• Category Archives Server administration
  • Technology » Server administration » Azure
  • A small DNS experiment.

    I was board for a minute and I thought to myself; wouldn’t it be cool to have DNS records that were required for administrators hidden from the rest of the company? OF course, it is an add on to the not so useful security through obscurity policy that a lot of companies develop but it would be an interesting exercise none the less. So, I thought to myself, hey active directory is integrated with DNS so maybe if I set permissions on a test zone to limit access I’d be able to verify my theory that DNS addresses could be hidden to users based on their group membership.

    So this is what I tried:

    1. Create a zone in DNS.
    2. Create a record in that zone.
    3. Set permissions on that zone and the record so that a test user didn’t have access to it.
    4. block inheritance so that permissions provided to the parent zone wouldn’t be propagated to my new test zone.
    5. Open up a command prompt with the credentials of the test user so that only the authorizations provided to that test user is provided.
    6. Run nslookup
    7. Use the server you want to query. Type

      server 123.123.123.56

      replacing the IP with the IP of your DNS server.

    8. Look up the address to your new A record located within your test zone.

      blah.blah.local

    That’s about it. I proved to myself that when your client looks up an address from DNS it doesn’t pass any security credentials. Or more accurately, the server side doesn’t respect any credentials that may or may not be passed to it. The permissions are set on the records to delegate permissions on an administrative level.


  • Creating a table of countries.

    This is actually really easy but now that i’ve done it, I thought you might want a copy. So. Here goes. Just create your countries table, create a row for id and name, modify the below script to match your details and away you go.
    This script to generate a countries table is written for SQL 2008.

    USE [YourDatabaseName]
    GO

    INSERT INTO [dbo].[countriesTable]
    ([CountryName])

