Windows

My first Windows 7 build

Dave Farquhar Hardware, Software, Uncategorized, Windows , , , , , , , ,

I rebuilt a friend’s Windows 7 system this week.

The system includes a 30 GB SSD to boot from, and a RAID 1 mirror of 1 TB drives for storage. Aside from the two 1 TB drives, it’s basically a collection of $100 components. $100 Asus motherboard, $100 video card, $100 CPU. It seems like right now, no matter what individual system component you’re looking at, $100 buys you something really nice without going too far over the top. I’m sure certain aristocrats might disagree, but any reasonable person ought to really like using this system. Read more

What to do when a Microsoft patch won’t install

Dave Farquhar Software, Windows ,

Every once in a while, when you push patches for a living, you come across a time when a Microsoft patch won’t install. This is one of those times, and what I did to fix it.

So, Microsoft KB947742, an old .NET 1.1 fix, refused to install on one of the servers at work. When I ran the executable, all it did was pop up the window showing the Windows Installer switches or parameters. Searching Google turned up a number of people having the problem, but no solutions that worked, although reinstalling the .NET 1.1 Framework and the latest version of the Windows Installer are always good ideas when you run into weird problems. .NET 1.1 is extremely fragile anyway, and reinstalling it along with all applicable hotfixes has worked for me in the past to resolve weird issues, such as permissions issues showing up in the security log. Or .NET applications just suddenly not running anymore, even though they ran just fine yesterday.

I tried everything I could think of and finally stumbled on a solution. I have absolutely no idea why this works. First, I opened a command line, changed into the directory where I had stored the patch, and I ran the following command:

NDP1.1sp1-kb947742-x86.exe /extract .\947742

This extracts the update to a directory called 947742. Inside that directory, I found a single file, named NDP1.1sp1-kb947742-x86.msp. When I double-clicked on the file from Windows Explorer, it installed.

I’ve applied this patch on more than 100 servers and I recall only having the problem on one of them. And, oddly, all other .NET patches and for that matter all other recent Microsoft updates apply to this machine just fine.

I suppose the same fix could work on other Windows updates that supply only a window full of switches instead of installing, or other weird installation issues. It’s worth a shot if nothing else works and you can’t (or would rather not) open a support case with Microsoft.

This is a strange case. If you’re running WSUS or (better yet) Shavlik Netchk and a patch refuses to install, try logging in, downloading and running the offending patch manually and note any error messages. Maybe, just maybe, this fix will help you. Or better yet, maybe the patch will tell you what you need to fix, but don’t count on it.

When absurdity strikes, try extracting the patch and poking around inside, like I did in this case.

Blocking malware at the operating system level

Dave Farquhar security, Windows , , , , , , ,

In recent months I’ve been recommending that everyone run Adblock Plus with the malware domains subscription, to get extra protection beyond what your antivirus/antispyware suite can give. Given a choice between detecting and blocking bad stuff, or not downloading it at all, it’s much better to not download it at all.

There are some downsides to this. Adblock Plus uses a fair bit of memory. It’s tolerable on my desktop PC with 2 GB of RAM, but less so on my netbook with 1 GB of RAM. And if you have to use a browser that doesn’t have a compatible version of Adblock Plus available, you’re unprotected.

The solution is to block at the operating system level, using the hosts file.

Here’s a script that does it, with instructions.
http://www.ericphelps.com/scripting/samples/Hosts/index.htm

But I know of one malware site list that his script doesn’t use: http://www.malwaredomainlist.com/hostslist/hosts.txt.

Read more

Weekly roundup: 6 Oct 2010

Dave Farquhar Linux, Servers and Networking, Windows , , , , , , , , , ,

I used to do a weekly roundup every so often, just doing short takes on stuff that interested me as I found it. I haven’t done that in years; I thought I’d give it a whirl again. I don’t know how often I’ll do it, but it was fun.

