You could go a long way to making me happy if you just standardize the hotfix install programs to use the same command line arguments. I have to run a batch of these things after an install to automatically bring a desktop up-to-date.

The way it is now, it's ridiculous. Here's some actual examples:

Msjavx86.exe /c:"javatrig.exe /exe_install /l /qq" /q:a /r:n
q307274 -u -n -z
vbs56nen /q /r:n
start /wait q318202 /q /c:"dahotfix /q /n"
start /wait vm-sfix3 /q /r:n

Why can't there be a standardize hotfix installer? Please.... If not, at least document the unattended install procedure in the kb article describing the hotfix. As it is now, I have to hunt all over to find it if one of the old methods doesn't work. Like look at that java vm update. My God, where did THAT come from?

Reproduced below....

I'm an IT manager, responsible for 2,000 desktops. I "switched" at home to iMac a few months ago (well, not quite switched, added one to my several at home). I love it -- a lot, but I can't see deploying them at work. Why? Well, for one thing, control. Corporate IT is all about homogonizing the work environment, remote management, consistency, standard operating environments, etc.

So, before I would consider advocating any sort of switch, I'd need a Mac to do the following. Note, they may or may not be possible, but the point is, I don't know. Apple is not reaching me if this stuff is possible.

Group Policies: Ability to classify groups of users and machines and then apply policies to them. A policy controls how the machine works. It can tighten control, change behavior or appearance of an app, dictate where files are saved, define file permissions, and even be used to deploy applications remotely.

RIS: Remote Install Service Boot a PC, hit F12 on the bios startup screen, authenitcate to the domain controller, and get a list of install images that can be used on that machine. Select one, walk away, come back an hour later, machine back up to your standard operating environment including all needed applications. No install choices or interaction needed. For those familiar with Ghost, it's not Ghost. Ghost is very limited, where you need a literal image of each install type. RIS allows variations, does all hardware detection, and stores the "image" as plain files on the server, allowing them to be edited or manipulated.

Roaming profiles: If a user logs on to any machine anywhere on the network, their desktop settings and stored files follow them from place to place. This behavior can even be modified as needed through group policies, so for example, if an employee logs into an informational kiosk at HR, it can not roam, but provide a locked-down consistent interface for that one purpose.

Remote control: One thing my support techs are in love with is XPs new remote assistance feature. It's built into the OS. A tech can request control of any user's desktop and watch them work (with the user's explicit permission and knowledge), and even take over control to help them with a problem. Again, who can do this and where can be controlled through group policies. I know there are remote desktop features on Macs, but they are extra cost options per machine. A big extra cost. We had been using VNC for remote control and remote desktop, but scrapped it when we deployed XP. Much better. Remote desktop for servers is a big plus too...

Scripting of administrative tasks: I can script just about anything in Windows through vbscript and interfacing with WMI and ADSI (computer management, directory management). I know apple has Applescript, but I have no idea how extensive and useful it is. (For the record, anyone who claims Windows environments are easier to manage than Unix environments is just plain wrong. Everytime I want to do something that seems simple, like get a listing of disk quotas, you have to jump through so many hoops in Windows by writing a damn vb program to do it instead of a simple unix command or two piped into whatever filter to get the data you need...)

Delegation of authority: Control how much a user or IT technician has control over. I can, for example, create an OU (organizational unit) for a separate part of the company and delegate control of it to their IT staff while still having oversight control of it. They can create and manage users and desktops within that OU but not outside that OU.

I can't stress how important it is for a business to be able to control their desktops. While you may consider this IT nazi behaviour, it's a necessary fact of business life. While Renezvous sounds all nice and happy, I can't have staff just installing hardware devices casually and making them available to everyone. For example, someone gets the bright idea of plugging in a wireless access point into the computer so they can use their laptop to get to the net from an adjoining conference room. How nice for them, and how nice for the intruder sitting in the parking lot with a high-gain directional wireless antennae running kismit to gain access inside my firewall.

