Stuff I Do

There is a new spam that seems to be getting through both our spam blocking measures and is a bit annoying. It comes in a like a regular email and has a link in it with http://{random_characters}.blogspot.com We use TrendMicro’s ScanMail for Exchange as our anti-virus protection at the Exchange level and we do content filtering with this software also. Since the entire message is random other than the .blogspot.com portion I needed to come up with a way to key off that portion. ScanMail will not block just blogspot since it is inside of a string. Using regular expressions you can set it so it blocks these message with the following line in your content filter.

.REG. http:\/\/\w+\.blogspot\.com

Done and the spam goes bye bye now, so does any email that has a blogspot address. This is fine for us since there is a company policy against personal web surfing and blogspot has zero business purpose.

I am working on a web app to replace a crusty old vendor supplied application for our maintenance work order generation software. The application is primarily a Win32 application and the vendor built this bolt on web app to make it easier to have users generate work requests. The problem I have with it is that it is the most convoluted way to enter a work request with big gaudy buttons and the fact that they charge you on a per logon basis to for the application. It is sold in packs of 25 users and we have used up the initial 25 users and don’t really feel like purchasing more for an application that has not had an update since it’s initial release in 2001!

Anyway I am working on replacing this web app with one of my own creation. One of the good things the original application has is the ability to email the requester any updates that might happen on their request as it makes its way through the maintenance department. The way the vendor app does this is they have another table in the database that you add an email address for each of the 25 users who have access to application. Not a real elegant way to do this, especially when you open up the app for every user in the company as I do not want another database to update if someone comes or goes. The downside of our logon names is that they don’t match up to our email addresses, meaning logon names are a series of characters while email address are first initial plus last name at domain, so I can’t just take the logon name and stick the domain at the end of it. The only way to do this nicely is to talk to AD and do a search on the directory for the mail address using the logon name as the filter.

First thing you need to do is turn off Anonymous Access in IIS to where this app is located. From the IIS manager drill down to the directory where the app is located. Right mouse click on the directory and select PROPERTIES. Click on the Directory Security tab and then in the Authentication and access control, click the Edit button. Remove the tick mark on the Enable anonymous access box and tick Integrated Windows Authentication. Click OK twice to save out the settings. This allows you to capture the intranet user as they access the page.

Then at the top of your page you will need to import the directory services namespace and the assembly and we are also going to import the system.net namespace so we can do a workstation lookup also.
<%@ Import Namespace="System.Net" %>
<%@ Import Namespace="System.DirectoryServices" %>
<%@ Assembly Name="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"%>

Then in your code you will need to declare your items. You will have to setup the LDAP string to match your own domain.
Dim strUserName, strFullName, strCompName, strEmail, strPhoneExt As String
Dim entry As New DirectoryServices.DirectoryEntry("LDAP://OU=Users,DC=domainname,DC=com")
Dim mySearcher As New System.DirectoryServices.DirectorySearcher(entry)

Then personally I like to plug these items into the page_load but you can do it where ever you want.
Sub page_load(ByVal src As Object, ByVal e As EventArgs)
If Not Page.IsPostBack Then
getUser()
getUserContactInfo()
getWorkstationInfo()
End If
End Sub

Now for each function in the page_load starting first with the getUser. What is happening here is that the logged on username is captured when they access this page. In my domain, usernames are a string of characters that is not the user’s name, so to get the easy to read full name I need to query AD. First I set the strUserName and strip off the domain name so it is just the pre Windows 2000 logon name. In the second portion of this script do the actual query on AD using the stripped down username as a filter to get to the displayName value contained in AD. At the end strFullName will contain a value such as “John Doe”.
Sub getUser()
' set username and trim off the domain name
strUserName = System.Web.HttpContext.Current.User.Identity.Name
strUserName = UCase(strUserName.Replace("DOMAINNAME\", ""))

