Had a day from hell yesterday. Had a power failure Friday night which affected two of our four Active Directory controllers. As luck would have it, the emergency generator which is supposed to power the room at times like this failed to start too. Bottom line, two ADs went dark for an hour.

When they came up, for whatever reason, the BIOS on one of them lost its time and came up as year 2003. It was quickly noticed, fixed, and rebooted with correct time. All was well, or at least I thought.

Our four ADs are across two sites with a replication path resembling a box...

a1 <----> b1
/\ . . . . /\
| . . . . . |
\/ . . . . \/
a2 <----> b2

Site a and b are connected via a wan link and are in different AD "sites."

A few days later, it's noticed that site b isn't getting replicated data from a. Some playing around reveals that b can replicate to a but not visa-versa.

"repadmin /showreps" reveals numerous auth errors saying "logon failure target account name is incorrect."

Doing a "repadmin /syncall" throws a similar error if run on the site b machines.

Google searches on this indicate problems with machine account password, a duplicate machine name, or even dynamic dns problems. I note that if a DC at site b just accesses \\a1.domain.name\c$ it gives the same error, but not if done via \\a1\c$ or \\ipaddr\c$ so that makes me believe it's not an auth issue but a name resolution issue.

So much time is spent checking DNS, the guid version of each dns machine's name, comparing the guid on each box to see if it's identical, etc, etc...

ok, all works there, so time to think about the machine acct password. Find references and kb articles saying how to use "netdom resetpwd" where each article details the steps like purging the kerb ticket list at different places. Arrggh...

Since b can't talk to a, try resetting the password on b boxes. No go. Then try an a box, still no go. Was missing a vital step that took digging through usenet posts to find and which isn't clear from the microsoft tech docs.

Syntax for the netdom resetpwd command is:

netdom resetpwd /s:servername /userd:domainadmin /passwordd:*

... where domainadmin is a domain admin account. Well, the "servername" specified is critical to making it work. The netdom command will reset the machine account password on that box (and in the case of an AD box, its own AD records) PLUS record it into AD on the box specified by /s. We were setting that to the local AD server.

So the key to making it work was doing this on each box on site a and specifying the server as its replication partner in site b to inject a good password record there.

After that was done, credentials worked again and replication started happening again.

The steps required to do this include purging the ticket list and starting and stoping the kdc service.

Example:

net stop kdc
klist purge
netdom resetpwd /s:b1.domain.name /userd:domain\admin /passwordd:*
net start kdc

I'm hoping this gets indexed into google and helps someone else out with this problem someday.

The Lower Manhattan Development Corporation (LMDC) recently "freed the LMDC 5201" and set up a website displaying the boards of all 5,201 entries for the World Trade Center memorial.

My wife's entry is up there.

The entire 9/11 event had a very deep impact on my wife, and I believe working on this memorial helped her out a lot. She, and three of her students (she teaches architecture) worked on the model for much of last summer. It cost us a good chunk of change for their salaries, but they got some good experience out of it and seemed to enjoy it.

Anyway, I'm quite proud of the ole girl, even if she didn't win! :-)

A fun time was had by me yesterday, and very interesting too. A call went out on the SCOX investing board for someone in Delaware to head to the U.S. District Court and get a copy of SCO's motion to dismiss the Redhat suit against them, motion filed Sept 15. Beings I live and work in Wilmington DE, I stepped up to the plate and volunteered.

I had never done something like that before, so heading into the court's clerk office and figuring out what to ask for, the procedures for getting copies, examining various dockets (learned a new word!) on the case, etc, was fun.

Equal fun was getting to read it before most everyone else of course, then OCRing it and getting it posted.

I sent it to groklaw site and they posted it for commentary. I was going to post it on my own site, but it's best served from there. It's great to read the commentary on the board from various paralegals and law students. Interesting stuff!

This past weekend, I drove my motorcycle from Newark DE to Manassas VA and back using "back roads." Below is my "too much information" report (some of this is for me so I don't forget so I can do this again!).

