Monday, July 25, 2011

VPXClient Error

Tonight I was attempting to upload an ISO to my Datastore using the Datastore browser. I was using vSphere Client version 4.0.0 on a Windows 7 x64 machine. The upload failed immediately with the error: VPXClient has encountered a user-defined break point. Apparently the way around this is to launch the vSphere client as Administrator. Once I did this I was able to upload my ISO using the Datastore browser with no issue. Thanks to http://communities.vmware.com/thread/146647.

Thursday, July 21, 2011

The Search for Antivirus Part 1

Given the proliferation of viruses and malware over the last few years (Antivirus 2010 and 2011 anyone?), and the recent hacking trend, you'd think protecting systems would be at the fore of every company's mind. However you'd be surprised at just how many companies are still using a hodgepodge of antivirus methods, if they're using anything at all. I've seen a lot of small businesses relying on free offerings from Microsoft and AVG, despite it being a blatant violation of their EULAs. That's bad enough, but these offerings, being made for the extremely small business (we're talking 10 or fewer PCs) or home use, don't have any kind of centralized management included, so you're leaving it up to the end user to keep their AV up to date and perform the occasional scan. I can't tell you how many times I've sat down at someone's desk to see the icon in the system tray warning of out-of-date definitions, or even worse, the AV being disabled all together!

It makes sense in a way. AV solutions are notorious for slowing down machines with memory leaks and intensive scans of every file you open or send. Users understandably get pretty frustrated with it and decide they can do without it. This usually stems from misconfiguration though, and isn't always the plain fault of the application in question. Let's face it: you're a sys admin who has to manually install AV on every person's machine. You're not likely to go into the settings each time and exclude file types or delve into any of the other options-- that is, if they're even available. MSSE is pretty straight-forward and doesn't have a ton of configuration options, one of the reasons it's geared towards home users.

This is why a centralized solution is so important. You set your clients to download AV definitions and signatures from a central location on your LAN instead of everyone heading out to the internet to connect, you can schedule it to run at off-peak times for everyone, it can alert you if anyone's file is out of date, you can set scan schedules and see what kind of dreck is getting onto your LAN and verify that it's being dealt with properly (and harass the repeat offenders), and you can tailor the scan details to ignore certain file types if need be.

In my previous life there were only two options out there: Symantec and AVG Professional. AVG was offered as a managed service, and Symantec was installed at the client's premises. Sky's are wide open now though and there are a lot of options to wade through. I'm going for cost-effective and plain old effective. There are some names I'm investigating automatically based purely on brand recognition, like Kaspersky and NOD32.

I started out with Kaspersky. There are two things that will annoy me right away about a company and bias me towards not using their service: bad websites and pushy sales tactics. Kaspersky managed to do both. I started off at www.kaspersky.com viewing the options shown to the left:





Note that I have the options of Work Space Security, Business Space Security, Enterprise Security, and Total Space Security. I reviewed all 4 and decided that Work Space Security was sufficient. I also found out that all versions offered a central admin console and support for smartphone security.

However, if you click the link to compare versions of Kaspersky, under Mobile Devices it lists Android as well. Understandably I was confused, so I emailed info-us@kaspersky.com. I received an Out-of-Office reply:

Thank you for contacting Kaspersky Lab U.S.  Please direct your questions through the appropriate channel:
Ummm...okay.

I took a break at this point. Figured it'd be good to step back. I came back later and resumed my research. This time my Kaspersky search landed me on a US-specific page, http://usa.kaspersky.com/products-services/business-security, which no longer had the Kaspersky Work Space Security option.

Where did it go? Apparently it's not a US offering? What did I do differently? But I wanted to see what the price was like on that one!

I went to the e-store. Suddenly, there was yet another new option: Small Office Security. Is this the same thing as Work Space Security, re-branded? Why didn't it show up in the Open Space Security list? Well, turns out Small Office Security can only be used for up to 10 PCs. fair enough, I just like to be able to look at all the options when I'm going to be spending money. I certainly don't want to be the one saying, "I didn't see that option" later on.

I went to get pricing on the Business Space Package, and ran into one of my arch nemesis: call for pricing. You could see pricing for 10 nodes online, but if you wanted to get pricing for more than that you had to call Sales, and of course you want more than that otherwise you'd go with Small Office Security, wouldn't you? They want you to call your Sales office so that they can get your name and number and the name of your business and start harassing you with follow-up phone calls and emails.

I called to get the pricing, and it turns out it's not even direct through Kaspersky. It's some 3rd party reseller. I suppose this explains why they couldn't give pricing online since they would likely not know what the reseller is charging at any given moment.