    VALUES
    (‘Afghanistan’),
    (‘Albania’),
    (‘Algeria’),
    (‘American Samoa’),
    (‘Andorra’),
    (‘Angola’),
    (‘Anguilla’),
    (‘Antarctica’),
    (‘Antigua and Barbuda’),
    (‘Argentina’),
    (‘Armenia’),
    (‘Armenia’),
    (‘Aruba’),
    (‘Australia’),
    (‘Austria’),
    (‘Azerbaijan’),
    (‘Azerbaijan’),
    (‘Bahamas’),
    (‘Bahrain’),
    (‘Bangladesh’),
    (‘Barbados’),
    (‘Belarus’),
    (‘Belgium’),
    (‘Belize’),
    (‘Benin’),
    (‘Bermuda’),
    (‘Bhutan’),
    (‘Bolivia’),
    (‘Bosnia and Herzegovina’),
    (‘Botswana’),
    (‘Bouvet Island’),
    (‘Brazil’),
    (‘British Indian Ocean Territory’),
    (‘Brunei Darussalam’),
    (‘Bulgaria’),
    (‘Burkina Faso’),
    (‘Burundi’),
    (‘Cambodia’),
    (‘Cameroon’),
    (‘Canada’),
    (‘Cape Verde’),
    (‘Cayman Islands’),
    (‘Central African Republic’),
    (‘Chad’),
    (‘Chile’),
    (‘China’),
    (‘Christmas Island’),
    (‘Cocos KeelingIslands’),
    (‘Colombia’),
    (‘Comoros’),
    (‘Congo’),
    (‘Cook Islands’),
    (‘Costa Rica’),
    (‘Croatia’),
    (‘Cuba’),
    (‘Cyprus’),
    (‘Czech Republic’),
    (‘Denmark’),
    (‘Djibouti’),
    (‘Dominica’),
    (‘Dominican Republic’),
    (‘Easter Island’),
    (‘Ecuador’),
    (‘Egypt’),
    (‘El Salvador’),
    (‘Equatorial Guinea’),
    (‘Eritrea’),
    (‘Estonia’),
    (‘Ethiopia’),
    (‘Falkland Islands Malvinas,’),
    (‘Faroe Islands’),
    (‘Fiji’),
    (‘Finland’),
    (‘France’),
    (‘French Guiana’),
    (‘French Polynesia’),
    (‘French Southern Territories’),
    (‘Gabon’),
    (‘Gambia’),
    (‘Georgia’),
    (‘Germany’),
    (‘Ghana’),
    (‘Gibraltar’),
    (‘Greece’),
    (‘Greenland’),
    (‘Grenada’),
    (‘Guadeloupe’),
    (‘Guam’),
    (‘Guatemala’),
    (‘Guinea’),
    (‘Guinea-bissau’),
    (‘Guyana’),
    (‘Haiti’),
    (‘Heard Island and Mcdonald Islands’),
    (‘Honduras’),
    (‘Hong Kong’),
    (‘Hungary’),
    (‘Iceland’),
    (‘India’),
    (‘Indonesia’),
    (‘Indonesia’),
    (‘Iran’),
    (‘Iraq’),
    (‘Ireland’),
    (‘Israel’),
    (‘Italy’),
    (‘Jamaica’),
    (‘Japan’),
    (‘Jordan’),
    (‘Kazakhstan’),
    (‘Kazakhstan’),
    (‘Kenya’),
    (‘Kiribati’),
    (‘Korea’),
    (‘Kosovo’),
    (‘Kuwait’),
    (‘Kyrgyzstan’),
    (‘Laos’),
    (‘Latvia’),
    (‘Lebanon’),
    (‘Lesotho’),
    (‘Liberia’),
    (‘Libyan Arab Jamahiriya’),
    (‘Liechtenstein’),
    (‘Lithuania’),
    (‘Luxembourg’),
    (‘Macau’),
    (‘Macedonia’),
    (‘Madagascar’),
    (‘Malawi’),
    (‘Malaysia’),
    (‘Maldives’),
    (‘Mali’),
    (‘Malta’),
    (‘Marshall Islands’),
    (‘Martinique’),
    (‘Mauritania’),
    (‘Mauritius’),
    (‘Mayotte’),
    (‘Mexico’),
    (‘Micronesia’),
    (‘Moldova’),
    (‘Monaco’),
    (‘Mongolia’),
    (‘Montenegro’),
    (‘Montserrat’),
    (‘Morocco’),
    (‘Mozambique’),
    (‘Myanmar’),
    (‘Namibia’),
    (‘Nauru’),
    (‘Nepal’),
    (‘Netherlands’),
    (‘Netherlands Antilles’),
    (‘New Caledonia’),
    (‘New Zealand’),
    (‘Nicaragua’),
    (‘Niger’),
    (‘Nigeria’),
    (‘Niue’),
    (‘Norfolk Island’),
    (‘Northern Mariana Islands’),
    (‘Norway’),
    (‘Oman’),
    (‘Pakistan’),
    (‘Palau’),
    (‘Palestinian Territory’),
    (‘Panama’),
    (‘Papua New Guinea’),
    (‘Paraguay’),
    (‘Peru’),
    (‘Philippines’),
    (‘Pitcairn’),
    (‘Poland’),
    (‘Portugal’),
    (‘Puerto Rico’),
    (‘Qatar’),
    (‘Reunion’),
    (‘Romania’),
    (‘Russia’),
    (‘Rwanda’),
    (‘Saint Helena’),
    (‘Saint Kitts and Nevis’),
    (‘Saint Lucia’),
    (‘Saint Pierre and Miquelon’),
    (‘Saint Vincent and The Grenadines’),
    (‘Samoa’),
    (‘San Marino’),
    (‘Sao Tome and Principe’),
    (‘Saudi Arabia’),
    (‘Senegal’),
    (‘Serbia and Montenegro’),
    (‘Seychelles’),
    (‘Sierra Leone’),
    (‘Singapore’),
    (‘Slovakia’),
    (‘Slovenia’),
    (‘Solomon Islands’),
    (‘Somalia’),
    (‘South Africa’),
    (‘South Georgia and The South Sandwich Islands’),
    (‘Spain’),
    (‘Sri Lanka’),
    (‘Sudan’),
    (‘Suriname’),
    (‘Svalbard and Jan Mayen’),
    (‘Swaziland’),
    (‘Sweden’),
    (‘Switzerland’),
    (‘Syria’),
    (‘Taiwan’),
    (‘Tajikistan’),
    (‘Tanzania’),
    (‘Thailand’),
    (‘Timor-leste’),
    (‘Togo’),
    (‘Tokelau’),
    (‘Tonga’),
    (‘Trinidad and Tobago’),
    (‘Tunisia’),
    (‘Turkey’),
    (‘Turkey’),
    (‘Turkmenistan’),
    (‘Turks and Caicos Islands’),
    (‘Tuvalu’),
    (‘Uganda’),
    (‘Ukraine’),
    (‘United Arab Emirates’),
    (‘United Kingdom’),
    (‘United States’),
    (‘United States Minor Outlying Islands’),
    (‘Uruguay’),
    (‘Uzbekistan’),
    (‘Vanuatu’),
    (‘Vatican City’),
    (‘Venezuela’),
    (‘Vietnam’),
    (‘Virgin Islands’),
    (‘Wallis and Futuna’),
    (‘Western Sahara’),
    (‘Yemen’),
    (‘Zambia’),
    (‘Zimbabwe’)
    GO

    One quick note: when creating your table, I suggest that you make the ID column an integer and under identity you set it to increment. That way, you won’t need to worry about generating ID’s while adding the countries. Why bother!


