So much for the weekly on Active Directory. I’ll continue that when I have time.

Today, I went round to my Nan and Grandad’s to fix a problem my Grandad was having with his computer. The fix? Press the maximize button. This was no surprise, but the day was about to become more interesting. Here is where it starts.

I have a Mac Powerbook. It comes with me whenever I’m off to fix something to diagnose possible problems (Yes, even problems with Windows PCs). It came with me on this occasion and I decided to stick my wireless stick in and connect to my Grandad’s wireless router to check my mail. Quick search for wireless networks nearby yeilded two results. One was my Grandads, the other, absolutely no sodding idea. The software I use also told me it was an unencrypted network also. Ok, I was curious, I thought that a quick refresh would recheck connectivity status and reveal encrypted. Nope. After a few seconds wondering wtf to myself, I decided to bite the bullet and connect.

Connected, 21% signal strength, and IP assigned almost straight away.

By this point I was quite surprised, but this could be someone who has bought a router from Argos and set it up to work with their ISP which I won’t disclose for privacy’s sake (Same with the SSID). All of a sudden, the connection dropped. 5 seconds later, it reconnected. This was expected, it was a very low signal after all. I noticed I was assigned 192.168.1.101, instead of 192.168.1.100, so they have a home PC also that uses the 100 address. I attempted to ping that, and nothing replied. Ok, maybe their PC is off. Then I tried pinging the router using 192.168.1.1. Replies, and a few duplicate replies. Ok. This couldn’t possibly get any worse, could it? I wanted to at least get a hint as to which house this router was in so I could go over and tell them they were openly broadcasting a completely open to exploitation network, so I typed http://192.168.1.1 into Firefox and it asked me for credentials, and the router identified itself as a Linksys WAG54GS. I was thinking to myself “Naa, surely he or she would have changed the default password…?”. Using the usual Linksys default user/pass combination, hit enter, and it let me in, first time.

I was shocked.

I tried getting to Google then to check if it was online and bam, Google home page straight away. I thought to myself “Anyone could be using this connection for malicious uses. What the hell are they playing at?”. From that page, I discovered their email address, home phone number and ISP. Anyone with a PC and a wireless connection could do this. You don’t need any special software or a Mac, all you need is any PC and a wireless unit, you could just use the Windows Zero Wireless Configuration utility to connect and you have free internet access, and possibly the ability to Wireshark the network and find out what they were downloading/uploading. I was frustrated at this user’s complete non-understanding that their personal information is publically available to literally anyone with a wireless card in their PCs or Macs.

I then disconnected and up to now, still wondering if I should give them a call and offer to go round and fix it for them free of charge. I could call up and they could take offence and yell at me for haxing their personal files and flooding my ears with jibberish they don’t understand, but they could also understand the problem and allow me to fix it for them. No idea what to do. If I do nothing, someone else might pick the network up, connect to it and use it for all sorts of malicious purposes, possibly getting the actual line owners in serious trouble for something they didn’t do.

These people do not realise this, and it winds me up. I’m telling all you people who are reading this blog, if you have a wireless network, secure it using WPA. WEP is not secure enough. WPA is very very strong. Stick the preshare key on a USB keydrive and give it out to those you want to connect. If you do not use wireless, disable it.

Seriously.

Other than missing the initial release of Blue Dragon here in the UK, of which I am utterly gutted about(If I hadn’t bought that damn Wii, it would have been MINE), I had a chat to one of our network operators on irc.anbraxas.net about him looking for a new career. He has a considerable interest in IT, but lacks knowledge of the systems that run inside businesses and the methods they used to deploy hoards of workstations with software without having to go to each and every one installing the software in each system. As a result, I’ve decided to take on the task of explaining what the Microsoft Active Directory is, how it’s used, and how to implement it. This is going to be a lengthy discussion and span across more than just this entry. Make it a weekly thing I think. Sit back and enjoy.