' search AD for full name
Dim resultFullName As System.DirectoryServices.SearchResult
mySearcher.Filter = ("(sAMAccountName= " & strUserName & ")")
For Each resultFullName In mySearcher.FindAll()
strFullName = (resultFullName.GetDirectoryEntry.Properties("displayName").Value)
Next
End Sub

With the getUserContactInfo I am gathering the user’s email and phone extension to be saved into the database along with the user’s request for quick easy return contact with the requester. This gets a little different as we use the AD fields a little different when it comes to phone numbers. The Phone Number field in AD we use for DID number and is not real useful for internal work order. Our phone extensions are entered into the Office field and so that is what we are going to query to return the extension of the user in this section.
Sub getUserContactInfo()
' search AD for email address and phone ext for the current user
Dim resultEmail As System.DirectoryServices.SearchResult
mySearcher.Filter = ("(sAMAccountName= " & strUserName & ")")
For Each resultEmail In mySearcher.FindAll()
strEmail = (resultEmail.GetDirectoryEntry.Properties("mail").Value)
Next
Dim resultPhoneExt As System.DirectoryServices.SearchResult
mySearcher.Filter = ("(sAMAccountName= " & strUserName & ")")
For Each resultPhoneExt In mySearcher.FindAll()
strPhoneExt = (resultPhoneExt.GetDirectoryEntry.Properties("physicalDeliveryOfficeName").Value)
Next
End Sub


In the last section, the getWorkstationInfo, I want to know what workstation they were on when they issued the request. This is pretty simple and straight forward on how you gather the workstation name. It comes as a FQDN which I don’t really care for. Since we have only a single namespace, the domain name is worthless to me, so to save space and clean up the look, I strip it off.
Sub getWorkstationInfo()
' set workstation name and trim off domain name
Dim host As System.Net.IPHostEntry
host = System.Net.Dns.GetHostEntry(Request.ServerVariables.Item("REMOTE_HOST"))
strCompName = host.HostName
strCompName = strCompName.Replace(".domainname.com", "")
End Sub


There are many ways to do this and I am not a programmer by any stretch of the imagination, but this works for me. Your mileage may vary on this, but I thought I would throw it out there and maybe it will benefit someone.

I made a boo boo tonight. I was coping some image files from my Windows file server over to my Mac. While looking in finder I thought I was looking at the files on the Mac and deleted a lot of pictures before I realized I was on the network share not the Mac. Doot!

Since this was across the network they will not be in the recycle bin, so after a quick search and trying out different software packages, I found my undelete program. While not as fast nor is the interface as slick as others out, it is completely free so Glary Undelete wins my award for frugal butt saver. Ran the program, recovered my files and breathed a sigh of relief.

Wow is the only thing I could think of when I saw this on my RSS reader. Then my heart sunk, as I am a fan of MySQL but not of Sun and I still wonder how Sun exists today. But further thinking has left me ok with this deal. First off it could be way worse if you think about the power players who cold have bought MySQL, Microsoft could have bought them and buried the project, Novell could have bought them and bungled it as bad as they have the other open source products they have gotten their hands on. Worse of all is if Oracle had purchased them, we would never see another MySQL product again same with IBM. So at the end of the day I guess Sun is OK.

Here is a shot of a Mac Mini cracked open to double up the memory in it and if you check out the monitor you will see it is running OSX Server.

OSX server is a pretty slick piece of software and if you had an office full of Macs it would be spectacular to run. It is all the open source software that I have used on Linux for a long time so pretty familiar with it all, but it can be difficult to understand the Apple think on how some of the menus and screens are laid out.

The trick comes when you tie it into your Active Directory network. There are a few different ways to do it and from my testing they work with varying degrees of success and at the end it has the feeling that it is working by some kind of voodoo. The kind of voodoo where you are scared of a patch breaks part of the integration you will be up a creek. I have not tried it with 10.5 yet and really should sit down and give it another shot.