  • Jaws 14 now requires Internet Access to run.

    I have encountered a problem with using Jaws on servers since the release of Jaws 14.

    fsbrldspapi.dll is loded by Jaws during Installation if your installing it while standing in front of the server but if your installing Jaws remotely using the /type remote switch the installation doesn’t speak or provide Braille output. Therefore the fsbrldspapi.dll file will be loded when you run Jaws for the first time.

    When you are installing or running Jaws on a system be it a server or workstation running on Windows 2008, 2008R2, 7 or 8 without Internet access you will encounter the following error message:

    JFW.EXE. Referral returned from the server.

    It would appear that this issue began popping up around April with an update of Jaws 13 that was released around that time.

    The problem is that the Jaws driver signing program requires trusted certs that are downloaded from Microsoft on an as needed basis.

    More details about how trusted certs are downloaded in Windows 2008 and 2008R2 can be found at the following Microsoft KB link:
    http://support.microsoft.com/kb/931125

    In previous versions of Windows up to XP and 2003 Windows updates included these certs.

    However, it would appear that it is all but impossible or at best very difficult to apply these certs to servers that are off line. The only way I can see of doing it at the moment is to find the required cert and install it on each system. Probably through a SCCM advertisement.

    I have asked FreedomScientific to get back to me on this but although I know that a lot of their staff are on vacation this week due to the thanks giving holiday I have no confidence that they will resolve this new dependency.

    In my opinion this is a bug that should be resolved. At the very least, a specific error message should be provided when Jaws cannot start due to this issue. What really should happen is that when certs can not be used Jaws starts as much functionality as possible without loding this DLL. In other words Braille wouldn’t be available.

    I know that some users really need braille and I’m being a bit selfish here so I’m really sorry.

    I have reported a large number of bugs to FreedomScientific since the release of Jaws 14. I am hoping that they will be resolved however I get the usual answer of “No one else has reported this” and “We cant reproduce that problem here”. I feel like i’m fighting an up hill battle.

    If anyone has any suggestions then I’m all ears. Otherwise, if you could Email FreedomScientific support with any problem your having with Jaws 14 we might get some pressure put on the developers to prioritise a bug fixing excersize.


  • Day 2 – Training with Mr Banks, my new guide dog

    Towel stealing peeping tom.