Ars Technica says Intel’s neutral stance on Atom in servers is a mistake. Absolutely. A dual-core Atom gives plenty of power for infrastructure servers like Active Directory DCs, print servers, and other similar roles. Atoms could even handle many web server tasks.

Xeons are appropriate for database servers and application servers, but throwing them at everything is severe overkill. A lot of server tasks are more disk-bound or network-bound than CPU-bound.

I worked in a datacenter facility for several years that was literally at half capacity, physically. But they didn’t have enough power or cooling capacity to add much more to it.

The only way anything can be added there is to take something away first. Right-sizing servers is the only way to fix that. If they would yank a Xeon, they’d be able to replace it with several Atom-based servers and get a net gain in functionality per square foot and BTU.

Virtualization, a la VMWare, is an option, but one isn’t necessarily a drop-in replacement for the other.

Or, of course, Intel can sit back and wait for ARM to come in and save the day. ARM provides even more functionality per watt. And even though ARM doesn’t run Windows, it does run Linux, and Samba has reached the point where it can stand in for an Active Directory domain controller.

Is there a market out there for a domain controller that fits in a package the size of a CD/DVD drive and consumes less than 20 watts? I’m sure there is. And if Intel doesn’t want to deliver it, ARM and its partners can.

There may be some resistance to ARM, since some decision makers are nervous of things they haven’t heard of, but it should be possible to overcome that. Maybe you haven’t heard of ARM, but guess what? Do you have a smartphone? It has an ARM CPU in it. That PDA you carried before you had a smartphone? It had an ARM CPU in it. It’s entirely possible that your consumer-grade network switch at home has one in it too. Not your router, though. That’s probably MIPS-based. (MIPS is another one of those scary RISC CPU architectures.)

Put a solid operating system on an ARM CPU, and it can run with anything. I have ARM devices that only reboot when the power goes out. If it weren’t for tornado and thunderstorm season causing the power to hiccup, those devices could run for years without a reboot or power-down.

And speaking of ARM, I have seen the future.

Pogoplug is an ARM-based appliance for sharing files. You plug it in, plug USB drives into it, and share files on your home network and the Internet with it. At least, that’s how it’s marketed. But you can hack it into a general purpose Linux box.

Inside, there’s a 1.2 GHz ARM CPU, 256 MB of RAM, and another 256MB of flash memory. Not a supercomputer, but that’s enough power to be useful. And it’s tiny, silent, and sips power. You can plug it in, stash it somewhere, and it’ll never remind you that it’s there.
I’ve actually considered picking up a Pogoplug or two (they go on sale for $45 occasionally, and the slightly less powerful Seagate Dockstar is available for about $30 when you can find them) to run this web site on. Considering how surprisingly well WordPress runs on a 450 MHz Pentium II with 128 MB of RAM (don’t ask me how I know), I think a Pogoplug could handle the workload.

What stops me? I can build an Atom-based PC for less than $150, depending on what I put in it, and run Turnkey Linux on it. Under a worst-case scenario, Turnkey Linux installs in 15 minutes, and it doesn’t take me any longer than that to drop a motherboard and hard drive into a case. So I can knock together an Atom-based webserver in 30 minutes, which is a lot less time than it would take me to get the LAMP stack running on an ARM system.

But if I had more time than money, I’d be all over this.

A device similar to this with an operating LAMP stack on it ready to go is probably too much to ask for. A ready-to-go image running the LAMP stack, similar in form to the DD-WRT or Tomato packages that people use to soup up their routers, might not be. I think it’s a good idea but it isn’t something I have time to head up.

I don’t think I’ve mentioned Turnkey Linux before. I’ve played with it a little, and I’m dead serious that it installs in 15 minutes or less. Installing off a USB flash drive, it might very well install in five.

And it’ll run pretty happily on any PC manufactured this century. More recent is better, of course, but the base requirements are so modest they aren’t worth mentioning.

I’ve built dozens of Linux servers, but this is fantastic. Spend a few minutes downloading an image, copying it onto installation media, and chances are the installation process will take less time than all of that does.

