dougzuck.com

I need to vent…  First off, let me say that I’m an Apple hater.  I’m an Apple hater, but I’m also an iPhone lover.  I know it sounds stupid.  Honestly, I’ve tried to like Apple many times over the years, and this even includes purchasing a Mac Mini at one point a couple years ago, but I ended up selling it soon after because I was so frustrated with it.  What can I say–  I’m a PC guy at heart.  Moreover, walking into the Apple store makes my skin crawl.  I hate the vibe.  I hate the people who work there and their Apple-loving attitudes.  It just drives me crazy.  But here I am trying to buy a new iPhone because I think it’s the coolest piece of technology out right now, so this also seemed like a good time for me to give Apple another chance at not frustrating me or pissing me off.  Well, it didn’t work.

The company I work for has generously offered to reimburse me for the cost of a new iPhone 4.  I currently own the iPhone 3GS, which my company also paid for.  When the iPhone 4 first came out, I wanted to buy it from the Apple website because that seemed like the easiest and fastest way to get it.  However, while I was attempting to purchase it online, I learned that Apple requires you to ship it to the address where your AT&T account is registered, and that it will require a signature at the time of delivery.  Seems reasonable enough, but unfortunately I live in an apartment, and I don’t have anyone to sign for my packages, so I can’t have it shipped to me unless I want to deal with picking it up at the carrier’s facility after a failed delivery attempt.  However, that’s a pain because like most of the rest of the people in this country, I have a job that makes it difficult for me to get to a carrier’s facility during their business hours.  It’s not that I absolutely can’t do it, it’s that I’d prefer not to if I don’t have to.  It would be really nice if I could just have the phone shipped to my office, but of course that’s not allowed as I mentioned a moment ago.

The truth is that I’m not in a huge rush to get the new phone.  Sure I’d like to get it sooner rather than later, but I’m certainly not losing any sleep over it.  At this time you still can’t just walk into an Apple store to buy the phone.  You have to get put on a waiting list, and then they email you when it’s your time to come to the store, at which point you have 24 hours to buy the phone before they remove you from the list.  Seems simple enough, so I got put on the list.  Today I received my notification that I can go to the store and buy the phone, but when I got to the store they told me that I have to work with one of their specialists to activate the new phone before I leave the store.  This sounds like a pretty normal situation, but the thing is I actually don’t want to activate the phone right away.  I’m hoping to get a case for the phone that I like before I actually start using the phone on a daily basis, but there aren’t that many cases out there for the new iPhone yet, and admittedly I’m pretty particular about cases, so I’d like to take my time and find one that works best for me.  Additionally, they don’t sell any iPhone 4 cases in my local Apple store, so it’s not like I can even buy a temporary one while I’m there buying the phone.

I don’t understand why Apple is willing and able to ship a phone to you and let you activate yourself through iTunes at your leisure, but if you go to the store they require that you activate it on the spot, thereby deactivating your old iPhone (Note that this just applies to upgrading your phone at the subsidized price.  It does not apply to new phone purchases where you pay the full cost of the phone).  I would have allowed them to activate my phone on the spot if I could have at least purchased a temporary case for it until I find a more permanent case, but they don’t sell iPhone 4 cases for completely unknown reasons (yes, the do sell iPhone 3GS cases).  So, I left the store, and I still do not own a new iPhone.

I friggin hate Apple.  I hate going in that store.  I hate those stupid blue shirts their employees wear.  But I love the iPhone.  And for this, apparently I’m willing to overlook my disgust and distaste for everything else about Apple.

Let’s be honest.  The oil gushing into the water is way beyond what BP can effectively cope with.  The cap on the leak was never going to stop it from gushing.  BP had to do something to at least make it look like they were trying, but this thing is gonna be gushing for months.  Let’s also not fool ourselves into thinking that the estimates for how fast the oil is gushing have any validity whatsoever.  While it’s possible that the estimates could actually be high, it’s far more likely that they are extremely low.  Mark my words that the impact of this disaster will reach way beyond the scope of what anyone is imagining right now.  I find it extremely disheartening.

What do you think?  How do you feel?  I’d love to hear what others have to say on the topic.

