Lorin Thwaits

Galactic hookers likely mistake Earth for the nearby planet Aphroditius

2008-04-22T04:03:32-12:00:00

Four starcraft owned by galactically-registered prostitutes hovered over Phoenix late last evening, each illuminated with the traditional mark of the trade: a red light. The markings on the side of two craft indicate they are from the galaxy "Sextans", NGC 3115, which is seen in our sky near the constellation "Hydra". (Although the name of the spindle galaxy "Sextans" sounds provocative, its name comes from "sextant", which is a nautical measuring instrument.)

The galactic prostitute registry requires that sex workers be "chipped" with a biometric monitor to ensure the incurable AIDS virus found on Earth is not introduced on a galaxy-wide scale. As such the error of the four is likely to go under investigation by the Empire.

Many speculate that the four femaloids had intended to set up shop for the evening at the popular planet Aphroditius that orbits the nearby star Alpha Centauri B. Rodney Stahl, director of NASA's extraterrestrial monitoring center in Roswell, NM thinks that the four had gotten off course in the final leg of the journey after teleporting into the nearby vicinity. "After all, Aphroditius is less than 5 light years away from Earth, and its features are remarkably similar," explained Stahl in a phone interview.

The whole event lasted about ten minutes, at which point the quartet likely wondered why their red light hadn't yet attracted any business. Their ships huddled for a few minutes to get their coordinates, appearing from below as a single bright red flickering light. Soon thereafter they teleported out of the solar system.

(OK, there is actually a little grain of truth to this story... Last night I witnessed this phenomenon, which is now the second UFO sighting I've had. I just wanted to find a fun way to explain what the heck those pulsing red lights could be. Plus I didn't do anything interesting for April Fool's this year, until now!)

My image got stretch marks

2008-03-27T04:26:10-12:00:00

When playing back content from my 3D camcorder, if you aren't wearing shutter glasses then the result is pretty blurry and bland looking. After putting on the glasses, the scene jumps to life. So while putting together a sample photo to promote how it works, I wanted to superimpose a better 2D image, and stretch it over the existing image of a screen in the photo. It had been awhile since I've done anything real with math, so I took a half hour and figured out a couple equations to do the mapping, and wrote a program to do the translation for each of the pixels into the quasi-3D space of the monitor screen, ending up with this result:

(The superimposed image doesn't look that believable here, but when I resized the picture down a bit, it looked better.)

The routine works by mapping each pixel from the source image into the proper x/y coordinate for the destination space, seen above. And it works fine *except* that where the image gets stretched a bit much, there are moiré kind of effects that pop up. These can be seen at the right side of the image above as lines of speckles.

Here's the formulas that do the mapping to create the result seen above:

destX=((lrx - llx) * (srcX / srcWid) + llx - ((urx - ulx) * (srcX / srcWid) + ulx)) * (srcY / sHt) + (urx - ulx) * (srcX / srcWid) + ulx

destY=((lry - ury) * (srcY / srcHt) + ury - ((lly - uly) * (srcY / srcHt) + uly)) * (srcX / sWd) + (lly - uly) * (srcY / srcHt) + uly

And here's what all my crazy variable names mean:

srcWid = source image width
srcHt = source image height

srcX = source X coordinate
srcY = source Y coordinate
destX = destination X coordinate
destY = destination Y coordinate

Coordinates that define the location of the destination image:
ulx = upper left corner of the image, x coordinate
uly = upper left corner of the image, y coordinate
urx = upper right corner of the image, x coordinate
uly = upper right corner of the image, y coordinate
llx = lower left corner of the image, x coordinate
lly = lower left corner of the image, y coordinate
lrx = lower right corner of the image, x coordinate
lry = lower right corner of the image, y coordinate

So basically if you supply a source x/y, you can then find what the appropriate destination x/y should be, and plot the color from one to the other. So the code iterates through all the source pixels and plots each one to a destination pixel. But it would be cleaner and often faster to go the other way, iterating through all the destination pixels to find what source pixel (if any) matches up to that point. So basically the reverse of the above equations. The real sticky part is that each of the equations is dependant on not just the srcX, but also srcY. And as well, each point on the destination could conceviably map to *two* source pixels (but not more since the highest power expressed here is effectively a squared term.)

Anyone out there a math whiz that can think of an easy way to "go the other way", in other words in the two equations above, solve for srcX and srcY? I found it kinda challenging. A fun brain challenge more than anything else. My hotshot math whiz brother may find the answer, who knows.

3D Camcorder, anyone?