It’s based on Ubuntu LTS, and comes in literally 38 flavors, with more to come after the next refresh is done.

They haven’t built their collection based on the current version of Ubuntu LTS yet because they’ve been distracted with building a backup service. But that’s OK. Ubuntu 8.04.3 still has a little life left in it, and you can either do a distribution upgrade after the initial install, or build a new appliance when the new version comes out and move the data over.

And if Ubuntu isn’t your thing, or you really want 10.04 and you want it now, or worse yet, Linux isn’t your thing, there’s always Bitnami (bitnami.org).

Linux appliances took a little while to get here, but they’re here now, and they work.

Turn off that stupid IE "throbber" in Explorer windows

Dave Farquhar Windows , ,

You know how Microsoft decided in 1997 to make Windows look like a web browser? And continued that decision for the next 20 years? Don’t like seeing that stupid Windows logo moving while you’re waiting for Windows to display your files?

Me neither. Go download Throboff, which works on all versions of Windows up to XP. I don’t know about Vista or 7, sorry.

Even if the throbber doesn’t bother you all that much, turning it off regains some screen real estate, which is useful on netbooks.

Fixing reverting TCP/IP settings in Windows XP

Dave Farquhar Windows , , , ,

My ISP’s DNS, to put it politely, leaves a lot to be desired. I wanted to change them, but my network settings kept reverting. I’d change them, and they would change right back.

That pretty much made the fantastic DNSBench useless. I could find the fastest DNSs, but I couldn’t use them.At one point I thought it was Microsoft Security Essentials blocking the change, but nobody else reported that symptom, so I think that was just coincidence.

The solution is to completely reset TCP/IP. Either open a command line and follow Microsoft’s instructions, or click the little applet to let Microsoft do it for you. Then reboot.

Microsoft’s instructions are good, but they don’t go into much detail as to why you might need to do the procedure.

Theoretically at least, the same problems could happen in Vista and Windows 7 as well. The same fix would apply. If earlier versions of Windows break like this, you could remove TCP/IP and re-add it.

I’m happy to say now my PC is using the DNS settings I want.

My standard security lecture

Dave Farquhar Windows , , , , , , , , ,

Myth: Nobody wants to get into my computer because I don’t have anything important saved on it.

Fact: I don’t care who you are or what you do with your computer, security is important. Do you want the Russian Mafia using your computer? The North Korean military? Al Qaeda?

If you’re OK with that kind of vermin using your computer, then do whatever you want. I hope you don’t have problems sleeping at night. If you don’t want that kind of vermin using your computer, I suggest you read on.Odds are, the next 9/11 isn’t going to involve airplanes or even bombs. It’s more likely to be a computer attack of some sort.

Modern computer viruses generally join infected computers together into large networks, which then “phone home” for orders. They can sit dormant for a long time, or they can start carrying out orders immediately. Those orders could be sending out spam e-mail messages. Or those orders could be to conduct an attack on some other computer, perhaps a bank, or perhaps a government or military operation.

Imagine Al Qaeda building a network of a few million computers, then using that network to overwhelm an important computer. When Amazon or eBay have a bad day and you can’t get to them, it’s possible they’re being attacked and struggling to cope with it.

The same approach that crashes Amazon.com could theoretically be used to crash the stock market or the Space Shuttle. Fortunately, that kind of trick is nearly impossible. But not completely.

Building the network is the easy part. Locating a target to point it at is the hard part.

The network already exists. There was a virus expected to trigger on April 1 of this year. It didn’t, for whatever reason. But everything isn’t OK. The network still exists, it’s still growing, and nobody’s figured out yet who built it, what they intend to do with it, and how to get in and disable it. Believe me, there are experts around the world trying to figure it out.

Whoever or whatever is behind it, you don’t want your computer unwittingly participating in it.

Here’s to avoid inadvertently aiding and abetting criminals and terrorists with sloppy computer security practices.

