THE OFFICIAL BLOG OF THE SBS DIVA

Normally I try to come up with some kind of witty post title..but I just can't come up with anything else but.... I'm bummed.  I'm watching CNN.com/NEXT show and this is the last edition of this show.  First I lost CNet's computer TV show that used to be on Discovery channel.... and now CNN's NEXT show.  TechTV is into video games [which I'm not]... I mean what's a girl geek to do when all of her geek shows start going off the air?

Starts to make me think ...why is that?  Is it that technology just isn't newsworthy anymore?  Or is it that it's just more common place and normal?  I mean walk into any department store [like Target] and look at all the technology that is just normal.... digital cameras, DVDs, MP3 players, are just normal now. 

Daniel Sieberg... while you say you'll still be doing tech and science spots throughout CNN, it just won't be the same.  I'll miss you on the weekend.  I've been used to you every weekend for the past three years.  Thanks for what you did do, showing me some new things, and providing things for me to google.

Seems a bit odd when we should be emphasizing science and technology in this world, that in the media that I see, the level of science and technology feels like it's actually decreasing.  The Learning Channel seems like it is more home makeover shows than it is really teaching me anything these days.

Well I'll have to go in search of geek shows.  I'll let you know what I find to take Daniel's place.  It's going to be hard to fill his shoes is all.

Thanks for three interesting years!

Out and about running a few errands today, I stopped and got gas and noticed at the gas station not far from my house the advertising banners at the station were half in English and half in Spanish.  Later when I went to Target [we call it Tar-shay you know], the voices around me were mixtures of English/Spanish and English/Laotian.  Keep in mind that I live in the 'breadbasket of California' and yet look at the United Nations around me that I totally take for granted.  It's just part of California and where I live.  In fact in Fresno, the Spanish TV and radio stations have higher ratings than the English speaking ones do.

It got me thinking on the localization issues that businesses must face on a regular basis, and of course Microsoft and SBS being an example of a business that needs to take something and translate it.  For SBS I think if I remember right, they come out with 17 different language versions of SBS.  Just the other day in the newsgroups a guy posted in about hotfixes and I used Google's translation service to translate the “hotfixes are free” but I apologized for using Google translation because I know how it can lose meaning and be a bit insulting sometimes to the poster.

Take for example this phrase: 

• Hotfixes es una llamada libre, servicios de ayuda justos del producto de Microsoft de la llamada. 

Let's see what happens when we now stick it in Google to go back to English.

• Hotfixes is a free call, right services of aid of the product of Microsoft of the call.

Uh...yeah... that's sounds self explanatory doesn't it?  Want to know what it started out as?  Hotfixes are a free call, just call Microsoft Product Support Services.  Yeah, see what I mean?  Loses a bit in the translation, doesn't it?  So now think of the problems we face in a global world of technology.  Geeks have a problem communicating in the first place and we lose things in translation.  Talk about a compound problem.  

I'll admit this is one area that I am vastly undereducated on.  I slid though my education without the need for a secondary language [and no, Geek is not officially designed as a language so I can't count that].  My sister knows enough French to say “My pencil is yellow“, I know enough Spanish to be able to order off the menu of a Mexican Food Restaurant.  Meanwhile in the ranks of my fellow MVPs from other countries... while they speak and write fluent English and it's not even their only language.  I think Mariette and Marina probably know about 10 languages between them.

Heck, look at Sam the SBS server... he speaks 17:

I barely speak English and he speaks two versions of Chinese, two versions of Portuguese and Russian.  I got a book on learning Russian in high school and more than anything else I remember that “e's” look like “'3's”.  Like I said, vastly undereducated when it comes to foreign languages and 'localizations'.

But remember, while we do have localized newsgroups, they don't get as much traffic as the English speaking ones.  As long as you can speak write English, can translate the error messages if Google can't do it for us, just remember that the communities of SBS that have the primary language as English, your geek peers, can still help you.  A computer error is a computer error and I still say that Geek truly is the universal language.  And if you don't mind if Google and I massacre your language I can always do this:

• Hotfixes sind ein freier Anruf, gerade Anrufmicrosoftprodukt-Beistandsservices.
• Hotfixes sont un appel gratuit, services de support justes de produit de Microsoft d'appel
• Hotfixes è una chiamata libera, servizi giusti di sostegno del prodotto del Microsoft di chiamata
• Hotfixes é uma chamada livre, serviços de sustentação justos do produto de Microsoft da chamada

For the record that's German, French, Italian, Portuguese .... well...it's supposed to be anyway.  In the original post I also included Japanese, Korean and Chinese but .TEXT didn't like the characters and wouldn't post them. 