2008-03-12T02:22:30-12:00:00

If you have one of these, you can capture *amazing* full-color high definition 3D video:

The general idea is:

1. Record a scene with two high definition camcorders running at the same time. Have them mounted on a board, pointed the same direction, and spaced about 1 foot apart.
2. Acquire the footage into a computer and edit the streams to synchronize them with each other to within 1/30 of a second. You now have two streams, one for the left eye and one for the right.
3. Use a filter to combine the two matched streams such that the left eye content is on top, and right eye content is on the bottom. This would normally end up with a pretty tall video, 1440x2160. But it has to be stretched back down to half the original height, 1440x1080.
4. On a computer with a CRT monitor (must be a high-end CRT, not LCD), set the resolution to SXGA+ (1400x1040), True Color, and 60Hz vertical refresh.
5. Put a frequency doubler inline on the video signal that makes the vertical refresh cook along at 120Hz. Each frame being displayed is shown as a 1400x520 progressive slice, stretched to fit the whole screen. Some CRTs can't scan that fast, so you have to try out high-end units until you find one that can actually go that fast.
6. Synchronize LCD-based shutter glasses to oscillate between left eye and right eye along with the new 120Hz vertical refresh. Each eye gets 60 frames per second, and video is remarkably realistic, and looks really, really smooth.

I'm considering also trying a setup with a couple LCD panels to display the video stream, along with mirrors to allow a person to see the playback. Something like this:

I've submitted this contraption to be shown at the next Maker Faire, held May 3-4 in Silicon Valley. If you haven't been out to the Faire yet, may I just say that it's a must-attend event. Think of "Burning Man", but for geeks. Incredible. At any rate, if you go then perhaps you'll get to see my 3D camcorder in action.

Want to cut your electric bill by $300 a year?

2008-02-28T04:05:36-12:00:00

Over a million Japanese homes have a cutting-edge appliance that I'll bet you (along with 95% of America) have never even heard of. No -- it's not a singing toilet seat with a remote control, butt warmer, and built-in bidet. Why... here's one of those gleeking now:

So I bet that most of you have heard about -- and some out there even used -- that particular Japanese contraption. Instead, the contraption I speak of is a heat pump that you add on to your water heater. It saves about $350 a year on the electric bill! The Japanese models are quite sleek, and resemble the condenser unit of a split air conditioner, as seen on the left in this picture:

That larger thing to the right is the hot water tank itself. They make 'em rectangular over there, not cylindrical.

The Japanese models are fairly advanced, and the refrigerant of choice is actually not freon but instead CO2! You know the slight cooling effect you feel when you first crack open a 2 liter and the "air" rushes out of it? Well, that effect is put to work in a Japanese HPWH. Here's a diagram:

They have a fun name for these CO2-based heat pump water heaters: "Eco Cute". And you know the Japanese -- when they're excited about something they draw up cartoons with corny mascots -- in this case "Tankman" and "Pumpu"!

Even though there are more than a million of these installed in Japan, strangely here in the States these awesome CO2-based models are not available. Instead over here there are only a handful of very small shops making heat pump water heaters (commonly abbreviated HPWH) using standard refrigerator compressors, so they use R-22 or R-134a. Most of those shops seem to be struggling to make enough sales to keep afloat. I think if only people knew more about the technology then the market would explode, since the payback happens in only about 3 years. After that it's saving you money. At any rate, being the environmental nut that I am I wanted in on this trend.

After Googling around awhile for HPWH I found a guy in Florida that was selling some American-made units for just $550 each, and sent him a fat cashier's check. A couple weeks ago the thing arrived, and last weekend I got around to trying it out. Here's a look under the hood:

Water gets pumped in from the tank with that brown pump on the right, circulates through the black oval-shaped heat exchanger in the middle, and goes back to the tank. The heat exchanger is kept hot from the R-22 being pumped into it by the compressor. Heat is dumped out through the curved evaporator with all its fins, seen in the bottom of this pic.

Most HPWH models are designed to be connected to an existing electric water heater, and this was no exception. Here's the important electrical connections to deal with:

At first before connecting everything to the water heater I just wanted to turn it on and see it work. So I put the unit in a bucket of cold water and connected just the 220V electrical connections. Nothing happened. I was pretty discouraged, and got out the multitester and schematic diagram. Then I found out that in order to run this HPWH unit at all, it must, must, must be connected to a resistive load on the other side. Turns out all I needed to do was just put the hot water heater in the circuit, which allows the 5-minute timer to get energized and actually do its thing. 5 minutes later a little relay tripped, which in turn juiced the coil for the main contactor, and everything jumped to life. It was very welcome to feel tons of cold air pumping out the top of it. Within a few minutes that bucket of water was pretty hot.

So now it's been installed for a week. I need to make a better mount for it in my garage, and vent the cold outlet air to the outside for the winter months. Seems to be doing the trick anyway.

Ever crack the screen of a favorite gadget?

