Photo by Phillie Casablanca
It's been a year since the EU mandated browser ballot in Windows has been in place. PC Pro has an excellent article summarizing the results so far and they are interesting. Some of the smaller browsers have seen bumps in their usage, but they were so small to begin with that it wouldn't take much of a push to see bigger numbers. Looking at the "big 5" it's clear that the ballot had very little of an effect. There does appear to be a small drop in IE and boost in Firefox immediately after the ballot's release, but then the original trends continued.
I was never a fan of the anti-trust cases against IE in the first place, as they seemed to be "fighting the last war." Microsoft's dominance was more due to competitor screw ups as it was to Microsoft's malfeasance. Their monopoly was going to crack as soon as they slipped up and we all knew they would. Firefox and Chrome are starting to eat IE's lunch and is going to start on its dinner in the not-to-distant future. This is happening even without any of the anti-trust cases making any real difference.
If the goal of the ballot was to end Microsoft's dominance in browsers then it seems to be a big bust. At least for the 7 smaller browsers that were left off of the first page of the ballot and certainly for the other browsers that didn't get in the list at all. What about them?
As a system administrator, when you are called to the 8th floor to show the one company hottie how to pull the plug out of her computer please take one piece of advice: Don't eat solid food while you're up there.
My experience shows that many Sys Admins seem to chew their food as if they are on the third round of taste testing peanut butter. If you must have an oral fixation on this service call, take a Coke, or water or, even better, a flask. For you Python heads, I'm not talking about YOUR type of flask, I'm talking about the real flask. The kind your grandfathers used to carry. The kind that stopped bullets and still held the whiskey.
We should go back to the days of flask. If you're lucky enough to work with a company that allows alcohol to be consumed on premises, then, well, you've already won. Take a nip and get back to work. For everyone else, go buy a flask, put some whiskey or Ouzo or whatever you want in there. You wanna look like a bad ass? Well, screw it. You're a geek... you're not going to look good. Well, actually, wearing an eye patch with your flask...hmmm, that might restore your reputation after your ass-cheeks shine forth like Cherubim when you're under a desk connecting all the cables. The flask\eye-patch combination will remind your co-workers that if they continue to screw up their computers they're going to be visited by the one-eyed curmudgeon with the flask. For women sys admins, don't worry, every guy you visit on a tech call is already emasculated without you having to don any props, let alone a flask. As far as women Sys Admins helping female customers... you'll probably run into the Queen Bee Syndrome. As a guy I'll tell you straight up... "yeah, you're on your own with that one."
Anyway, I digress. The flask represents Freedom. Not only does your flask tell your co-workers that its not all about them it tells them it tells them that they are lucky, NAY, blessed to have your attention, however fleeting, at this moment. You will get direct answers. You see frightened swallowing. You may even see beads of sweat. Harness their fear. You may also get a call from HR but that's another blog...
Yes, I carry a flask. Yes, I keep it filled with Jack Daniels. Yes, this next one's for you. Now pull your up those pants, close your mouth when you chew and for god's sake turn down .38 Special blaring on your computer. It's getting embarrassing.
I hope you all still have a daily diversion. Get on Cracked or The Onion or BBSpot or any number of humor sites. Hey, did you see this one from Cracked?
What can I get for $34,761.27, anyway?
For what it's worth, that's what our company has spent on cell service and cell phone hardware since April 2002. The only problem is, we're not getting everything that we want from Verizon, who has been the recipient of every penny of that sum. So, I'm doing the unthinkable; considering a new carrier.
I pay on time, every time, so no worries there. But before I start taking applicants, let me set some ground rules.
I won't complain about monthly minute charges because I'll buy your unlimited package for all of our phones. Nor will you hear me opining about the high markup on replacement charging cords, USB, mini-USB, or any other connectors. I won't break a sweat about waiting in line at a store, or waiting for donkeys years for a rebate check.
I will, however, take issue with two areas.
- Stupid, non-beneficial, whats-that-for-anyway fees.
- Technological limitations.
Allow me to explain. When one of the principles of our company needed to spend extended time in Australia, it was only prudent that we place his U.S. cell phone on hold. After all, he'd be gone a month plus, so why pay for service that won't be used?
That's when Verizon hit me with the $15 dollar 'on-hold' fee. So why would someone who uncomplainingly spends so much on cell service get heartburn about $15? Because it falls squarely into 'stupid, non-beneficial, what's-that-for-anyway fees'.