Up until now it hasn’t been like me to just hop on the computer to blog about pop culture of any sort, but this morning I heard a horrible song on the radio while I was lying in bed, and I felt compelled now to share with you my disgust.

A couple of years ago Sara Bareilles appeared on the scene with a super-catchy tune called Love Song.  One of the things that made it so catchy, and probably the defining quality of the song, is the main piano riff, which has a fun and unique sort-of jazzy cadence.

Fast forward to this morning when I woke up in bed to one of the worst radio stations in the country, Mix 107.3 FM.  It’s one of the local stations here in Washington DC, and they’ve got this guy who calls himself Jack Diamond and hosts the Jack Diamond In The Morning show.  I have the dial on my clock radio set to this station because as much as I hate it, every other station is even worse when it comes to the morning programming.  So, under protest, I continue to leave my 23 year-old clock radio set to Mix 107.3 hoping that one of two things happen.  Either A, I wake up to a song instead of to the Jack Diamond morning talk show, or B, I wake up to a substitute show and host instead of Jack Diamond and his extremely lame sidekick Jimmy something-or-other.   Anyway, I digress.

Back to what I was saying…  A new song I had never heard before came on the radio while I was lying in bed this morning.  It’s called Haven’t Met You Yet, by Michael Buble.   Immediately it reminded me of Love Song, by Sara Bareilles, because it pretty much IS Love Song, but with a different melody.  I actually didn’t recognize the melody at all, which might mean that it’s original, but given how much I recognized the piano riff, I wouldn’t be surprised to find out that the melody was ripped off from another song too.

Who Michael Buble is, I couldn’t tell you.  I know nothing about him other than that he sucks, and that he blatantly ripped off Sara Bareilles.  If he had a brain he’d at least pick a song that wasn’t hugely popular so recently.  He could have ripped off some old song and no one would have known.

One item that I find interesting here is that under most circumstances in pop music, the melody is really the most important hooking factor, and the rhythm is generally a secondary component.  However, Sara Bareilles’ Love Song hooked everyone with both a memorable melody and with an extremely catchy, rhythmic, syncopated piano riff.

Usually when one artist accuses another of ripping off a song, it’s the melody that’s the center of the debate.  However, in this case, Michael Buble’s melody is definitely very different from that of Sara Bareilles’ Love Song.  Instead of stealing the melody, Buble and his co-writers apparently just took the catchy piano riff and changed the chords.  The riff in Haven’t Met You Yet still sounds like Love Song, but Haven’t Met You Yet as a whole song just plain sucks.  It’s ultra-mediocre with an unappealing melody, and there just isn’t a single thing about it that makes someone want to listen to it aside from the catchy piano riff.  And since he “borrowed” the catchy piano riff in the first place, what does he really have here with this song?  Why would any radio station ever consider playing it?

I’ve gotten a lot of requests for functionality and features over the past several months.  I’ve been working to get everything implemented and tested, but unfortunately I also have a full-time job occupying my time, so I haven’t completed all of the updates yet.  Keep checking back because I plan to release the new version soon!

-Doug

Download it here:  http://dougzuck.com/remoterebootx

Along with bug fixes and cosmetic changes, here are some of the features that have been added:

• Automatically reboot if required after installing WSUS updates
• Automatically force reboot if normal reboot fails
• Automatically stop pinging after reboot
• In addition to installing downloaded updates you can now specify to search for available updates, then download and install them all with a single click
• Save and load state (XML import/export)
• Wake On LAN

You can find the full post here: http://dougzuck.com/hta

One of the tasks I regularly have to perform at my job involves moving multi-terabyte databases from one server to another. The goal is to make these database moves happen with as little downtime as possible, so I always make use of differential backups and restores to keep the move times to a minimum. I’ll do a full backup of the source database, then I’ll perform a restore of that database to the new server, specifying ‘with norecovery’ in the restore command. For a 2 terabyte database, this process will take many hours, but that’s ok because I’ll make sure it’s complete prior to the actual maintenance window. Then when the maintenance window begins, I’ll disable access to the database and perform a differential backup of the database on the source server. Then I restore the differential backup ‘with recovery’ to the new server. The process of doing a differential backup and restore is much less time consuming than the full backup and restore, and this allows the actual maintenance window to be much smaller since the full backup and restore is completed at an earlier time. However, when I’m dealing with such large databases, it becomes extremely helpful to know how big the differential backup is going to be before I actually execute it. This way I’m able to estimate how long the whole process will take. When you have a 2 terabyte database, it’s not uncommon to have a several hundred gigabyte differential backup. You could see why it might help to know in advance whether the differential is going to be 10GB or 200GB.