2008-02-14T07:00:50-12:00:00

Sometimes I'm a really early adopter. So early that I buy stuff in Japan the moment it becomes available. I've got a well-loved HDV camera that I got two and a half years ago that way. Hard to believe that I've had it around that long. It's now been on 3 continents, and has captured probably around 100 hours of really great content. Quite a few "battle scars" along the way though:

One scratch in particular cut a little too deep. On the fold-out screen in the upper-left corner under "HDV 1080i" you'll notice a nasty gash. This went so deep in fact that it cracked the screen. You could still use it, but with the backlight on it was atrocious. This is one of those new touch-sensitive "hybrid" screens put out by Sony, advertised as being usable in direct daylight. So I removed the backlight and was then able to at least use the screen outdoors:

Still not that great. Then I pulled the cracked screen out of the camera and put just the LED-lit backlight in, which really cranks out quite a bit of light! With the screen flipped around pointed towards your subject you could use it to deliver all the light you need when filming in the dark!

As usable as this was, it still wasn't as useful as a good screen would be. So I called to check on the price for a replacement -- $130. Ouch. Too much.

I figured Sony probably made some other cameras with the same exact screen, so I researched a little to find the models that have a 2.7" wide screen with 123200 dots. All these models looked like good candidates:

DCR HC47
SR52
SR72
DVD202
DVD203
DVD306
DVD404
DVD703
PC1000

After hunting around on eBay for a broken one with a good screen, I found a DVD203 for just $60. A couple of weeks ago I received it. Haven't had time to mess with it until last night, when I got out the phillips jewler screwdriver and got busy trading everything around. Here's both cameras, with the flaky donor camera showing off its good screen, and the cracked screen removed from my HC1:

While taking everything apart, there's a few fragile kapton connectors to deal with. One in particular is good to know about, the main feed that has tons of signal wires. On this one I found it best to lift up the holder with a fingernail:

To detach the four other connections it was best to gently push both sides with a screwdriver.

Here's a look at the electronics inside the screen for both cameras:

Different circuit boards, but lucky for me the same actual screen assembly. On the left is the cheapie donor DVD camera, and on the right my nice HDV camera. Notice that only the backlight (lower right connection) and rec / tele / wide button connections (blue connection) are attached on the HDV camera. At this point I had removed the cracked screen and put the backlight back in there.

With the main connection detached, I took out the whole screen assembly from the donor cam, and removed the three black screws holding everything together. Here's the three main layers that result:

There's the plastic bezel, a rubber shock absorber piece, and most importantly the screen assembly. The screen assembly itself has three sections: the touch-sensitive surface on top uses two smaller connections (at the left in the photo above, at the right in the photo below), the LCD part uses the bigger connection in the middle having lots of signal lines, and the LED backlight is a very simple connection with just 2 wires (at the right in the photo above, at the left in the photo below). Here's another view after separating everything:

After pulling out just the screen assembly from this mix and detaching the three connections going to the circuit board, I was ready to drop it into the HDV camera. Here's a look at the separate parts before putting them back together:

The screen assembly is at the right, which is first dropped into the bezel. Then on top of that goes the circuit board and metal frame piece at the left that I'm holding. It requires a thin black plastic separator that goes between the back of the backlight and the circuit board, to keep the circuit board from shorting against the backlight.

After dropping all of this in place and connecting the four smaller connections, it was time to reconnect the main connection coming from the camera. To get the piece to go in as far as it's supposed to, I found it best to do this very carefully with needle-nose pliers:

Once it's as far as it should be, the connector can be pushed back down to secure it, and it ends up looking like this:

After getting everything back together, it worked perfectly on the first try.

Nice to be back in action again.

LCD screens have certainly changed the world. Hard to find a device these days that doesn't use one somewhere. But dang they're fragile. If you have something with a broken screen, perhaps this tutorial will inspire you to try your hand at fixing it!

The type or namespace name 'Pkcs' does not exist in the namespace 'System.Security.Cryptography'

2008-02-12T08:05:31-12:00:00

I had an error that was been driving me up the wall, CS0234: The type or namespace name 'Pkcs' does not exist in the namespace 'System.Security.Cryptography'. This always happened while developing a web application in Visual Studio 2005 and wanting to use code that deals with certificates. During development Intellisense would find the System.Security.Cryptography.Pkcs namespace just fine. But it couldn't be found at runtime. I had registered the System.Security assembly, and the project always built just fine. The resulting assembly seemed perfectly normal. But no matter what I tried, even reinstalling the .NET framework on the machine, would make that dumb error go away.

Well, after more tinkering I found out the issue is all in the web.config. If you (1) install the normal payware version of Visual Studio 2005 and then (2) Install Visual Web Developer Express 2005 then later as you go back and develop with the payware version of Visual Studio then when you register assemblies it does not always add the references in the web.config file! So the fix in my case was to change the <compilation> element in the web.config, found under <system.web>:

<!-- 
Set compilation debug="true" to insert debugging 
symbols into the compiled page. Because this 
affects performance, set this value to true only 
during development.
-->
<compilation debug="true">

I just modified it to include the assembly reference like this:

<!-- 
Set compilation debug="true" to insert debugging 
symbols into the compiled page. Because this 
affects performance, set this value to true only 
during development.
-->
<compilation debug="true">
<assemblies>
<add assembly="System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
</assemblies>
</compilation>

Now at runtime everything works great!