    I’m here for a very important reason. To train with a dog that will essentially become my eyes while navigating around very busy, complex and ever changing environments. The gravity of this process cannot be underestimated. However, Mr Banks is making it hard to take him very seriously. For a guide dog, he has one hell of a sense of humour. Take this morning as an example. In a sleepy haze I threw my hands and legs in every direction to find my phone to shut up that infernal noise caused by the alarm telling me to wake up. Occasionally, I find a wet object but in my sleepy stupidity, my brain doesn’t register that this wet thing might be the nose of Mr Banks. Soon enough, my hand, covered in slime finds the phone and with vicious pounding on the screen, I kill the source of the infernal racket. Only for it to be replaced by something much worse. Within seconds I fully awaken with the sudden realization that there’s a dog doing relays around my bed. Yep. He must have something in his mouth again because he’s only ever that happy when he knows that I’m going to have to chase him. Let’s face it, I don’t know Mr Banks all that well yet so as far as I knew he could have left a lovely mess on the floor for me to tread in so gingerly, I place my feet on the floor to begin the epic chase. Fortunately, as I already know of course when I’m fully awake, Mr Banks is a very clean dog so such a mess would be beneath him so my feet were safe. To my surprise, instead of preparing for the chase, he leaped over to me and began giving me the most enthusiastic good morning sniff I have ever received! Yes, my tows were really that interesting according to Mr Banks and there was absolutely nothing in his mouth. He was just thrilled to be up and about. I tried to close the bathroom door before jumping into the shower but he cried at me so I decided I’d give him the benefit of the doubt by opening the door a little. He was fine with that. He paid no further attention to me and lay in his usual spot right in the middle of the floor. However, as soon as I turned off the shower he was over to say hello again. Let me break away from the point a little by explaining the shower to you. The previous occupant of this room actually thought it was a play pen when he encountered it first and what to me at the time seemed like the ramblings of a mad man actually still seem like the ramblings of a mad man but ok, they make a little more sense now that I’ve actually been here to see them for myself. When I put my hands on the shower first I found this little gate just below waste height. It has handles at the top on the outer corner and an oval catch at the middle of each side. It really does feel like a dodgy play pen! This in no way detracts from the very real and dangerous fact that the previous occupant is absolutely nuts however. Please be very sure of this. If you encounter this person be warned. He is possibly carlovian and dangerous. Sorry, I got wildly off the point there for a minute. Right! As I was saying, because the shower door is quite low, as soon as I turned off the shower he sprang up and in to the bathroom within seconds. By the time I had the shower curtain open, he already had his chin resting on the top of the door. When I told him to go away, he took a few steps back, got distracted by a very small pool of water that had leaked out from a tiny crack in the door and began drinking it. When he had finished that he obviously forgot that I had sent him away and decided to do a bit of a complicated turn to put his chin on the other shower door. He wasn’t in my way and he wasn’t doing any harm so I left him alone. After all, if Mr Banks is happy, I’m happy. If being close to me all the time for the first week helps him to develop a firm bond then you know, that’s absolutely fine with me. It’s a bit strange, maybe even a little uncomfortable, but not important if at the end I get a dog that listens to my commands and can be relied on in almost all situations. Anyway, time passed. As it generally does. I was drying myself, as I generally do after being in a shower however Mr Banks had other ideas. The towel was suddenly the most entertaining thing in his world and nothing gave him more pleasure than to try to pull it off me. Now, this wasn’t completely apparent straight away. Firstly, I actually thought that I had caught it in something so I felt down to find out what I had done wrong only to find that there were teeth tightly gripping the other end! He gave out a very satisfied groan and gave it a bit of a tug. It wasn’t a problem though, a simple command without any authority at all told him to leave me alone and he did so without any reservation. I thought that was the end of it so I tried to coax him out of the bathroom. I decided enough was enough. If he couldn’t let me get on with it he’d just have to put up with being in the bedroom on his own for a while. I tried to walk toward the bathroom door but Mr Banks just couldn’t contain himself. He was at my knees with every step trying to pull the towel off me! Ok, reading that back it sounds very strange but you’ll just have to trust me on this, it was absolutely hilarious! There was no boldness in what he was doing, he just decided that he had enough sleep, I hadn’t given him enough attention for a good six or seven hours so it was now time to play. After laughing at him for a bit I kicked him out and finally had time to get dressed. However, his attention to every move I make has been just as consistent all day. If I move he is alert. If I’m not doing anything for a while he comes over and sits beside me. He’s not intrusive, that wouldn’t be appropriate. He is just happy to be spoken to occasionally and if his bed is a bit too far away he comes over to put his head on my shoe.

    Our first walk today was difficult for me. I trust Mr Banks but not completely. This isn’t his fault; it’s all up to me. I’ve been using a cane for the past year and I know when I’m coming near to a curb because I know the texture of the paths that I walk around. I walk slower when using the cane so I have more time to become aware of changes as well but with Mr Banks everything is so easy, fast and fluid I have really nervous that I’m going to step off a curb. Have you ever stepped off a high step without knowing it’s there while in mid stride? It’s actually quite painful! I didn’t think this would be something I’d be hesitant about. When training the last time I was more careful about objects on my right but they don’t bother me at all with Mr Banks. He glides by everything with such confidence that I hardly know we’re passing obstacles until the instructor prompts me to praise him for handling something well. It’s just something that I thought was worth mentioning here for readers because it’s important to understand that the time that a handler spends training with a guide dog is as much for the handler as the guide dog. If not even more so. Mr Banks gives me the impression that he’s perfectly happy with everything. The description “Like water off a ducks back” comes to mind because it seems like nothing fazes him. It’s like walking with a guide dog that is fully confident about his job and it’s me who is the one that hasn’t a clue. I’m delighted to report that my nervousness was completely unfounded. I was afraid that he wouldn’t stop in time coming up to curbs but he did it perfectly.

    One thing to note on the first walk today was the level of distraction he showed. I’m reasonably confident that his tendency to get easily distracted will diminish as training progresses but at the moment it’s something that I have to be very mindful of. At this early stage, he’s still getting use to me and to a certain extent he’s seeing how much he can get away with. It might be interesting for some to read that I actually don’t mind this too much. Once I’m aware of it I can manage it and once I can manage it, it shouldn’t be a problem. Regardless, I don’t think it is going to continue at this high level once things settle down and he gets to know me better. On a side note, he fell asleep on my foot about ten minutes ago but I got up a second ago to find out where a noise was coming from. Now that I’m sitting down again and I’ve disturbed him from his foot shaped pillow he’s looking up at me yawning. It’s funny actually. His head is pushing against my leg and his mouth is facing up. I’m surprised he can yawn so easily in such a contorted position.