First of all, let me say how useless AAA is for trip planning for this tipe of trip. The AAA person wanted me to use the Interestate. When I said I wanted backroads, she drew a pink line down US 1 to the Baltimore Beltway. I explained I wanted to go north of Baltimore, then around west of DC. She basically just connected dots on the map and not a good path either. And despite me saying I wanted to use the Ferry, she said "Oh, you don't want to do that," and drew me a route that went down US 15 over the Potomac.

Well, forget that, so I tried Mapquest. That took a lot of fiddling around, even with plotting various intermediate points so it too wouldn't force me down the turnpike. Mapquest will send you way out of your way to get some interstate miles in.

So I had to plot several subtrips...

• Newark to Blue Bell MD
• Blue Bell to Hickory MD
• Hickory to Hapstead
• Hampstead to Damascus
• Damascus to Martinsburg
• Martinsburg to Catharpin VA
• Catharpin VA to Manassas

Summary of my outbound routing (5 hours)
MD 273 - US 1 - MD 23 - MD 137 - MD 138 - MD 482 - MD 27 ~ MD 109 ~
... white's ferry ...
US 15 - VA 232

Summary of return trip (4 hours, 10 minutes, southern leg different)
VA 234 - US 15 - VA 7 - VA 9 - VA 287 - MD 79 - MD 180 - US 15 - MD 27 - MD 26 - MD 482 - MD 138 - MD 137 - MD 23 - US 1 - MD 273

Interesting tidbits:

• No congestion entire trip. Yippee!
• A Beautiful relaxing drive
• Three Maryland Roundabouts!
• White's Ferry - neat
• Maryland state route system is illogical and not real helpful at times

Details:

Left Newark, DE heading west on SR 273 towards Conowingo Dam. A bit of a boring road that hasn't change much in the 30 years I've been going down it except for one neat thing. Just after Rising Sun at 276 there is a new roundabout! This must have been a new installation within past year. It would be the first of three that I saw during my trip.

Joined up with US 1 and head across the (toll free) Conowingo Dam towards Hickory. At Hickory, headed west on MD 23. The next hour or so was the most difficult, navigation wise. Idea was to head west towards Westminster, then southwest on MD 27. But getting to Westminster is not easy.

Took MD 23 towards Jarrettsville. An interesting curiosity. I don't think Maryland cares much for multiplexed routes. Something I concluded on this leg of the trip and saw other examples as I went. When MD 23 hit MD 165 in Jarretsville, it should multiplex with 165 north for about a mile, then continue west from there. Dog leg or zigzag if you will. But at the T junction, instead of pointing right for MD 23, it had a "TO 23" sign with a right arrow. As I head north to Jarretsville, I saw another sign that said "Junction 23". I turned left there. On the return trip through this area however, when I hit 165 from 23, there was no corresponding "TO 23" pointing south. No signs whatsoever. Had I not known from the prior day's trip in opposite direction, I would have continue straight at that interesection.

Looking at a map later, I saw that that road that continue straight is called Jarretsville Road and continues to US 1, pretty much paralleling 23 which was south of it. At one time Jarretsville Road must have been MD 23 and that's why the discontinuous segments of MD 23 happened. They should really sign it better.

But enough of Jarettsville. Continued west on MD 23 for about 3 miles, then turned left on MD 138. Except for the first mile or so, it's a fairly narrow road, speed limits around 30 to 40. It snakes around until Hereford where I had to go north for about 1/10 mile on 45, then left on 137. Life would have been simpler had 137 and 138 been given the same route number, but that would have meant having a multiplex for 1/10 a mile on 45, so I guess we can't have that. Sigh...

Continued west on 137 until it dead ended on a road with no indication of what direction 137 took. From the map I had, it seemed like 137 continued to Hampstead, but that was not the case. There *was* a sign that said "TO MD 30" pointing left. I took that and eventually after a couple of turns that thankfully also said "to MD 30" found my second roundabout at MD 88. A 1/2 mile further was was Hanover Pike, which I went north on for about 1/2 mile, then west on MS 482 until I reached "Mexico."