Simplifying security cofiguration between web and database servers

2008-02-07T03:49:17-12:00:00

A question was posed to our user group's listserv yesterday. After typing up a response I saw that I had written a short novel on the subject, and thought it may be of use to those outside our group. First the question posed:

> My employer doesn't want to expose it's production databases to the world, so they sit safely behind a firewall. The production web servers want to talk to those databases, so we open the right ports to let them talk through matching, local machine user accounts. This way if the production environment accounts were compromised, domain privileges don't exist for these users, so the individual account cannot do anything with the internal domain (i.e. can't bring down the whole corporate network). Brilliant! Except...
>
> Problem: This solution requires us to replicate user accounts across every machine and we're getting more and more of them as we grow. It's a burden and it's also a QoS (Quality of Service) and security risk in its own right, because access is subject to account synchronization. What if password policy (like expiration) isn't enforced on an account? What if one machine in the web farm isn't synch'ed and we suddenly lose connectivity?
>
> There are controls that help mitigate risk with the current solution, but I have to believe there is a better way. Can someone explain alternatives to me in non-network-geek English?

The environment you describe is pretty common in the corporate world, with the majority of ports, including 135 / 137 / 139 for NetBIOS, 53 for DNS, and 88 / 464 / 500 / 3268 / 3269 for Kerberos, blocked by a firewall. Corporate policy usually restricts you from joining any externally-facing web servers to an internal domain. So basically you are the one that ends up doing the work that a domain controller would otherwise be doing, synchronizing everything, all in the name of better security.

Speaking of security, let's consider it to be kind-of like a war, us against hackers. Our web servers are at the very front lines, the "tip of the spear", and are the ones most likely to be compromised. If a web server falls into enemy hands, the security info it knows about can be obtained through "interrogation" by the enemy. So if the web server was part of a domain, a hacker could search that domain for resources. This is risky, as many computer names and user names would then be exposed. The same kind of information you see when you go to add NTFS permissions to a file or folder, and click "Advanced", then "Find Now". You can then see a list of users, groups, and computers. It's too big a risk to take for most organizations. Comparing it to war, sensitive intelligence is kept from those on the front lines, thereby limiting your exposure if someone gets captured. So you end up doing all those "need to know" security updates manually to the machines on the front lines.

So how can we simplify administration for security between web servers and SQL servers? There's a couple of options I can think of.

Option 1 -- Add a domain
Some corporate policies will let you set up a separate domain just for your SQL and web servers, so all those common "need to know" security details for the machines on your front lines can be easily set up. There's little risk of sensitive data from the internal domain making its way to the outside because there's a real separation there. No trust relationships between the inside and outside domains. Having a separate domain greatly simplifies setting up web farms. It's also essential to have your SQL server nodes joined to a domain when configuring database clusters. If the web servers and SQL servers are on the same domain or trusted domains then it's much simpler to use SQL server in "Windows Authentication" mode. So let's explore this option a little further. Here's a diagram:

____________________
Internal corporate network
Your Vista / XP computer is sitting on a desk in here somewhere
____________________

|
| Firewall allowing SQL requests only one direction
| (OK, maybe also terminal services connections
| in order to simplify administration via port 3389.)
V
____________________
* Domain Controllers for web environment (at least 2)
* SQL server(s)
____________________

A
|
| Firewall allowing SQL, Kerberos, and NetBIOS requests
| (ports 53 / 88 / 135 / 137 / 139 / 464 / 500 / 3268 / 3269,
| plus whatever custom port you use for SQL.)
V
____________________
* Web servers joined to the "web" domain. Each machine is "multi-homed" (has 2 network adapters), with one connection to the network above, and one connected below.
____________________

A
|
| Firewall allowing HTTP and HTTPS
|
V

vvvvvvvvvvvvvv
The Internet
^^^^^^^^^^^^^^

In this case note that the domain controllers and SQL server(s) would use an IP addressing scheme that does not route on the Internet, like 10.x.x.x, or 192.168.x.x. Also each web server would have an IP on this network.

If a web server were compromised then there would still be risk of an attacker discovering computer names and IP addresses of other web servers and database servers. Also account names used on that separate "web" network. But no risk that they would discover that same information on the corporate network. You may want to explore this option to simplify your day-to-day administration. Adding a new web server to the environment is as simple as having it join the domain, and then establishing file replication service (FRS), ROBOCOPY scripts, or something similar to synchronize files and permissions.