An introduction to the Microsoft Active Directory.
Active Directory (AD for short) is the modern Domain Controller. Uh oh, just used a term you’re probably not familiar with, lets explain that first then…

–Domain Controllers.
Domain Controllers are servers that all your workstations report to for login details and a profile if that users profile doesn’t exist on the network. Depending on your configuration mileage, your workstations can even obtain settings and software from the domain controllers too. Domain Controllers often are set up as more than one server for redundancy and load balancings sake, except the main one is called the primary (Often referred to as a PDC), the next one called the secondary (SDC) and so on and so forth. Ok, now thats out the way, on with Active Directory…

Active Directory powers a collosal share of the worlds computer networks aside Novell Netware and Linux based NFS networks and Linux servers with Samba installed to fool Windows workstations into thinking they’re authenticating to a Windows server. Active Directory is a network available database filled with login credentials, names, addresses, profile locations, individual user settings, software installation settings and Group Policy Objects (We’ll come to Group Policy in a later article, it’s a massive subject). Every single workstation joined to the Primary Domain Controller authenticates to Active Directory. From the Domain Controllers, you can control EVERYTHING that happens on your networks workstations.

Ok, so I’ve learned that Active Directory is really powerful. How do I implement it?
Whoa nelly! You haven’t even done the planning yet! Unless you’re a tech geek like me, chances are you are looking for a solution for your business. You’ve got xxxx computers and you’re using a bodge job to keep everything going. If this is the case, then you have a problem. Your workstations are already deployed. Unless you have like 10 or 20 machines, it’s not going to take long to join each one to the domain. If however, you have 500 workstations, you have one of two routes to consider. They all also have to be Windows 2000 or higher too!

- Keep existing hardware and roll out a batch job to join the machines to the domain, or go up to each and every single one doing it manually. (Incredibly tedious)
- Buy a Symantec Ghost Enterprise license, build a new client image, join it to the network, install all the needed drivers and reseal the image, then deploy it onto all your workstations by unicasting or multicasting to every machine you load ghost on to and set up to join the Ghostcast Server and letting them all join that way. (Tricky if you’ve never used Ghost before(You’re a tech right? Why haven’t you?!))

You could also hardware refresh, but this is incredibly expensive, and you’d still have to roll out an image onto them all as above. I hope all your existing hardware is the same otherwise you’re going to have a LOT of problems using the reseal image due to all the hardware changes. Despite us having exactly the same machines right through our academy bar a few(Dell Precision 360s and 390s), we have 14 different images for each little change like different sound cards (Music), weather station (Humanities) or other things you may have installed.

That is a big part of your plan. Next is your servers, because you’re going to set your servers up first. I recommend buying new servers in and grabbing a volume license for Windows Server 2003 and doing a dcpromo to set up the first Active Directory domain on your network to test on. Don’t bet on actually deploying it yet as you need to understand how it works and how you can use it to keep your network running. It’s not difficult, but it’ll take a bit to grasp the concept of what AD does and how it makes your life as a technician easier.

Thats it for tonight. Maybe tomorrow, I’ll start the practical off and give you some eye candy to look at. After this series of articles, you’re going to want to deploy Active Directory in your home, trust me.

Take care.

Month 2. Weee~

Money is going to be planned out this month. Hanging on by the skin of my teeth after I spent all +800 pound last month is a lesson I learned by the hard way. Didn’t stop my mom laying into me when I turned up back at the house with 2 (count that on your fingers. 1,.. 2! Yes, more than one!) shiny 22″ Samsung SyncMaster 226bw widescreen monitors. I went to PC world with my uncle as he wanted a wireless router and wanted me to pick one for him. (He didn’t take my advice, he bought a D-Link. Yes, he called me back this morning to fix it after he cut the non existent wire going from the very front of the house to the very back of the house;- yeah, the signal was “Very Low” according to Windows Wireless-Zero Configuration)

Come on. I wasn’t going to walk out of PC World with nothing, despite me having over a grand in the account. Be realistic.