Darwin Hatheway wrote a really nice article explaining how the differential backup size can be estimated.  He gets all the credit for teaching me how to do this.  I have two implementations below.  One is a straight T-SQL script, and the other is a HTML Application (HTA) that utilizes the T-SQL script with a bit of vbscript.  On a 2TB database it generally only takes a handful of seconds for the script to complete.

T-SQL Version: SQL Differential Backup Size Prediction
HTML Application: http://dougzuck.com/hta

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

/*SQL Differential Backup Size Prediction - Doug Zuckerman, 2009 - http://dougzuck.com */
 
IF isNULL(object_id('tempdb.dbo.##showFileStats'), 1) <> 1
	DROP TABLE ##showFileStats
 
CREATE TABLE ##showFileStats (
	fileID INT,
	fileGroup INT,
	totalExtents BIGINT,
	usedExtents BIGINT,
	logicalFileName VARCHAR (500),	
	filePath VARCHAR (1000)
)
 
IF isNULL(object_id('tempdb.dbo.##DCM'), 1) <> 1
	DROP TABLE ##DCM
 
CREATE TABLE ##DCM (
	parentObject VARCHAR(5000),
	[object] VARCHAR(5000),
	FIELD VARCHAR (5000),
	value VARCHAR (5000)
)
 
/*we need to get a list of all the files in the database.  each file needs to be looked at*/	
INSERT INTO ##showFileStats EXEC('DBCC SHOWFILESTATS with tableresults')
 
DECLARE @currentFileID INT,
	@totalExtentsOfFile BIGINT,
	@dbname VARCHAR(100),
	@SQL VARCHAR(200),
	@currentDCM BIGINT,
	@step INT
 
SET @dbname = db_name()
SET @step = 511232
 
DECLARE myCursor SCROLL CURSOR FOR
SELECT fileID, totalExtents 
FROM ##showFileStats
 
OPEN myCursor
FETCH NEXT FROM myCursor INTO @currentFileID, @totalExtentsOfFile
 
/*look at each differential change map page in each data file of the database and put the output into ##DCM*/
WHILE @@FETCH_STATUS = 0 
BEGIN
 
	SET @currentDCM = 6
	WHILE @currentDCM <= @totalExtentsOfFile*8
	BEGIN	
		SET @SQL = 'dbcc page('+ @dbname + ', ' + CAST(@currentFileID AS VARCHAR) + ', ' + CAST(@currentDCM AS VARCHAR) + ', 3) WITH TABLERESULTS'
		INSERT INTO ##DCM EXEC (@SQL)
		SET @currentDCM = @currentDCM + @step
	END
 
	FETCH NEXT FROM myCursor INTO @currentFileID, @totalExtentsOfFile
END
CLOSE myCursor
DEALLOCATE myCursor
 
/*remove all unneeded rows from our results table*/
DELETE FROM ##DCM WHERE value = 'NOT CHANGED' OR parentObject NOT LIKE 'DIFF_MAP%'
--SELECT * FROM ##DCM
 
