Brent 的个人资料Brent's space照片日志列表更多  |  工具 帮助 |
|
|
6月3日 Strange AttachmentOriginal URL: http://creeva.com/2008/06/03/strange-attachment/
Picture taken from here Yesterday I couldn’t find my N810. The hunt started on Sunday night and was reinitiated yesterday morning. No N810, nowhere in sight. As the night waned on yesterday I renew the hunt. It was like I was looking for the great pumpkin Charlie Brown. Eventually it was found where you always expect ot find these things, behind a cushion on the couch. This device (even when I don’t use it) has become so integral to my daily life that I flipped out more over that missing then I have or missing a wallet or cell phone for an extended period. It may be the cost of the device, but I think it’s more the functionality and freedom it gives me (I’m sure it didn’t help that I was in the middle of Cory Doctorow’s Little Brother E-Book). It’s strange since i could go for weeks without seeing my ipod or my Palm TX, two things that this has replaced. Now it’s working on becoming the extension of myself that fills the gap when I’m away from a laptop or computer. I’m quite happy with it.
Related posts5月28日 Pieces of Me That Exist in the Cloud
Picture taken from here Mobile computing is becoming my newest fascination. My previous fascinations included network based storage, network redundancy, and network security. I enjoy making things do things that they were meant or designed to. This is part of the sould that drives my curiousity to the edge of insanity and teeters over the maw of the great beyond. I think eventually I will completely loose it and tumble into that gaping mouth that will swallow my soul and my body whole. Mobile computing isn’t what it was even 3 years ago, mobile computing by traditional defintion means being able to computer while having the ability to travel. Mobile computing devices were originally laptops, then PDA’s were taking over, now cell phones and custom Internet devices like my N810. The question you need to ask is this still what mobile computing is, or is it being morphed into the new Internet buzz phrase “Cloud Computing”? While I’ve been doing my crossposting series I’ve been thinking about what it truly means to be mobile and to work in the Internet cloud. Ironically there is more to my online activities then my blog and how far reaching I can make the posts go. I have pieces of me that exists in the cloud. Part of this is my blog postings, sometimes this gives you an intimate side of me. There is more that make up who I am and my goal is to see how I can migrate that online so I can access it any time and anywhere I have a net connection and an interface to the online world. I have the basic or myself, my memories in the blog posts. As I go on and digg further in my past more of these will survive through that. What about everythign I create? What about my pictures, my videos, my friends, my documents; will these things always be able to exist in the cloud? While there are methods to storing these data types online, what about when a service goes belly up? If a company goes out of business and you are relying on them with your data, where do you turn? Even the great and powerful Google isn’t immune to canceling a service and dropping your data. How do you stop that? How do you save your data? Is there even a reason for home storage anymore? I can say just typing that out that there will always be a reason for home storage. There will be private documents that you never want to show online. Private thoughts that will always remain yours alone. Until extrememely heavy encryption is ubuiquitous and tied soley to you, there is no reason to trust this data online. If you don’t want ANYONE ELSE to ever see it, keep it away from the Internet. I’m going to start a new blog series that investigates working in the cloud. I know that this has been done before, but I think it will work nicely with my crossposting god series. Why? Because I’m going to focus on data redundancy and survivability in the modern Internet age. I’m going to touch upon security and point out the insecurity that exists that most of us seem to ignore. There are pieces of me scattered in teh clouds, I want some semblance and organization before I run into the hurricane.
Related posts
5月25日 Going to the Drive-InOriginal URL: http://creeva.com/2008/05/25/going-to-the-drive-in/
Tonight Xie and I went to the drive-in. The drive-in, America’s greatest past time decades ago. We were driving looking for a used computer store (which we never found) and stumbled across this drive-in. WIthin driving distance there are three drive-ins that we know about, this one happened to be playing the new Indiana Jones movie and Iron Man, neither of which we had seen. We killed time for a couple of hours and got there just as the line was forming. We did sneak in some food, but also bought beverages and candy from the concession stand. The admission was 5.00 and I thought that was a decent price, hence hte concession stand purchases. There has always been something special about the drive-in for me, my parents took me there quite a bit as a kid. I remember defintely seeing The Last Star Fighter and Ghostbusters at the drive-in with my parents, and as a teenager I went to quite a fwe more shows. There is somehting about having the freedom to talk, smoke, or make noise and watch a movie. If you get a chance make sure you get to your local drive-in, it’s a dying item in the world we live in now.
