July 2008 - Page 3 of 4 - markwilson.it

MS-DOS revisited: building a handy utility disk

Posted on Wednesday 16 July 2008Wednesday 16 July 2008 By Mark Wilson

This content is 17 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

A couple of years back I was writing about trying to squeeze Windows PE onto a 128MB/256MB USB thumb drive and how times change – these days I have piles of unused 128MB, 256MB and 512MB USB sticks that have become redundant because I have larger portable data storage devices available.

Then, as I was preparing to image a PC, I found myself using 1.44MB floppy disks and it all got very frustrating. Just enough to boot the system used half the disk and that was without any utilities – the version of Symantec Ghost that I used recently won’t even fit on a floppy disk. So, I decided to put one of my old USB sticks to use as an “ultimate boot disk” – much easier to update than the CD-based versions we were putting together a few years back.

Despite having a pile of smaller USB thumb drives doing nothing, I decided to use one of the 1GB sticks that EMC were giving away at the Windows Server 2008 launch (plenty of space for expansion).

The first step is to make the drive bootable – I used the HP USB disk storage format tool v2.1.8 (SP27608) to format the drive and put a basic Windows ME boot subsystem on it (using a disk created with the Windows XP disk format tool as a reference image) but there are other options.

Why Windows ME? Well, because it’s easy – Windows XP creates ME boot disks – and because it was a prerequisite for the the next stage – network booting using Brad Driver’s universal TCP/IP network boot disk. There are many sites on the ‘net that offer network boot disks (including bootdisk.com) but the one I chose manages to include a huge range of drivers and it fits on 1.44MB floppy.

Basically, the disk boots a very basic operating system before expanding itself to a RAM disk and reloading the command shell. USB device support is still experimental (at v6.2) but after much experimentation I worked out that I could use the makedisk script provided with the download but in order to avoid a loop of pressing CTRL+ALT+DEL to restart the computer I needed to edit the config.sys file so that the line shell=n:\command.com /e:4096 /p used c: instead of n: for the command interpreter (my drive was formatted as USB-HDD, this may not be necessary for other USB boot options) and I also removed the hidden attribute from command.com to avoid a file not found error (that didn’t seem to affect the operation of the disk in any other way). After this, the NIC is auto-detected and an appropriate network driver loaded, obtaining TCP/IP information from DHCP and logging on to the network.

With network booting working well (at least on the IBM ThinkPad T40 that I tested against – older machines may not have the necessary BIOS support), I added an autorun.inf file for when I use the drive within Windows. This file includes the following items and really just sets the drive icon and description:

[autorun] label=USB Network Boot Disk (1GB) icon=shell32.dll,12

Finally, the whole purpose of this disk is to run some utilities. At this point you can name your own poison but I created a C:\Tools folder (C:\Utilities is too long for 8.3 file naming, although C:\Utils could have worked) and started to pile in my favourite 16-bit .COM and .EXE files – I’m sure the list will grow substantially over time. There may be some issues with memory management but there is plenty of space to add a variety of tools and theoretically there could be multiple boot options too.

It’s been a long time since I played around in MS-DOS and there is very little call for it these days (I should really be doing this with Windows PE) but every so often it’s good to return to your roots.

A few things I found whilst drive imaging with Symantec Ghost

Posted on Tuesday 15 July 2008Thursday 17 July 2008 By Mark Wilson

I need to rebuild one of my PCs before lending it to someone for a few days but before I do that I want to take an image of it. If I had the Microsoft Deployment Toolkit 2008 set up at home then that would be reasonably straightforward but I don’t, and the old drive imaging technologies will be fine for this – at least that’s what I thought until I spent half the night and a good chunk of this morning fighting with Symantec Ghost… So, here’s a few of the things that I’ve (re-)discovered about Ghost in the last few hours.