Despite all of that, I know Kaspersky is still tops for consideration. They are a well-known player in the industry, they certainly provide all of the features I was looking for (and some unexpected extras by way of the Android app), low package size and CPU utilization...the only downer so far is that you can't run the administration kit on Linux. Unfortunately, there aren't a lot of reviews out there on the business suite by reliable sources, unlike the consumer product, which is really too bad. They do have a trial version that you can download, so I'll be testing that out shortly.

Wednesday, July 20, 2011

Linux File Permissions

Here's an interesting thing I stumbled across. So, lots of companies use Windows boxes for their file server, right? Therefore it stands to reason that you have to get pretty familiar with NTFS and Share permissions if you're a Sys Admin in an environment like this. We won't even talk about the confusion that can arise from discussions about NTFS vs. Share and how they work together. Yikes. As confusing as that can be though, Microsoft hit on something here and provided a level of permission control that is missing or highly obscured on Linux systems.

In Linux, there is no default permissions or user/group inheritance for directories. Say I create a directory under my home folder, set the permissions on that directory to 700, and create a new file in that directory. When all is said and done, the new file will belong to me and my default group, but the permissions on that file will not be 700, but rather will be whatever the results of my umask determine it to be. If I want all subsequent files within that directory to be 700, I have to manually set it to that every time or change the umask, which is a global setting.

Additionally, if I'm trying to write, copy, or move a file into a directory that is not owned by me or a group to which I belong (say /usr/share/apache2), I can obviously sudo that command but then the resulting file is owned by root:root, even if everything else in that directory is owned by apache2 (or httpd depending on your distro). This can be very frustrating behavior, especially if you're not expecting it. Imagine getting phone calls after you performed an upgrade of some software to find out that it's not working because the new files you copied over have the incorrect permissions/user/group.

A little research yielded the information that I could indeed control at least the user or group inheritance using SUID or SGID. I'd read about them in my course of study, but had never actually put them to use. What it boils down to is that in addition to the 3 sets of binary numbers you can use to set permissions on a file (421421421) you can add a 4th set at the beginning that will set the UID, GID, or sticky bit.

For example, let's say we have a directory called webapps that has permissions of rwxr-xr-x, or 755. The owner of that directory is root:tomcat6. You want to keep it so that any time you put a new file or directory in there it is owned by the tomcat6 group. Issuing the following command does that: chmod 2755 webapps. The 2 stands in for the Group, and is essentially applying the same group, tomcat6, to everything within that webapps folder. 755 is simply reiterating the same permissions that already existed. Another way of doing it is to simply use g+s; it does the same thing as the above.

While that solution is fine and dandy if your umask settings automatically give groups the permissions you need, if it is more restrictive this doesn't necessarily resolve matters. Your file belong to the right group, but you still can't do what you need to with it. As far as I have been able to ascertain you would still need to manually change the file permissions on new files if the umask doesn't give you enough.

Friday, July 15, 2011

Splitting WMV Files

I was recently approached about splitting a 480+MB WMV file into smaller files so that the video could be published online with GoToMeeting. My initial suggestion was to split it using Windows Movie Maker, since the user was running Windows XP. He tried this and it froze early in the process. I decided to try it on my newer, faster machine using Windows Live Movie Maker since I'm running Windows 7 on my desktop. No problem splitting the video into segments, but once I went to save the new clip I ran into issues with the program freezing. It froze at 9% and had to be killed from Task Manager. Tried it again and it froze at 12%. Tried it again and it froze at 13%. It was a pretty frustrating exercise, let me tell you.

I hit the Good Book of Google to see if other denizens of the internet had encountered something similar. I found loads of links and posts about the same issue with both WMM and WLMM, but no good suggestions. Most of the responses, usually from MS support, were along the lines of "try it in Safe Mode", or "it must be something else you have installed on your machine interfering", or my favorite, "try reinstalling it". I ran updates for my video card driver and the application itself based on some other information I found online, which cost me a good 1/2 hour of productivity and yielded no results. I gave up on this avenue pretty quickly, figuring it would be easier and faster to simply find some freeware that would do the job rather than chasing this application's performance issues down a rabbit hole. Unknowingly, the search for a free utility to split the wmv file turned out to be its own rabbit hole.

There are loads of links to software out there that claim to do what I needed, but very few actually work, and most are actually dangling carrots that present themselves as freeware but are really trials that don't fully function until you purchase/register the software. I tried AVS Video Editor, AVS ReMaker, and Daniusoft Video Converter to name a few.

I finally stumbled across a program that did the trick. It was Radioactive's AsfBinWin. It pretty much did what I needed with no muss, no fuss. I imported the wmv file, set start and end points for the clips I wanted to create, named the output file, and off we went. Took less than 5 minutes from start to end. Really wish I had seen this sooner. But, I learned something new and got a new utility to put in my kit. And now we have to 280-something MB files instead of one whopping one. Now the search is on to find a smarter way of delivering training videos to our clients.