Archive for March, 2010

MS Security Bug in IE

Its well worth me mentioning in our blog that Microsoft released an emergency Internet Explorer patch on Tuesday after deciding that an upswing in hacking attacks targeting a zero-day vulnerability in IE 6 and 7 couldn’t wait for the next scheduled edition of Patch Tuesday, due on 13 April.

From IE5 to Microsofts new browser IE8 – all IE browsers are vulnerable. On Tuesday Microsoft released a patch which also cures 9 other security bugs.

The cumulative IE update info is available here –

http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx

All users should install this new patch immediately.


more jargon

The other day when browsing the internet I came across an article describing a new service from a  telco called VaaS.  It took me a minute to decipher what it might mean as I quickly scan read the article.

Half way through I realised that VaaS stood for “Voice as a Service” which is in fact better known as VOIP or “Voice Over IP” (hosted PBX etc).

Definitely a new one on me.  I think I will wait for it to be used in a keynote speech before I go throwing it into conversations and I suggest you do the same.


Sharepoint 2010

SharePoint Server 2010 will RTM next month.

Here are some interesting video presentations that give you a flavour of what to expect.


Firefox security worrying say the Germans

This is an article from the BBC.  We always recommend companies use Internet Explorer because it can be controlled easily using GPO’s.  We sometimes receive complaints by users who are adamant IE is insecure and slow.  This isn’t the first time Firefox has received a bashing about security problems with its browser.  A few years ago a major security hole was revealed which took weeks to fix.

I think IE always seems to have more security and performance problems because it is used more with many more users than Firefox and Chrome.  I’m sure if attention was averted from IE and focused solely on another browser the security and performance issues would increase dramatically.

The German government has issued a warning about using the Firefox browser because of security issues.

The Federal Office for Information Security made a similar ruling on the safety of Internet Explorer in January.

The office warned that the Firefox vulnerability, confirmed by Firefox makers, could allow hackers to run malicious programs on users’ computers.

A new browser release at the end of the month will fix the bug which relates to the current version, Firefox 3.6.

A “beta” or test version of that release, Firefox 3.6.2, is already available but has not yet been fully tested.

The BergerCERT team of the Federal Office for Information Security (BSI) has recommended that users stop using Firefox until the tested fix is released – in a move remarkably similar to the January announcement, in which France followed suit just days later.

Fox swap?

The Firefox vulnerability was confirmed by maker Mozilla last week on its security blog, when it promised that the next official release would address the issue.

It is only the current version that is affected, but given that prior releases have different vulnerabilities, reverting to an older version of the browser is ill-advised.

Switching to a different browser may not be a good solution either, said Graham Cluley, senior technologist at security firm Sophos.

“Switching your web browser willy-nilly as each new unpatched security hole is revealed could cause more problems than it’s worth,” he said.

“What are you going to do when your replacement browser itself turns out to contain a vulnerability?

“My advice is to only switch from Firefox if you really know what you are doing with the browser you’re swapping to. If you stick with Firefox, apply the security update as soon as it’s available.”

Mozilla said it hopes to have the latest version ready ahead of the official 30 March release date.

“Last week we informed our users that the upcoming security release of Firefox 3.6.2 would include a fix for an exploit that was disclosed to us just over a week ago,” said a Mozilla spokesperson.

“Mozilla is aware of the BergerCERT recommendation to avoid using Firefox 3.6, and encourage users to download the beta version of Firefox 3.6.2.”


Windows 7 refund refused

99% of the desktops we provide IT support for are Windows based, I can think of only one client with a linux requirement but never the less I read an article on The Register today which I thought was quite interesting.

A Dell customer rejected his Windows 7 license agreement which flashes up on a new PC the first time you get it out the box and turn it on.  They favoured installing their own operating system and demanded the money for Windows 7 back from Dell.

The software on first install flags a message from Microsoft which says – “By using the software, you accept these terms,” it reads. “If you do not accept them, do not use the software. Instead, return it to the retailer for a refund or credit.”

Dell initially told the guy Windows 7 was part of the computer cost and so was in affect supplied for free.

Apparently he argued his corner well and they refunded him the £70 Windows 7 OEM costs.

Recently a few other people have tried to gain a refund from Dell but haven’t had as much luck.

Asked about refunds for rejected copies of Windows 7, Dell told the register that despite the $115 success storey, the company policy is that it will only accept returns for the entire system. “We consider the OS part of the base config, like and other key components (e.g. processor, memory, etc.),” the company says.

I believe that when the system boots for the first time there should be an option to install whatever you like especially for home users and small companies.

It should be easier to buy a PC with no operating system. Many of our clients cover their systems with Microsoft license schemes. I don’t think it would be difficult to just have a check box saying no license required, Dell already do it for their servers so why not their desktops too?


Hyper-Love

Hyperlove

At Smart IT we love hypervisor technology.