    The second walk today got changed half way through because I wanted to try something a little different and as it turned out a little more challenging as well. I remember that when I was here a few years ago few side streets on one of the routes were particularly complicated from the perspective of working with a guide dog. This route was far from perfect but the thrilling thing about it was I knew it reasonably well so I could anticipate the more complicated parts and give instructions. Now, that doesn’t mean that I accurately gave the instructions or that it went well but it went better than I thought it would and it was a brilliant route to learn with. There’s just so much happening on that fifteen minute walk. It’s not the longest route but it’s one of the most interesting we’ve done so far from my perspective. We’re going to do that again a few times more to arm me with a few methods of giving instructions to Mr Banks that will help me better communicate what I need him to do more clearly so I’m really glad we did it today.

    The last walk was a little longer. Here, Mr Banks really started to show his true colours. Kerb approaches were almost absolutely perfect, avoidance of moving obstacles, i.e., other people was absolutely spot on as always and although he made a mistake by just slightly misjudging the space needed to safely walk past an obstacle he made up for this by remembering to be cautious the next time he was presented with that scenario. Distraction levels were a little lower as well and although he got into a huff because I told him to do something a second time because he brushed me off a bin he snapped out of it quite quickly. He’s seriously like a teenager at times. If he does something wrong, he knows that he shouldn’t have done it because I can feel his head turned right in toward me. I think he’d just like me to leave it at that so when I turn around and make him approach the problem again he really does huff. This shows its self in the speed he walks at and the way he stops before crossings. If he is in a huff he stops a good foot or two away from where he knows he should stop. Again, it’s quite funny and it’s something that will become less of an attribute of his style as time goes on and he settles in to my style of doing things.

    Eating today wasn’t a problem again. I don’t think that’s going to be an issue with Mr Banks at all. Spending seems to be really consistent as well. You wouldn’t believe how relieved I am to write that!

    I’m still trying to work out his body language. When I introduced him to some live music last night while I played a tune or two on the low F whistle he was incredibly curious. Sniffing and licking my fingers, examining the whistle and walking around me sniffing everything. He doesn’t seem to be bothered by the noise but I hope I’m reading this right. His body language certainly doesn’t seem to indicate that he’s bothered. When I play music in fact his tail wags so much that his whole body sways. Tonight, I decided I’d try him out with the pipes for a few minutes. I only played for a very short time to let him get use to the sound slowly. Firstly, he was like a child hovering around a bag of shopping to make sure there are no sweets in there that they are allowed to have. His nose was practically on my fingers as I opened the zip. He insisted in having his nose so close to the case that when I opened it up it rubbed off his ears. It didn’t bother him of course; he just moved his head and continued sniffing! I just thought it was funny. With very close supervision he sniffed every single part of the inside of the case. My hands followed his nose because I know what he’s like. What gets sniffed can get licked. And what gets licked can be put into his mouth. As I told him tonight, it the pipes ever go into his mouth I’m selling him on EBay for a Euro. Don’t worry; I’ll give the proceeds back to Irish guide dogs. Seriously, I was very careful. I wanted him to know that he was allowed look but there was to be strictly no touching of any kind by teeth. Fortunately he was happy to confine his examination to his nose. When I started playing he sniffed furiously but when I put my hand on his back the tail was still flying away so I assume he’s quite happy with the sound. When I put the drones on the licked the whole where the base drone noise comes out. That area vibrates a little and I think that shocked him just a little. Dogs tend to explore using their tongues so this kind of thing is perfectly natural. Anyway, I decided that after a few minutes of exploration that he was happy enough so I was a little more firm. I told him to lie down and relax. When he was content lying beside me I played a few tunes. He jumped up to have another sniff but he quickly became board and he went to bed. This is really what I had expected. Over the next while I’ll play the pipes every day to get him use to the sound of them. It’s important that he doesn’t see this as a negative experience so I’m really glad that tonight’s introduction went well.

    A few other things happened today but I’m not sure if I should go into any more detail. Mainly because this post is huge already! In summary, I’m enjoying his personality. I think he’s going to settle in well and I think we’re both going to have a lot of fun along the way. Work is a challenge but mainly because I have a high standard that I will demand from Mr Banks. I know he can do it though. I’m just hoping that by incorporating a lot of play into our routine I’m encouraging him in the right way. Yes. I mean business and as I have always said, any guide dog that I have is a mobility aid first and a companion second however I acknowledge that he is a dog with needs. It isn’t just enough to fulfil these needs either. It’s important to want to keep him happy. Hopefully you understand the point I’m trying to make. It’s amazing, I’m never tired but for the second day in a row, I’m definitely ready for some sleep. I’ve been spending a lot of time with Mr Banks playing, working, walking around or simply giving him attention and it’s actually quite tiring. In a good way though.

    Hey, have you ever noticed that when a dog rests his head on your foot it gets really hot after a while? 🙂

    Oh, I also noticed that two of you have used the donate button for Irish Guide dogs on the right of every page. Thanks for that.