Rather than take it lying down, I calmly asked the operator to kindly review the importance of that $15 'on-hold' fee vs. the ~$4k I spend each year on Verizon service, and to then make what he felt was a prudent decision.
He waived the fee.
I was then annoyed to learn that there wasn't a way to pause a line without having that line appear to the world to be disconnected. I would have paid a small fee for something like VM, or a message stating that the line was paused due to int'l travel, or something other than what callers to his phone actually received. Remember, I'm against non-beneficial fees. The ability to tell people that a line is only paused vs. disconnected is definitely a value.
Still… that experience wasn't enough to cause me to leave. But before I get that relative point, I must make a slight, but necessary, detour.
In November 2009 and I purchased two Motorola Droids and two HTC Eris phones. (As much as I enjoyed my Blackberry 8830, I finally accepted that RIM was the Iomega of the new century, and decided we needed real smartphones). I was pleased with the Moto Droid. Great apps. Great phone. Fantastic camera.
14 months later and my phone is dying a painful, prolonged death.
It hasn't taken any nasty falls or been doused in a Jack Daniels bath (as the other Moto Droid in our company had during the aforementioned flight to Australia).
Nope. My phone was in good shape. Unfortunately it just started dying. Shaking screen, unresponsive tapping, and text messages that would autofill with garbage text. My phone was possessed. Hammering out a text message was like entering a low-budget remake of Poltergeist.
Warranty expired. What do I do?
Oh, I know what you're thinking. Verizon has the iPhone now. Well, allow me to opine.
I love Apple. They are the only vendor outside of Verizon that has received more of my money. Lest you doubt my Apple credentials, I have the new MacBook Air, the iPad, the 28" iMac (which I am using to write this blog, incidentally), two MacBooks, two MacBook Pros, two Mini's, and more iPods than I care to count. Yep, my Apple credentials are all in order, thank you. (If I got into the company Apple assets it would be an entirely new blog post).
So why not jump in and finally get the one Apple gadget that I don't already own? Simple answer. I'm not interested in spending hundreds o' bucks on 3G anything.
The Verizon iPhone would have been cool in '08, '09, or even early '10. Sorry, '11 is too little too late. When the 4G iPhone does come out, I'll be tempted, but it likely won't get beyond that.
Today at the Verizon store, where they pronounced my beloved Moto Droid DOA, the Verizon employee dropped the straw onto the camels back.
Verizon 4G phones, when they do come out, will still not be able to simultaneously browse the web and take calls. Even though they are leaving CDMA behind, they will still ("initially") have this problem.
Ummm, Verizon? This isn't a minor glitch or a 'nice-to-have'. Cell phones and broadband are seamlessly tied together. Crippling one to serve the other is the wrong solution. Answering a phone call without jeopardizing my wireless tether is important to my business (and sanity).
Just how important, you ask? Well, it pains me to say this, but for the first time in almost ten years I'll visit Sprint, AT&T, and T-Mobile stores.
It should be a quick visit to each. I'll only be asking one question.
What can I get for $34,761.27?
*** UPDATE ***
Because this limitation has been existing at Verizon, many users, myself included, have resorted to aircards. The allure of GSM is that many of us could (finally) elect to use just one device. (Thanks to warrenk for pointing this ommission out).
Follow me on Twitter @ShawnAnderson
Photo by Keith Williamson
I was reading with interest this overview of the "Cyberwar Panel" at RSA 2011 and ran across this sentence about regulating IT security:
"Regulate results, not technology." Schneier said. "If you regulate technology, you stifle innovation. If you regulate results, you incent innovation."
I got to thinking what that could mean. It's pretty obvious how to regulate results when you have a specific measurable goal such as smog reduction or crash safety standards. But how do you regulate results when the ideal result is "nothing happening?" It seems to me that there isn't a meaningful way to regulate without regulating technology (at least to some level) and the rate of change in the world of computing and networking is just too high to allow that to work.
Then there was talk of modelling security regulations on Sarbanes-Oxley:
Chertoff called for a regulatory framework where company executives and board members sign on the dotted line, certifying what steps they have taken to secure their network, what backup systems they have in place and what level of resiliency is built into their IT system. “People take that seriously. Is it dramatic? No, but it moves the ball down the field,” Chertoff said.