At Mexico I piked up MD 27. Finally, roughest part done. I took MD 27 south to Damascus. The route from Damascus to White's Ferry isn't very straightforward. ie, not an easy set of signed routes. I branched off onto Oak Road, then Kingstead Road, Burnt Hill Road, north on MD 355 for about 1/2 mile, then west on Comus Road (under I-270) to -- Comus! The plan at that point was to turn left on MD 109, but the bridge was out, and scheduled to be reopened on 8/26. Sigh, few days too early. So I continued west and found the entrance to Sugarloaf Mountain Park. Nice.

Heading south towards MD 28, then followed MD 28 towards Beallsville, down W Hunter Road, Wasche Road, then right on White's Ferry Road.

White's Ferry had a nice queue of cars waiting for it that backed up outside their property limits. I didn't think I'd make it on to the next Ferry, but when it pulled up, there was plenty of room for everyone. A short ride across for $2.00 (m/c fare) and I was in Virginia!

White's Ferry Road dumps out onto US 15 near Leesburg. South on that around Leesburg to VA 234 about 20 miles later. A short 6 mile drive down that road and bango, soon as I go under I-66, congestion, traffic, massive civilization. First mess I was in during the entire trip, and thankfully my destination.

For my return trip, I altered the southern leg of the route somewhat. I headed north towards Leesbug on US 15, but then went west on VA 7, then branched off to VA 9. then north on VA 287 towards Brunswick MD. A nice road, and the bridge over the Potomac offered nice views.

And lo and behold, soon as you enter Brunswick, yet another roundabout! I must be back in Maryland! Coming north out of Brunswich was a fairly decent climb with speed limit 30 MPH. I saw two police officers "camping" and running radar for the poor folks coming south down the hill.

I continued north on MD 79, then east on MD 180, which must have been the old US 340 route. Over I-70 (no junction) and onto US 15 north again, but not for long. Branched off onto MD 26 and took that until MD 27, then retraced my steps back using same route I went out on.

The trip down took me just shy of 5 hours, with about 30 minutes spent waiting or riding on the White's Ferry. The return trip was 4 hours and 10 minutes, and if I had just remained on US 15 instead of the scenic ride through Brunswick, I probably could have got it down to 4 hours.

Total mileage each way was around 165-175 miles compared to 130 miles using I-95, I-495, and I-66. When using the Interstate, I can do the trip in 2.5 hours, provided there are NO traffic slowdowns. On really bad congested days, it can take over four hours. Given the choice of interstate and congestion, or a beautiful country drive, I'd go for the scenic drive unless I was in a real hurry and felt like taking a chance on the Interstate route.

Since my sister now lives in Manassas, I'll be taking more trips. The drive is longer, but far more pleasant, although I'm not sure how pleasant it will be if I am doing that run over and over! :)

Dear Microsoft,

You could go a long way to making me happy if you just standardize the hotfix install programs to use the same command line arguments. I have to run a batch of these things after an install to automatically bring a desktop up-to-date.

The way it is now, it's ridiculous. Here's some actual examples:

Msjavx86.exe /c:"javatrig.exe /exe_install /l /qq" /q:a /r:n
q307274 -u -n -z
vbs56nen /q /r:n
start /wait q318202 /q /c:"dahotfix /q /n"
start /wait vm-sfix3 /q /r:n

Why can't there be a standardize hotfix installer? Please.... If not, at least document the unattended install procedure in the kb article describing the hotfix. As it is now, I have to hunt all over to find it if one of the old methods doesn't work. Like look at that java vm update. My God, where did THAT come from?

I recently posted a long winded opinion over at Macslash in reply to their story, "Switch" coming to a Business near you?.

Reproduced below....