Using Ghost in peer-to-peer mode does require the slave and the master machines to be running the same version of Ghost – it will present a version mismatch if you try and run different versions.
Ghost 6.x Enterprise has a multicast option but I couldn’t get it to work (it was always greyed out for me). Symantec’s knowledge base suggests that this may be down to TCP/IP issues and I’m pretty sure that packet-level network drivers are required with the MS-DOS client (the Windows server can use the normal Windows network settings) but, even with a suitable packet driver loaded, I gave up after a few hours without success.
GhostCast Server uses (UDP) port 6666 for communications.
GhostCast Server 8.x will create a Windows Firewall exception for itself but the exception still needs to be enabled manually.
On a multi-homed server, there seems to be no way to select the NIC on which the GhostCast Server presents a session.
Multicasting also seems to need the client and server versions to match one another. 16-bit Ghost 7.x should work with an 8.x server but it wasn’t working out for me with 7.5 and 8.2 (32-bit 8.x clients were connecting to the server fine, so I knew it was working, but I didn’t want to image those machines – and I didn’t have a copy of the 7.x server).
Compression adds a lot of time to the imaging process.

Eventually, I got everything working with a 16-bit copy of Ghost 8.2 running on MS-DOS (to be completely accurate, it was a Windows ME startup disk created from Windows XP) communicating with a GhostCast Server 8.2 running on Windows Server 2008.

And for anyone who is wondering why I was messing about with 16-bit executables and MS-DOS (in these days of Windows PE), Toffa suggested that I should try a Windows PE disk with the 32-bit ghost client. Although that would have let me access USB-attached external storage, I didn’t have enough space on a USB drive and was storing my image on a server. Windows XP (and so PE) doesn’t natively recognise the network card on the machine I was imaging, so that would have required me to extend the Windows PE image and provide additional driver support. Somehow, using a universal network boot disk seemed like the easy option.

Generating secure passwords

Posted on Monday 14 July 2008Monday 14 July 2008 By Mark Wilson

One corporate blogger at Symantec recently wrote about the useless passwords that people use (with various lists placing “password”) at or close to the top of the list. His source contained some dubious claims (e.g. it claimed that one of the top passwords across Europe is “monkey”… maybe that is the case for English speaking Europeans but it’s unlikely to be the case in French, German, Spanish, Italian, Portugese, Greek, etc., etc.) but his point is valid – systems that require a password require one for a reason – usually to protect either the data contained in the system, or the reputation/identity of the person to which access is being granted or the company who operates the system.

As a concept, the idea of a username and accompanying password is flawed – ideally we would be using another form of identification and authentication – and that should use multiple factors (something I have/know/am) but in amongst the nearly 2 hours of drivel that was last week’s MacBreak Weekly podcast (note to self: drop this subscription from iTunes) was a little gem about generating new secure passwords. The panel was advocating the use of a utility such as OnePass to generate and manage passwords when one of them said he does something similar from the command line: Unix/Linux and Mac users can type openssl rand -base64 6 to generate a secure 8 character password (the number on the end of the command needs to be multiplied by 4 thirds to get the length of password – more details of using OpenSSL to generate secure passwords are available at the tech-recipes website).

One man who knows an awful lot about security, Steve Gibson, has produced a secure online password generator but the 64-character passwords it generates are a bit extreme for most purposes – and “secure” passwords of any length create their own problem – they are totally unmemorable, so most users will resort to using some form of password safe (either online or offline), reducing the security considerably.

Then there’s the issue of password policy – some sites will limit the length of a password whilst others will require the use of special characters.

At work, I use a variety of corporate systems, some of which respect my Active Directory logon, and others (timesheeting, more timesheeting, mobile phone billing, self-service HR portal) which do not – each with it’s own password policy for password length, complexity, re-use and expiry. Then there are the hundreds of websites that I use and which require registration. It’s a usability nightmare – and many people will use the same passwords repeatedly – an identity thief’s dream.