Schneier concurred, noting that holding individuals at a company accountable for certain protections has worked with environmental regulations and Sarbanes-Oxley, the post-Enron law that requires directors and executives to certify their financial results.
Sarbanes-Oxley has certainly worked if the goal was to prevent companies from going public in the US. I don't really think this is any kind of model to base regulations off of.
I personally think that the main reason we haven't had a "Cyber Pearl Harbor" is due in large part to the absence of regulations. The rate of unfettered innovation has meant that the security environment is so diverse that it's not possible to lauch such an attack at a single point. The Stuxnet worm is a good example. Not only is it probably the most advanced and complicated attack yet devised (and possibly with the resources a nation state behind it) but it also got nowhere near the destructive power that's got regulators worried.
I'm not foolish enough to think that a "Cyber Peral Harbor" is impossible, but I also think that if such a thing is possible it's going to be happening in a way that no foreward thinking (short of divine prophecy) is going to prevent. As soon as regulations come into play then technology will begin to homegenize and a single point of failure will become more obvious.
But I'm not a security expert, just some idiot with a keyboard, I'd love to hear what your thoughts are on the topic.
When we decided to release the Pro version of PDQ Deploy one of the features that we were excited about was that it was "multi-user", meaning multi-admin. There are some other major features that differentiate Pro from its free step-brother such as scheduling and the all-important ability to run multiple actions within each Installer. But a funny thing happened on the way to the looney bin: Most of the feedback we have received showed that few cared about the multi-user and were more concerned with having to manage a new SQL server which, PDQ Deploy Pro required. "Whoa! Required? What's with the past tense?"
Heh heh, you don't miss much do you Eagle Eyes Keaton. Yes, we are removing the requirement to have a dedicated SQL Server installation.
You see, another goal that we, at Admin Arsenal, have is to be agile. We've made some great strides in achieving this goal and now we'll prove it.
We are going to release a new version of PDQ Deploy Pro that does not require a complex SQL Server to run. We will deliver a Pro version that has all the features that you love - quick deployments, multi-action, scheduling, bandwidth throttling, etc. - with the exception of being Multi-user. It was the multi-user feature that required the more complex SQL Server. By scrapping the feature that, according to our customers, wasn't going to be used anyway we are able to give you a much more manageable and intuitive software distribution tool.
You can expect to see this new version within the next few days. (Yes, days. Told you we were agile) We will put it out to a public beta and then give it a final release.
This change also serves notice that Hey, WE LISTEN TO YOU.
Let us know what you use in our products. What features would you like to see? What features do you think suck? To paraphrase Sam Kinison (I can't actually quote Sam since this, ahem, a PG rated blog) "Don't tell your mom! Don't tell your girlfriends! Tell US! We're the ones that [make the software for] you!"
Of course I'll contradict Sir Sam right now and say that if you like our software, please tell your friends, particularly your nerdy ones. Now go forth and deploy.
Follow us on Twitter @ShaneCorellian @AdamRuth @ShawnAnderson
We are pleased to announce that version 1.2 of PDQ Deploy and PDQ Deploy Pro have both been released today. They are both available for download right now. We appreciate all of the assistance given by the various beta testers out there, and we hope that this release will set the foundation for some of the newer technology we're working to bring out right now. We've already discussed many of the new features in this release so instead of going over them again I'm going to quickly go over some non-technical changes with this release.
As many of you may have noticed we have changed the licensing scheme of PDQ Deploy Pro. Based on feedback we've received we decided that it was best to move to a license scheme similar to that for AA Console. Instead of being licensed by the targets that receive deployment (per-seat licensing) it is licensed by the number of administrators who use it. This style of licensing makes PDQ Deploy Pro much more affordable and simpler to deal with. It's cost effective for a company to start with a single administrator license and then expand to more users as the need arises.
Along with the new licensing we have revamped our purchasing web site. This new site will make it easier to order multiple products and to expand licenses or extend maintenance. Each licensee now has a customer number which can be used to log in and see what is currently licensed and to more easily make changes. We will expand this functionality in the future as we add additional products and make other changes to our offerings.
Something else that we've rolled out recently is an e-mail notification system to be notified when new versions of software become available. Checks for new versions in the software are great, but they don't always work in all environments (proxies and firewalls can block the signal). In order to be kept up-to-date feel free to sign up for e-mail updates. You can unsubscribe at any time.