1. Use antivirus software and keep it up to date. Many Internet providers will give you antivirus software for free these days. Call your provider and ask. If not, download Microsoft Security Essentials.

2. Configure Automatic Updates. This allows Microsoft to fix security vulnerabilities in your computer as they’re discovered. Macintosh users, don’t get smug. You need to configure Apple update too–Apple releases a dozen or so fixes every month to fix security issues on Macs too.

3. Don’t open unexpected e-mail attachments. It’s been 12 years since this has been safe to do, but people do it anyway. STOP. NOW. I don’t care how funny the joke is, or how cute or hot or whatever the picture is.

4. Don’t open unexpected e-mail, for that matter. Booby-trapping an e-mail message with a virus isn’t especially difficult to do. Frankly, if any e-mail message looks suspicious (a subject line like HOT HORNY SINGLES WANT TO TALK TO YOU NOW! is usually a giveaway), I just delete it.

5. And if you ignore steps 3 and 4, for Pete’s sake, don’t buy anything. Nearly 10% of people actually buy something based on spam e-mail messages. That just encourages all of this other activity.

6. Use web-based e-mail. Most web-based providers use good spam and virus filtering, giving you an extra layer of protection.

7. Use an alternative web browser and e-mail program. Internet Explorer is literally a superhighway for viruses and other malicious software to hook directly into the operating system. Use Firefox, Chrome, or Opera.

Have I scared the living daylights out of you? Good. If your computer is beyond help, get a reputable IT professional to clean it up. Then start doing these things. If your computer is OK right now, start doing these things.

And then stop aiding and abetting criminals and terrorists.

First impressions: HP Mini 110

Dave Farquhar Hardware, Viruses, Windows , , , , , , , , ,

I spent a few hours last night with an HP Mini 110 1012NR. It’s a model with a 16 GB solid state drive (no spinning mechanical hard drive) and Windows XP.

My biggest beef is the keyboard. It’s undersized, and I can’t touch type on it. Try it out before you buy one.

The rest of the system isn’t bad, but there are some things you’ll want to do with it.The system acted weird until I removed Norton Antivirus 2009. By weird, I’m talking not staying on the network, filesystem errors, chkdsk running on reboot, and enough other goofiness that I was ready to take the thing back as defective. The system stabilized as soon as I removed Norton Antivirus, and stayed stable after I installed ESET NOD32.

The system also ran a lot faster.

Don’t believe the hype about Norton Antivirus 2009. Use ESET NOD32. This is the second HP laptop in a month that’s given me Norton Antivirus-related problems.

McAfee is better, but only sufficiently better to use if your ISP is giving it to you for free. I still think NOD32 is worth the $40 it costs. The Atom CPU in the Mini 110 feels like a Pentium 4 with NOD32 installed. It feels like a Pentium II or 3 with something else installed.

The SSD isn’t a barn burner. I have OCZ Vertex drives in my other PCs, and this one doesn’t measure up the Vertex. Reads are pretty quick, but writes can be a bit slow. Windows boots in about 30 seconds. Firefox loads in about five. Word and Excel 2000 load in about a second.

So it’s not bad. But an OCZ Vertex would be a nice upgrade. Drop it in, use it for the OS and applications, and use the stock 16 GB drive for data.

A memory upgrade would also be worthwhile. With the stock 1 GB, it’s hitting the pagefile to the tune of 400 MB.

Unfortunately, to really make the computer sing, you’re looking at spending $200 in upgrades ($40 for NOD32, $40 for 2 GB of RAM, and $120 for an OCZ Vertex). Spread it out over the life of the machine and it wouldn’t be so bad though. And you’ll be paying $40 a year for antivirus no matter what you use.

The build quality is typical HP. I have lots of aged HP and Compaq equipment that’s still going strong. I don’t get rid of HP stuff because it breaks, I get rid of it because it’s so hopelessly obsolete as to be useless. I hesitate to buy from anyone else, except Asus. And Asus, of course, is HP’s main motherboard supplier.

