Well, I agreed with Bill’s last article, until I read the part that said “Windows is better than Unix/Linux.”

Oh wait, that was the first sentence.

Now, if Bill had said “Windows is better than Unix/Linux, sometimes.” or perhaps if he had stretched and written “Windows is better than Unix/Linux — most of the time,” I may have agreed entirely.

Look, I’ve been a fairly OS neutral IT Manager for many years. If you’ve ever used CP/M, Xenix, DOS (any flavor), Novell, Windows (old school pre 3.11), OS/2, Windows, Linux, Solaris (SunOS), HP-UX, AIX, OS/400, Windows 9x/NT/2k (etc.) and now Vista (bleh), and so on, you’ll understand that every OS has features where it will excel. Every OTHER OS will have features that leave the other OS in the dust.

The key to success here is to identify where the use of one OS will benefit you more than the use of another OS. (read more…)

Windows is better than Unix/Linux. Now that I’ve incited volumes of hatred from my Unix/Linux brethren, let me clarify my stance. I work with massively heterogeneous environments. For the past 10 years, every company I’ve supported has utilized at least 3 different operating system platforms including multiple versions and flavors of Linux, Unix, Windows, with some mid-frame (As/400) and Novell thrown in for good measure. The experience has taught me to choose the best tool for the job, rather than get religious about a platform. There are many functions that Windows performs better than *nix, and the *nix community should embrace them.

I hire a lot of Unix/Linux sys admins. One of my favorite interview questions for them is: “Name 5 ways Windows is better than Unix/Linux.” This is a great stress question, because most *nix guys think Microsoft is the devil. But Microsoft remains the most successful software company in the world. If you cannot recognize the areas where Microsoft excels, you are artificially narrowing your view of the world, which means you aren’t making the best technology decisions for your company, which means you can’t work for me (To be fair, I also ask Windows guys to name ways Unix/Linux is better than Windows). As a public service to *nix admins everywhere, I offer this list of 5 ways Windows is better than *nix. There are many others, but I don’t want to overwhelm you with too much info at once. It might overload your system, and cause a kernel panic.

1. Windows XP is the best productivity desktop
2. Windows 2003 Active Directory Service is the best directory service
3. Windows DNS is the best internal DNS server
4. Exchange 2007 is the best groupware application platform
5. Windows has better hardware support with vendor-supported drivers

Let the flame wars begin! Seriously though, I stand by each of those pronouncements. For those of you who haven’t run screaming from the room, my reasoning is below: (read more…)

In part 1 of this series, I established the problem latency can cause in high speed networks. What one reader correctly referred to as “big long pipes.” To summarize, in large bandwidth networks that span long distances, network latency becomes the bottleneck that retards performance. The reason for this the impact of network delays on TCP windowing. In part, 2 I will discuss what to do about it.

Dealing with latency can be tricky business. The methods used to mitigate the impact of distance depends on many factors including the services being accessed, the protocols being used, and the amount of money you want to spend. What works for a home user does not work for a multi-national corporation. In general, there are 4 approaches one can take to deal with latency:

1. Tweak the host TCP settings
2. Change the protocol
3. Move the service closer to the user
4. Use a network accelerator

The first and least effective method is to tweak the TCP settings on your hosts. I say least effective for several reasons: It is hard to determine the correct TCP window size; not all operating systems support the RFC 1323 extensions; you may not have control of all the hosts; available bandwidth may change due to network congestion. Most importantly, some time sensitive applications such as VOIP will still exhibit problems in high latent networks, even if you tweak TCP. Still, if you are a home user on a big long pipe, this is the only option for you. Changing TCP is OS specific. Slaptijack.com has an excellent series on TCP tuning operating systems. Below are links to his specific guides as well as other sources: (read more…)

One concept that continues to elude many IT managers is the impact of latency on network design. 11 years ago, Stuart Cheshire wrote a detailed analysis on the difference between bandwidth and latency ISP links. Over a decade later, his writings are still relevant. Latency, not bandwidth, is often the key to network speed (or lack thereof).

I was reminded of Cheshire’s article and the underlying principles recently when working on an international WAN design. What Cheshire noted was that light signals pass through fibre optics at roughly 66% of the speed of light, or 200*10^6 m/s. Regardless of the equipment or protocols you use, your data cannot exceed that theoretical limit. This limit equals the delay between when a packet is sent, and when it is received, aka latency.

In the US, we tend to focus on bandwidth and carrier technology when ordering circuits, completely ignoring latency. For instance, when choosing between cable and DSL for your house do you ever ask the carrier for its latency SLA? Maybe you should. Using a cable connection a ping to www.google.com in Mountain View, CA from my house (137 KM) yields an average ping time (aka round-trip time or RTT) of 73ms. The theoretical latency for this distance (round trip) is 1.37ms meaning my cable connection is roughly 50 times worse than the theoretical limit. No surprise that Comcast focuses on bandwidth and not latency in its marketing. (read more…)

Amazon is now selling the BlackJack for FREE!!!CLICK HERE. Amazon changes its specials frequently, so I would not expect this deal to last. As we’ve discussed, this is a great phone.

With a 100% rebate, how can you lose? Order today.

Writing a blog is hard work! Having spent the past four months working on this site, and scanning the blogosphere looking for useful articles, I’m convinced that most bloggers do not get enough credit for the incredible information they provide. One of the stated goals for edgeblog is to provide useful, original content as a way of giving something back to the Internet community, rather than just linking to content found elsewhere. Creating new content every week is a tough job, but we welcome the challenge.