So, with that, let's discuss what really sucks about the PC from my experience. The file system is horrible. While NTFS certainly is nice when it comes to fine tuning ACL lists, it's overall weakness is its inability to remove or replace a file that is open. What you say? Unix based file systems have this neat feature where you can have multiple hard links to a file. When you "remove" a file, it just removes a link. If the file goes down to zero links and processes still have the file open, the file remains accessible to them and the final link won't be removed until all processes accessing them go away. can't do that on NTFS. That is why on Unix you can replace system libraries and commands and not have to reboot (although you should stop/restart processes that use them if, for example, the library is a security related issue). On NTFS, Windows, if the file or DLL is in use, must throw it in a temporary area and set up a process so next time the machine reboots, the DLL is copied into place during the reboot. That's why the damn things have to be rebooted so often. Rebooting a server while people are using it is a real drag.

The GUI in windows is too darn wired into the OS meaning a problem with the GUI screws the computer. While the Mac is kind of similar, I can at least boot into single user mode if needed and fix a lot of stuff without having to resort to a re-install to fix.

Windows registry sucks, nuff said.

Most Windows applications just aren't "logo compliant." That means they don't follow the rules making all that happy stuff above possible and that demands kludges. For example, Adobe products just insist on being able to write crap to their program directory and "HKLM" registry (trust me, it's just wrong). Autodesk products are bad too. Their answer, just give your users administrative privileges on their PC. "Ah, no, how about we just use Publisher instead of Pagemaker instead?" These vendors don't package their installers as .msi files that can easily be deployed through group policies either, forcing IT staff to follow a problematic and time consuming process of "re-packing" it.

Well, I've gone on far too long. I just don't think Apple cares. They have a niche market and are happy with it. If they want to get into business, they need to provide solutions and then get to IT managers and let them know they exist. Microsoft has all kinds of migration papers detailing, for example, how one can switch from Apache to IIS. Does Apple have anything like that geared to the Windows IT professional detailing how they can integrate Macs into a PC world and how they can effectively manage them en masse?

Aaron McGruder, the creator of Boondocks comic strip was keynote. Jello Biafra makes a repeat appearance as well as some other past favorites, such as the "former spy" Robert Steele, as well as some surprise guests such as former Talbin fighter, Aukai Collins.

This is my personal review of h2k2. There were so many things happening at once that one person can't obviously see it all. This is based on what I saw, experienced, felt, and my personal opinions. (This was submitted that Sunday night to /. but later rejected as a story, so into the journal it goes! :)

Keynote Speaker: Aaron MgGruder, author of Boondocks, spoke on Saturday. This was my favorite speaker and worth the price of admission. He was invited because he did a short sequence of strips covering the DeCss subject and, as Emmanuel Goldstein said, "the only person in popular media to get it right." Aaron was very articulate, intelligent, and of course, opinionated. What I liked most about him was his admitting that he does not know it all. He made fun of political experts who sit around and debate political topics based on what they are spoon fed by popular media. He says there is not much difference between us and people who live in censored countries except they KNOW they aren't getting the full story. We all think we are smart and know it all. His advice to people who love to rant about political topics, "Shut the hell up, you don't know anything."

McGruder thinks our society is falling apart and the only thing that can fix it is revolution. He has hope, but not much. He spoke about Bush's line that countries that hurt American are going to have to pay, which means we kill a bunch of their innocent civilians so they get to claim that we will then have to pay, where they kill a bunch of us. McGruder's soluti\ on is that people should just go kill the leaders of these nations. He then back-peddled (remembering the place was probably full of feds) and disclaimed that he wasn't advocating that anyone go out and shoot Bush (who he has no love for). He reminded us that if Bush was killed, we'd be left with Cheney, who is far far worse in his opinion. "If Cheney was President, Afghanistan and Iraq would be glass, and we may give the neighboring countries 30 minutes of warning to get away from the borders."