If data in the SQL servers has to be accessible on the corporate network then you could set up a firewall allowing just requests from the corporate network to be answered by the database servers, and then only on one port. (Often better for this not to be the default of 1433!) As long as you use a good firewall then it's pretty strong security, and very low risk of the corporate network getting exposed. No domain-specific information would traverse the wire.

In addition to the 3 firewalls shown above, you can also establish IPSec for even better security. This would be especially useful between the corporate environment and the segment with SQL / domain controllers. Also somewhat useful between SQL and web servers because a compromised web server could potentially sniff network traffic going between other web servers and the database server, exposing sensitive data. But bear in mind that you take a performance hit when using IPSec, so enabling this between web servers and database servers would slow down requests.

Option 2 -- Enable "Mixed" mode on your SQL server(s)
This one is quick and dirty. It avoids the need to configure special Windows accounts at all, and has you change out your connection strings to use SQL logins. It's functionally similar to what we saw with Option 1 in that security for the externally-facing resources is maintained separately from any internal credentials. In Option 1 it was done in a totally separate domain. In this option it's done by simply leveraging the security system baked into SQL server. But then the security credentials have to be exposed in the connection string. This doesn't protect the data in your SQL server nearly as well since a compromised web server could then give the attacker access to passwords used by the SQL service, potentially giving more access than in a scenario where the SQL server uses only Windows authentication. Because of this many corporate security policies do not allow SQL server to be configured in mixed mode. At least this option is simple, not requiring any additional hardware in your scenario.

With this option the SQL server(s) are still on the corporate network, so a major consideration is to harden the machines as much as possible. Disable risky extended stored procedures. This is more than just xp_cmdshell. What about xp_runweb, xp_regread, and xp_regwrite? Not to mention xp_dirtree and xp_enumgroups. Here's a fairly good checklist of security stuff for SQL server:

http://www.sqlsecurity.com/FAQs/SQLSecurityChecklist/tabid/57/Default.aspx

A sideline note -- especially important now that Windows Server 2008 has gone gold -- IIS 7 can simplify permissions when deploying websites. Instead of setting up NTFS permissions and having to copy them between web servers, you can use URL Authorization to configure the security right in the web.config. This way all you need to do is copy the files onto the web server and you're done. No more messing with NTFS permissions.

Hopefully this info will help you to find an easier way to administer your web environment!

Hey Dick -- At this point exactly who is terrorizing who???

2008-01-23T16:46:06-12:00:00

When will this administration learn to stop looking for things that don't exist? Weapons of mass destruction in Saddam's hands. Okay, maybe there weren't any. Spinning centrifuges in Iran. Okay, maybe there aren't any. Muslims banding together and plotting to blow up natural gas lines or release serin in subways. Probably not. Or how about -- me hiding a flippin' explosive device in my shoe while boarding an airplane. Definitely not. But still I have to pay $2.50 every time I board, just to stand in that lengthy line and make my way through the scanners.

I'm tired of it. I love travelling overseas where this kind of nonsense does not exist, and where at this point people are much *more* free than here. Places that aren't steeped in financial turmoil -- their country is not deeply immersed in a completely pointless military exercise, with their Federal bank slashing interest rates in order to postpone the inevitable recession from all the spending.

At this point I hope Winston Churchill's sarcastic saying will still hold true -- "Americans will always do the right thing... after every other option has been exhausted." But this time after all the damage is done will we have enough energy left to do the right thing? Or have we lost a precious piece of freedom forever?

Why of all days did I pick today to rant? Well, today we have Dick Cheney pressuring Congress to maintain the wiretap measure. The same wiretap policy that was first secretly enacted by Bush in 2001. It places a stranglehold on our privacy. Did you know the government can legally turn the microphone on for any cell phone in America -- at any time -- and listen in for as long as they want? This bill is not just about tapping phone calls and emails. It's fairly invasive. At this rate pretty soon every time I fart there will be some sensor reporting it back to Homeland Security.

Let me step back and reminisce for a moment. I was fortunate enough to be born into this great land, whose constitution guarantees freedom for all. For a couple of centuries it really worked pretty well. We had some stinker presidents at times, but checks and balances sorted things out. I think another key thing is that in terms of foreign policy during our first 180 years we were reactive, not out to try to stir up trouble. We were worried about the beam in our own eye, not the mote in someone else's. But now we find ourselves following the conquests of a religious zealot, and we're just now becoming fully aware of the pack of lies that was spun to bring us to this point. Apparently 935 so far, and counting. I feel that so much has been lost, both at home and with the trust of the world, that 100% true freedom may not be found again in America. I don't want to walk out on it though. It's the land that I grew up loving. I have so much respect for the founding fathers. I hate watching people trample our inaliable rights.