So yeah, I got bollocked when I walked through the door. After that, I proceeded to go upstairs, unpack and set up and man, they reach both ends of the desk with very little room either end. These monitors are huge, but not only that, they’re sexy and sleek too. I preceded to get a XBox 360 HD VGA lead from the nearest blockbusters store (They know me very well now, not because I used to go to school with one of their staff, but because I’ve spent over 300 quid there in the last month.), hooked it up and lovingly brilliant setup is mine.

I also found out these monitors have a ‘feature’ called HDCP. Actually, I thought this was something which allowed the monitor to display HD content. Little did I know this was actually a content protection device. Anti-Piracy measure. This put me in a mood because HDCP is possibly one of the most overwhelmingly idiotic and control freak things any organization could do. It’s a DRM device. Anyone who knows me well enough, I despise DRM. When I buy music from the store, I don’t want to be restricted to it’s use in any way shape or form. I’ve paid the artists royalties to play the album for personal use, and I am fully entitled to that. Same with movies and videos. I buy all my music and DVDs from legitimate outlets (Woolworths and Blockbusters, mainly) and I have a legal right to play the content without any restriction what so ever. I also have the legal right to create a backup to protect my original copy. Now, you’re probably wondering why I’m bringing this up. Well, here is how HDCP works:

HDCP is the High-Definition Content Protection system. It was created by Intel in order to be a hardware form of DRM to assist in countering piracy. It works by having the player establish a secure connection between itself and the display device by exchanging a few device specific 56-bit RSA encrypted keys. Once both devices have mutually agreed on whether they are both legitimate and data isn’t passing through any third party device in order to perform man-in-the-middle attacks on the content or the display device, the content plays and it is displayed in all it’s glory on the display device.

Sounds good, right? Well, here’s the hugely unfair part:
HDCP also boasts something called “Revocation Lists”. These ‘lists’ are encoded onto every single HD-DVD or Blu-Ray disc you’ll ever buy. These lists are used in the event a device is seen to have been compromised and the encrypted keys belonging to that device are released in the wild. What happens when a devices keys are released in the wild? All discs mastered from that point on feature that devices keys in the revocation list. If either of your devices have any key in that revocation list, the content will refuse to play, and you’ve filled the MPAA’s coffers with more money and you get an unplayable disc because your device is a certain brand and model of player or display device. You can’t take the disc back either because often stores won’t replace them in fear you’ve made a copy and want to get your money back in theory ripping off the store and what are you going to do with your nice shiny monitor or HD-DVD/Blu-Ray player? Buy another of different make? Anyone who has a Playstation 3 and it’s keys are published, you will no longer be able to play any movie on your systems because the keys used for the Playstation 3 (Playback device) are in that revocation list.

“Hack them out!” I hear you say. You can’t do that because you’d be circumventing a digital rights management system which is against the DMCA, and also probably against your local laws depending on what country you’re in.

I’m pissed. I have two monitors I spent 450 quid on that have this ridiculously unfair form of DRM in their firmware and for all I know, their keys are being circulated round the net and have already been put into revocation lists, making them only half functional.

Word of advice, if you’re thinking about buying a device marked with “HDCP” on it, don’t. You will be throwing your money away because at any time, that devices keys can be entered into those revocation lists and you’ll have a device which is half functional or worse, rendered completely non-functional. The MPAA and RIAA are taking a bit too extreme measures to ensure that all their management staff can take regular package holidays at our expense.

I thought America was the land of free speech? It seems you can’t do anything now, regardless of your age, that the MPAA or RIAA can’t get you on. It’s absolutely ridiculous. Why do these organizations have all these powers? They are organizations, not governmental organizations or branches of the government in any way what so ever. Why are they allowed all the powers they have when other companies aren’t allowed half of the powers they have? Seriously, the way things are going, people are more inclined to get pirate stuff because people want their rights, they want to get what they are paying for. I understand that companies need to protect their software, music or movies, but they’re going to extreme measures to ensure they do it.