Related posts
5月24日 Hackintosh FailureOriginal URL: http://creeva.com/2008/05/24/hackintosh-failure/
So last night I did try to turn my laptop into a hackintosh, and it didn’t turn out so well. After installation I seemed to have an issue with my video not working (ironic that it works for the installation screens). I futzed with it for awhile and since have given up on it. I’m willing to work around issues and change my methodogy to do something becuase I’m not using it the way it’s supposed to be used (part of the mantra of everything I do - My old home network used to have 16 PC’s on it). I can only go so far in futzing before it’s more a nuisance and get’s in the way of getting things done. After following the Kalway steps that should have enabled to work, I relented and went back to Ubuntu Hardy Heron 64 Bit - a fresh install (plus the addition of 2 GB of ram) has mad it more “peppy” then it was before. I guess my next step will be working on getting VMware working so I can get the couple windows programs (Finale) that I want to work with running on my laptop. One great thing about a fresh install is that Ubuntu detected my wireless NIC right away - that took a couple hours to get working when I first installed Gutsy Gibbon. Xie had been having issues with Vista and we salavaged her data and loaded Ubuntu on her laptop as well. She remarked to me that it seemed to simple. I explained how complex do you need your operating system to appear? We’ll see how it goes with her, if she likes it, and if she’ll stick with it. She has become a bit more like me in the belief of the cloud computing dream and as long as the browser functions as well she’ll learn to work around everything else. I can say that I did have mixed feeling migrating to OSX since I wouldn’t be able to test Gnome Conduit anymore (except the N810 port), which would make it alot harder for me to work on documentation. Regardless it seems I’m now a linux for life type of guy, though it’s not like I don’t have an XP desktop 5 feet away from me, a 2k3 server in a basement, a first gen mac mini in the next room hooked to the TV, and my work assigned Mac Book Air next to this laptop. Maybe since the N810 is linux based I should have done a BSD on this laptop? I do think I’m very comfortable switching between OS’s and machines.
Related posts
5月1日 Burger King in Vermilion, Ohio - I Hate You
Now I frequent Burger King on days when I eat out because they offer free wi-fi. I was going to go talk to a friend who happened to be working at Burger King. He was nice enough to find me the booth that had the power outlet. I hate being the guy that wanders around looking underneath all the booths trying to find the one with a power outlet. I talk to my friend and order my food. I fire up my laptop and search networks. I get an open network called something like MARINANET - I thought this was odd since they are normally named BKSTORENUMBERXXXX, but I attached to the network. It seems this was a pay network, granted it didn’t seem to be operated by Burger King, if I had to guess it was run by the marina just down the street. I was going to be going by the Vermilion library after eating so there was no way I was going to be paying 19.99 for one day of access (I’ve only done that once, when I was consulting and I needed it then and I expensed it). This Burger King seems to want to buck tradition and not offer wi-fi. Very very annoying. FInally - their fries were stale too.
