VeriSign or GoDaddy, because I’m pretty sure they’re not going to cooperate in something like this without a court order (more on that later). But I didn’t realize that Microsoft, Apple, and Mozilla (Firefox) all include a number of national government CAs in their default “trusted root certification authorities” databases. For example, Microsoft’s program includes the governments of France, Korea, Latvia, Serbia, Tunisia, Turkey, and Uruguay, just to name a few. I’m sure that these government CAs are included for all the best reasons. But I’m not sure that I’m particularly comfortable with the idea of having my browser, by default, trust the government of Turkey with the blanket power to issue SSL certificates for any Web site. Correction – I’m sure that I’m not comfortable with that!

Why? Because the possibility is very real that some government, somewhere, might compel a CA to issue a false certificate that can then be used to perform a “man-in-the-middle” attack for surveillance purposes. In fact, as Soghoian and Stamm point out, there is evidence that this has already been done. (If you want the details on that, read their paper.)

As a result, they are working on a Firefox add-on that is currently known as “CertLock.” Certlock will keep track of the country of origin of the root CA of each Web site you visit, and if, on a return visit, it detects that the certificate being presented chains up to a root CA in a different country, even though your browser may trust that CA, it will warn you. For example, if your banking site uses certificates issued by VeriSign, which is a US-based CA, CertLock will store that information the first time you go to your banking site. If, on some future visit to that banking site, the Web server you hit presents a certificate that – although it appears to be valid – is chained to a root certificate issued by Etisalat in the United Arab Emirates, you’ll get a warning, and a chance to abort the connection.

Is this a perfect solution? No. Admittedly there are some scenarios that won’t be caught – but those are arguably not that significant anyway, with the possible exception of #4 below. To use a few of the examples cited by Soghoian & Stamm:

Assume that the US government compels VeriSign to issue a certificate for use by a law enforcement agency wishing to intercept communications between a suspect located in the US and his/her US-based bank, which uses VeriSign certificates on all its Web servers. CertLock won’t detect that, because the CA issuing the fake certificate is the same CA that issued the legitimate certificates.
However, if the government can get a court order compelling VeriSign’s cooperation, it could just as easily – and probably more easily – get a court order directly compelling the bank to disclose the suspect’s account information. So there’s little point in the exercise.

The same holds true if the bank’s legitimate certificates were issued by, say, GoDaddy instead of VeriSign. They’re both US-based CAs, so CertLock won’t detect the attack – but, by the same reasoning, it’s still a moot point.
Assume that a resident of China is accessing his/her online account with a Chinese bank that obtained its legitimate SSL certificates from VeriSign. Assume further that the Chinese government is interested in intercepting the suspect’s online transactions, and compels the China Internet Network Information Center (“CNNIC” – a domestic Chinese CA) to issue a false certificate for the operation.
In this scenario, CertLock would detect the attack – although, again, it’s an improbable scenario because the Chinese government could just as easily compel the Chinese bank to provide the suspect’s account information.
Assume that a US executive is on a business trip to China, and is attempting to access his/her gmail account from a hotel Internet connection. Once again, the Chinese government could compel CNNIC to issue a false certificate to employ a man-in-the-middle attack, since they have no leverage to compel the assistance of VeriSign, which issued the legitimate SSL certificates. This attack would be detected by CertLock.
Assume that a Chinese executive is on a business trip in the US, and attempts to access his/her Chinese bank account from a hotel Internet connection. If the Chinese bank was using legitimate VeriSign SSL certificates, and if the US government obtained a false certificate from VeriSign, there would be no way for CertLock to detect the attack.

Since American CAs dominate the certificate market, and are used by many foreign organizations, that last scenario is far from hypothetical, and would seem to give the US an edge in potential intelligence-gathering.

So the bottom line is that the approach taken by CertLock is not perfect. But it’s a step in the right direction, and I’ll be downloading it as soon as I can get my hands on it. In the meantime, particularly if you’re interested in security issues or if your job includes security-related responsibilities, I’d heartily recommend that you download and read the entire paper. Although it’s a bit complex, it’s only 19 pages long, so it shouldn’t take you more than two cups of coffee to get through it.