Now would be the time to speak out for my support of [url=http://piratbyran.org/]Piratbyran[/url] who are a political party that will, once they reach power, cripple the powers that the RIAA and MPAA have in that country and cripple the power of copyright laws in that country. I wish them luck in their campaign and sincerely hope that they reach their goal, because someone has got to start the catalyst against the RIAA and MPAA.

Ok, I’ve had my rant. Life is good. I hope yours is too.

Life ambition 1: Get dream job… Check.
Life ambition 2: spend a copius amount of money in less than 48 hours… Check.

Extra:
Get Xbox 360… Check.
Get interested in Xbox Live again… Check.
Get addicted to new game on Xbox Live… Viva Pinata, Check.

So, after being messed about by Hanley Social Security Office for the last 2 years, I refused to take up a job or three they sent me, because I was currently chasing up an application for a local school as an IT Technician/Network Admin. As a result, Hanley SSO sanctioned me for not looking for work. A week later I was employed by Walsall Academy as an IT Tech/Network Admin. Thats two massive fingers up at the guy who made the decision to sanction me because I wouldn’t have gotten this fantastic job if I didn’t turn those jobs down (Which I wouldn’t have got anyway due to being too inexperienced). This tale doesn’t end there. 7 weeks after I officially signed off the Jobcentre, Hanley SSO sent me my P45. Yes, because they sent it so damn late, I’ve been overtaxed by a silly amount on my first paycheck and possibly again on my second. Cheers, you fuckers.

First paycheck for 3 weeks: 830 UK pound. Amount of time it took me to spend the lot: less than 48 hours. Whoops. Better manage my money a little better methinks. (Any kids from Walsall Academy reading this, don’t copy me when you get work, make sure you draw up a plan of where your money is going to go and prioritize things, like if driving is more important, save up for that)

As a result, I have an Xbox 360, and I love it. Anyone want a game? My Gamertag is “PinkFloydYoshi”. Bear in mind, I’m a bit of a workaholic, so playtime on the 360 will be quite minimal. Feel free to send me some spam on there too, but I don’t often check my Live message box.

…And finally, what about the crazy thing about all those Tesco stores being forced to shut down due to a threat? What do you think? Even though Police have said it’s not linked to it, I think its something to do with ze terrorists. Fair enough and all, I respect the job the police force have to deal with, I’d hate to be in the police force, but I have masses of respect for those that have gone into it because I can imagine it can be an extremely difficult job at times.

Ok, I’m done.

Because I’ve not edited the footer yet, the opinions you see in this blog do not reflect the opinions of my employer or the educational institution I work for. They are solely my opinions, and if you disagree, feel free to send me some spam about it.

It’s a good month. Well, this weekend saw the 4th Reitaisai which is almost entirely a Touhou-only convention, with Zun announcing the release the first public demo of Touhou 10: Mountain of Faith. All the various Anime and Touhou fansites updated their content as the news was unfolding of all the latest new goodies, and from what I hear, people weren’t disappointed as Tasafro announced they were to be making a sequel to 7.5: Immaterial and Missing Power called Touhou Hisouten ~Scarlet Weather Rhapsody~.

Those wanting to take a glimpse of Mountain of faith, enjoy:

Above clip courtesy of Koike68 and Moetron.

I’ve also mirrored the game (here) also to ease some of the tension off the many other servers hosting it also, so go easy, I don’t have infinite bandwidth. :S

I’m seriously looking forward to release after playing this. If you can, definitely worth pre-ordering or flying over to grab your copy on release, or, something.

What is, in my humble opinion, one of the best distros I’ve had the pleasure of running on my servers has released it’s 2007.0 version, and my, they’ve been busy.