With that said, I want to actively promote the concept of e-Tipping. e-Tipping is a way to pay the blogger back for the hard work they have put into their blog, similar to leaving a tip at a restaurant. There are several ways to leave an “e-Tip”:

1. Click the ads!!! - Most blogs these days have ads. If you like the article you just read, visit the site’s sponsors. The blogger will make, on average, about $.05 per click…not much of a tip, but it adds up when a lot of people are reading your blog. UPDATE 06/01/2007: It is against Google’s terms and conditions to directly ask people to click your ad links. I respect Google and their terms, and would not want to circumvent their business model. Most Google ads are contextually related to the blog article. So, if you find an article valuable, take the time to look at the ads. If you are interested in any of the products, by all means click the ad, but please do not click ads soley for the purpose of driving up click revenue for the blogger.
2. Donate - Many blogs offer paypal links. If you find the articles especially useful, make a small cash donation. This is often the best way to support a blogger if you want him to provide you with specific additional information.
3. Leave a Comment - Blogging can be a lonely business. Comments show you care. They also make articles seem more relevant to the next reader.
4. Digg/Slashdot/Link the article - Bloggers want traffic. The more the better. Also, Google ads pay for page views, as well as clicks. Help the blogger promote their site, and they will continue to create great content.
5. Read the rest of the blog - Chances are you found the blog from a link aggregator. If you find the article useful, click out to the parent site, and scan some of the other articles. You’ll probably find other articles of interest, worthy of your time and e-Tips. (read more…)

How secure is your web application? Are you sure? We are constantly amazed at the lack of basic security many companies employ online. For instance, it has been known for years that e-commerce sites utilizing hidden fields are susceptible to manipulation. The problem doesn’t seem to be getting any better, and is actually being made worse by some service providers. Many smaller hosting companies offer software solutions to help small businesses get online “faster” and “easier.” This almost never translates to more secure.

Which brings me to the title of this article. During my studies for the CEH exam, I was exposed to the seriously flawed CartIt.cgi shopping cart application. CartIt.cgi is a widely used shopping cart that stopped being developed last year. The reason this application is flawed is that it uses hidden fields within the HTML POST to submit the price and quantity when the user clicks on the add-to-cart button. Hidden fields are easy to manipulate. One of the easiest is to use a local proxy, such as Paros, to intercept the POST, effectively launching a man-in-the-middle attack. This allows you to change the price before it is submitted to the server. (read more…)

We do a lot of work with Microsoft Windows Smartphones, so we have anxiously been awaiting the next generation of phones. Verizon has been the clear leader in the US, offering the Palm 700W, the Motorola Q, & the HTC XV6700. Those of us with Cingular contracts have suffered from phone envy for a long time.

According to our friends over at MS Mobiles, the situation changes Thursday, the 16th of November. Cingular is set to ship 2 new smartphones:

• The Samsung Blackjack is a Q killer. It offers G3 HSDPA broadband speeds, which are more than double the speeds of Verizon’s “high-speed” broadband. It is also a quad-band phone, making it well suited for world travelers.
• The HTC Hermes, aka Cingular 8525 is the latest version of its popular pocket PC phone, which offers full touch screen PDA functionality. It is similar to the Verizon XV6700, but like the Blackjack, the 8525 offers HSDPA broadband. The 8525 also has a 2 megapixel camera and 802.11 support.

Both of these have great multimedia capabilities, such as streaming audio and video, but they really shine as business tools. If you have Microsoft Exchange 2003, these phones are a must-have. In Exchange 2003, Microsoft beefed up its wireless activesync. With a Windows-based phone and an accessible Exchange 2003 web access server, you can synchronize e-mail, contacts and calendars over the cellular network. With Exchange SP2, Exchange can push data to your phone, but this is a huge battery drain. The better option is to set your phone to synchronize every 5-15 minutes. Exchange combines with a Windows Smartphone blows away the capabilities of blackberrys and you don’t need any extra software to roll this out to your entire company.

I’m going to order the Blackjack as soon as it is released on Thursday, and hope to have a real-world review up soon.

I recently was challenged with the task of determining if any rogue access points existed on a large network, spanning multiple locations. The concern was that local staff would go down to CompUSA or Office Depot and buy APs to provide “convenience,” and IT would have no way of knowing. It was not practical to go visit each site, and we could not rely upon local staff, because they were the very people we were worried about.

We determined that the likely scenario would be that the staff plugged it in to the network and obtained an “external” IP address from our DHCP servers. The likelihood that they would have statically assigned an IP seemed slim since they would have no way to determine which IPs would fall outside the DHCP range. Also, we counted on laziness to rule the day, since it would work fine with DHCP.

I came up with the following batch script to run against our DHCP servers. It dumps all current DHCP lease holders, and then checks them for known AP MAC address prefixes.

(read more…)

I wrote this paper last year on document retention & compliance with regard to e-mail systems. Sarbanes-Oxley section 802 has created a small nightmare for IT managers, and there is precious little information for what 802 really means. I wrote this paper as a guide for designing a system that would satisfy the worst case scenario. SOX 802 carries big financial penalties as well as jail time for company officers. If you are an IT manager of a public company, this paper will serve as a good starting point. It is written with a vendor neutral approach.

If you are looking for a compliance solution for e-mail, I highly recommend Hewlett-Packard’s RISS/RIM product suite. Symantec’s Enterprise Vault is also a good product, although in my experience it does not scale well beyond 1 data center. If you find this paper useful, drop me a comment and let me know how you are dealing with e-mail & SOX.
«download here»

 Digg This Story!