  • Resync time with NTP server after system restore.

    I just wanted to write with a really simple solution to a very simple problem.

    You have just restored a server from a backup or a snapshot taken a day or two ago and now when you try to log in through remote desktop you get a message saying that because the time difference on the server is greater than a certain amount unable to authenticate.

    It’s quite a logical problem.

    Simply go into a command prompt on the server using a physical connection or if it’s a virtual machine, connect to the console. Then run this command:

    w32tm /resync

    That’s all there is too it. assuming your network is set up to use an NTP server your servers time will be updated and you can log in right away.

    Of course, if your patient, you could just wait for this to happen automatically after some time but I hate waiting for things to just happen.


  • The accessibility of virtual desktops.

    This probably could be a much more scientific approach to a review or analysis of the accessibility of a Windows guest running on the ESXI hypervisor however, I don’t really have the time to write such a document at the moment. However, this will serve as verification to some that access to this environment is possible all be it in a limited way.

    For the less technical people out there, basically what I’m talking about here is running a Windows computer inside a virtual machine.

    You need a more basic description? No problem. Try this. Let’s say you have one large computer. Virtual machines are machines that run inside this big computer. Think about it as if it was a building. This building might have ten different companies. True, each company could probably have its own building but there’s no need. It only needs a certain amount of space. An entire building would be over kill. So, the one building hosts all of these guest companies. Just like one large server can host dozens or hundreds of virtual machines be those workstations that users work with or servers that run the companies IT systems. Having one building hosting all these smaller companies cut down on the space required the cost of maintenance and the cost of power. When you hear the word hypervisor, I am basically talking about the building or the large server that hosts all the virtual machines or companies. When I talk about a guest, I am talking about the companies in the building i.e, the virtual machines. Get it?

    • Building = Server / Hypervisor
    • Company = Guest or virtual machine

    Ok. I’m glad we have all of that cleared up. You can take a break for a few seconds before I move on to the next part because it’s going to get a little technical again. Don’t worry. You’ll understand it now that you have a grip of the basics.

    For one reason or another, I spent some time yesterday tackling the problem of how a blind person can independently and efficiently access a Windows 7 PC that has been virtualized using a thin client. A thin client for those of you who aren’t aware of the term is a basic PC. It has very limited storage, limited RAM and a low power processor. The idea of this machine is to give a user a platform from where they can access a virtual computer. All it does is start a cut down version of Windows and provide the user with a log in box to start their virtual system.

    There is one barrier to accessibility when using thin clients. No additional software can be installed ordinarily as there isn’t enough space to facilitate it. This means installing a screen reader isn’t an option. Even a pen drive version of Jaws won’t work because it requires the installation of a mirror driver. Fortunately, NVDA will work very well. Just download the portable version and run it. If I was to make one suggestion it would be to put NVDA to sleep automatically when the PC over IP or the RDP client started as it can get a little confusing when modifier keys such as caps lock are pressed. I know this can be done using scripts though and it is something I would look at doing if I was using this as my workstation every day.

    So, you can now use the thin client to log into your workstation. That’s the first hurdle out of the way. Now what?

    With VMware you can log onto virtual machines using two protocols. RDP which is Microsoft’s remote desktop protocol or PC over IP which is the protocol used by VMware. PC over IP is more efficient for a number of reasons but in later versions of RDP Microsoft have gained some ground. I won’t explain the benefits over PC over IP in this post but very quickly, PC over IP is less bandwidth intensive so the experience of remotely using a virtual machine is a little smoother.

    You’ll be happy to know that relaying sound back to the thin client is supported by both of these protocols however you won’t get instant feedback like you would if sitting at your own PC. The delay is in the realm of about fraction of a second but if like me you expect instant responses from a screen reader this fraction of a second may as well be an eternity.

    Relaying sound back to the thin client is very important. Jaws, my preferred screen reader crashes every time it is started in a virtual machine using the PC over IP protocol. Without fail, it refuses to run. NVDA on the other hand runs very nicely in a virtual machine using the PC over IP protocol. Of course, using NVDA sound mapping to your thin client is vital which is why I made the point earlier.

    Unfortunately, there you have it. What I’m saying in a very long winded way is, yes, you can access a virtual machine using a thin client if you’re stuck but I wouldn’t think it’s usable every day. The sound lag is just too pronounced. NVDA’s ability to work in this environment should however be recognised and commended. Jaws, a leader in screen reading software seems to fail badly.