I prefer to use a memorable passphrase, which is typically longer than a password and although it may include dictionary words they do not make up the entire password. For example, if my password needs to be changed and something is happening at that time that might be memorable I could use that – “2008HolidayinFrance” is memorable, easy to type and whilst it includes dictionary words it’s also 19 characters long so spotting the dictionary word placement might take a while for a password cracker.

Of course, there is no one answer – what works for me might not work for you. What I’m pretty certain of though is that “password” is not a good password and that re-using the same password (or variations on it) is not a good idea either.

Virtualised hardware hotel

Posted on Friday 11 July 2008Friday 11 July 2008 By Mark Wilson

I was at a VMware event yesterday where they proudly played this video…

…it’s a bit of fun (and the music is really catchy – even if the lip sync is a bit out!) and was apparently first shown at VMworld a few months back.

It’s not just VMware that can offer this type of solution though – I did use VMware Virtual Infrastructure (VI) in the design I produced for a server consolidation exercise with a “big four” accountancy firm a couple of years back but it was very expensive and required a huge leap of faith on the part of both the customer and the datacentre managed service provider. Now we’re in the second half of 2008, I’m not sure if I would be using VMware products in my “virtualised hardware hotel”. For a lot less money I could do the same thing with Windows Server 2008 and Hyper-V, together with System Center Virtual Machine Manager 2008. Some people will argue that the VMware products have maturity on their side and I’ll concede that it’s true – VMware did create the x86 virtualisation market – but a hypervisor (or virtualisation layer, in VMware-speak) is a commodity now and the simple fact is that I really can’t justify advising my clients to spend the extra money on ESX and Virtual Center, especially as the Microsoft offerings under the System Center banner can be used to manage my virtual and physical infrastructure as one.

If only Microsoft produced viral videos like this, I could share one with you… so come on Redmond… give me something to play back at the VMware boys (and girls).

See who’s posting what on Flickr

Posted on Friday 11 July 2008Friday 11 July 2008 By Mark Wilson

Flickr logo This is a bit voyeurstic, but it’s also a great way to see other peoples photos… Flickr Vision displays a map of the world and uses Flickr’s geotagging capabilities to display photos as they are posted to the web, all around the world. It’s actually quite mesmerising…

Update on UK iPhone 3G availability

Posted on Thursday 10 July 2008Thursday 10 July 2008 By Mark Wilson

iPhone 3G logo After Monday’s debacle with the O2 website being unable to respond to the demand for new iPhones, many O2 customers (myself included) received an SMS message this morning which said:

“O2: Unprecedented demand for iPhone 3G

If You tried to order an Apple iPhone 3G last Monday (7 July) and experienced difficulties, we’re really sorry.

To find out the latest details, click on http://shop.o2.co.uk/info/”

I clicked the link and, because I’m sure the notice will not remain on the site indefinitely, here’s a copy of what it says:

“iPhone 3G availability update

Summary
Thank you for your interest in iPhone 3G. We are experiencing unprecedented demand for the device and whilst we are confident that all customers who want iPhone 3G will get one by the end of this summer, initial supply is limited and will be for some weeks. Here is what you need to know:

O2 and Carphone Warehouse (CPW) stores will have limited numbers of iPhone 3G this Friday 11 July.

On average, we will only have a few dozen iPhone 3Gs per store (some stores more, some stores less, dependant upon store size so we expect to sell out quickly). Sales of iPhone 3G will be limited to one per customer and two for business customers.

Some O2 stores will open at 8.02am on Friday, others a bit later. Find out more

If you do go into an O2 store you will need 2 forms of identification, a valid credit or debit card and proof of address. If you are new to O2 you will also need to pass a credit check if you sign up for an iPhone 3G contract. The average sales transaction processing time will be 20 minutes.

Apple will be selling iPhone 3Gs in their stores, but please note that existing O2 customers can only upgrade in an O2 or CPW store.

We are working closely with Apple to get additional iPhone 3Gs. These will be coming in on a weekly basis. We’ll keep you posted on specific details by updating this web page regularly.