Jello Biafra: Jello was keynote at H2K in 2000 and returned this year to speak late Saturday night. He was well loved by most people there, based on the reactions I saw that night. I didn't like him. He reminded me of Rush Limbaugh except on the left side. Loads of rhetoric, wild claims, and positioning himself as an expert. He was supposed to speak for one hour, and then the film "Freedom Downtime" was to be shown. He rambled on for two and a half hours, then took his shoe off and asked for donations for his legal defense fund involving his former record label. People flocked up and stuffed it full of money as he started to spin records. At this point it was 12:30am and I gave up and went to my room and and got some sleep.

Robert Steele : Former spy, and backer of a concept called "Open Source Intelligence" where countries share intelligence information freely with each other and their citizens. His speech on Hacking National Intelligence was, to me, frightening. He claims that 9/11 involved a serious failure of our intelligence network and Washington is trying to white wash it all. He also claims that he has no doubt at all that New York City will be the target of another terrorist attack soon. "When foreigners think of the U.S. they think of New York City. It is the center of capitalism." He is an excellent speaker. I hope he returns next time.

During his talk, he introduced Aukai Collins who told us of his experiences fighting for bin Laden (during the 90s when we were paying bin Laden's salary and he allegedly was a good guy). When the embassy bombings started to occur, he went to the CIA and offered himself as an intelligence source. He worked for them and the FBI a few years and during that time was invited by bin Laden's runners to come work closely with him. When he bought this opportunity to get close to bin Laden to his superiors, they told him not to go. He feels we lost probably our only opportunity to get one of our guys close to bin Laden. He has written a book on this called My Jihad.

If this so far sounds like h2k2 was more politics than tech, I got the same impression. I skipped out on most of the DMCA updates and other legal updates. They were hosted by members of EFF and their lawyers. The small bits I saw sounded very informative and I applaud their works in these areas. Since I've kept up on all the news on these cases, I decided to skip these forums.

The best of the tech presentations was Fun with 802.11b hosted by Dragorn, Porkchop, and StAtic FuSIOn. (I sometimes hate silly handles). During the days before h2k2, they mapped out over 400 open wireless networks accessible from within three blocks of the hotel in midtown Manhattan. They demonstrated passive snoopers like kismet and showed us different directional high-gain antennas. Their recommendation for a good PCMCIA 802.11b card was Cisco's 352, which I of course didn't have. I ran out and bought an SMC card for my company laptop before the conference and had a tech load Linux on my laptop. I told him he could pick the distro of his choice, but unfortunately he picked the one I'm least familiar with, Slackware. I could not get the damn card working for the life of me. I wanted to scream.

A big disappointment was the Cult of the Dead Cow Extravaganza . It was to be held down on the lower level in the network room and broadcast up to the conference rooms on the 18th floor. Well, it didn't work. I was upstairs and they mucked with the equipment for an hour trying to get a a/v feed going. After all this time of wondering whether we should fight our way downstairs to watch it in person, we got an announcement. "Sorry, but we can't get it to work. Oh, by the way, they have already started downstairs."

Urge to kill. My friend and I wondered how they screwed this one up and traced the wires to a display table and behind a closed stairwell door. We looked at each other and said "Nooo". We popped into a neighboring stairwell as everyone fought for the elevators. We went down one floor then popped over to the stairwell that we saw the wires going down. Sure enough, they had run the wires down the open portion of the stairs so they were hanging by their own weight for a distance of about 22 floors (the hotel has 18 number floors, about 4 lettered floors like A, B, C, D, a mezzanine floor, and lobby floor). I'm not sure what the stress would be introduced by a cable hanging by its own weight for that kind of distance, but I bet the center copper core couldn't bear it and broke inside.

So we run downstairs and saw some talented but unwanted female singing about how great the CDC was. Then someone else got up and swung a black briefcase looking device around. Had no idea what it was because we couldn't understand squat in the back. Basically we said to hell with them all, and left.

