Posts by Trevor_Pott

M Gale

Phobos and Deimos are kidney stones. They are also covered in craters. However long ago this happened, those little buggers have been up there a while. If my theory is right, then when the original impactor broke up while exiting the atmosphere, the two bits that became Phobos and Deimos were most likely at least semi-liquid. They cooled, and proceeded to spend umpteen years getting pummelled by space debris.

What space debris though? Probably the same sort of crud that hits Mars itself, but also likely some leftover bits from their own creation. (A goodly chunk of which probably fell back to Mars.) Why couldn't either or both of these bodies have been slapped around some by space debris long enough to retard their spinning to about what we are seeing now? Seems to me anything big enough to have made that particular scar on mars would have been large enough to break up into a Phobos/Deimos pair a couple of times over. Where’d the rest of it go?

I’ll bet that a good chunk of (probably very Iridium-rich) materiel is left buried under that impact scar. Another goodly chunk in various smaller and more directly vertical impact events all over the planet. Still, one look at the actual SHAPES of both of Mars’ companions (especially Phobos) tells me something happened to them (post-impact-event) that would have made for an EXCELLENT movie special effect.

I’d bet the data to outright confirm or deny this theory already exists. The mapping of impact sites on Mars, Phobos and Deimos should tell us if there was an unusual number of them happening within the same, oh…million years or so? Chart the age of it all; see if there are any glaringly obvious correlations, and if so…you’ve probably got an impactor-based creation event. Albeit one significantly less cataclysmic for the parent body than the Terra/Luna system. (IIRC wasn’t the impactor in the Big Whack supposed to be >1/4 the extant proto-terra’s mass? Yowza!)

I would love to have a NASA protoexogeology nerd hear my theory and either reject it outright or go “hmmmm.” Finding out you are (definitively) wrong is almost as much fun as finding out you are (definitively) right! Hurrah for science and <3 learning.

Zune

I thoguht they stopped selling those. No? Hmm...

@AC

Not /all/ microsoft stuff, just Microsoft software of that particular generation. By and large the entire Visat/2007 generation of Microsoft software was complete pants. I would go so far as to say that OCS 2007 R2 might well have been one of the very few not crap pieces of software Microsoft put out from that era.

@xj25vm

This is the third in a series of three articles about OCS. The previous one did mention how much of a pig it was to install and maintain.

Whatever happened to just being periodically impressed by the shiny?

From time to time, I am still impressed by technology. It's rare, as i am growing increasingly jaded with time, but I do periodically step back and thing "you know what, that's kind of cool." In this case of this article, I had been awake for about 82 consecutive hours whereupon I managed to get into a bit of a discussion with a friend of mine about where technology is now versus where it was at the dawn of the net.

There's nothing in Office Communication Server that a telco or really good PBX hasn’t been able to do for about a decade now. The difference is that now you can run the server for this kind of thing in a VM on second-rate hardware. If you are running the client on a physical box and have a decent headset you are off to the races.

I don’t know about you, but actually do find that kind of cool. Not too long ago this would have been completely beyond the reach of any SME. PBXes were too expensive, and the software solutions were similarly priced. Today, OCS and it’s various competitors are priced right, with only the complication of the install and maintenance being a preventative factor. Five years from now, I am sure the administration of something like OCS will be so simple that every SME out there would be able to host one if they so chose.

If you work in a company that has thousands of staff and the latest, greatest technology it’s easy to overlook how neat it is when something like this trickles down to the rest of us. Essentially it’s the ability to run something that is your own Skype-style server, but with some real integration into other products. (Such as Office, SharePoint, etc.) Cisco’s got a good one too, and well worth a look.

The last time I took even a sideways glance at unified communications, Live Communications Server 2005 was just hitting the streets, and the entire endeavour was laughable. OCS 2007 R2 is a completely different animal, and I was thoroughly impressed. It makes me want to hunt my local Cisco rep and get them to demonstrate the latest greatest, because I am sure they are a generation beyond Microsoft in this. (They always are.)

@jake

Thank you ever so much for your support.

