Practical Technology

for practical people.

November 12, 2009
by sjvn01
2 Comments

Linux desktop turns 10; world yawns

I began using Linux as a desktop operating system around 1993, two years after Linux was created. Countless developers, engineers and hackers were doing the same. But at that point, it wasn’t what most people would recognize as a desktop OS. The credit for creating and marketing the first Linux desktop designed for ordinary users goes to Corel Corp., which launched Corel Linux OS 10 years ago, in November 1999.

Corel was then a Windows software company, but its founder, Michael Cowpland, wanted to do bigger, better things. Corel had already had some success in 1998 with its Linux-powered NetWinder small office/home office server appliance and its WordPerfect word processor on Linux.

Corel Linux was built on top of the Debian 2.2.12 Linux kernel and used the KDE 1.1.2 desktop environment. Besides WordPerfect and the usual Linux applications (such as Emacs for text editing and programming), it also included alpha versions of the company’s Quattro Pro spreadsheet and CorelDraw graphics programs for Linux.

More >

November 11, 2009
by sjvn01
0 comments

Avoiding the Windows Fonts of Doom

It’s easy to say you should patch your Windows PC as soon as possible. But, if you have a business with hundreds of PCs, and an even greater number of ways that a patch might cause trouble, you can’t be blamed for wanting to do make darn sure the patch doesn’t cause more trouble than it fixes before implementing it. Except, for days like today.

You see, in the blockbuster November 2009 Windows patch fest, the fixes included a repair for a really nasty, really easy to exploit security hole: Microsoft Security Bulletin MS09-065. This Windows kernel vulnerability is found in all but the newest versions of Windows: Windows 7 and Windows Server 2008 R2. Unlike most security holes you don’t have to do anything to get zapped by this one. If you use Internet Explorer to visit a malicious site that’s been set up as a trap for people who are vulnerable to this bug-bang! An attacker can do pretty-much whatever he or she wants to your vulnerable PC.

At the least, they’ll be able to crash your Windows PC. At most, and more likely, they’ll infect it with malware. From there, you may get your financial information ripped off, become a source for spam, or even become the piggy-bank for a pervert’s kiddie-porn.

More >

November 10, 2009
by sjvn01
0 comments

Torments of the Internet damned

I live on the Internet. I work on the Internet. I keep in touch with my friends on the Internet. Without the Internet, I’m out of business. I’m not the only one. But lately, with my rock-solid AT&T DSL connection (6Mbit/sec. down, 512Kbit/sec. up), I’ve taken it for granted. That was before my connection went sour and I rediscovered just how miserable life can be without a good network connection.

Last Friday my network connection started turning on me. It never completely failed. Instead, it started torturing me with a thousand cuts of minor slowdowns and nagging latency delays. By Saturday morning, my network connection was down to dial-up modem speeds of 32Kbit/sec.

Imagine trying to run a hundred-yard dash in knee-deep mud and you have an excellent idea of how I’ve felt over the last few days. Instead of getting my work done, I’ve been working, with AT&T, on getting my Internet connection back into shape. It hasn’t been easy. I’m falling behind in my real work; and my connection is still having fits.

It could have been worse, though. Yes, I rely on the Internet to do my job, but I don’t rely on network-based applications. I use the Web, instant messaging and e-mail constantly. But I don’t write stories using Google Docs, manage projects with SharePoint Online or use Salesforce for CRM (customer relationship management). If I did, I wouldn’t just be angry and miserable; I might well be on my way to being out of a job as well.

More >

November 10, 2009
by sjvn01
0 comments

Using Secure Remote Connection to Access Office Resources Connected PCs

Computers and Internet access are universally available, but your corporate network resources are probably only available on your office PC and on your laptop. If you wanted to securely use your office resources from another computer — say, your husband’s laptop or your local library’s PC — you were out of luck. Until now.

By using the combination of Windows 7 and Windows Server 2008 R2 services, your IT department can set up what Microsoft calls Secure Remote Connection. With this feature, a user on any Windows 7 system can gain access to the corporate intranet’s resources. In short, with the right back-end setup you can run office-only programs and get to server-based files from any Windows 7 PC. If desired, you could even set up a complete thin-client desktop solution, where the entire business desktop is hosted on the servers and staff run the desktop on any Windows 7 PC with a high-speed Internet connection.

What makes this different from, say, Microsoft’s Windows Server 2008 Terminal Services Gateway or Citrix XenApp? Secure Remote Connection tries to provide a more integrated package on the server side that also doesn’t require any additional software on the Windows 7 desktop.

Microsoft hasn’t yet provided a recipe on how to do this, but we do know what the ingredients are for this virtual desktop dish. On the server side, it starts with Server 2008 R2?s Remote Workspace and Remote Desktop Gateway.

Remote Workspace is the new name for Terminal Services in Windows Server 2008 R2. This package has more than just a new brand-name. It incorporates both the presentation virtualization and the VDI (Virtual Desktop Infrastructure).

This in turn is managed by the Remote Desktop Connection Broker. Under this new virtualization-based approach there are two kinds of thin-client Windows 7 desktops for remote users: persistent (that is, permanent) VMs and pooled VMs.

In the case of a persistent VM, there is a one-to-one mapping of the thin-client Windows 7 desktop to users. Just as with an ordinary desktop, each user is assigned his own unique desktop. Except, in this case, it’s a virtualized desktop. The user can customize the desktop to his taste, and he can use it on any Windows 7 PC with an Internet connection.

With a pooled VM, a single image is replicated as needed. You can still maintain a unique user state by using profiles and folder redirection, but any changes made during a session disappear when the user logs off.