I'm an IT manager, responsible for 2,000 desktops. I "switched" at home to iMac a few months ago (well, not quite switched, added one to my several at home). I love it -- a lot, but I can't see deploying them at work. Why? Well, for one thing, control. Corporate IT is all about homogonizing the work environment, remote management, consistency, standard operating environments, etc.

So, before I would consider advocating any sort of switch, I'd need a Mac to do the following. Note, they may or may not be possible, but the point is, I don't know. Apple is not reaching me if this stuff is possible.

Group Policies: Ability to classify groups of users and machines and then apply policies to them. A policy controls how the machine works. It can tighten control, change behavior or appearance of an app, dictate where files are saved, define file permissions, and even be used to deploy applications remotely.

RIS: Remote Install Service Boot a PC, hit F12 on the bios startup screen, authenitcate to the domain controller, and get a list of install images that can be used on that machine. Select one, walk away, come back an hour later, machine back up to your standard operating environment including all needed applications. No install choices or interaction needed. For those familiar with Ghost, it's not Ghost. Ghost is very limited, where you need a literal image of each install type. RIS allows variations, does all hardware detection, and stores the "image" as plain files on the server, allowing them to be edited or manipulated.

Roaming profiles: If a user logs on to any machine anywhere on the network, their desktop settings and stored files follow them from place to place. This behavior can even be modified as needed through group policies, so for example, if an employee logs into an informational kiosk at HR, it can not roam, but provide a locked-down consistent interface for that one purpose.

Remote control: One thing my support techs are in love with is XPs new remote assistance feature. It's built into the OS. A tech can request control of any user's desktop and watch them work (with the user's explicit permission and knowledge), and even take over control to help them with a problem. Again, who can do this and where can be controlled through group policies. I know there are remote desktop features on Macs, but they are extra cost options per machine. A big extra cost. We had been using VNC for remote control and remote desktop, but scrapped it when we deployed XP. Much better. Remote desktop for servers is a big plus too...

Scripting of administrative tasks: I can script just about anything in Windows through vbscript and interfacing with WMI and ADSI (computer management, directory management). I know apple has Applescript, but I have no idea how extensive and useful it is. (For the record, anyone who claims Windows environments are easier to manage than Unix environments is just plain wrong. Everytime I want to do something that seems simple, like get a listing of disk quotas, you have to jump through so many hoops in Windows by writing a damn vb program to do it instead of a simple unix command or two piped into whatever filter to get the data you need...)

Delegation of authority: Control how much a user or IT technician has control over. I can, for example, create an OU (organizational unit) for a separate part of the company and delegate control of it to their IT staff while still having oversight control of it. They can create and manage users and desktops within that OU but not outside that OU.

I can't stress how important it is for a business to be able to control their desktops. While you may consider this IT nazi behaviour, it's a necessary fact of business life. While Renezvous sounds all nice and happy, I can't have staff just installing hardware devices casually and making them available to everyone. For example, someone gets the bright idea of plugging in a wireless access point into the computer so they can use their laptop to get to the net from an adjoining conference room. How nice for them, and how nice for the intruder sitting in the parking lot with a high-gain directional wireless antennae running kismit to gain access inside my firewall.

So, with that, let's discuss what really sucks about the PC from my experience. The file system is horrible. While NTFS certainly is nice when it comes to fine tuning ACL lists, it's overall weakness is its inability to remove or replace a file that is open. What you say? Unix based file systems have this neat feature where you can have multiple hard links to a file. When you "remove" a file, it just removes a link. If the file goes down to zero links and processes still have the file open, the file remains accessible to them and the final link won't be removed until all processes accessing them go away. can't do that on NTFS. That is why on Unix you can replace system libraries and commands and not have to reboot (although you should stop/restart processes that use them if, for example, the library is a security related issue). On NTFS, Windows, if the file or DLL is in use, must throw it in a temporary area and set up a process so next time the machine reboots, the DLL is copied into place during the reboot. That's why the damn things have to be rebooted so often. Rebooting a server while people are using it is a real drag.