We have the rest of the primaries coming up soon. Super Tuesday is just around the corner. I think that the one candidate that can best pull us out of this ridiculous mess is Ron Paul. (The link there goes to Wikipedia, not some fruity campaign page.) He's got a good track record. One of the few Republicans who voted against the Iraq war. He tells is like it is, and doesn't waffle. My friend Paul Schroeder has been bugging me for the past few months to take a look at his platform. I did, and I'm impressed. No wonder he's raised so much money with virtually zero assistance from the media. From what I have seen he's got the most honest, well thought out message out of the whole bunch. If you're registered Republican in a state that hasn't had their primaries yet then I would urge you to see what he stands for, and consider casting a vote in his direction. At any rate, be sure to visit the polls this time 'round. There's alot on the line.

Introducing the $1800 MacBook Air

2008-01-15T06:33:43-12:00:00

At the MacWorld keynote this morning Steve Jobs saved the best for last. Of the 4 major things he spoke about, the final thing was the announcement of the crazy-small MacBook Air. This is the world's thinnest notebook, sporting an LED edge-lit screen, custom Penryn processor, and all that weighing only 3 lbs. Small enough to fit in an envelope:

(Steve carried it out on stage in an envelope actually.)

MacBook Air specs:

A claimed 5 hours of battery life. The battery actually consumes about 2/3 of the lower portion, pretty much the entire slender area of the machine! (We can probably expect an honest 3 hours of use)
0.16" to 0.76" wedge. (The thickest part of the MacBook Air is thinner than the thinnest part of the Sony TZ series.)
Magnetic latch
13.3" widescreen display with 1280x800 resolution
Ambient light sensor to automatically adjust the display and keyboard backlighting
Full-sized keyboard
Multi-touch gestures available on the trackpad. (Pinch zoom and rotate by twirling a finger around your planted thumb.)
1.8" 80 gig hard drive, or 64 gig SSD as a pricey option
1.6 GHz or 1.8 GHz Core 2 Duo (low-energy Penryn type in a CUSTOM package made just for Apple!)
Connectors include power, USB 2.0, Micro-DVI, and audio

In other news from the keynote, Apple has released their version of Home Server, which they call "Time Capsule". They are also trying to redefine video rentals with what ends up being movie rentals in a simple iTunes-like interface. You can watch flicks on PC, Mac, iPod, and iPhone. With $3 rentals (well, $4 for new releases and $5 for HD movies) it's fairly competitively priced. And the interface looks pretty slick. After you rent you can start watching the movie right away while it downlods to your PC, and you have 30 days to finish watching it before it self-destructs. In conjunction with all this video rental news the Apple TV appliance got a software update and a $70 price cut, now $230. Watch out NetFlix and Blockbuster!

Phishers now setting up fake 800 numbers? Man they're getting gutsy these days.

2007-11-09T03:30:09-12:00:00

Got this phishing message in the email this morning:

Subject: Case ID: DXA6E9JK

Body:
Dear Bank of America Military Bank customer,

We regret to inform you that we have received numerous fraudulent e-mails which ask for personal
information. Please remember that we will never ask for personal information through e-mail or websites.

Because of this we are launching a new security system to make Bank of the Cascades cards more secure
and safe. To take advantage of our new consumer Identity Theft Protection Program we had to
deactivate all Debit/ATM cards.

To reactivate your card please call (800) 609-0579 and follow the steps.

Reactivation is free of charge and will take place as soon as you finish the process.

Wow, phishing scammers with a fake (800) number. That's kinda gutsy, don'tcha think? Shouldn't it be fairly easy to catch them? Here's an MP3 recording of what you get when you call:

Note that it's 100% voice-synthesized, so there's no way to track by voice. Well, it's all voice-synthesized except when you press an invalid option during the first part, which you hear me do in the recording, as it comes up with "that is not a valid option". Could that possibly be the voice of the perpetrator?

I'm just surprised that even though they ask for card number, PIN, and expiration date, they don't ask for the 3-digit security code on the back of the card.

Has anyone gotten Virtual Machine Additions to work under 2008 Server Core RC0?

2007-11-01T22:37:17-12:00:00

Virtual Machine Additions are such a nice enhancement when using Virtual PC, but apparently one that is not currently compatible with Server Core 2008. I first tried to install normally using VMAdditions.iso, but it comes up to a point where it tries to copy files, and fails, at that point during the MSI setup coming up with the message "Rolling back action:", with a progress bar that goes backwards. Soon the nonsensical screen "Setup Completed" is shown, with the additional information "Setup was interrupted before Virtual Machine Additions could be completely installed."

Looking at the setup log, it seemed like permissions may be an issue. But the setup process was running as an elevated Administrator on the machine. (Seems like you can't run anything as LUA in Server Core.)