I could never get the Mac profiles to mount to a Windows server. I could do it when it was a straight Mac network using AFP to an OSX server but SMB seems to not work well for this purpose.

Took this from Digg. Top 40+ plugins for Gimp

I had decided that Vista had been out long enough and the inevitable is that at some point MS is going to force us to use this OS so I had better figure out how to make it work in our environment. Grabbed on of our Dell Optiplex GX520 ( Intel(R) Pentium(R) D CPU 2.66GHz, 1GB memory, 80GB HD, Broadcom 1GB NIC, and Intel(R) 82945G Express Chipset Family) machines off the shelf and installed the OS.

Right off the bat I realize I am going to have to make some major changes to my policies to fit this OS. I notice the on board audio does not work and do some digging around find these hoops have to be jumped through to get the sound card to work. To enable the sound card go to Device Manager right click on the audio device and select Update Driver. After a lengthy time it will pull down and install the drivers for this card. This card is also in other machine we have in our environment which included; Dell OptiPlex 170L, Dell OptiPlex 745, Dell OptiPlex GX520, Dell OptiPlex GX620 and Dell OptiPlex SX270. Should be able to get these added to the Windows deployment for future installs.

Microsoft is trying to make the OS more secure but unfortunately they have chosen to do it in a very obtrusive, annoying way. Everytime you make any kind of change, including removing a shortcut from the desktop you are bombarded with multiple windows asking if this is what you really want to do. You can disable this User Account Control to make it less annoying, but it destroys the perceived or real security it provides.

Started to install all the applications that we use in our environment and notice that on the exact same hardware I have been running XP on, there is a hugh performance decrease. This machine is powerful enough for a standard desktop in a manufacturing environment running XP but under Vista I feel as though I have swapped out a strong machine with something from the early Pent III days and about half the memory. I didn’t do any scientific time studies on how long it took to work an app, I just felt the slow down and noticed hard drive was constantly swapping.

Found most of our applications work fine but have some show stoppers. Our logon auditing software, OCS Inventory NG, would fail to run the ocslogon.exe when run from a logon script. I did not try to install the OCS service as this is not how we use the application nor do we want to install a service on every single machine in the environment. We use PDFCreator to create cheap easy pdf files and it currently does not work in Vista. Our customer service department would kill me if I took that tool away from them. We also use VNC as a remote management tool on everyone of our workstations and there are major issues with VNC and Vista. This means we would have to come up with a new way of managing the workstations. Remote desktop really does not work well here. If someone is on the machine already, remote desktop would kill their session off. Considering we are a round the clock manufacturer, this would be very difficult to find when a machine was not in use. Remote assistance would not really work either as someone is not always at the workstation, they open a trouble ticket and then head back to the production floor. This is why we have always used VNC even though XP had these services to us.

The most perplexing non-working software is you can no longer install Microsoft Exchange tools on your workstation. This means for people like me managing multiple Exchange server you have to pull up a remote desktop of one of your Exchange servers in order to manage your mail environments. This is very annoying to me as I do all my work from my workstation and manage all aspect of the network from one station. It is troubling when MS won’t even get their own software to work together.

There are so many extras that MS has added into this OS that I am trying to disable or make unavailable. Our XP workstation we have sitting in the production basically has a start button and a list of application they can use. We have XP so locked down and stripped of everything that you would be hard pressed to know which version of Windows we are running. Vista has all kinds of eye candy that is completely unnecessary in a manufacturing environment. All I need is a stable platform, to run a handful of selected applications quickly, without requiring me to spend much time managing the environment. At the end of the day, the workstation OS should be the least of my worries and take the least amount of my time. There is nothing important in a workstation OS beyond providing a platform to my line of business applications. Maybe since MS has made tons of versions of Vista they should make one for manufactures like me that has none of the stupid frills and just give me a stable, fast, secure OS.