So what about you?  Do you face any localization or translation issues where you are?

Like I said... I barely speak English. 

It's always great fun sticking some new piece of software on your 'baby' and making sure it comes through the worm hole to the other side.  One HP ROM upgrade [burn from the web iso to cdrom] later I've got the following upgrades inplace:

ROM upgrade went from 2004.8.26 to 2004.12.2 [Which is what I need to be ready for SBS 2003 SP1]

Array went from 1.92 to 2.34  [ooh up a whole digit]

Lights out went from 1.62 to 1.64

My Insight Management Agent is still at 7.10.0.0 which means I still have the Data Execution Prevention issue on my box if I don't upgrade so I'll be upgrading the IMA to the 7.20.0.0 version. 

One update down, one to go and this is still our “homework period” of just getting ourselves in tip top shape before the service pack.

So the Copier/Scanner/Printer company faxes me a network pre-installation/configuration information sheet to fill out and they want to know stuff like... oh...domain name, IP address, DCHP, default gateway, DNS [primary and secondary] ....and this is kinda cool, they specifically ask about SBS as a network device.  Hmmm that must mean they've had enough of them to be an item [sometimes us SBSers don't think of ourselves as Windows 2003 servers and sometimes network technicians need to know exactly what we are]. 

But then here's the kicker...they ask me for the mail server name and a username and password on that mailserver. 

Uh...I don't think so.....I give you a username and password to an email account on my box and I've handed you privileged information sir.  There is no way I'm giving you that information when I've signed no contracts, and this is merely a pre-configuration sheet.  Heck, while it looks good that we'll go with your system, I'm still not writing down a username and password and giving it to you to keep in your filing system since I don't know how well it's secured.

So I filled out 'some' of the information, prepared a Visio diagram to showcase the firm's current network and faxed that over to them.  But I didn't put in a username and password.

Did find something out ...when I was discussing the diagram with a co-worker, they looked at the Visio diagram of the 'cloud' and said “what's that?”

I forgot that not everyone knows the geek picture icon representations for the Internet....it's a cloud:

So in my office it's Cloud to router to ISA server to Server to Switch to workstations to my workstation and here we are where I'm about to press the post button so this blog post will go from desktop to cat5 wiring to HP Procurve switch to SBS 2003 to router to Pacbell to the World Wide Web to...well...that Cloud.

SBS: Shiny and New with SP1
Small Business Server, Microsoft's all-in-one solution for small businesses, is getting its first service pack. Changes to an all-in-one system can be risky, especially since SBS is targeted towards businesses without full-time IT Staff to fix things if they go wrong. Windows IT Pro author Michael Otey has run SBS SP1 through its paces and will answer your questions about SBS SP1 deployment, features, and fixes. Come find out why you should consider installing SBS SP1 and what you need to do to help your business or your customers plan deployment.

Hello ...hold the phone...”why you should consider'?  Consider?  Whoa...as Yoda would say ..there is no Try ...there is only Do. 

Yo, folks... there is no 'consider installing it' when it comes to this important of a service pack... You DO it.  The only consideration here is WHEN...not IF...but WHEN.

In about 30 minutes I'm upgrading the ROM here to be ready for SP1... so remember.... DO IT not “consider it”.  In fairness though... it should be TESTED on a non production system first before you apply it.  Don't have a non production box?  Wait and have the community shake out any issues first and we'll guide you through it.

Sometimes it's funny how people react to things.  There was a recent set of stories of how the next version of Windows would have a 'black box' feature to aid in gathering data of system crashes and what not. 

In some circles you would think Microsoft has a division that just can't wait to read what stuff we have on the computers.  Just take some of these comments:

“My initial impression is that in the health care industry this will be a violation of the HIPAA security rules.” and “I've heard a lot of discussion on Microsoft's privacy issues. I was an avid Windows XP user, using it for personal web hosting and gaming. But discussions like this BlackBox and Palladium have gotten me spooked”

And yet, do many of you realize that as of right now, if this is a privacy issue to you later, it is a privacy issue now...and better yet, do you realize what benefit it is?