Undeterred, from another full Server 2008 installation that had Virtual Machine Additions installed I copied the driver files from the Program Files folder. This is from version 13.803 of VMA. Then I tried this:

C:\>pnputil -i -a "c:\Program Files\Virtual Machine Additions\*.inf"
Microsoft PnP Utility


Processing inf : msvmmouf.inf
Successfully installed the driver on a device on the system.
Driver package added successfully.
Published name : oem0.inf 
Processing inf : msvmscsi.inf
Successfully installed the driver on a device on the system.
Driver package added successfully.
Published name : oem2.inf
Processing inf : VirtualAudioDevice.inf
Failed to install the driver on any of the devices on the system : The required
section was not found in the INF.
Processing inf : vmadd_xp_drv.inf
Failed to install the driver on any of the devices on the system : No more data
is available.

Adding at least one driver package failed!
C:\>

For those that aren't familiar with the new pnputil command, it basically allows you to add and update drivers without having to use Device Manager. Earlier beta builds used to have a similar tool called drvload that had limited functionality.

So after running pnputil, things looked somewhat healthy, getting at least msvmmouf.inf and msvmscsi.inf onboard. I rebooted. But after coming up, the video display was in 16-color mode, and rendering was incredibly slow. Also no indication that any of the neat tricks available with Virtual Machine Additions had actually taken effect. It seemed like hard drive activity wasn't negatively affected, but the other niceties of Virtual Machine Additions hadn't taken effect. So to recover, I removed just the stuff that came from msvmmouf.inf like this:

C:\>pnputil -d oem0.inf
Microsoft PnP Utility 
Driver package deleted successfully.
C:\>

After a reboot, things were back to where they were before, with no VMA. So that's everything I've tried. If anyone has any ideas of how to get VMA running under Server Core RC0, I'd be very interested to hear about it.

If I got $143 a year from every single person in America, I could do alot of spying.

2007-10-30T12:14:44-12:00:00

43 billion dollars is kind-of a hard amount to put your finger on. Until you divide it by America's population and see that it's $143 for every man, woman, and child. Hard to believe there's so much budget allocated to spying. That's almost half of what will be spent on the war in Iraq during this year -- which equates to $324 from every one of us. If the war really does end by 2017 as some hope, it will cost every one of us over $7000. Maybe more.

All this spending makes it easy for me to understand how our dollar is so utterly screwed. Compared with the British Pound it's at the lowest value in over 26 years. For the next decade I'll bet Europe's economy is king. I just can't understand why Asia hasn't taken off as fast. We've been neck and neck, but ever since the half-point drop in the interest rate back in September the Yen started on its way up. Hmm, Yen seems like a good investment right about now.

Windows 2008 Server Core is worth a look

2007-10-30T06:02:37-12:00:00

I've been experimenting with the Server Core version of Windows Server 2008 for a project I'm working on. You may be aware that Win2K8 ships with this great new streamlined "Server Core" mode that you can select during setup. Installation is lightining-fast, just 10 minutes on my Core 2 Duo machine. (And that's including the 2 reboots, hardware detection, and everything!) You end up with only a very minimal set of GUI tools, including notepad and regedit. The thing is lean and mean, and can run very well in just half a gig of RAM. You can still copy some Windows executables into the environment and have them run. Here for instance is Solitaire running under Server Core:

While this simple GDI-centric app works, others will not. One of the major limitations is that no trace of Internet Explorer is available. At first this probably doesn't sound like that big a deal, perhaps even a welcome change for a server environment. But before you start rejoicing, consider that all of the Common File Dialogs, like File Open and Print, come from Internet Explorer. Okay, so easy enough to install an older standalone version of IE to bring this functionality back, right? No. All you will get is an error message about how the terminal server needs to be in application installation mode to continue. If you try to do the common "CHANGE USER /INSTALL" trick from the command line to fool it, it comes up with a message about terminal servers in remote administration mode can't be set to install vs execute. I didn't find an easy way to install Internet Explorer anyway, but I didn't try very hard either.

Another limitation with not having IE around is that all of Microsoft's versions of the .NET Framework (the ones for Wintel boxes anyway) require Internet Explorer 5.01 or later. You can still install Mono from Miguel deIcaza and team, and it will serve out ASP.NET content using XSP pages. But for those that prefer the standard configuration of ASP.NET 2.0 that comes out of the box with Server 2008, that's not possible with Server Core... yet. But there is talk of creating an updated version of the .NET 2.0 framework that will work in Server Core for ASP.NET.

Another limitation related to IIS 7 is that all those cool new hooks available in integrated pipeline mode can only be used with native code, so no managed modules. And you can't do remote administration since it also relies on the .NET Framework. IIS 7 is still a great high-performance architecture when running under Server Core, but just not as convenient as when it's on a system that can run managed code.

The final limitation with not having the .NET Framework onboard is that PowerShell is not available. So needless to say, I'm really looking forward to a custom release of the .NET Framework designed for Server Core!