Related posts
Should I Get a Nokia N810?Original URL: http://creeva.com/2008/05/01/should-i-get-a-nokia-n810/
To get an n810 or not is the question. A few days ago I wrote a couple blog posts from my wife’s new n810. I have some reservations about the keyboard for “power writing”, but that can be handled by a seperate bluetooth keyboard. I think that’s not an issue. Would I use it instead of a laptop - kind of. Right now through work I have a Mac Book Air for my mobile device. It’s great, it’s light, it does most of what i need it to do (what it can’t do would require linux or windows so it’s forgiven). The one thing I run into with the air is the same thing I run into with my normal laptop, accessibility. For normal computer use they are highly accessible, but if I do make it to HOPE this year or other travel venues it would be MUCH better to not bring a full laptop (if I do take an 810 to HOPE I’ll be accessing the internet through an encrypted Hamachi VPN tunnel to home and using a proxy there to access the Internet - no clear text information is going to be slipping by me - I can deal with the speed hit that will cause). It’s much easier to have a bluetooth keyboard and an N810 to haul around to these places more so then a full laptop. WIth a full laptop I need to worry about power (n810 has better battery life), privacy due to larger screen size, finding a place to sit versus standing and using the n810. These things are all things that go through my head while debating this purchase. So yes the N810 would make me more mobile, and be more convenient. I know for me (extreme power user) it won’t replace a computer or laptop, but for some people (like my sister) I could see this as a 100% computer replacement. Too much geekery for me it seems. So then we open up the question, could I live for a week with just the N810? The N810 isn’t really designed for offline use. If it has an internet connection that’s great. I would be able to do most my blogposting and status updates via email so when I hit wifi I could sync up and go. In alot ways I think this is enough. To check this I need to menally compare it to my my Palm TX. I’m not sure that the N810 will fully replace my Palm TX (then again no one said I couldn’t keep it). WIth my palm TX I use it as an email platform, a web access device, a centralized syncing device, and an ebook reader. Anything else I use it for is mostly games so that’s not really an issue - IM has always been painful on it do to . Since the N810 does not have heavy document handling and I don’t think the resolution is quite right for ebook reading (the two thing I think I would keep my TX for) it does have better web page filtering (my blog almost breaks the TX). I would also be able to do IM since I wouldn’t be forced to stay on the IM screen like I do on the TX. Email should be equal or better on the N810 versus the TX, Web Browsing would be better, and IM would be better. The occasional full need to document editing and e-book reading would mean the TX could sit on the bottom of my bag (and a bluetooth keyboard would work with it - two devices one keyboard). So theoretically I could replace my laptop about 90-95% with the two devices. With having a much smaller footproint and ease of use in carrying these devices with me. Having the N810 would mean that I no longer have to carry an iPod around since it would handle my podcast playing - bonus to the fact that it will auto scrobble to last.fm something that I have never gone working to a level I liked with an iPod and linux. Movies however I’ll probably still use my palm TX - I can play full divx movies on it without having to re-encode them. Bonus to me. This will also have the side effect of saving me battery life on the N810 if the TX is with me. I don’t watch movies too often on the go though. Through hackery I would be able to sync my calender on google with my N810 - something that never worked right on the TX. I would be able to compose music on the N810 (yes it can compose music). Someone is also working on an instrument tuner - which is something I was going to buy this summer - so I’ll save 30.00 there. I was going to buy an iPod, but with the 10 GB I can max out on the N810 and the fact that I only really use an ipod for podcasts would mostly make that that a non issue - so a savings of 150.00 - so far I’ve saved myself 180.00 on stuff I would probably buy this summer. There is an NES emulator (that works better on then on the TX) and a GBA emulator - this should save me from carrying around my GBA (which I ironically use more then my DS). I also play RPG’s so the slight frame drop won’t really effect me. I can use skype which really isn’t to much of an issue for me since I mostly would call my wife and we have free phone calles between us. With utterz I can use my phone to “call in” blog posts. I would be able to start geo caching with the N810 built in GPS, I’ve watned a gps for a long time, not for driving directions since I can look at a map easily and I’m able to figure out where I am. My wife is sometimes jealous of my innate directional sense. Usually I get way to lost sometimes by actually reading a map, wrongly at that. I could get a cheap GPS for 90.00 - but that would take my total electronic purchases to 270.00. We are approaching the N810 price. (We actually match it if you figure out it would handle my gaming needs - but I already own those devices) I like the N810’s keyboard versus the N800’s touch screen which my wife tried out first, but it still a small small keyboard and I have bigger fingers then her. I can enter information quickly enough for a mobile device I can whip out real quick - and 500% faster then I can do on my phones keypad. If I utilize bookmarks and saved password this should help limit my typing. The less need I have on this the better. Once again if I’m going to write a long blog post like this one is becoming i would have to have a bluetooth keyboard. My tmobile internet connection is very slow on my cellphone, but being able to stop by any mcdonalds or burger king for quick internet access kind of alleviates that concern. Granted wifi coverage isn’t ubiquitous but it’s common enough that I think I would be fine. I’m probably going to decide tonight to get one. Working through this post has helped alot. I think I started with the fact that this would replace my palm TX, and going through that thought process I don’t think it would. I think it will however handle the fact if I’m gone for a week or two away from a computer (though I can fathom two weeks away from a regular computer) that I could be just fine in a solely mobile solution without a laptop. Using the host mode hack on the N810 coupled with the card reader program on the Palm TX means I’ll be able to utilize the Palm TX as a removable storage space on the N810 if I need it with normal SD cards instead of needing a thumb drive that would drain the N810’s power quicker. This would allow me to throw another 8 GB and make the card switch out very easy for me. I’ll keep everyone updated on what I decide.