First off there is a setting, a registry edit that you can do to turn this off if you are that paranoid and concerned.  Furthermore, when the crash dump occurs, say no and don't send it.

HKLM\Software\Microsoft \DrWatson \CreateCrashDump is the registry key if you want to disable it...but wait... keep reading...

But do you realize the benefit of these dumps?  Case in point is SBS.  Last April we saw our SBS boxes blue screen and send a dump off to Microsoft, it ended up being a virus engine update that they knew BECAUSE of the crash dumps.  They knew within minutes while the rest of us were totally guessing.  Charlie Anthe has posted before of all the items that have been identified because of crash dumps.

You can take a look at this link http://oca.microsoft.com/en/Response.asp?SID=896 and see what kind of things have been found with the online crash report.  Change that SID number in fact and you'll see the kinds of things that have been found.  The Data collection policy is posted on the web site.

As it says on the site “When collecting information, it is possible for personal or confidential information to be present in the report. For instance, a snapshot of memory may include your name, part of a document you were working on, or data you recently submitted to a Web site. It is also possible for personal information to be included in a log file, a portion of the registry, or other product specific files needed to determine the cause of the problem. If you are concerned that the report may contain personal or confidential information, please do not send the report.”

Bottom line if you have a concern about the black box technology in Longhorn, you should have a security concern now.  The technology is not increasing, it's just enhancing what's already there.  It's like the concept of the SBS community.  Peer sharing so we can all benefit.

Now how about taking some if this paranoia against our line of business vendors can't do least user privilege coding, eh?

Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore

There are a couple of things that are in the near future and one that we majorly need to get on the backs of our application vendors on that are touched by Security Law number 2.  This law says that if you don't protect your system registry, you may not have a good system.

Well guess what class...what do most of us do to our system registry?  We leave it wide open to be messed with all the time.  Show of hands... how many [including myself as I've got a couple of desktops that I haven't fully done this to] are running with full rights to that desktop?  We leave our registries wide open for attack.  I'll be the first to admit it's not easy running with least privilege user rights...what we have to do to classesroot to get Quickbooks to run in LUA is insane. 

So we don't even do ANYTHING to help even get close to protecting ourselves on law number 2, we leave ourselves wide open from the get go. And this is something we need our vendors to help out on.  My Threatcode site is back on the air and we truly need to get these vendors ready for Longhorn and LUA.

If you own a Dell, the notification email you need to sign up for is here.  Andrew posted the link but the blog format means that it ended up a bit down below in a weird location so I thought I'd posted it as a new post.

So there you have it.  If you had a Dell or HP, you have some newsletters to sign up for, don't you?

I've signed up for Microsoft's security patch emails, but there's another category of patch emails that I haven't signed up for until now.  My hardware patch notifications. Out on the HP site [and look if Dell has a similar offering], there is a place to sign up for driver update notifications for my model of server.

Receive proactive customized emails on an as available, weekly, or monthly basis that provides drivers, software patches, product change notifications, customer advisories, softpaqs, patches, security bulletins, and more across 95% of HP’s business product lines. Each HP Technology at Work alert email provides a short description of each personalized alert and then links you to the location where you obtain the latest support information for your HP products

Danny points out there's a one stop place to update the firmware in the server before the update.  The link it at HP and there is one thing I noted about it.  The link actually goes to a ftp site that unless you have the fix for 05-019 in place or passive FTP checked, your browser kinda sits there.

If you are having issues with FTP, remember get the hotfix here...or adjust ftp to enable passive ftp [go into Internet Explorer, Tools, Internet Options, Advanced, click the box 'use passive ftp'.

In the meantime I'm pulling down the zip file to build an iso image that will have the needed updates for my server to prep it for Windows 2003 sp1 which is included in SBS 2003 sp1.

Thanks Danny!

So don't forget to do your homework!