Hypervisors are software systems that run directly on the host’s hardware to control the hardware and to monitor guest operating-systems. A guest operating system thus runs on another level above the hypervisor and it also means you can run multiple operating system machines as machines in their own right.

See the Virtualization bit of our website for a proper explanation, there’s a video from VMware which makes it easier to understand.

One reason we love the technology is the recoverability aspect of the machines.  Using VM backup software we can recover whole systems in less than an hour.

Last week a small client lost their main server because of a hardware fault.  They had an IT support Contract.   In the old days we would turn up onsite with a replacement server and go through the arduous task of recovering the system from tape, NAS or offsite back up – either way to the client it’s a day’s downtime realistically.

However in this instance when we previously installed the server we built it on ESXi which is a completely free hypervisor from VMware and configured duel destination back ups to a NAS and tape.

The back up from the previous night had completed successfully so we installed a spare server, copied the virtual machine from the back up and started it with no problems.  It took about an hour all in all.

It’s difficult for small clients to be able to afford clustered servers with fail over but this is perfect for them and doesn’t cost the earth.

So from complete system outage to back up in an hour.  Not bad.


Google Nexus One

The google Nexus One – some call it iPhone killer.

I don’t though, I call it rubbish and a bit of a let down – and here is why.

Caught in a technology junkie come down from over 18 months using of my iPhone I craved something new and different.  I consulted the oracle who suggested the Nexus One was going to wipe the floor with the iPhone with its speed, looks and design as well as its MS Exchange integration, quite important because I feel only Blackberry have nailed this properly (but who wants one of those?).

I ordered the phone immediately.  $500 and 3 days later it arrived.

I’m going to make this easy for everyone.  The only thing that’s better is the camera. 

In fact I’d go as far as to say its actually quite poor at some things.  The touch screen throws a wobble every few days, the button at the bottom of the touch screen always seem to require pressing countless times in order to get any response, its a bit flakey, the battery sometimes runs flat in a few hours for absolutely no reason, the other day when I charged it I thought it was going to burst into flames it was so hot but its not done this since.

Onto the exchange integration – it doesn’t sync calendars.  “What?” I hear you say.  That’s right, it doesn’t sync calendars in Exchange.  I’ll say it again, it doesn’t sync calendars in exchange.  No Exchange Calendar Sync.

My Solution (because its free) – google calendar sync.  Enables outlook to sync with googles gmail service.  No problem I thought, I’ll sync my outlook exchange calendar with gmail and set the calendar on that to be the calendar on my phone.  When I update my phone it will update gmail then gmail will update my outlook calendar.

I use a terminal server for all of my work so I can access it from anywhere.  Google calendar sync doesn’t install on Windows 2008 servers.  I had to create a virtual XP machine for our ESX server and install outlook just to get my calendar to sync.  It has been quote solid but come on!!!!  Top marks for coming up with such en elaborate solution I hear you say but most of the other Android phones support full exchange integration.  Why doesn’t the Nexus??

Googles support of the product is none existent.  They have a user group type deal where people can ask questions and once every 7 weeks a google expert does his / her best to address the avalanche of unhappy customers.  You end up speaking to HTC who developed the hardware for the phone who tell you it’s a software issue no matter what you seem to complain about.

I felt infuriated at the time by the whole thing.  Its quite poor google have taken this function out of the Nexus because although its does fail in certain areas like the going on fire when you charge it business and reliability on occasion you can kind of overlook this just because it is a bit faster than the iPhone, has a better RES display and camera and it doesn’t require iTunes (which I hate).

In summery – If you want a reliable smart phone get an IPhone or Blackberry.  Just put up with iTunes or stop moaning about how rubbish the browser is on the Blackberry. 

The grass is not as green on the other side in this case.


This is the end……… of consoles but whats next?

I have been monitoring the online game streaming product “On Live” for about 12 months. This isn’t because I like playing computer games and yes, I am aware that it doesn’t really tie in with the theme of business IT services.

So why the interest?

I like many others are of the opinion that eventually all application services will be streamed down a fast internet connection with all processing done by servers in huge data centres.
I believe that the major service providers like BT will sell you applications along with your internet connection – its no coincidence BT are ramping up their IT managed services division.   I thought full adoption for this type of service was 10 years away but I believe I could now be wrong.

The reason for this is high res 3d graphics have always been notoriously difficult to stream through a home / small business internet connection which means that apps such as CAD etc need to stay very much in house. The idea of streaming video games such as Assassins Creed or the popular first person Call of Duty seemed up until recently a bridge too far.

Many people already use SaaS type apps for all sorts in business like  CRM and even telephony.
Throwing a resource intense video game down a line as apposed to a resource intense graphic application doesn’t seem to me to be too dissimilar.

So in summery – is this the beginning of the last chapter for mass local computing?

I think it could be.

http://www.onlive.com/