The GUI in windows is too darn wired into the OS meaning a problem with the GUI screws the computer. While the Mac is kind of similar, I can at least boot into single user mode if needed and fix a lot of stuff without having to resort to a re-install to fix.

Windows registry sucks, nuff said.

Most Windows applications just aren't "logo compliant." That means they don't follow the rules making all that happy stuff above possible and that demands kludges. For example, Adobe products just insist on being able to write crap to their program directory and "HKLM" registry (trust me, it's just wrong). Autodesk products are bad too. Their answer, just give your users administrative privileges on their PC. "Ah, no, how about we just use Publisher instead of Pagemaker instead?" These vendors don't package their installers as .msi files that can easily be deployed through group policies either, forcing IT staff to follow a problematic and time consuming process of "re-packing" it.

Well, I've gone on far too long. I just don't think Apple cares. They have a niche market and are happy with it. If they want to get into business, they need to provide solutions and then get to IT managers and let them know they exist. Microsoft has all kinds of migration papers detailing, for example, how one can switch from Apache to IIS. Does Apple have anything like that geared to the Windows IT professional detailing how they can integrate Macs into a PC world and how they can effectively manage them en masse?

H2K2 (or HOPE 2002 or Hackers On Planet Earth 2002) was held this past weekend in New York City at the Hotel Pennsylvania. I've been to previous HOPE conferences and this one was much better than ones in the past, but it still had a few problems.

Aaron McGruder, the creator of Boondocks comic strip was keynote. Jello Biafra makes a repeat appearance as well as some other past favorites, such as the "former spy" Robert Steele, as well as some surprise guests such as former Talbin fighter, Aukai Collins.

This is my personal review of h2k2. There were so many things happening at once that one person can't obviously see it all. This is based on what I saw, experienced, felt, and my personal opinions. (This was submitted that Sunday night to /. but later rejected as a story, so into the journal it goes! :)

Keynote Speaker: Aaron MgGruder, author of Boondocks, spoke on Saturday. This was my favorite speaker and worth the price of admission. He was invited because he did a short sequence of strips covering the DeCss subject and, as Emmanuel Goldstein said, "the only person in popular media to get it right." Aaron was very articulate, intelligent, and of course, opinionated. What I liked most about him was his admitting that he does not know it all. He made fun of political experts who sit around and debate political topics based on what they are spoon fed by popular media. He says there is not much difference between us and people who live in censored countries except they KNOW they aren't getting the full story. We all think we are smart and know it all. His advice to people who love to rant about political topics, "Shut the hell up, you don't know anything."

McGruder thinks our society is falling apart and the only thing that can fix it is revolution. He has hope, but not much. He spoke about Bush's line that countries that hurt American are going to have to pay, which means we kill a bunch of their innocent civilians so they get to claim that we will then have to pay, where they kill a bunch of us. McGruder's soluti\ on is that people should just go kill the leaders of these nations. He then back-peddled (remembering the place was probably full of feds) and disclaimed that he wasn't advocating that anyone go out and shoot Bush (who he has no love for). He reminded us that if Bush was killed, we'd be left with Cheney, who is far far worse in his opinion. "If Cheney was President, Afghanistan and Iraq would be glass, and we may give the neighboring countries 30 minutes of warning to get away from the borders."

Jello Biafra: Jello was keynote at H2K in 2000 and returned this year to speak late Saturday night. He was well loved by most people there, based on the reactions I saw that night. I didn't like him. He reminded me of Rush Limbaugh except on the left side. Loads of rhetoric, wild claims, and positioning himself as an expert. He was supposed to speak for one hour, and then the film "Freedom Downtime" was to be shown. He rambled on for two and a half hours, then took his shoe off and asked for donations for his legal defense fund involving his former record label. People flocked up and stuffed it full of money as he started to spin records. At this point it was 12:30am and I gave up and went to my room and and got some sleep.