    Please don’t’ take this as an endorsement or a criticism of any screen reader. I am simply stating what I have found to be the reality here. I have written this post to highlight this area and to show that improvement is required. More and more organizations and companies are moving to virtual desktops to replace physical machines as they provide significant cost savings. I have a genuine fear that assistive technology companies are not aware of this trend and blind computer users such as me will be left clambering to keep up with my sighted colleagues. I strongly believe that it is vital that companies such as Freedom Scientific, NV Access and GW Micro listen to users and when possible, utilize their experience and expertise. I for one offer it freely.

    Systems used are:

    • ESXI 5.0
    • VMWare view 5.0
    • Windows 7 X64 and 32 bit.
    • Thin client running a cut down version of Windows XP.
    • 1GB network connection.
    • Virtual machine had two processors and 4GB of RAM.
    • Thin client had 1GB of RAM and 1 processor at 1.5GHZ.

    I should finally note that I do not see RDP as a viable solution for accessing virtual machines using a thin client. Especially for screen reader users. If by some stroke of luck you get Jaws running on your thin client, you would then use Jaws on your virtual machine to tunnel the data back to your locally running instance of Jaws on the thin client. That’s fine, however, what if like me your a system administrator and you will need to establish connections to other remote systems from your virtual machine. You will not be able to use Jaws to establish a second or third connection as you are already using jaws through one RDP session. Drawing on an article from IBM this seems to be a viable solution for some researchers however from the perspective of someone who both administers and uses a virtual environment every day, I would not be able to depend on RDP due to this limitations. PC over IP is a protocol designed and optomized for he VMware virtual platform. We should be able to use it.


  • Risky Trojan doing the rounds. Please read this.

    A script has been found on a number of websites that when run will attempt to install a trojan onto a PC. This script is usually sent by Email and in fact you may find that it origionates from Glynis Bradbury Of course, I have motified that Email address slightly for security. The script redirects you to a site with the domain name agentcleanerrescue.info.

    For some reason, Proxies and anti-virus applications are not yet detecting this threat even though it has been out there for four days now. To protect against this, do the following:

    If you have a proxy on your network, blacklist the domain: agentcleanerrescue.info.
    If you are a home user, you can block this domain as well. Just do the following.

    For Windows 7 or Vista

    1. Click the start button.
    2. Type notepad into the search box.
    3. Right click the notepad
    4. Click run as administrator.
    5. When prompted to confirm that you want to run as an administrator click the Yes button.
    6. Click File in the menu.
    7. Click Open
    8. In the file name box paste the following line:

      c:windowssystem32driversetchosts

    9. Click the Open button.
    10. Scrole to the bottom of the file.
    11. Paste the following line:

      127.0.0.1 agentcleanerrescue.info

    12. Click the File menu.
    13. Click Save

    For Windows XP

    1. Click the start button.
    2. Navigate to All Programs, then Accessories
    3. Click Notepad
    4. Yes button.

    5. Click File in the menu.
    6. Click Open
    7. In the file name box paste the following line:

      c:windowssystem32driversetchosts

    8. Click the Open button.
    9. Scrole to the bottom of the file.
    10. Paste the following line:

      127.0.0.1 agentcleanerrescue.info

    11. Click the File menu.
    12. Click Save

    Of course, it should go without saying that in addition to letting your system update software automatically in the background, you should regularly fource a manual update of your AntiVirus application and perform Windows updates.


  • Hosting wordpress from behind a proxy.

    This is just a quick note that I hope will hopefully help someone who tries to do something similar to this.
    If you are running WordPress on a server behind a locked down firewall and you must go through a proxy, you will need to add the following lines to your wp-config.php file.

    define(‘WP_PROXY_HOST’, ‘192.168.0.1’);
    define(‘WP_PROXY_PORT’, ‘8080’);
    define(‘WP_PROXY_BYPASS_HOSTS’, ‘localhost’);

    Of course, it goes without saying that you need to change the host IP address to match your proxy.


  • Sleep deprived.

    Thank you for calling, your query is important.
    I am sorry but the office is closed.
    Brain has been over worked and is unable to operate normally.
    Please leave your message and it will be responded to at a later date.

    Try this: Sunday I do a gig. I arrive home at 1AM. 6AM the alarm goes off and I’m in the office by 10 to 8. I work for the day but I stay a few hours longer because I need to be in Dublin for 8PM for another gig. I leave the office at 7PM and make my way to the venue. We set up and perform for two hours. I finally return home at 11:30PM. At 12AM I finally get to bed. At 6AM, the alarm goes off and the process starts all over again.

    I’m sure you can therefore excuse me if I’m a little more sluggish than usual today. I just don’t seem to be able to focus on anything for a decent amount of time at all.

    It will pass… But, while I’m waiting, I’m trying to continue to work. This is not going well. I’m making stupid mistakes.