Out on the HP web site and checking that I'm ready to go and it looks like I need to do some homework on my HP system.  This HP document is the recommendations for Windows 2003 sp1 on ProLiant servers.  Now I have a ProLiant ML370 G4 Xeon.  And according to this I need a minimum ROM date of 12/2/2004.  Hmmmmm.. well since I know I installed that little guy over Thanksgiving weekend that tells me I need some ROM upgrades in order to be ready to go when the Service Pack for SBS 2003 sp1 comes.  It also indicates that I should have the 7.30A Proliant support pack [I have no idea what I have] and it says the harddrives I have have the right digital signature. That's nice to know [I'd hate to not have the right drivers for those drives  :-)

Ah ha, there is a known issue with Data Execution Protection [DEP] and Windows 2003 sp1.  When DEP sees something trying to do something weird with memory it freaks out a bit and protects the system and there's an known issue with HP Insight Management agents and SP1 [I'll have to see if  I have those installed].  I saw this actually back in the beta as when Trend sent down their major update for the antivirus when they had a patch, the engine update caused a DEP exception.  You can put in an exclusion or you can get an update for the HPs from this link.

Bottom line... I have some ROM updating to do in the coming weeks before that SP comes out, me thinks.

Courtesy of Today's Microsoft Download site

Find the details about what’s new in Windows SBS 2003 with SP1. Service packs and updates are listed in tables and categorized by the Windows SBS feature area for easy reference.

Hmmmm..... I think I smell something cooking in the kitchen and getting near done, don't you?

Remember 60 days from March 31st is the official date, but if I were you I'd be checking Dell and HP and your hardware vendor for any compatibility issue with Windows 2003 sp1 now.

In fact, that reminds me, I need to go do that myself  :-)

So I've had a couple of vendors in to discuss copiers and scanners today and one of the ways the copiers can now connect is via SMB and of course the first thing that goes through my mind is SMB signing.  I've asked the copier vendors to get back to be on their requirements for smb signing because honestly I'd like to leave it on.  The Windows networking article here talks about the benefits of SMB signing and honestly I don't notice any performance hit in my network.

But it is interesting to think about... when attaching devices to your network, think about what insecurity they might be introducing as well.  They too are a device with software and may need updates.

It wasn't my workstation...but rather than of my hairdressers.  I was cleaning it up for her.  And even with Norton Antivirus and Microsoft's Antispyware I only  had about 3 minutes after bootup before 57 Internet Explorer Windows popped up ...mind you this was with the machine “not” on the Internet.  Oh and it had about.blank on there as well.  So what did I do with it?

I booted it long enough to get the necessary documents off [which fortunately didn' take that long] and then I booted it from a Windows XP cdrom, removed the partition, repartioned it and had it totally wipe the harddrive and reformat.  Now I'm putting programs back on.

Oh, and I'm doing something else too... I'm making the daughter and son's account into limited user mode and not giving them administrator rights.  You see that's how this computer got into this mess.  Even with Norton up to date... even though Microsoft antispyware was on the machine [which in fairness this was added later in a last ditch effort to clean the box, unfortunately it was unsuccessful], and even while I was getting the data off, the spyware cleaner was attempting to block stuff but it just couldn't do it. 

Now this system has XP sp2 on it with the firewall enabled and the auto updates turned on.  Antivirus is on, Anti Spyware is on.... and now I'm sending it back off to hopefully stay safe and secure.

Anne Stanton and Jeff Middleton

On SBS Server Migrations ....and.....Migration projects as Business Opportunities

• May 17th  - New England Small Business Server User Group in Boston from 5 to 10 p.m. at the Microsoft office in Boston
• Registration link to come

• May 18th - NY SBS IT Professional's Group - from 5 to 10 p.m. at the Microsoft office in New York City
• Click here to register

• May 19th - Washington DC SBS User Group - from 5 to 10 p.m. at the Microsoft office in Washington DC
• Click here to register

For those of you on the East Coast you have three chances to meet up with this dynamic duo of Swing.

I'm going to remind folks of the 10 laws of security....this came up because someone in the newsgroup asked if there was a weakness in SBS because someone reset the admin password [but that's to be covered in Law # 3 so stay tuned for that]

First up is:

Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore

Like the law says... if you didn't make that sandwich and don't know who did... would YOU eat it? The same is true for software.  And especially for anything that comes free.  If it sounds too good to be true, it always is, isn't it?

hmmm... why am I all of a sudden in the mood for a toasted cheese sandwich.....