Robert Steele : Former spy, and backer of a concept called "Open Source Intelligence" where countries share intelligence information freely with each other and their citizens. His speech on Hacking National Intelligence was, to me, frightening. He claims that 9/11 involved a serious failure of our intelligence network and Washington is trying to white wash it all. He also claims that he has no doubt at all that New York City will be the target of another terrorist attack soon. "When foreigners think of the U.S. they think of New York City. It is the center of capitalism." He is an excellent speaker. I hope he returns next time.

During his talk, he introduced Aukai Collins who told us of his experiences fighting for bin Laden (during the 90s when we were paying bin Laden's salary and he allegedly was a good guy). When the embassy bombings started to occur, he went to the CIA and offered himself as an intelligence source. He worked for them and the FBI a few years and during that time was invited by bin Laden's runners to come work closely with him. When he bought this opportunity to get close to bin Laden to his superiors, they told him not to go. He feels we lost probably our only opportunity to get one of our guys close to bin Laden. He has written a book on this called My Jihad.

If this so far sounds like h2k2 was more politics than tech, I got the same impression. I skipped out on most of the DMCA updates and other legal updates. They were hosted by members of EFF and their lawyers. The small bits I saw sounded very informative and I applaud their works in these areas. Since I've kept up on all the news on these cases, I decided to skip these forums.

The best of the tech presentations was Fun with 802.11b hosted by Dragorn, Porkchop, and StAtic FuSIOn. (I sometimes hate silly handles). During the days before h2k2, they mapped out over 400 open wireless networks accessible from within three blocks of the hotel in midtown Manhattan. They demonstrated passive snoopers like kismet and showed us different directional high-gain antennas. Their recommendation for a good PCMCIA 802.11b card was Cisco's 352, which I of course didn't have. I ran out and bought an SMC card for my company laptop before the conference and had a tech load Linux on my laptop. I told him he could pick the distro of his choice, but unfortunately he picked the one I'm least familiar with, Slackware. I could not get the damn card working for the life of me. I wanted to scream.

A big disappointment was the Cult of the Dead Cow Extravaganza . It was to be held down on the lower level in the network room and broadcast up to the conference rooms on the 18th floor. Well, it didn't work. I was upstairs and they mucked with the equipment for an hour trying to get a a/v feed going. After all this time of wondering whether we should fight our way downstairs to watch it in person, we got an announcement. "Sorry, but we can't get it to work. Oh, by the way, they have already started downstairs."

Urge to kill. My friend and I wondered how they screwed this one up and traced the wires to a display table and behind a closed stairwell door. We looked at each other and said "Nooo". We popped into a neighboring stairwell as everyone fought for the elevators. We went down one floor then popped over to the stairwell that we saw the wires going down. Sure enough, they had run the wires down the open portion of the stairs so they were hanging by their own weight for a distance of about 22 floors (the hotel has 18 number floors, about 4 lettered floors like A, B, C, D, a mezzanine floor, and lobby floor). I'm not sure what the stress would be introduced by a cable hanging by its own weight for that kind of distance, but I bet the center copper core couldn't bear it and broke inside.

So we run downstairs and saw some talented but unwanted female singing about how great the CDC was. Then someone else got up and swung a black briefcase looking device around. Had no idea what it was because we couldn't understand squat in the back. Basically we said to hell with them all, and left.

So while the presentations were hit and miss, the overall best part of the conference were the attendees. Freaks, geeks, and misfits everywhere, all being good to each other, curious, intelligent, and sometimes a bit too paranoid. Of course it was mostly guys, but there were women as well as one person who had a male voice but noticable breasts and a feminine face and shape. Many other guys dressed up a bit too flamboyant for my tastes as well. My point being, everyone was accepted for who they are and all got along great together. I didn't meet a single person who I talked to who was rude, or unwilling to strike up a conversation. The network room had wired and wireless internet access and was open 24 hours a day and the source for some of the most fun at the conference. But by all means, the best part of h2k2 was the attendees and they are the reason why I will want to go again in the future.

