The Cranium Cabinet

Find it:

Black Careers

Dads like this separate the men from the boys:

And true.

There are no words:

If you are like me, and mostly every other user in the world, you don’t backup your files. You may have an external hard drive, DVD burner, or CD burner, but how often do you really back up your files to those mediums? Further more, once you have backed it up to CD or DVD, do you really know where it is a year from now? The answer is probably “no.”

Well, Microsoft has a little known tool just for you called “SkyDrive.” SkyDrive is a free 25GB worth of storage that will always be there for you. It is definitely more reliable than CD, DVD, or even your external hard drive because it is housed on Microsoft’s Data Architecture. This is most likely a SAN with tons of fault tolerance built in that is worth more than what I will make in 10 years before taxes. No, I’m not joking.

So, how do you sign up you ask? Well, first you will need to go to skydrive.live.com. If you already have a Live ID, you pretty much don’t have to do anything else but sign in. If not, you will have to create a Live ID, which is no big deal, it’s free, they don’t spam you, so it’s all good.

After signing in, you will see four basic folders. Click on any one these and begin adding your files. If you do not want them to be public, by all means DO NOT PUT THEM IN THE PUBLIC FOLDERS. From here, you can assign permissions, share with other people via email addresses, etc. They have also added a nifty feature which allows you to download everything in a directory to one .zip file. COOL!

So there you have it, 25GB of free space that will be there whenever you need it, from whatever computer you are logged in to (so long as you have internet access).

Over by the HOL section, they have a little Guitar Hero III Setup… Some people take it more seriously than others.

Well, I guess MS thought my thoughts were good enough to put on their official blogger list. Check it out:

http://teched.indepthtalk.net/Bloggers/TechEd2008.category

He guards Hades...

Yesterday and today I attended a couple sessions on Kerberos, Windows Security, and why to never use NTLM ever again.

In both sessions (SIA301 and SIA401) the speaker was Mark Minasi. He was a pretty good speaker, very energetic, strays from the topic occasionally, but all in all pretty good. He’s also a super-nerd, but hey, I guess they all are here.

The first session really boiled down to three things:

1. Get your users on board with security. This means no more post it notes, and definite consequences for violating the security policy.
2. Get rid of NTLM, NTLMv2, and most definitely LANMAN.
3. Start using PKI, certificates, and Smart Cards in your domain as soon as possible.

Windows 6 (Vista) and 7 do not use LM Hashes by default, so that is something you don’t have to worry about. But for the rest of us using XP, you can disable those nasty authentication methods with Group Policy. We all know this, and I think Server 2003 R2 does it by default, but you need to have at least an 8 character password, even though thats not really enough. Moore’s law makes that pretty crackable in a small amount of time, so I think the standard will be 12 characters pretty soon, then more and more and more as technology progresses. Obviously, the more complex a password, the more likely a user is to write it down somewhere, which is why PKI and Smart Cards are the way to go.

Cracking open Kerberos really help me understand the way that the Ticket Granting Ticket, Ticket Granting Service, and Service Tickets work. I would explain the whole thing, but if you don’t really get techno-stuff, it won’t really be of any value to you. All you need to know is that it is very secure and almost impossible to hack, especially since by default your hash changes every 10 hours.

That’s about it for the Windows Security stuff, a lot of new enchancements in 6 and 7 using UAC as well as disabling NTLM by default.

Don’t worry guys (back at the office), I’ll bring you somethin’ real nice. Some guy gave me a bag of 50 pens to pass around. YEE HAW!

TechEd, so far, has been the venue for some pretty groundbreaking news. The keynote started with displaying Windows 7, AppV, BitLocker to go, and other awesome technologies that will really open up the way that Admins manage their systems, users, and remote access. It was announced yesterday that Windows 7 is on track for a holiday (Christmas) release, which is good news.

After the keynote, I headed off to my first session of the day, WSV207: Windows Server 2008 R2, a Technical Overview. Unfortunately, this session wasn’t that great, it was very high level and I was looking for more of a deep dive. That being the case, I will probably stay away from the 2## sessions for the rest of the week, as they are the least technical of the three (2##, 3##, 4##). There are a bunch of new features in Server 2008 R2, and the biggest caveat is that “Server 2008 R2 is 64-bit only, get over it”. I’ll cover more of the new RD (formerly TS) service enhancements later.

After the Server 2008 R2 session, I attended what was, so far, the most exciting session yet: WSV328 , Windows Server 2008 R2: Hyper-V. This is when Microsoft announced one of the coolest things (IMO) yet, free live server migration. If you don’t know, live server migration is essentially vMotion. If you don’t know what vMotion is, just think of seamless failover. There was a demo given of a media server running a streaming video and they failed it over while showing the video from the client-side perspective. There was not one hiccup in the video and it failed over seamlessly. I’d say that Microsoft is stepping up, and although they are not innovating too much, they are making everything readily available at a much better price point. The new Hyper-V does a number of new, awesome things like:

• Centrally managed in SCCM
• Virtualized Workloads (Exchange, SQL, Sharepoint) are easily handled
• Live Migration
• Load Balancing via Group Policy
• Cluster Shared Volumes
• 64 Logical Processor Support (32 and 64 VMs)
• Core Parking
• Add/Remove Storage and .vhds while VM is running
• Supports TCP/IP Offload Processing (As long as your NIC supports it)
• Jumbo Frame Support

And much more nerdy stuff that most people reading this probably don’t care too much about. Basically, all you need to know is that it is awesome and you should probably find some way to implement it in your infrastructure.

The final session of the day for me was WSV308: Remote Desktop Services. This is the new name for terminal services. I still don’t know why they changed it, but they did, so, there ya have it. Some of the new features include Multi Monitor Support, something called DFSS which prevents one user from slowing down other RD users’ sessions by maximizing CPU Utilization. This was demonstrated, again, with a video over RDP on one session to the server and another session running a CPU Burn In app. It not only worked awesomely, but even when the burn in app was not running, it smoothed the video better than without DFSS.

RD Gateway now has something called RD Web Access. It supports SSO as well and I could definitely see it replacing our company’s VPN, especially if we integrate certificates and PKI. Another cool thing was the RemoteApp. Instead of having to RDP to a box and start an application, the apps can now be fed into the user’s Start Menu and can be launched from the client’s Start menu. Very, very cool stuff. Think of it as a secure RSS feed for apps.

They then had some kind of after party, but it turned out to be an extended vendor session. Not really my cup of tea. They had Boca burgers there, and I tried one for the first time in my life. It was disgusting. Stay away from Boca, eat cows.

That’s about it, I’m probably going to be a day behind on updates because there is so much to do here.

I’ll post pictures soon.