To use any of this functionality, though, you need more than just the technology. You need to license Microsoft Windows Virtual Enterprise Centralized Desktop (VECD). VECD licensing, which is device-based, is mandatory for any Windows VDI deployment that uses virtual copies of Windows. To manage all this, Windows Server 2008 R2 uses a unified front-end to manage these new Hyper-V based virtual machine remote desktops.

To make sure these remote virtualized desktops (persistent or pooled) get to the right resources, Server 2008 R2 uses the updated Terminal Services Gateway, Remote Desktop Gateway. The major changes from an enterprise point of view is that Remote Desktop Gateway is more efficient in handling and managing idle sessions. This, in turn, saves system resources on the server side, and, in the long run, that saves cash.

Connecting all this with the Windows 7 desktop is an updated version of Remote Desktop Protocol (RDP ). Microsoft claims that this new version of RDP is faster than ever before. In addition, it supports the Aero Glass interface, improved multimedia performance, and it supports redirecting DirectX. So, in theory, you could run games over RDP on a virtual Windows 7 desktop. That’s not a good idea at work, but it does underline RDP’s improved speed improvements.

Helping this performance boost along on the Windows 7 side is DirectAccess. Microsoft calls DirectAccess a virtual private network (VPN) replacement, but that’s not quite right. DirectAccess incorporates a built-in Windows 7 VPN that uses Internet Protocol security (IPSec), an old, but still robust, Microsoft VPN protocol.

What makes DirectAccess more than just a VPN is that it uses Internet Protocol version 6 (IPv6) to make the end-to-end connection between a Windows 7 client and a Windows Server 2008 R2 host. There’s nothing new about IPv6; it’s the next generation of TCP/IP networking, which has never found broad acceptance in North America or Europe. Microsoft is using it now to perform the rare feat of improving both security and speed.

It improves security because it combines the relatively uncommon IPv6 with IPSec. You can also use DirectAccess to authenticate the user and use it to configure what intranet resources specific users can access with it. Last, but far from least, you can also integrate DirectAccess with Network Access Protection (NAP). By doing this, you can make sure that users won’t be allowed in if they’re trying to login from a Windows 7 system without up-to-date patches or an anti-virus program installed.

The performance boost comes from separating corporate traffic from Internet traffic. With DirectAccess, only corporate network traffic actually starts from or goes to the business servers. With a traditional VPN, all traffic, even if it’s just to do a Google search, is routed through the corporate network. By reducing this traffic, DirectAccess reduces traffic both at the corporate gateway and within the LAN, thus preserving resources; it also increases the client PC’s effective network speed by avoiding the overhead of sending ordinary Internet requests though the business network.

You’re not using IPv6? Not a problem. DirectConnect has support for IP-HTTPS. This is a new tunneling protocol that’s only supported by Windows 7 and Windows Server 2008 R2; it enables the office PC and server to tunnel IPv6 packets inside an IPv4-based HTTPS session. This provides both the necessary IPv6 support, while also helping your company’s PCs to make connections through a Web proxy server or a firewall that might block an ordinary VPN connection.

Here’s the broad outline of how it works. First, you set up your Windows Server 2008 R2 hosts so that they can handle DirectConnect, Remote Workspace and Remote Desktop Gateway. If you elect to use virtual machines for off-site Windows 7 users, you also need to jump through the VECD hoops. That done, you’ll be ready to let any of your Windows 7 users – with the proper authentication – start using your corporate resources.

Once set up properly, this powerful combination of Windows 7 and Server 2008 R2 should enable your workers to do their work from almost any location. While this is likely to require upgrading your servers, by improving both remote security and network speed, it should result in a bottom line IT win when all is said and done.

A version of this story first appeared in IT Expert Voice.

November 10, 2009
by sjvn01
2 Comments

Where is the Linux desktop going?

While I like the Linux desktop a lot, I don’t pretend that it’s that popular. That’s why I found it fascinating that, despite everything Microsoft has been able to throw at it, desktop Linux still managed to claim 32% of the netbook market.

And Microsoft has thrown everything but the kitchen sink at desktop Linux. For example, the Redmond giant has strong-armed vendors into not selling Linux-powered netbooks; lied about Linux sales; and all but gave XP Home away to keep vendors from including Linux instead . Despite all that, it seems, according to ABI Research, that desktop Linux has actually grown in the last year.

ABI reports that almost a third of the netbooks that will have shipped in 2009 came with Linux. Last year at this same time, ASUS, then the world’s biggest netbook vendor, said that only three out of ten of its netbooks were shipped with Linux. In fact, looking ahead, Jeff Orr, an ABI analyst, predicted that Linux will overtake Windows on netbooks by 2013.

Why? Because it’s cheaper. The rise of ARM-powered netbooks with Linux that will bring laptops to the $100 price range is expected to help Linux take over the bottom-end of computing.

More >

November 10, 2009
by sjvn01
0 comments

Microsoft violates GPL

Microsoft has long ripped off free software. The canonical case is that Microsoft’s first version of the fundamental TCP/IP network stack, which underlies the Internet and almost all business networking, was swiped from the BSD-licensed Unixes. Years later, it seems Microsoft still can’t resist stealing from open-source software.

Rafael Rivera, a Microsoft fan, reports in his “Within Windows” blog that Windows 7 USB/DVD Download Tool, a program to help netbook XP Home users to upgrade to Windows 7, contains “source-code source code was obviously lifted from the CodePlex-hosted (yikes) GPLv2-licensed ImageMaster project.”

CodePlex is Microsoft’s open-source project hosting site. It’s also the name of Microsoft’s new ‘open-source,’ non-profit group, the CodePlex Foundation. The Foundation’s job is to bring open-source and proprietary software companies together to work on open-source projects. Well, now we know why: so that Microsoft can walk off with any goodies that they produce.

More >