Well, I went out and bought a new Panasonic RP56 DVD player. My prior A120 model was a year old and therefore had to be replaced (going to hand it down to my Dad...)

Why replace it? Well, I'm in the process of converting a lot of old video tapes (including the entire series of Babylon 5) to VCDs since I hope they won't degrade as fast as video tape. Also a lot of family video tapes. My old DVD player would only play VCDs burned on CD-RWs which was a drag. The RP56 will use CD-Rs and also will play mp3 CDs although I hear it's kinda crappy (no id3 tag info displayed for example...)

No, I haven't hooked it up yet so I don't know for sure.

I read some good things about the RP56 and it's fairly cheap ($229 at Best Buy).

I cap the vids with a Hauppauge WinTV PVR. It was an impulse buy while in a store. NEVER IMPULSE BUY. I got the USB version and later found out they have a PCI version.

But it doesn't matter because it's absolute CRAP. Not the hardware, the software that it comes with. It takes forever to initialize, change channels, and the mpeg-2 files it produces seem wrong. They playback fine in its own player, but in WMP and other players depending on the codec a person has loaded, it often displays in an incorrect aspect ratio (like 480x640 instead of 640x480) and sometimes distorted. mpeg-1 caps seem fine, which is what I am using to burn VCDs but still, I wanted better mpeg-2 capability for some purposes.

I edit the caps with Cyberlink's PowerDirector. So far I am pretty happy with it. It allows editing of mpeg-1 and mpeg-2 streams without having to re-encode the entire stream. It can just remove or insert segments and just encode the changed places. That's pretty impressive when you consider an mpeg stream is not a non-compressed frame-based file. Ever try to edit a compressed file in place without re-compressing the entire thing?!

However, and I blame the Hauppauge crap software, when PowerDirector edits an mpeg-2 stream produced by the hauppauge, it often crashes. I am able to, if careful, load a hauppauge (stupid name btw) made mpeg-2, go into the cropping feature, "stretch" it to normal size, then convert it to mpeg-1, then edit THAT stream OK. But too much mucking with it causes a crash.

(To be fair, it might be the hardware that is crap and not the software since the device does mpeg encoding in hardware...)

But, to get back to original point, the wintv device has composite and audio line-in jacks so I can hook my VCR up to it and do caps fairly easy. That's pretty nice and it actually works fairly well considering it is a USB device. It's just the software it's bundled with is crap.

Oh, one more thing. When buying the box, the kid on the floor tried to push the $50 4-year warranty on me. I'm like, "What, you kidding, a year from now I'll be throwing this bitch out and getting one that can deal with DVD-Audio as well, so why would I need a longer warranty." :-)

Take a gander at this...

http://www.microsoft.com/technet/security/tools/nt4new.asp?frame=true

How to install Microsoft NT securely. First, they say it HAS to be done off the network and from a CD which involves a major hassle...

Then, get this...

1. Install SP 6a
2. Update IE
3. Install Option Pack to upgrade IIS
4. Reinstall SP 6a
5. Install NT Security Roll-up
6. Install patch Q305929
7. Install IIS rollup patch
8. Install and run Hfnetchk tool
9. Install and run IIS lockdown wizard

Why the hell can't they just re-release their products with all security patches and updates rolled into the distribution so it's done during the FIRST install?

A great quote from The Register in response to the line from Microsoft and their apologists that all software has bugs and you have to keep up with them or get it

"That's not very smart. It's like saying that it doesn't matter whether you buy a Toyota Camry or a Russian Lada, because you will eventually have to service it. Excuse me, but I'd rather own the Camry, thank you very much, because the probability of trouble is lower for the Camry. Of course I need to get both cars inspected regularly. The name of the game is risk management, and every manager has the responsibility to minimize risks. Using software of doubtful quality is irresponsible.

From Experts demolish MS Anti-Apache FUD.