@darren 16

Nowhere did I say it wasn't an excellent application. I said it was a pain to install and maintain. As for your impression of sysadmins, I can't help you there. I am sorry to report that we are human beings and as such we tend to prefer applications and products that make our lives easier. I don't think we are any different from anyone else in that regard. I should also point out that despite OCS bieng a pig to work with, I did deploy it. I did so because it would benefit my users more than alternatives that were easier on me.

None of that changes my desire for it to be easier to administer.

@Bibbleq

Single installer...multiple components. Each that act as thier own individual servers. Intertwined, but nonetheless distincf.

Clouds

He may be paranoid...but I am not yet convinced he's wrong. You have to go a long way before you convince me that putting your data in someone else's care is a good idea. It boils down to trust, and I have very little of it for soulless Megacorporate entities.

Entirely apart from the data governance issues, hosted services leave you with noone to flog when it goes boom. SLAs are worthless, and don't actually cover the costs of downtime to your business. What's more, you have no control over if/when your hosted provider will pull a Zune on you and withdraw or radically change the service. What is someone in my situation going to do? Sue Microsoft? Please. The legal fees alone would be ruinous.

No, cloud anything is an absolute last resort for any business critical function, unless you are dealing with a provider that lives and dies by their service levels. A corporation like Microsoft has no incentive to do anything other than tell you how it's going to be, and expect you to like it.

Even if you could argue that Microsoft had some minor incentive to do well by it’s customers, it has proven time and again that it doesn’t care about any organisation below a certain size. Do you honestly thing this suddenly changes because it’s a hosted service? Balderdash. Unless the tco over an expected application lifetime of 4 years was SIGNIFICANTLY lower, the risks outweigh the rewards. Oh, and “but the keep you on the latest version” isn’t a pro, either. I want to deploy a server fleet and have it function with no major changes – or user retraining – required for at least 4 years at a time. I don’t upgrade every iteration of anything unless there is a DAMN good reason.

If it isn’t broke, don’t fix it. “Because it’s newer” is never a good enough reason for ANYTHING. So what the benefit of hosted services? Where are those advantages or TCO price delays over a four year application life that make it worth it?

At 75 users, I just don’t see it.

dz-015

Point taken. I do use Redhat a lot, and VMWare…a few others. I will make a point to yak about them some more. I am sorry that it’s been so Microsoft all the time recently…but we just replaced our whole Microsoft domain.

4 cities, 5 sites, 5 DCs, Exchange server, WSUS, OCS, a half dozen SQL servers, and the list goes on. Two sysadmins and a bench tech. 250 VMs and about 100 physical machines. 2.5 days; with as little interruption of service as possible, and no…we didn’t have enough hardware to run both networks in parallel for the changeover.

All of it had to be done without disrupting the Linux side of the network for more than a few minutes at a time. Total sysadmin uptime: over 100 hours per wetware unit over the course of the 3 days of changeover and two days of post-doomsday tech support.

Oh, and they are letting me blog about it!

BPOS

BPOS is a good beginning. Five years from now, after a whole bunch of other companies have walked over that minefield and Microsoft was pulled a Google with the data of the wrong people, I might consider it. Until they have been caught with their hand in the personal information cookie jar and slapped back down though, I am a littler nervous. IF you think I'm paranoid about allowing critical corporate data to be hosted by an external provider, you should meet my CTO. He is not a fan.

Beyond those concerns, which many companies wouldn’t care about, there’s the fact that this is Microsoft we’re talking about. On the Internet. When I look at BPOS, (and I’ve tried it,) there is no real advantage to Google’s offerings beyond a little bit a polish. Two years from now Google’s Gtalk/Gmail/GVoice etc. will be integrated into a package that would eat fewer resources, be far more stable and have a better web client than anything Microsoft could possibly field.

Don’t get me wrong, OWA and CWA are not bad…they are just plinking enormous. They take forever to load, are significantly more fragile than Google’s web offerings and just seem to be that few steps behind the desktop clients. (Whereas Google’s web clients are nearly indistinguishable from their non-web ones.)