We are currently out of stock of iPhone 3Gs via our on-line store and customer services, we’ll update through www.o2.co.uk when more information becomes available.

If you have an existing iPhone you can still enjoy many of the new features by upgrading your software to version 2.0 from 11 July through iTunes.

We are sorry that we can’t meet all demand as quickly as we’d like but we’re sure that when you get your new iPhone 3G you’ll agree it’s been worth the wait.

If you are one of those customers who tried to use our Online shop on Monday, you might like to read on.

I am sorry that you had a frustrating experience in trying to order iPhone 3G. This note summarises why it happened and what happens now.

From the start, we felt it was important that people should be able to register that they were interested and be kept up to date with each part of the launch. As well as giving people the information they needed to get a new iPhone, it would give us an idea of how many iPhones we would need from Apple.

An amazing 200,000 people registered on the site. Apple can only supply us with a small proportion of that number to start with, but with weekly deliveries, we’re confident that everyone who wants an iPhone will be able to get one by the end of the summer. Until then, we realise that some people will be disappointed.

The people who’d registered on our site had the chance to order an iPhone before anyone else. We let them know that they could do this by going online on 7 July and we made it clear that it would be on a first come, first served basis to keep things fair, as stock was limited.

Naturally, we made sure we looked after people already on O2 as well as new customers. And in fact the orders that we received were split 50-50 between new and existing O2 customers.

What went wrong?
Because we were so open about where and when you could pre-order your iPhone, the online shop was always going to be busy. We tried to prepare for this by increasing the online shop’s capacity to 250 times its normal rate and testing it over and over again before the launch.

It wasn’t enough. I’m really sorry if you couldn’t get your order in. We weren’t prepared for the speed and volume of people. I’m not sure any website could have been.

What happens now?
If you ordered online and your order went through, we’ll text you by 6pm tonight, just to confirm. You’ll get your iPhone 3G delivered on Friday 11 July unless you live in one of these remote postcodes. If you haven’t had a text by then, I’m afraid your order wasn’t successful. Your options if you still want an iPhone will be to either go into a O2 store tomorrow and I would recommend you read the key points at the top of this page or alternatively, check the website in the future for stock availability.

Once again, I’m sorry if you had problems with the online shop on Monday. We’re working very closely with Apple to get as much stock as we can for the UK, as quickly as possible.

Thank you

Cheryl Black
Customer Service Director
O2″

Still no news on the white iPhone 3G. That’s the one I’ll be after.

Stop installing unnecessary software on my PCs

Posted on Thursday 10 July 2008Friday 11 July 2008 By Mark Wilson

What is it about software companies that they think they can install a load of rubbish on my PCs? This morning, Java was bugging me that it wanted to install an update. That’s fair enough but, as it installed, it asked me if I wanted to install OpenOffice too (I don’t) – I wouldn’t mind this so much if it wasn’t that the default state for the check box was selected.

Apple Software Update pestering for installation of Safari on Windows No sooner had Java finished updating itself then the Apple Updater popped up and said “hey, we’d like you to update QuickTime. We can’t be bothered to give you just a patch, so please download 29MB of our bloatware” (I said no because I was using a mobile connection), “and while you’re at it why not install our web browser that seems to have more than its fair share of security issues… that will be another 23MB” (of course, I am paraphrasing here – but you can see the dialog box… complete with checkbox selected by default. Can you imagine the uproar there would be if the Microsoft Office for Mac Updater tried to install another Microsoft product on people’s computers?

It’s not just the update programs either. I seem to recall that one time when I installed Adobe Reader it wanted to put some toolbar in my browser (no thanks). And, whilst they criticise (Windows) PC makers for shipping demo software on new PCs (in the “Stuffed” Get a Mac ad), Apple ships demo software on new Macs (albeit its a demonstration version of Microsoft Office).

Please! Stop installing this crapware. I want a tidy, secure system and the way to do that is to minimise unnecessary installs. Of course, as the software companies all know, 90% of PC users will click any old dialog box and that’s why their PCs run so slowly and fall over so often.