If you can get used to the keyboard, I think the Mini 110 is a good machine. It weighs 2 pounds and is scarcely larger than a standard hardcover book, so it fits almost anywhere. And having an SSD, there isn’t much that can fail. The battery will eventually fail, and probably the AC adapter will too, but I think other than that, one of these computers could last 20 years, assuming it would still be useful for anything then.

Slimming down Windows XP for SSDs and nettops

Dave Farquhar Windows , , , , , , , , , ,

I found a very long and comprehensive guide for using Nlite to reduce the size of a Windows installation.

The guide is geared towards an Asus Eee. But it should work well on pretty much anything that has an Intel CPU in it.A couple of tweaks to his settings will make it suitable for AMD-based systems. Just remove anything Intel-specific, and add back in anything specific to AMD, and there you go.

And if you have a multi-core or hyperthreaded CPU, leave multi-processor support in.

I also recommend slipstreaming SP3 and all the hotfixes you can. Then you don’t have to run Windows Update, them, and you don’t have to clean up after it either. I haven’t investigated all of the whys and wherefores, but I’ve noticed that the more you slipstream ahead of time, the smaller your Windows directory ends up being. I have some systems at work that are constantly bursting at the seams on their system partitions. Other systems, which were built later from a copy of Windows with more stuff slipstreamed in, have a lot more breathing room.

Using the i64x.com instructions, you can pretty much count on getting a Windows XP installation under half a gig in size. That makes life with a small SSD much more bearable, since a typical installation tends to take a couple of gigs these days.

I’ll add some tips of my own. Inside the Windows directory, there are some subdirectories named inf, repair, and servicepackfiles. Compress those. That’ll free up some more space–at least a couple dozen megabytes in most cases.

If you’re really cramped, compress the whole Windows directory. Boot time actually decreased by a couple of seconds when I did this (down to 12 seconds from about 14), but software installations slowed considerably. But for everyday operation, you could almost consider NTFS compression a performance trick. It makes sense; an SSD can sometimes saturate the bus it’s connected to, so data compression lets it shove 20-50% more data through that saturated bus.

The downside is that when you install something that lives in the Windows directory, it has to not only copy the data into place, but also compress it. Installing the .NET Framework on a system with a compressed Windows directory takes a while.

A good compromise is to install pretty much everything you think you’ll need on the system, then start compressing.

It’s difficult to make a case for compressing the entire drive, however. Most modern data file formats are compressed–including all modern media formats and Office 2007 documents–so turning on NTFS compression on directories storing that kind of data gives no benefit, while introducing overhead.

Installing Windows off USB

Dave Farquhar Windows , , , ,

I sure wish I’d seen Wintoflash a few weeks ago.

It’s simple. Insert a Windows CD or DVD (anything from XP to Windows 7). Plug in a blank USB flash drive (or one you don’t mind erasing). Answer a couple of questions, and after a few minutes, you have a bootable USB stick that installs Windows. It will be much faster than CD or DVD because flash media has much faster seek times.

So what could be better? Well, slipstreamed and customized Windows of course.First, go get ctupdate and run it to get all the current hotfixes and service packs for whatever version of Windows you use.

Next, use Nlite to easily slipstream in all those service packs and hotfixes. While you’re at it, you can remove whatever non-optional inessentials you want. All the games, Media Player, Movie Maker, Outlook Express, and stuff like that are fair game. If you feel brave, you can even (horrors!) remove Internet Explorer.

Rebuilding a PC used to take most of a weekend to do, but with an up-to-date installation on a USB stick, I think the task could take an afternoon, as long as the target computer is new enough to support booting off USB.

And to a tinkerer, it could be very nice. Speeding up installation and modification would allow a tinkerer to be more aggressive with Nlite in terms of changes. Make a fatal change, and it’s no big deal–just back out of the change and reinstall, and in about 15 minutes you’re up and running with a new configuration.