Plus: BPOS is /expensive/. Three months of use at 75 users and I could have bought the software and CALs to sun the thing in-house and been done with it. Admittedly, I’d practically need my own admin to run it, but at least my data would be my own. The trust is, for the cost, I don’t see the advantage. You are going to pay for the extra wetware to administer the thing either way. Why would I go the BPOS route and pay some administrator who isn’t local to my company? I could take that same money and put it into the salary of someone who lived in the same city as my company and might even buy my company’s products from time to time.

Unless the TCO of “cloud” services are significantly cheaper than deploying the local versions, there are no advantages, and a heck of a lot of disadvantages to the concept. Hell, the only practical advantage to using Microsoft nowadays is that they AREN’T GOOGLE. Microsoft offer local servers that you can control, Google don’t. Why would I ruin it by putting all that data into the cloud and then paying over the odds for the privilege?

Anonymous Coward

I still maintain it should be considered. I also believe that if you are even marginally overstretched staff-wise, as many SME shops towards the smaller end of the scale are, OCS will push your resources over the edge. It is BLOODY AWESOME. It's also really complicated, and kind of fragile.

There are subtleties and layers of opinion about this product I find a little hard to compress into three 500-ish word articles.

@Robert Carnegie

It may not be the best plan from a security standpoint, but it is the only thing that seems to work. I installed it all, and then just disabled what I wasn't going to use through GPO. NO other method seemed to work without it tipping over every time I looked at it sideways.

@Easytoby

If all you are looking for is a corporate instant messenger, office communications server is a complete waste of your time. I say this as someone only really looking for a corporate instant messenger who has the thing deployed. I am using about a tenth of a percent of the program's features in my environment. (My CTO <3s Microsoft.) If you need a corporate messenger and nothing more then get a jabber server and be done with it in 15 minutes flat. No fuss, no muss.

Now, if you need a completely integrated UNIFIED MESSENGING client, then I would put OCS up against anything out there. IBM and Cisco have competitive offerings…but OCS 2007 R2 goes toe-to-toe. What is unified messaging? Hell if I know. I am still figuring that out. So far as I can determine from the buzzword checkbox it is the ability for everyone in my entire company to attach a wire to each testicle and taser me on a whim.

This thing is stupidly powerful, and I am enough of a luddite for that to be enough reason to fear it. Assuming I weren’t using it from within a VM (which neuters about half of it’s abilities from the get-go,) then it’s kind of cool. I can have it control my IP PBX; it would do voicemail, call routing to a USB or Bluetooth headset, I could talk via phone or office communicator client to anyone in my organisation and I can set up a ridiculously complex auto-attendant feature on it. In truth, I could probably do all of that with a jabber server, Asterix and about 12 months to write a customer web interface for a series of complicated shell scripts…

…but this is push-button and frighteningly simple. (I say frighteningly simple because if my CTO ever figures out what the damned thing can actually do, I am terrified he’ll try to make me put it to use as more than an IM; a project that would be disastrous since we are 100% VDI.)

I can also right click on a contact and schedule a meeting with them, view their current busy/free status, when they will be free next (based on their calendar), send files, share my desktop (or a single application) with them, do things using SharePoint I only barely comprehend as well as customise lists, groups, teams and any other manner of personnel organisation you could conceive of all from within this one little application.

It ties into Office and into Windows. So I can be browsing a file in my documents folder, realise I need to send it to Alice, right click and send as e-mail, send to the contact, or open it up in a shared application session with Alice for mutual editing and review. Hell, it can schedule a meeting with Alice to schedule a conference call with Bob to do shared application session on the file if I only knew the right sequence of buttons to push.

Oh, and it has both Windows Mobile and Blackberry clients. The nerd in me looks at the technology involved and says “this is really, really cool.” The sysadmin in my looks at it and is TERRIFED. If middle-management types ever figured out what the thing could do…

*raises hand*

When I read the allegations, the first thought through my mind was "I'll be the little nomad is using his fame and lifestyle choice to get into all sorts of trouble. Since he never seems to stay in the same place twice, it would seem like he has arranged the perfect lifestyle to accomplish it...."