Camera warranty – not worth the paper it’s written on

Posted on Wednesday 9 July 2008Saturday 16 May 2015 By Mark Wilson

Last year, I bought a Canon Digital Ixus 70 to carry with me in my pocket when I don’t want to be lugging a DSLR and a bunch of lenses around. It’s been a great camera but, whilst we were on holiday a few weeks back, it stopped working.

I got in touch with Amazon (who sold it to me) and they said to contact Canon. Canon said to send it to one of their repairers (at my cost) and the repairers have written back and said it will cost £124.55 to fix it (more than it cost to buy in the first place) because it has sand inside.

I checked Canon’s warranty terms and conditions and, sure enough, there it is – the get-out clause is highlighted below (my emphasis):

“[…] 7. Unless agreed in writing, the Warranty will not apply: (a) because you have not used, stored or handled the Product properly; or because you are in breach of the terms of this warranty or the Contract terms, or have not followed Our instructions in the product manual, or those of the manufacturer; or because of damage or defect due to willful neglect or negligence by anyone other than Us; (b) to loss of quality, degradation of performance or actual damage that results from the use of spare parts or other replaceable items (such as consumables) that are neither made nor recommended by Canon; (c) to a loss of quality, degradation of performance or damage that results from the installation of, damage to, or modification to the Product and/or Software by someone else other than Our representatives or because of damage that results from changes required by you or a Third Party; (d) to damage that results from your connection of other fittings or accessories to the Product which We have not approved or your connection of other equipment or software not approved by Us; (e) because of external causes outside Our control which shall include accident, fire disaster or burglary; (f) because of faults caused by shock or fall, sand, dust, dirt, damp or corrosion, leaky batteries, repair or cleaning by unauthorised personnel; (g) because of any mal function or specific requirement of any other item of hardware, or software which you have linked to the Product in respect of items not included in the Contract; (h) to correct errors in any non-Canon proprietary software or other software not provided by Us; (i) because data is lost or damaged; (j) to damage caused by your attachment of the Product to a network not approved by Us or because you have made changes to your Operating or Network system in a manner not approved by Us; (k) because you have not installed any error correction that We issue for the software or have otherwise not followed Our reasonable instructions or advice. […]”

Basically, the warranty is useless. Dust will get into anything. Sand only got in because some blew onto the lens mechanism and was pulled back into the camera as the lens retracted. It’s not like I buried it on the beach and then expected it to work.

I’m sure that other camera manufacturer’s warranties are equally useless, but when I do get the camera back, I’ll be trying to fix it myself. The parts are only £39+VAT – its the £60+VAT labour that’s stinging me. And then they want £8.23 to send the camera back when it only cost me £5.05 to send it to them, using the same Royal Mail Special Delivery service… hmm…

In the meantime, does anyone know where I can buy spare parts for Canon cameras?

Preparing a 1st generation iPhone for resale

Posted on Tuesday 8 July 2008Wednesday 5 September 2012 By Mark Wilson

In some ways, this post is of limited value – as it’s for a first generation iPhone, running on iPhone software v1.1.4 – both of which will become old technology on Friday 11 July 2008. Even so, I expect the market to be flooded with secondhand iPhones over the next few days and contract-free devices will sell for more money than those still locked to O2. In time, the hackers will unlock v2.0 iPhones but, for now, v1.1.4 is the one to get.

I’ve been happily using my iPhone on an O2 contract since last November but, tomorrow, my iPhone auction on eBay will end and I wanted to get it ready for sale.

iPhone working with a Vodafone UK SIM Last week, I unlocked (and “jailbroke”) the iPhone using iLiberty+ v1.5.1 for Mac and tested it with a Vodafone SIM (before listing it for sale) but tonight I followed the instructions to securely wipe the iPhone before I finally send it to the new owner.