Related posts4月29日 Very Sneaky Way to Lessen Bandwidth Twitter
I got a message from @ev that he was playing with a new service that gave recommendations on who to follow on Twitter. The service he was playing with is http://whoshouldifollow.com/ which for me suggested a bunch of people, I added kevinrose and leolaporte. Now the first thing I noticed after adding them that device updates (for me that’s IM) was turned off. I had to manually turn it on so that I receive their updates via IM like I do everyone else I follow. Now the default in the past was to always automatically get device updates when you started following someone (it was this way up until a few days ago). Now I understand the problems they have been having with IM and I assume they also have them with SMS (I don’t use it). As far as I have seen though there hasn’t been an official announcement and this is a bit sneaky behavior. I applaud them for making the change and do think it’s beneficial for them, but you would think they would have made some kind of announcement.
Related postsFeedburner Finally Integrates With Google Accounts
Earlier I had written that Google really needs to integrate it’s reporting services across the board. Now I still hope that do unyfi their reporting experience, but it seems Feedburner is going to eb the first to get sucked into the already fractured reporting structure that exists for Google’s many services. Earlier today on April 25 Feedburner posted that they were finally going to integrate their service with the standard google account logins. This means the same account I login into Gmail, Adsense, etc, and etc. will work with Feedburner. Using this unification I’m hoping that we’ll be able ot finally embed Adsense into out RSS feeds. I’m also hoping that the reporting (hint hint Google) can be blended in with Web Analytics. Whether the reporting structure is going to be absorbed or if this will stay a single login structure for the foreseeable future has yet to be seen. I have hopes though.
Related posts4月22日 Two Socialthing Invites Available
Socialthing is a cross between a lifestreaming service and Spokeo. The closest site I can directly compare it to is friendfeed. If you are interested in an invite, the first two comments on this post located on creeva.com will get an invite. Related posts
4月21日 I Don't Even Consider My Operating System AnymoreI guess that’s the point. Most people use windows and take for granted what OS they are using. I however am I bit different. I move between XP, Ubuntu, and OSX in a seamless fashion. I do alot of work via the browser so I’m sure that is part of it, but I utilize the application that are suited for their purposes within the individual OS as they are meant to be. Granted some programs are cross platform, like I use Firefox 3.0 on everything now. But for the most part I can be with each operating system and work with it’s unique flow. Sometimes I get privately annoyed that a tool is available for one OS or another, but that gets put aside quickly as I loko for the the right solution for me platform. Because of this approach I am really looking forward to cloud computing and ubiquitous web interfaces. I’m not sure the back end matters at all any more as much as it does when the functions are there to get the job done. Related posts
4月17日 Spamming Myspace?Original URL: http://creeva.com/2008/04/17/spamming-myspace/ was accused the other day of spamming Myspace with all of my updates, though it was indirectely on a friend’s blog via the comment section of a post he did on twitter. The poster (I’m looking at you Tevy) thought I was using twitter to crosspost to everything. Here was my reply:
Now I know that this leads to alot of updates on myspace, but I’m sure this seems unnatural to some since most the people I know post next to nothing. 99% of the updates I see are XXXX updated profile information. I look at the profile and it looks the same to me. Very few people actually constantly upload pictures (I’m looking at an automated way to do this from my flickr account) or write blog posts. So sometimes I need to go to other services to find the people like me that update their profile information and create content. I truly want to read content from people I know, look at their pictures, or watch their videos it’s just that there seems to be so little, while I of course go through my cross posting glut. My friends don’t like switching services and that’s fine, I’ll just bring all my glut of information and data to them. 4月11日 Google's Next Service Should Be - Google Reporting.