To think it was less than 2 years ago when Gentoo was a completely manual install. Took me a day to install it on an old P2 233Mhz box with 8 hours of kernel compilation. Gentoo has taken 5 huge steps for geek-kind in an attempt to make it easier, and quicker to deploy. I had a fully working Gentoo 2007.0 VM running in under an hour using the LiveCD’s kernel, so there’s no compile time. During the process, the LiveCD (it uses DHCP by default, but if there’s no DHCP server on your network, or no network at all, then it can’t do this) even updates your installation of Portage too and emerge –sync’s aswell so you’re ready for the –world when you reboot into your working installation.

Now, you’re thinking “Why? What is wrong with you, you like compiling EVERYTHING you install?”. Gentoo Linux has always stood for one thing. Choice. The ability to choose how every little thing about the system works. If you set up GCC’s optimisations correctly, there is a significant speed boost when using an application you compiled on that system, as opposed to using binaries from another machine, usually a server farm if you downloaded your application from Sourceforge. I also like the way I can check the state of the system services quickly and easily using ‘rc-status’ instead of grepping my way through ps aux’s output. Adding things to runlevel is also simple. Just “rc-update add|delete [application init script] [runlevel]” is enough to manipulate runlevels. Gentoo just feels easier to use than most other distros (bar Debian-based Ubuntu Linux), and with the latest version, it’s even easier for the curious to give it a whirl.

Portage is heavily maintained making Gentoo bleeding edge, but what really sets Portage, and Gentoo overall apart from others are USE flags. Instead of adding quirky ./configure parameters USE flags are passed to Portage so your applications are compiled live with the support you need, such as MySQL support if you are getting ready to install PHP, for example. This, is also ridiculously simple. Here’s a few examples on what USE flags are. Say you download the latest versions of Apache 2, PHP and MySQL and try to make them work. It won’t all work, simply because PHP lacks the support for MySQL as it’s not been compiled into it (Another reason why compiling is better than downloading lots of binaries). How do you add support and compile? Simple. Say, you did this:

The first thing you notice is all those -mysql -apache2 -gd etc etc. Those are the USE flags. Anything with - next to it is not compiled into it. Anything appearing in red is. How do you use the USE flags to add support? Also simple. In my local network, I lack a router that has ipv6 support. I also know that one of the packages installs an X server as it’s on in the use flags by default, which I don’t need, however, I need apache2 and MySQL support. Here’s what I do…

The list of programs to download has changed because there are more dependencies which need satisfying. Thats fine, because as you can see, we now have our PHP and MySQL support. Go ahead and remove -pav, and watch Portage download, recompile and install all those applications with all the support you need to get a webserver running. Remember to add to your httpd.conf the line which tells Apache to make PHP parse PHP files otherwise it still won’t work. :s

Getting back to the 2007.0 release, lots of new artwork has gone into it, the GTK+ frontend for GLI (Gentoo Linux Installer) has been worked on also to make it easier to deploy Gentoo. It also looks a lot more professional also. As always however, the underlying system is the same reliable base system.

A truly excellent distro.

To comment, or not to comment, for that is the question. There are many many different things you should do and should not do when it comes to coding or scripting (C++ vs PHP), in whatever language. Both scripting languages like PHP, Python, Perl and programming languages like C++, Visual Basic, Borland Delphi (I used to be quite well versed in Delphi during my first year of college, made my own builds of a Windows 3.1 shell called “Calmira” as I was heavily out-dated back then in terms of hardware, and program manager did my head in.) all have things like variables, functions and classes. Difference in how they are all deployed, yeah, but you still use them. Theres also one other thing which takes many forms depending on your language. Commenting. These are those lines that start with //, # and can take the form of:

/*
This to comment many lines
at once
*/

Commenting is considered a standard practice. You do it or you forget what things are or what they did or how they worked. I’ve come across many styles of commenting and some have either been completely useless, some even funny, and some where the person commenting has even listed at which files a particular function, class or event is called. (I’m the latter; I have the memory of a goldfish sometimes.)