After about a week of working with this machine, I went back to my XP workstation. For me, Vista just isn’t worth it, or ready for business. XP will be our platform for the foreseeable future.

We have a Catalyst 6513 switch in our core with many blades and hundreds of ethernet cables plugged into the switch. It is impossible to figure out where a particular device is plugged into the switch, right? Nope, it is a simple to track down where you are plugged in at.

On the network device get it’s MAC address then shell into your switch. Enter the command:

show mac-address-table address 0000.0000.0000

Change the 0000.0000.0000 to the MAC address of your device then enter.

What you get back is information from your Primary Supervisor blade and also from your Stand By Supervisor blade telling you that your device is located on which blade/port.

My boss had his MacBook Pro connected to the corporate network and was transferring a few gigs of data between one of our servers and his laptop. It was connected via the built in Gigabit ethernet port yet it was taking entirely too long. He was connected into the core switch a Cisco Catalyst 6513 with Gig blades. Transfers between a Windows box and the servers was not showing the same slowness that the Mac was experiencing. We had this same problem with Tiger and now we are running Leopard and seeing the same issue. On the Mac you can correct the problem by going to System Preferences and opening the Network module. Select the Built-In Ethernet connection and click the Advance button. Select the Ethernet tab change the Configure drop-down to Manual set the speed to match your switch capabilities in our case 1000baseT and set the Duplex to Full-Duplex. It appears that by default Mac will set the duplex for Full-Duplex, Flow Control if you have the network set for automatically. Once those settings were set data transfers were flying.

At this point we began to wonder why we were not seeing the same issue with our Dell Windows workstations. On the MacBook Pro it has BootCamp with a Windows Vista partition installed so we booted into Vista on the MacBook Pro and tried the data transfers again. While Vista transfers are no where near as fast as XP or OS X, it was not as slow as OS X when flow control is enabled. So this pretty much points to the way OS X drivers are setup.

Connecting to the Cisco Catalyst 6513 and doing a sho int on interface the MacBook Pro was connected to showed input flow-control is off, output flow-control is off where we have Windows boxes placed and on OS X stations when we have manually set the ethernet settings. A stock install of OS X connect to the same port shows input flow-control is off, output flow-control is on and data transfers are painfully slow, more than doubling the time required to transfer the same 2.69 GB iso file from the same NAS device.

Since we are getting more Mac devices in our environment, and we don’t feel like changing all the settings on each workstation we set out to find a way to make sure this can be altered on the Cisco gear. What we found is that this only effects workstations connected to our core 6513 since our distribution switches are Catalyst 3750 and output flow-control is unsupported on those devices. On the 6513 all that needs to be done is to change the port settings with flowcontrol send off and this will resolve all OS X issues with line speed.

Turning off flow control on the switch should not cause any ill effects on performance if your network uses high level protocol like TCP as it already has a built in mechanism to control data flow rates and this basically duplicates the control gaining you nothing, in theory. When you turn off flow control you will get a momentary disconnect to what ever is connected to that port so not a good idea to do this on all ports during operation hours.

The wife thinks I am a dork and she is probably right.

I have download and am watching the tour of the new Mac OS X 10.5, Leopard. The new Finder with Coverflow looks good and I like how you can use Spotlight to search the network and it all comes back to Finder still using Coverflow. Timemachine is how user backup tool should be and might make me actually get an external drive. Spaces is nothing new, Linux desktops have had virtual desktops for years. I have not used mail and have always been a fuddy duddy when it comes to my mail. Give me Pine and I will read my email from the command line thank you very much. But since most people are not spartan in their email usage I can see where Mail would be cool. I like the idea of it adding items to you iCal and Address Book with easy clicks. iChat Theater is freaking awesome. I can see where this would be especially useful for remote meetings being able to see and hear the presenter and having a easy way to display multiple document formats. Screen sharing could be useful supporting remote users too. I would like to see one over a internet connection to see if there is lag sending or not.