When I first jailbroke my iPhone, I found that I’d entered a whole new world of mobile application possibilities. When I first thought about getting an iPhone and using it with my previous (Vodafone) contract, I was concerned about the impact of unlocking and jailbreaking the device but I am amazed to see just how many applications the AppTapp installer provides access to (especially with the Community Sources package installed). I really hope this ecosystem of iPhone underground application development is not killed off as the official Apple App Store route to market takes over but I guess, as long as the device is tied to a particular operator in each market, there will always be people who want to use their iPhone on another network (and I found that jailbreaking takes no more effort than unlocking the device).

So, with my iPhone restored to it’s factory defaults, then jailbroken, installer added to the splashscreen, the handset activated and unlocked, I set to work installing the BSD Subsystem 2.1 and OpenSSH. At first, I was downloading applications over O2’s 2G network, which took a long time (the BSD subsystem is 5.1MB), but then I figured I could share my MacBook’s Internet connection over Wi-Fi and that speeded things up considerably.

Even though I could ping the phone (the IP address is displayed in the Wi-Fi settings), I was having trouble connecting to the phone, with my terminal session reporting:

ssh: connect to host 10.0.2.3 port 22: Connection refused

Googling turned up various posts suggesting using the BossPrefs application to ensure that OpenSSH is running but I couldn’t get BossPrefs to complete its own installation.

Eventually, I figured that I could use iLiberty+ to install OpenSSH, after which I was able to copy a previously-downloaded copy of the umount utility to the iPhone:

scp ~/Desktop/umount root@ipaddress:/sbin/umount

After entering this command, something similar to the following should be displayed:

The authenticity of host ‘ipaddress (ipaddress)’ can’t be established.
RSA key fingerprint is 8d:0c:46:44:6c:ff:25:7c:c3:d6:49:1b:6a:c5:31:8b.
Are you sure you want to continue connecting (yes/no)?

To which the, answer is yes. Then you should see:

Warning: Permanently added ‘ipaddress‘ (RSA) to the list of known hosts.

Next up, should be a password prompt:

root@ipaddress‘s password:

The default password (at least for iPhone v1.1.4) is alpine and, once this has been entered, umount should finally be copied to the iPhone:

umount 100% 15KB 14.6KB/s 00:00

A few more commands are used to set execute permissions on umount, to do some Unix magic with mountpoints and then to copy lots of nothingness across both the partitions, as Jonathan A. Zdziarski describes:

chmod 755 /sbin/umount umount -f /private/var mount -o ro /private/var mount -o ro / cat /dev/zero > /dev/rdisk0s2; cat /dev/zero > /dev/rdisk0s1

This will take a while (I think it was about 45 minutes in my case) and when it’s done, you should see a couple of I/O error messages and a return to the shell prompt (#):

cat: stdout: Input/output error
cat: stdout: Input/output error

The iPhone GUI is also likely to be unresponsive (that is expected).

So, with all data removed, I could put the iPhone into recovery mode once more to restore its factory settings and then jailbreak/activate/unlock it for the final time. After a test with the Vodafone SIM inside the iPhone to call my O2 SIM (in another handset) I had confirmed that the handset was successfully unlocked and ready for its new owner.

Setting up printers in Windows Server 2008

Posted on Tuesday 8 July 2008Tuesday 8 July 2008 By Mark Wilson

For the last few months, I’ve been running Windows Server 2008 as my desktop operating system. It’s been rock solid, despite not being designed for laptop hardware and even if I can’t hibernate (because I have Hyper-V enabled).

Earlier today I needed to set up a network printer but I was getting an access denied message when I tried to create the TCP/IP port using the standard Printers applet in Control Panel (even though my domain account is a member of the local Administrators group). The workaround that I found was to use the Print Management snap-in to add the port and then add the printer. This does require the Print Services role to be enabled (or remote server administration tools to be present) but it also provides a much better interface for the task.

markwilson.it

get-info -class technology | write-output > /dev/web

Month: July 2008