/*sum the extentTally column*/
SELECT SUM (extentTally) AS totalChangedExtents, SUM(extentTally)/16 AS 'diffPrediction(MB)', SUM(extentTally)/16/1024 AS 'diffPrediction(GB)' 
FROM
	/*create extentTally column*/
	(SELECT extentTally =
	CASE
		WHEN secondChangedExtent > 0 THEN CAST(secondChangedExtent AS BIGINT) - CAST(firstChangedExtent AS BIGINT) + 1
		ELSE 1
	END
	FROM
		/*parse the 'field' column to give us the first and last extents of the range*/
		(SELECT (SUBSTRING(FIELD,(SELECT CHARINDEX(':', FIELD, 0))+1,(CHARINDEX(')', FIELD, 0))-(CHARINDEX(':', FIELD, 0))-1))/8 AS firstChangedExtent,
		secondChangedExtent = 
		CASE	
			WHEN CHARINDEX(':', FIELD, CHARINDEX(':', FIELD, 0)+1) > 0 THEN (SUBSTRING(FIELD,(CHARINDEX(':', FIELD, CHARINDEX(':', FIELD, 0)+1)+1),(CHARINDEX(')', FIELD,CHARINDEX(')', FIELD, 0)+1))-(CHARINDEX(':', FIELD, CHARINDEX(':', FIELD, 0)+1))-1))/8
			ELSE ''
		END 
		FROM ##DCM)parsedFieldColumn)extentTallyColumn

Example 1:

For years now I’ve been paying for a 7mbps internet connection through my local cable company, RCN.  At some point several months ago I noticed that my bill listed me with a 10mbps connection.  The RCN website no longer even listed a 7mbps plan.  However, even though my bill said 10mbps, I’ve regularly tested the connection speed over the past months, and it always maxes out at 7mbps.  I tested it one last time before heading off to work this morning, and it was still at 7.

Finally this afternoon I got around to making the dreaded phone call that I had been putting off for months.  I wasn’t at all surprised when the technician on the other end of the line said “I’m showing that your account is already active for 10mbps.”  Of course he wanted me to be sitting at my computer to walk through some tests with him, which is something that I couldn’t do since I was at work when I called.

When I got home this evening, the first thing I did after turning on my computer was a quick bandwidth test.  Lo and behold, I’m now magically getting a full 10mbps.

If the cable company is going to try and skimp its customers because they know that most customers wouldn’t ever realize that they’re not getting their full bandwidth allocation, the least they could do is not pretend we’ve already been upgraded to 10mbps, when clearly we haven’t been.

Example 2:

After I got off the phone with the tech support guy I called up the billing department.  As everyone knows, cable bills are totally fluid.  It seems like each month the amount I owe increases by a little bit.  It’s just small enough that I notice it but don’t want to bother calling up to complain because it’s such a nightmare dealing with customer service.  When I got on the phone with the representative this afternoon I said “My bill continues to rise each month.  Is there anything I can do to lower it?”  After putting me on hold for a minute or two he comes back on the line and says “I’ve just applied a promotion to your account, and you’ll get $10 off every bill for the next 12 months.”  I told him thank you and then hung up.

Now, on the one hand it’s nice that you can call up and ask them to lower your bill and they’ll kindly oblige.  On the other hand, it kills me that they rip us all off until we actually say something to them about it!

Example 3:

A few months ago my cable modem was malfunctioning.  I had already done all the troubleshooting and was quite sure that the problem was with the modem.  After 5 days in a row, 5 different tech support reps, and approximately 5 hours on the phone, I was still getting “Sir, we don’t see a problem with the modem or the connection, and there is no supervisor available to speak with you.”

On the 6th day I called again.  Their system is setup in such a way that if you go more than 5 days without a resolution, they will finally let you talk to someone who actually has a clue.  Within approximately 5 minutes, this second-tier technician was able to diagnose a problem with my modem, just as I had suggested all along.  He gave me the address of a local office where I could exchange it for a new one, and I was once again up and running.

I HATE CABLE COMPANIES!

You can find the full post here: http://www.dougzuck.com/hta

I know that many organizations do not put restrictions on their users’ computers.  The users are often given full administrative privileges on their workstations, which means that they can not only mess around with all the settings on their computers, but they can also install and uninstall applications.  This includes accidental virus and malware installations.  While many Systems and Network Admins consider this unacceptable, it’s still a reality in many working environments.  So rather than complain about how it’s not the ideal way to run a windows network, let’s focus on cool ways to mitigate the risks of this approach.  This is one VERY simple but effective method to limit malware infections on your network computers while still allowing users to be local administrators.  This approach can be used across an entire network with a group policy object, or it can simply be applied to a single computer by modifying the computer’s local security policy.

