Practical Technology

for practical people.

November 30, 2009
by sjvn01
4 Comments

Windows 7 networking guide

I’ve been looking a lot lately into high-end Windows 7 networking features like URL Quality of Service (QoS)-based traffic management and Secure Remote Connect. There is a lot to like here, and yes I am a Linux guy saying that, but I’ve also noticed that many of Windows 7’s best networking features are only available if you use Windows 7 Enterprise Edition. Furthermore, to get most of these high-end business features to show their stuff you’ll also need Windows Server 2008 R2 on the server end.

I find this more than a little annoying. Microsoft’s business has always been about locking users in to buying the latest versions of their products and making sure that you’ll have trouble staying with older products or switching to another company’s operating systems. The combination of Windows 7 and Server 2008 R2 underlines this point in red. For example, even if you just ‘upgraded’ to Vista and Server 2008 last year, you won’t be able to use even such low-end networking features as Windows 7 HomeGroups, Windows 7’s answer to XP and Vista’s MSHome/WorkGroup simple file and printer-sharing.

The simple truth is that with Linux or Macs, all the versions come with all the network features. That hasn’t been true of Windows since XP came along, and you had to pay an extra $100 to upgrade to XP Pro before you could use your Windows computer in a business network. That, at least, was straightforward. With Windows 7, it’s hard to know what feature is supported in what version so I thought I’d give you a helping hand in what’s what with Windows 7.

More >

November 27, 2009
by sjvn01
0 comments

Fixing the Internet Explorer Blues

Earlier this week Microsoft announced yet another IE (Internet Explorer) bug. This one, Microsoft Security Advisory 977981, is one of the really bad ones that can allow attackers to take your Windows PC over. Yuck!

Microsoft is working on a fix, but there still isn’t one, and worse still, there are already several attacks out there that can exploit this IE security hole.

The new hole exploits how Internet Explorer uses certain CSS (Cascading Style Sheet) objects, which is commonly used to determine how a Web page is displayed. It’s put into play when you go to a page with contaminated JavaScript. Sound familiar? It probably does, deliberated corrupted JavaScript has been used to compromise browsers for over a decade, and it’s still doing it today.

This particular problem hits IE 6 and 7. If you have Internet Explorer 8, which is what comes on Windows 7, you’re safe from this one.

More >

November 26, 2009
by sjvn01
0 comments

Making wise Black Friday PC buys

I don’t need a new PC, but I want one anyway. All those Black Friday deals are mighty tempting. But, if you’re going to give in to temptation here are some hints to keep in mind.

First, those deals that are too good to be true? Many of them are too good to be true. If you are the first person in line at 4 AM you may get the one ultra-low price laptop that a store will have in stock. But, if you’re a ‘late’ riser, who doesn’t make it to the store until 4:05, you can forget about the miracle-priced computer.

Other computers may also be on sale at insane prices, but take a careful look at exactly what it is that you’re buying. I’ve seen several netbooks deals that sound great… until I looked closer and saw that they require pricey, two-year mobile phone contracts on top of the up-front price.

I’m not saying you can’t get a good deal. You can. Just don’t get too worked up about sub-$100 priced computers, or you may end up disappointed or with a PC that costs you far more in the long-run.
More >

November 25, 2009
by sjvn01
0 comments

Getting the Most Out of Your Windows 7 Internet Connection

Chances are, everyone on your intranet has Gigabit Ethernet, with its 1,000 Mbps (Megabit per second) speeds. Or perhaps your laptop users are moving up to 802.11n Wi-Fi with 100Mbps throughput. That’s all great — but once your users hit the router, they’re all back to fighting over your far-more limited Internet connection (say, a 44.6 Mbps T3 line). That’s where traffic management comes in.

There are many ways to make sure your YouTube fans don’t eat up your Internet bandwidth. For example, Extreme Network switches, F5 Networks’ BIG-IP network traffic managers, and many other high-end network devices can help you get a grip on how much unnecessary traffic goes to the Internet. But, now Microsoft has built in a new, easy way to manage network traffic in Windows 7 and Windows Server 2008 R2: URL Quality of Service (QoS)-based traffic management.