So while the presentations were hit and miss, the overall best part of the conference were the attendees. Freaks, geeks, and misfits everywhere, all being good to each other, curious, intelligent, and sometimes a bit too paranoid. Of course it was mostly guys, but there were women as well as one person who had a male voice but noticable breasts and a feminine face and shape. Many other guys dressed up a bit too flamboyant for my tastes as well. My point being, everyone was accepted for who they are and all got along great together. I didn't meet a single person who I talked to who was rude, or unwilling to strike up a conversation. The network room had wired and wireless internet access and was open 24 hours a day and the source for some of the most fun at the conference. But by all means, the best part of h2k2 was the attendees and they are the reason why I will want to go again in the future.

Why replace it? Well, I'm in the process of converting a lot of old video tapes (including the entire series of Babylon 5) to VCDs since I hope they won't degrade as fast as video tape. Also a lot of family video tapes. My old DVD player would only play VCDs burned on CD-RWs which was a drag. The RP56 will use CD-Rs and also will play mp3 CDs although I hear it's kinda crappy (no id3 tag info displayed for example...)

No, I haven't hooked it up yet so I don't know for sure.

I read some good things about the RP56 and it's fairly cheap ($229 at Best Buy).

I cap the vids with a Hauppauge WinTV PVR. It was an impulse buy while in a store. NEVER IMPULSE BUY. I got the USB version and later found out they have a PCI version.

But it doesn't matter because it's absolute CRAP. Not the hardware, the software that it comes with. It takes forever to initialize, change channels, and the mpeg-2 files it produces seem wrong. They playback fine in its own player, but in WMP and other players depending on the codec a person has loaded, it often displays in an incorrect aspect ratio (like 480x640 instead of 640x480) and sometimes distorted. mpeg-1 caps seem fine, which is what I am using to burn VCDs but still, I wanted better mpeg-2 capability for some purposes.

I edit the caps with Cyberlink's PowerDirector. So far I am pretty happy with it. It allows editing of mpeg-1 and mpeg-2 streams without having to re-encode the entire stream. It can just remove or insert segments and just encode the changed places. That's pretty impressive when you consider an mpeg stream is not a non-compressed frame-based file. Ever try to edit a compressed file in place without re-compressing the entire thing?!

However, and I blame the Hauppauge crap software, when PowerDirector edits an mpeg-2 stream produced by the hauppauge, it often crashes. I am able to, if careful, load a hauppauge (stupid name btw) made mpeg-2, go into the cropping feature, "stretch" it to normal size, then convert it to mpeg-1, then edit THAT stream OK. But too much mucking with it causes a crash.

(To be fair, it might be the hardware that is crap and not the software since the device does mpeg encoding in hardware...)

But, to get back to original point, the wintv device has composite and audio line-in jacks so I can hook my VCR up to it and do caps fairly easy. That's pretty nice and it actually works fairly well considering it is a USB device. It's just the software it's bundled with is crap.

Oh, one more thing. When buying the box, the kid on the floor tried to push the $50 4-year warranty on me. I'm like, "What, you kidding, a year from now I'll be throwing this bitch out and getting one that can deal with DVD-Audio as well, so why would I need a longer warranty." :-)

http://www.microsoft.com/technet/security/tools/nt4new.asp?frame=true

How to install Microsoft NT securely. First, they say it HAS to be done off the network and from a CD which involves a major hassle...

Then, get this...

1. Install SP 6a
2. Update IE
3. Install Option Pack to upgrade IIS
4. Reinstall SP 6a
5. Install NT Security Roll-up
6. Install patch Q305929
7. Install IIS rollup patch
8. Install and run Hfnetchk tool
9. Install and run IIS lockdown wizard

Why the hell can't they just re-release their products with all security patches and updates rolled into the distribution so it's done during the FIRST install?

"That's not very smart. It's like saying that it doesn't matter whether you buy a Toyota Camry or a Russian Lada, because you will eventually have to service it. Excuse me, but I'd rather own the Camry, thank you very much, because the probability of trouble is lower for the Camry. Of course I need to get both cars inspected regularly. The name of the game is risk management, and every manager has the responsibility to minimize risks. Using software of doubtful quality is irresponsible.

From Experts demolish MS Anti-Apache FUD.