    This morning I tried to configure a few simple firewall rules. I added the port, the IP address and saved it. For some reason, it wouldn’t work! I looked at the confer files for the system. Everything looked fine! I checked the systems firewall. It was allowing the traffic. I checked to make sure that the services weren’t listening for specific address. No, everything was fine there as well. I checked the certs to make sure they were associated with the right domain. Again, all was fine. I ran port scans inside and outside the network, the ports looked open inside the network but they were closed from the Internet. I rebooted the firewall. Still nothing! I rebooted the server. Still nothing! I searched around the Internet for a solution. For some reason no one else was having the same problem. Finally, I looked at the firewall rule again. I had entered the wrong IP address! Fine. I’m an idiot. These things happen. Saved the rule again, ran a port scan, it still didn’t work. The port as still closed. I just couldn’t’ figure this out at all! I tried moving the service to a different port in case there was a conflict. No, it just wouldn’t work.
    You know what the problem was? It’s so simple you’ll agree that I’m completely stupid. Yes, I didn’t enable the rule. I kept looking at it and missing the fact that the checkbox for enabled was unchecked. Stupid stupid stupid stupid!

    So, please excuse me if I’m a little slow today. I’m blaming it on the lack of sleep and the very busy days.


  • Please use strong passwords.

    I go on and on about security and specifically password complexity but I should probably write something specifically about the strength of complexity of the passwords you choose.

    Lets first look at passwords you shouldn’t use: people, pet, book, film and place names are a massive no no. In fact, just don’t use any name. Their exceptionally easy to guess or obtain. Do not use dates of births, you’re lucky lotto numbers, your phone number or your house number. Again, you don’t want to make it easy for someone to guess your password. Even if they can guess some of it it will still make it considerably easy to hack. Finally, unfortunately, it’s no longer enough to just replace letters with special characters when writing words. For example, you cannot write the word Dublin as Dubl1n. Look up dictionaries are used by automated password hacking programs to check for this type of thing.

    There is one form of brilliant password but I’ll explain that to you in a moment.

    For a traditional password I suggest you use the following rules when creating one.

    • The password should be a minimum of 9 characters. Notice it’s not 7 anymore? Unfortunately, as password hacking programs evolve, the complexity and strength of passwords must evolve faster.
    • A password should contain a minimum of 2 uppercase letters, 2 lower case letters, 2 symbols and 2 numbers.
    • You should never write down your password.
    • You should change passwords every 30 to 90 days depending on the importance of the data or system you are protecting. For example, I change my main password manager’s password every 14 days. This protects my other passwords so it’s important that it’s regularly updated. I have a password that I use for my test Linux virtual machine. This is updated every 90 days because it’s not protecting any important data and it’s only connected to a hand full of systems.

    An example of a secure 9 character password is:

    2$Fwp%3wT

    I try to stay away from using symbols such as the at sign and the quotation mark because these can symbolise the end of a password in some systems so they may cause conflicts. Of course, I choose the characters in my password based on the application it’s protecting so that I have some way of remembering them. This might mean that for a Linux box running Fedora I start the password with a capital F. Of course, it goes without saying that I’m giving misleading information here as I’m not going to be stupid enough to give you a hint that would empower you to hack my passwords but the policy I follow helps me to remember my various passwords while being completely obscure to everyone else. The skill of creating highly complex passwords is something you learn over time. Everyone has their own technique, their own standards and their own way of remembering passwords. On the point of remembering passwords, remember there are applications out there specifically designed to help with this.

    Taking a step forward away from passwords, we have pass phrases. What most people don’t realise is that standard password fields generally don’t have a maximum limit. Or, if they do have a maximum size it’s about 250 characters. Why not use sentences or phrases instead of passwords. Of course, these phrases can’t just be words and names. That would become equally easy to hack all be it over a longer duration. That’s something I should probably mention. The longer your password, the longer on average it takes for a password hacking tool to determine what it is. Therefore a pass phrase should cause password hacking tools to take much longer to hack your account. The longer it takes to hack an account the more likely it is that the systems intrusion protection system or firewall will recognise the attempts and block the offending systems IP address.

    Good pass phrases will be a sentence that include as many letters between A and Z as possible. Of course, like passwords, it’s great if you can add in a few capital letters, numbers and special characters.

    For example, a great pass phrase is something like this:

    The big brown dog jumped over the lazy fox.

    Written in a strong pass phrase this would become something like:

    Th3 b!g Br0wn D0g Jump3d 0v3r Th3 l@zy F0x.

    Ok. I’m replacing letters with symbols and numbers here. That’s not always a good idea but it at least gets us started.

    I use a pass phrase like this for almost every important system that requires a password. So should you!