Overview…

The idea here is that you apply a group policy object to the users or computers in your organization.   It prevents whatever applications you choose from launching with full admin privileges on the users’ computers.  The users are still local administrators, but the particular applications that you pre-select get launched without administrative permissions.  If you apply this restriction to all of the applications that deal with typically untrusted, unsafe, or unknown content, then you dramatically decrease the likelihood that a virus or other malware can be installed because non-admin users are not able to install software on the computer.  Windows doesn’t let them.  I recommend applying it to all web browsers, all email clients, and all media players because these are the primary apps that deal with internet content.  You could alternatively apply it to the entire C:\Program Files folder, but if you do so you should be mindful of the fact that some apps might break as a result.

You can produce functionality that is similar to DropMyRights but without the annoyances that come along with it.  In my opinion this method is by far the easiest to deploy to a lot of users or computers, something which DropMyRights isn’t suited for (since any time an application is updated or a new one installed, the DropMyRights configuration has to be re-applied).  Using Software Restriction Policies, you can apply this functionality in a way that is virtually transparent to users.  However, Microsoft doesn’t publicize this particular usage of SRP for whatever reason (the functionality is actually hidden in XP by default – you need to add a registry DWORD to make it available), which is why I’m taking the time to mention it here.  When I embarked on setting this up today at my job I spent hours researching something that took only minutes to implement.  Hopefully I’m now saving you the hours of research.

Caveat…

The only real caveat is that when an application is launched without admin privileges, if that application then launches another process or program, the program that it launches will also not have admin privileges.  This means that if a user wants to install software that he/she downloads from the web, he/she needs to be aware that launching the setup.exe file directly from browser’s ‘Downloads’ window will generate an error and abort the installation.  In some cases it might not throw an error and instead will appear to install successfully, but when the app is launched it isn’t able to run because the installation was actually not successful.  Users have to be trained to save the application setup files to their desktops (or wherever) and then launch them from the desktops or through Windows Explorer.

Additionally, it is up to you test out any applications that you restrict.  While most of the time this is a transparent deployment, there is always the possibility that this restriction could hinder a custom application from working in the way that it was designed.  However, for most applications in most situations it works great and causes no issues.

Here’s the step by step:

1. Expose the hidden ‘Basic User’ option by opening the registry editor and adding a DWORD called “Levels” with a value of 20000 (hexadecimal) to

HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

2. Open the domain Group Policy editor (or to apply to a single computer, open the local policy editor by going to Start > Run > gpedit.msc) and go to

Computer Configuration\Windows Settings\Security Settings\Software Restriction Policies

If this is the first time you’ve looked at the Software Restriction Policies, the right hand pane will be empty.  To rectify this, click on Action > Create New Policies.  Once you’ve done this you should see ‘Security Levels’ and ‘Additional Rules.’  Now click on ‘Security Levels’ and verify that you see 3 options (Disallowed, Basic User, and Unrestricted).

If you do not see the ‘Basic User’ option on the right-hand pane, close the GPO editor, go back to step 1 and make sure you’ve properly created the registry DWORD, then re-open the GPO editor (Note that the Basic User option is hidden in Windows XP until you add the Levels DWORD value).

3.  At this point you’re going to highlight ‘Additional Rules’ and right click to create a new path rule. Specify the path to the application that you want to limit.  In the path entry you can use the asterisk (*) as a wild card for multiple letters/words.  The question mark symbol can be used as a wild card for a single letter.

Set the security level drop-down menu to Basic User.  This is the key ingredient that makes the magic happen.  Now any executable file in the specified path or its subfolders will launch with limited user privileges on a computer that receives this GPO.

4.  When you’re done creating the policy, link it to your workstations OU and test it!  That’s it.  Pretty simple, eh?

In this example, I’ve limited Firefox so that it can only be launched as a Basic User with no admin rights. I’m able to verify this is the case by first closing all instances of Firefox, then launching it once again after the path rule has been created.  I browse to a website and download a software installation package. I then try to launch the software package from within Firefox’s ‘Downloads’ window, but I can’t perform the installation, so I know it works!