Excessive commenting, takes this form:


// strPurify - String Purify - ***SQL INJECTION PREVENTION***
// Purifies submitted text of malicious code posted with harmful intent...

if(get_magic_quotes_gpc()) {
$string = stripslashes($string); // Stripslashes so the string is not double escaped.
} elseif(!get_magic_quotes_gpc()) {
$string = addslashes($string); // Addslashes to escape the string.
};
$string = mysql_real_escape_string($string); // Now lets escape all special characters in the string.
return $string; // String Purified and safe, return the purified string...
};


Yes, very difficult to keep track of each line you call a function from, but it doesn’t half save you time when you need to backtrack. Unfortunately, quite a lot of people do not use the ‘excessive commenting’ style, as I found with ‘bbPress’ software the other day. The problem was that it not only lacked the ability to change table names and their fields, but it also lacked excessive commenting. This was a very big problem because it made my night just that little bit more awkward. Fair enough, it wasn’t Wordpress I was trying to integrate it into, it was another piece of software designed by me that I was to use it with because I didn’t want to have to ‘remake the wheel’ by building my own board software into my own product. Sure enough, this would mean tighter integration, but it also means there are more man hours of work involved to get it right which also means YoshiCurio will miss it’s June 1st open-alpha deployment as a result because I have to reinvent the wheel again. :/

In one of my normal projects, 60%-70% or the code is comments. In reality, I put more comments into my code than the code itself, going into detail about how something is supposed to work and what the theory is behind it if I’m building the component as usually, I come up with ideas for a particular component randomly, on the spot, as well as where something is called from to assist with debugging where something went wrong (bad habit: I tend to use quite a lot of includes which results in others working with my code wondering wtf I’m smoking; I don’t smoke, by the way). You can never comment ‘too much’. It’s very useful.

So, after being harrassed by a friend to get the TS2 server up again after Xander was wiped and reinstalled for great justice I decided to set it up again. The channels on the server are of varied flavours, some private channels are clan channels for clans I’m part of in games I play, which at the moment comprise of ROSE Online (NA version) and a private Community Moderators only channel.

Server, should you want to stop by for some weird reason, is right here. pinkfloydyoshi.com.

I usually idle in the private sections but if you’re lucky, I might jump into the lobby and say hi and start going on my tirade of how much I think PERL and Python suck compared to PHP and how awkward I think PostgreSQL is. >>

Enjoy. Just don’t abuse it, I do actively moderate it and will gladly hand out bans for abusive or bullying behaviour.

I’m testing something called Windows Live Writer at this moment in time. It boasts “XMLRPC”, which is the blogging interface used by Wordpress, LiveJournal, Windows Live Spaces, Blogspot, Blogger, Wordpress.com and many many more services. It’s a really really cool tool. There’s one little feature which allows you to insert maps into blog posts. I’ve found one little problem with it though. It’s out of date. Not mapwise, the maps are fine, it’s the birds-eye view which is out of date. Take a look at the A34/A5/M6 Toll Juntion for instance, just half a mile away from here…

Look at the clarity! Thats actually better than what Google Earth can produce! If you zoom in though, it shows a little hiccup…

Now. The mapping is correct and bang up to date, but the aerial view isn’t. I mean, sure, 9 or 10 years ago that was what the A34/A5 junction as it was back then. There was no M6 Toll motorway, and those 3 islands didn’t exist. Now though, they do, and the M6 Toll is in heavy use. So, I’d love an update to this plx.

I’m sure that shed at the bottom of my garden didn’t exist back then. :S

Cool stuff.

Server move has started. So those I’m hosting have an idea of how I’m doing, I’ll update this entry every so often.

PinkFloydYoshi.Com MOVED.
YoshiCurio.com MOVED.
yoshilore.fractalhosting.com -> yoshilore.yoshicurio.com MOVED and code problems with PHP5/MySQL5.0 FIXED.
yoshislagoon.fractalhosting.com -> yoshislagoon.yoshicurio.com MOVED.

It takes between 3-4 hours to move a site, longer if it’s especially large so please bare with me on the move. It’s moving from a cPanel Server to a modified ISPConfig system, so it’s not going to be quick by all means. >>