Windows has long had QoS traffic management that used applications, IP addresses, and port numbers to determine which traffic got priority. Now you can set priority by website address. This way, all a network administrator need do is set up policies by website, instead of digging around for IP addresses, which may change over time. So, for example, you could set the Wall Street Journal’s site to have a high-priority while locking down ESPN.

To do this, you first set up a QoS Policy on Server 2008 R2. The simplest way to do this is to use the GPMC (Group Policy Management Console).

The key technology that makes all this work is Differentiated Services Code Points (DSCP). This is derived from an Internet networking standard, RFC-2474, that defines how a value in a TCP/IP packet header is set. It’s used to determine how high a priority packets are given as they make their way around a network. Generally speaking, the higher the DSCP value you give a site, the higher its traffic priority is. So, for example, if you gave a company external site a DSCP of 63 — the scale ranges from 0 to 63 — traffic to that site will be much faster than to, say, YouTube with a DSCP of 0.

Exactly how the traffic is throttled to a given site isn’t determined just by its DSCP. You have to set in the GPMC how fast or slow a site’s traffic is permitted in either KiloBytes per second (KBps) or MegaBytes per second (MBps).

Once you set up your DSCP values and their corresponding throttle rates on the Policy Profile tab, you can assign them to URLs. These URLs can include wild-card characters and — although you won’t need to for most websites since they use port 80 by default — you can also specify a port number. You’ll also want to select the Include subdirectories and files check box to apply the traffic management settings to all of the URLs’ subdirectories and files.

There can be competition between policies. The tie-breakers start with DSCP, and then (from highest to lowest) are determined by host name listing order, IPv6 address, IPv4 address, and wild-card. So, when you build your policy, be sure to list the most mission-critical sites first by their specific URLs.

To make sure your policies work the way you want, Microsoft provides a handy QoS Traffic Generator, and examples on how to use it with its QoS Traffic Generator Example Usage.

That’s pretty much it on the server side. On the Windows 7 client side all you need to do is click a few buttons and you’ll be on your way. Click Start -> Control Panel -> Network and Sharing Center. Once there, select the appropriate LAN connection. Then, once you’re at the Local Area Connection Status window, click on Properties, make sure the QoS Packet Scheduler radio button is clicked on, and you’re in business.

Sure, other network tools give you even finer control, but for a pre-packaged network traffic management solution, QoS URL is a very handy and easy to use addition to the Windows networking family.

More >

November 24, 2009
by sjvn01
0 comments

Five things Chrome OS isn’t

Some people still seem a little confused about what Chrome OS is, and isn’t, so here’s my quick guide on what’s really what with this forthcoming operating system.

1. Ready yet

I’m already seeing people proclaiming that it’s awful. Uh, people, it’s not even beta yet. Yes, even now Google Chrome OS works pretty darn well, but what we’re seeing now isn’t even close to what will eventually be shipping. Proclaiming that it’s already a failure or that it deserves a ‘D-‘ grade is, at best, ignorant, and, at worse, deliberate anti-Linux and anti-Google FUDing.

Heck, even I, who has little love for Windows, waited for Vista to be in beta before I started kicking it around. Give it a chance people.

More >

November 24, 2009
by sjvn01
1 Comment

Five reasons Google Chrome OS Security Wins

Google’s Chrome OS has many virtues. Based on a solid foundation of Ubuntu Linux, it uses the Chrome Web browser as its interface to any and all applications. Chrome OS is also not so much a Windows replacement, as it’s an attempt to get rid of the entire traditional idea of a PC desktop. If Google is successful with this, one big reason will be its vastly improved security.

Before I go into why Chrome OS will be much more secure than Windows, I have to point out that Google has one big, honking huge security problem to fix first: it’s reliance on the fatally flawed login/password model. If they can beat that problem, then Chrome is likely to be most secure ‘desktop’ operating system we’ll have ever seen. Here’s why.

First, Google accepts that it’s impossible to make an absolutely secure operating system. They use a phrase to describe this design philosophy that I think every developer should have tattooed on their hands: “The perfect is the enemy of the good.” In other words, Google won’t waste its time on trying to find some perfect system that only exists in fantasy. Instead, Google is spending time on making the best practical security system. This is how it plays out.

More>