It wasn’t until I read about it on the Register and had to deal with the rather sycophantic wikileaks crowd here in the comments that I thought for a second he didn’t do it. He’s not the pure and virginal messiah come to save us all. He’s an egotistical little twatdangle who has risen to fame quite quickly of late. I am not saying that makes him a rapist, but I am certainly cynical enough to look at the whole thing and go “meh, he wouldn’t be the first” and then move on to reading about DRAM or something.

Intractable Potsherd

To each their own. I have yet to find the "one true solution" that solves all security problems. Educating users is a lost cause, and frankly if we were doing our jobs well you shouldn't have to know so bloody much about computers to use them.

For that matter, I would personally like to be able to browse the internet on my computer at home without constantly having to be vigilant about everything all the time. I work with computers all day long at work, when I go home the very last thing I want to do is fix another one. I don’t even want to have to exert the brainpower to ponder if the link I am clicking on is going to blow up my PC or not.

Like so many other “users,” I just want the bloody thing to work. This is why I like things like blacklists and whitelists, even though they might prevent me from accessing the wider web. So long as I can turn the thing off when I want, it offers a nice comfortable cushion from which I can just get on with the business of using my computer instead of constantly fretting about HOW I am using it.

It is for the same reason that I drive an automatic, not a standard. Similarly, I use a coffee pot that requires minimal effort to produce decent coffee as opposed to crushing the beans with a mortar and pestle and using an open fire and percolator.

It’s the oldest argument in all of IT. Convenience versus the requirement to understand everything about the system you are using. I accept that no matter how godlike systems administrators think they are, we are never going to /force/ users to understand the fundamentals of their computers, the internet or anything else IT related. No more than car mechanics are going to force the entire population to fundamentally understand fuel injection, ABS braking systems or traction control. Regardless of how easy and important that knowledge might be.

Instead, the computer industry should be putting it’s efforts into protecting those who can’t or won’t learn better whilst leaving the door open to the hobbyists who wish to go farther than is ordinary.

I’ve heard the argument that knowing all the deep nigglies about internet security is no different than having to learn road signs to drive on the road, and I don’t buy it. Those road signs are largely informative, and designed to be so. They aren’t cryptic and forcing you to guess at what might or might not be true, what may or may not be safe to obey.

Should you need a driver’s license to use the internet, or should we as an industry work towards making technology in general as easy to use as a television? The answer will depend on your point of view and your contempt for your fellow human beings.

Personally, I can say that most of the time, I just want the bloody things to work.

@Mr Young

Your assumption would be incorrect. For quite some time now the number of malicious domains being registered has /far/ outpaces the number of legitimate ones. A true whitelist versus blacklist comparison five years from now would likely find the whitelist an order of magnitude smaller than the blacklist.

It's one of the reasons I vote for the whitelist approach: there's simply no reasonable way to keep up with all the malicious or illegal traffic that's out there. We have reached that point where it’s actually /less effort/ to vet every website in existence than to try heuristics, pre-scanning, or educating users as to the quite literally THOUSANDS of different kinds of threats for MILLIONS of different malicious domains.

If there were only a few thousand, or even a few hundred thousand “bad” domains then a blacklist would make perfect sense. As it stands, even if you subscribe to myriad blacklists simultaneously you are exceptionally lucky if you get 75% coverage. The defences we have – from anti-malware and blacklists to heuristics – are inadequate. They aren’t coping with the onslaught, and if we don’t come up with a different approach they will fail.

That’s not an attempt to be a doomsayer on my part; it’s an observation based on decades of experience. We aren’t winning this war. In fact, despite all the advances in technology I would have to say that we are /less/ secure than we were ten eyen ago. While we are no longer vulnerable to the threats that existed then, there are at least an order of magnitude of new and interesting threats today.

Many of them aren’t even technological. They are social engineering traps. Phishing scams, password scams, or even things to trap you into take an endless series of surveys to pump some scammer’s numbers with a dodgy advertising company.

I believe we honestly are at the point that it is less effort to identify the legitimate traffic and discard all the rest. Even if building that list has to be done one site at a time.