We hope that these and other changes will make your lives easier as you use our products. Please feel free to let us know what is and isn't working and we'll do our best to make things even better.
Our previous post demonstrated how to customize Adobe Reader 10 using the new Adobe Customization Wizard. In this post we'll demonstrate how to deploy Adobe Reader to all of your computers. We are assuming that you have created your transform (MST) file using the customization wizard. (see customization video)
Locate your AcroRead.msi file. Right click on it and select "Deploy with PDQ".
PDQ Deploy will open and populate the "Installer" window. We assume that you are deploying Reader using a customzied MST that you created with the wizard. Check the "Include entire directory" checkbox. In the Parameters field you'll need to reference the MST file.
NOTE: Only reference a TRANSFORM (.MST) file if you have created one using the Adobe Customization Wizard. Referencing an .MST file that doesn't exist will result in the ever descriptful MSI error 1624.
Hit "OK" and the Installer is created.
The next step is to deploy the installer to some or all of your computers.
Select "Deploy" and let's choose which computers you'll deploy too. You have four options to select target computers.
- Manual entry (typing each hostname)
- Import (text file with one hostname per line)
- Active Directory collections
- AA Console containers
After you've selected your computers you can hit "Deploy Now".
The deployment will start and the status will be displayed in the window.
We've done posts before on deploying Adobe and using the Adobe Customization Wizard, but when new releases hit the market we like to do some refreshers. Adobe X is still new and has yet to be adopted on a mass scale, but it's starting to show some growth.
If you have any questions about deploying Adobe Reader or about using the Customization Wizard for Reader X let us know.
As per usual, here is our obligatory video showing what we've just discussed.
Install Adobe Reader 10 to all the computers
in your company today using your FREE copy of PDQ Deploy.
Follow me on Twitter @ShawnAnderson
Adobe Customization Wizard in 6 Quick Steps
- Be sure that you have the most recent version of Reader.
- Install the Adobe Customization Wizard for Reader X. (ftp)
- Extract the .MSI from the AdbeRdr10xx_yy_zz.exe file.
- Start the wizard and open the AcroRead.msi file.
- Customize to your hearts content.
- Save your project (which creates the TRANSFORM file, AcroRead.mst).
***Note: Note that this method of installing Adobe Reader is intended for new installations of Adobe Reader X. If you are upgrading from an existing Adobe Reader X (e.g. upgradging from version 10.1.0 to 10.1.3) you only need to run the MSP file (you will extract that later in this article).***
After installing the customization wizard it's time to extract the AcroRead.msi from the Reader EXE. (see video)
To extract the files, open a command window and navigate to the path of your Adobe Reader EXE file and run the appropriate command. For this example we will run:
AdbeRdr1012_en_US.exe -nos_o"<file_path>" -nos_ne
This will open the extraction window.
Verify that your extracted files exist and you are now ready to open the customization wizard.
Open the customization wizard and select File > Open. Navigate to your extracted files and select the AcroRead.msi. You will now be able to make customizations to Adobe Reader.
Note the left panel and the sections listed.
While you can do quite a bit, we're going to focus on the following four sections:
- Installation Options
- Online and Acrobat.com
Select "Installation Options" and ensure that "Silently (no interface)" is selected. This allows you to push the installation to all your computers without disturbing your users. Also, ensure that "Suppress reboot" is selected.
Next let's jump to the "Shortcuts" section. We are going to prevent the Adobe Reader shortcut from being placed on the All Users Desktop.
Right click on the desktop icon and select Remove.
Next move on down to EULA. This is a handy step that allows you, as representative of your company, to auto accept the End User License Agreement between your company and Adobe. This means that the first time your users open Adobe Reader they won't be nagged to accept the EULA. It's a minor thing, but it does help prevent help desk calls from confused users.
Lastly we have "Online and Acrobat.com". I call this the phone-home section. Most companies like to control when patches are deployed, and making changes here will prevent each installation of Reader from contacting Adobe to check for updates.
I suggest checking the following four boxes:
- Disable all updates
- In Adobe Reader, disable Help > Purchase Adobe Acrobat
- Disable Product Improvement Program
- Disable all Acrobat.com access...
That's it. Unless you have more changes that you'd like to make, you're now ready to save your work (which will create the transform file AcroRead.mst).