I was out googling today and don't ask me why I googled on my name [vanity kicking in or something] and on the right hand side I saw something that just made me flabbergasted.  On the right side of Google are 'Sponsored Links'.  And there was an ad for “Hey Susan Bradley SBS Fan”, and advertising tips and tricks for small business consulting.  Except there's one problem.... um...you see....that's not my web site. 

So to all those out there googling... know there's only one me and I don't advertise on sponsored links.  Heck... I don't advertise period, I just blog.

I've pinged Mr. Feinberg to stop advertising his site as being related to me.

I'm just an SBSer out here helping other SBSers and kinda feel a bit strange with Mr. Feinberg taking advantage of SBSers to get them to come to his site.  That's an old fashioned bait and switch tactic in my book.

For the record, I'm in the newsgroups, the blog, in Harry's Advanced book.  But I'm not on Josh's web site.

I was helping my Dad and a neighbor with their computer [got them on XP sp2] and now they have a lovely red shield down in the system tray that warns when things are not as they should be.  I was there to help them with speakers that weren't working and they were thinking it was a driver issue.  Well I checked the control panel and could tell that it wasn't the driver as there was no “!” in there so I tried the next solution that normally works.... and that's merely to change out the speakers.  Yup that was the trick.

Sometimes you just know to try something like hardware.  But sometimes you know to look in software.  We had a scanner that needed an updated driver.  A pop out to the internet and all was well.

But it makes me think of all the things that I just take for granted.  Knowing that the event viewer is there, that I have www.eventid.net around.  That [and this is the really important one] I have a peer group that I can go to and say “Are you seeing this?”.

Benchline, Benchmarking, whatever you want to call it... it's all about knowing what is 'normal'.

To all those out here that help me do just that, Thank You.

A couple of links on patch management

First off is the recording of the Patch Webcast [where I only coughed once] and the second is a blog post regarding patch resources.

And of course don't forget my fav... www.patchmanagement.org!

Pattern File 2.594.00 may cause high CPU utilization
http://www.trendmicro.com/en/support/pattern594/overview.htm

From the bulletin:

Why did this happen?

To protect its customers against the growing threat of the WORM_RBOT family, Trend Micro enhanced the decompression ability of its Pattern File by supporting 3 new heuristic patterns, including UltraProtect decompression, in OPR 2.594.00.

Due to an isolated anomaly in the engineering, development and pattern release process, the UltraProtect decompression may, in certain circumstances, cause some systems to experience high CPU power consumption. This can lead to system instability when this specific file type is scanned using Pattern File 2.594.00.

Hmmm... you know what I want to see though?  Something that says "we've put in place "this" to ensure that this anomaly doesn't happen again. 

This was definitely a world wide event as I got a link on a Japanese blog, Martin Roesler posted to the Full Disclosure list, and some newspapers in Japan had to resort to fax machines and it's reported in Incidents.org.

About 3:35 PDT in my office, the receptionist buzzed me saying her machine just 'went wacko' and when I went to look at it, it was totally unresponsive.  When I went to do a hard reboot and restart, it was totally grinding on 'applying computer settings'.  A few minutes later another co-worker walked by the front desk to tell me that he couldn't get to network and that's when I knew something was up.  I think fortunately because I have two processors, the server was still a bit responsive as I could get to the event logs and could see no unusual activity.  Knowing that the other 'change' introduced into my system is always antivirus, knowing that about a week before the dat file update on my workstation had ground my machine to a halt, I just for whatever reason, wondered if Trend had done something.  So I got into the virus dat update log files and sure enough, could determine that the timing of the update matched up with the 'event'.  The next step I did is something kinda weird...but it definitely came in handy.  I purposely have a wireless connection that goes around my server.  I set up a laptop, logged into IM and immediately looked at the folks that were online in my IM listing.  Chad's online!  I pinged him and asked if his server was doing anything wacko and he confirmed that he was right in the middle of attempting to get his server back into a responsive condition.  Bingo.  I'm not alone.  Then I checked with Super G.  About that time Michael C pinged me on IM to ask and sure enough he was seeing it too.  About that time Chad said that the SBS2k list was starting to report issue. 

I'm relaying this story only to showcase how understanding what changes might be occuring to your system [virus updates], what community resources you have [newsgroups and listserves], and access to the Internet in case of emergencies helps.