On the upside, what you get is a great little server platform with a really small footprint. You can make it a domain controller, DNS server, DHCP, IIS with FastCGI, and so on. No SQL or Exchange since they also require IE and the .NET Framework. It's quite possible that SQL and Exchange will never be supported on servers using this kind of small footprint.

When administering, you get a couple of handy GUI-based tools to help you out. First, MSINFO32, which won't let you change settings, but does let you at least visualize how the machine is configured:

You get basically a read-only view of device manager, the services running on the system, and many other handy tidbits of info available through WMI. For services this is a very handy view to know what's running, and the short names you need to use with NET START and NET STOP.

Second, you get the always useful Notepad program. The standard File / Open and File / Save dialogs have been changed out to use the old-school 32-bit API calls that were first made available back in Windows NT 3.1:

Third, you still get regedit! The good one that lets you change permissions. It's also modified to work with the older common file dialogs, so you can import and export whole keys:

A final tool worth mentioning is a command line tool that you can only get in Server Core. It's oclist, which is designed to help you out when you use ocsetup:

Consider that since you don't have access to Server Manager (which is the new Add Remove Windows Components thing in Server 2008), it's harder to install stuff. Imagine how annoying it would be to figure out the cryptic command line junk needed to install and uninstall features of Windows just using ocsetup.exe and pkgmgr.exe blind. It would be a nightmare. Fortunately you can run this tool, oclist, to see exactly what features are available to install, and it shows them in a hierarchy that describes the dependencies involved.

There's no facility to upgrade a Server Core install to a full install of Server 2008, or vice-versa, but you can at least copy the oclist tool over to another machine that's running the full Server 2008, and then run it to see all the cryptic names of exactly what is installed on that system. This allows you to more easily replicate that same server scenario on the smaller-scale Server Core. Note that the full (non-Core) install of Server 2008 has LOTS more stuff that gets listed when using oclist.

One final thing to mention is that although the full Control Panel is not available, you get two of the applets, the timeDate.cpl and intl.cpl:

Everything runs as the elevated Token. No Vista-style "whack-a-mole" with UAC popups. Notice that the command prompt itself is running elevated all the time. I don't even think you can start a process as LUA.

All in all I'm impressed with this option for Windows. Kind-of reminiscent of the good ol' DOS days when we were all rooted in the basics, and the command line was king. I expect lots of shops will take advantage of this lightweight and secure environment.

Arriving in Ireland

2007-10-05T05:04:54-12:00:00

Got out to Ireland safe and sound, in preparation to teach a Vista class next week. It's so beautiful out here. I'm in Doolin, which is a lovely little town by the sea. Been awhile since I bored everyone with a travellogue, so I thought I would share a few photos of the scenery:

View of the ocean from the hostel where I'm staying

Lots of cows out here!

Here's the hostel.

This is the bus driver who took me from Ennis to Doolin. He really got a kick out of my electric scooter!

Here's the only garage in town, where I aired up the scooter tires. (Didn't want to fly with them inflated since they could pop depending on how the baggage compartment is pressurized.)

A group of 20 children went to a field to play stick-ball

More Irish children, happy to go and play

Lots of old buildings around, like this

Many only have one or two walls left. This is hundreds of years old.

Loving the scenery. Time now for me to go grab a bite to eat.

Sony displays the world's first OLED panel, the XEL-1

2007-10-01T02:59:01-12:00:00

Demo unit on display this week at CEATEC Japan

Commercial unit to be sold in December

Finally, an OLED panel that's reliable enough to sell. Unlike backlit LCD, which uses the same amount of power all the time, OLED only uses power for the individual pixels that are lit, saving energy. It's not a technology that has to "shutter" light, so contrast is incredible. As well, viewing angle is 180 degrees, both horizontal and vertical. There's no angle that you would see any funny coloration, so it becomes a perfect image from any angle. It's similar to how the huge "Jumbotron" LED displays work, but on a *much* smaller scale.

This one averages 45 watts continuous for a bright 11 inch panel. And the panel, not needing any complex backlight configuration, is only 3mm thick, and has no breakable glass. What a welcome change from LCD.

This goes on sale in December, available only in Japan for now. Price is high as well. (If the dollar keeps slipping then who knows, by the time it's released on December 1st it might be around $2000 US for one of these!) Even at that high price, Sony is losing money with every set that is sold. It will take awhile to recoup the engineering costs involved. But within two years things should be turning around, with panels making their way into laptops, and stand-alone sets available for half of the current cost.

Resolution is just 960x540, which is only a touch better than the best standard definition sets available today. You certainly wouldn't want to use this for a studio HD monitor anyway. I'm sure future screens coming from Sony will better qualify as being high definition. But what the heck, it's a start!

Lifespan is rated at 30,000 hours, which is about half of what you can expect from today's LCD panels.

The technology may be marketed as "Organic Panel". At least in Japan that's what Sony is calling it. More info is available from Sony's website in Japan.