Preparing for Deployment
When you deploy Adobe Reader 10 you call this transform file which contains your customizations, including pushing silently, suppressing reboot, auto accepting the EULA, whacking that annoying desktop icon, and stopping the numerous Adobe phone-homes.
Fridays' blog will demonstrate installing Adobe Reader 10 silently but just in case you can't wait, here is the usage.
To push from the command line, you would enter:
msiexec.exe -i <path>\AcroRead.msi TRANSFORMS=AcroRead.mst
Using the free version of PDQ Deploy to push Reader 10? You can import the Reader 10 installer file here.
See our video of the Adobe Customization Wizard for Reader 10 now.
Here are some resources for your Adobe Reader deployments:
Push Reader 10 to all your computers with your free copy of PDQ Deploy.
Follow us on Twitter:
Photo by offwhitehouse
The first big event in the ongoing depletion of IPv4 address happened last week. The final two blocks of /8 addresses were allocated by ARIN to APNIC. This event triggered the allocation of all remaining blocks to the several RIRs. This isn't the end of the world, in that ARIN is only the top of the chain and it will take a few months for those addresses to get passed out to customers, at which point we'll see the second horseman.
I still don't think that this is something that we need to be panicked about, but it is certainly something to keep a watchful eye out for. Along those lines you will want to be aware of the upcoming IPv6 Day on the 8 June 2011 when some of the largest web sites such as Google, Facebook, and Yahoo! will fully enable IPv6 for their sites. It will be a good test, and none too soon.
If you haven't been playing with IPv6 in your networks, now is the time. You may still have as much as a few years (depending on how much demand there is to recycle IPv4 addresses) but we are definitely living on borrowed time.
I, for one, welcome our new 128-bit overlords.
"Anybody remember when tattoos were for bad-asses? What happened? Everybody's got one now. Is there anything more unsettling than a quintet of dolphins jumping over a rainbow nestled in the heaving cleavage of your grandmother's Zaftig homecare provider?" - Dennis Miller
I'm generally a fan of Tattoos. Here are some links to some geek tattoos.
25 Amazing Tattoos for Computer and Internet Geeks
30 Geek Tattoos
Geek Tattoos on Flickr
While I don't have a computer related tattoo, I do have some geeky ones. Here are two of them.
Any South Park fans here? This is on my left calf. I'll send a PDQ Deploy shirt to the first person who correctly identifies the episode that this tattoo is taken from.
Dig The Dude? I toast you with my white russian.
The Dude Abides.
Follow me on Twitter @ShaneCorellian
What a difference one point update can make. Looks like Oracle has changed up the deploy method a little for it's most recent version of Java 6 (update 23). - (see installing Java video)
(We have a blog/video showing the installation for update 22, but the process has changed, so here are the updated instructions.)
First, obtain your Java executable from Oracle. We suggest getting the offline version.
After you've downloaded the update, double-click on it as though you were going to install manually (don't worry, you're not going to install it).
A dialog will open that looks similar to (or exactly like) this:
At this point you need to ignore this window. Don't click Cancel and don't click Install. Instead, open a new window (or open Start>Run) and navigate to the following directory:
(If you're not familiar with the \..\ in the path, that simply backs your path up by one directory. So we're essentially going one directory above %LOCALAPPDATA% and then jumping into the sub-directory named LocalLow.)
When you double-clicked on the installer .exe the Sun directory you see here was created. The .msi and associated files were extracted. It's these files that you need to install Java 6 u_23 silently.
Navigate into Sun until you hit the data files.
At this point you can move the files to a network share or you can simply deploy from here.
To deploy Java 6 Update 23 using PDQ Deploy (our free software deployment tool), open the PDQ Deploy Console.
Create a new installer, and give it a name. (I used Java 6 Update 23).
Navigate to your java .msi and be sure to check "Include Entire Directory" since this installation will require the other files in that directory.
After you create your deployment, you can then select your targets for installation and deploy.
NOTE: According to Oracle, Java update 23 does not contain any security fixes, so you may wish to evaluate whether or not you need this update. Version 1.6_22 is the most recent update with security fixes.
Hope this helps. Thanks to user Michael O. for letting us know that the steps for installation had changed from the most recent update.
Grab your free copy of PDQ Deploy today.
Follow us on Twitter @ShawnAnderson - @AdamRuth - @ShaneCorellian