Google is all about consolidation of data, there whole mantra is behind it. They have released oodles and oodles of services that I utilize (yes I’m a google whore - there I said it), but only minimal correlation between the tools other then a common login. Many of their tools generate reports or data that could be transformed into reports. Some of their services it’s almost brain dead that they haven’t integrated the services. Let’s go through the services and how I would design “Google Reports”. The most obvious Google “products” I would lump together would be Google Analytics, Google Webmaster Tools, Google Adsense, and Google Adwords. All four of these products are usually used together - so why can’t we get reporting for all three on one page? All of these products can give a webmaster an overview on where his site(s) are going and what he can work on. There is absolutely no reason to go through four different interfaces to get this information. Yes I can set up email reports from some of them - but a singlular report and page to view them at a quick glance would be great. If I click on something to drill down on it could then take me to to the specific related products page. While we are the subject of Google Analytics - a listing of recent page views ala the way statcounter does it would be great. To be honest that’s the only reason I still use my statcounter account. Those were the four products that prompted me thinking about this in total from the beginning. Now let’s move on to the other products, video for example. Google Video and Youtube both fit different niches in the google video structure. Youtube allows you to upload video more quickly but has time and size limits, Google Video however allows downloads and unlimited sized and no time limits when you use their external (non browser based) uploader. Now Google Video’s reporting very frequently fails to work - loosing view and download counts so this needs to be addressed. But a report that would include subscribers, views, and downloads would be fantastic. Feedburner should be tied into analytics also for the amount of information it gives you and stats, while I’m on a mini rant here when are we going to be able to inject adsense into our feedburner items?
Now let’s break into the quickies: Google Base - ok I still don’t understand this product so I have no idea. Blogger and Page Creator would tie in easily with Analytics - so there is no reason not to make this automated. Browser Sync - The number of synchronizations and all machine that you ahve synchronized against. Calender - Ok trickier but the number of appointments from a given day/month/week Docs - Number of edits, number of documents, space they take up, and how many of your colloboration documents have had edits. Gmail - Number of emails received, sent, spam caught, most frequent contacts, amount of free disk space. Groups - could tie into Analytics if your the group owner but beyond that - number of members and messages - how many new messages if your just a reader. Igoogle - um no clues Reader - number of stories read Picasaweb - how many times each photo was viewed, who has linked to it, and any subscribers Finally webhistory - the amount of searches performed, and a concise list of sites embedded in the reports. I would want to see report being able to be generated automatically on a daily, weekly, monthly, and yearly basis. The ability to customize reports by date or time period would also be great. The ability to atomically email them to you at a preset time would be fantastic. The last feature I would add is an open API so we could plugin new reports and send them to google to collect and have other programs able to fetch and manipulate the data on a client side. I know I’m asking pie in the sky at this point. Google literally has all this data on us and more. They are preaching data portability and openness so why don’t they consolidate and show us more of the data they are holding. I’m not asking for all of the secret sauce just what’s relevant to me. Combing the original few things before I went into quickie mode though would be utterly fantastic and an excellent starting place.
Original From Journey To Get Paid: Google’s Next Service Should Be - Google Reporting. – Posted By Creeva Murkado to Journey To Get Paid at 4/11/2008 12:19:00 PM Wordpress tweaking - is it an addiction?Ok addiction may be a strong word, but I’m sure some of you understand what I’m getting at. You spend more time trying out plugins, or finding some very cool functionality that you must try out. You spend days or at least hours of doing this instead of doing something constructive, like actually writing on the blog that you keep tweaking. I’m sure the big name blogs have it alot easier since there is alot more change managment involved before adding any plugin and functionality. They test on their beta internal blogs instead of the public faing ones. So the readers aren’t enduring the torture. In a way I would love to be a wordpress tweaks tester, the one that get paid. Of course I think paid wordpress testers and tweakers are mythical creatures. I would more likely run into a garden gnome running around asking people to marry him in the mall then I would a paid wordpress tester. So for those that read that I don’t create content for because I’m playing a brand new crossposting plugin or life caching function. I apologize. I would get help but I can’t seem to find the wordpress tweaking anonymous google group. 4月9日 Getting lateOriginal URL: http://creeva.com/2008/04/09/getting-late/ Time for bed - you know I really should have twittered this instead of posting it on the blog. /shrug. The Kiosk Series - Part Three - Microsoft SteadyState vs Group PoliciesOriginal URL: http://creeva.com/2008/04/09/the-kiosk-series-part-three-microsoft-steadystate-vs-group-policies/
One of the programs that management wants us to look at for our kiosk implementation is Microsoft Steadystate which is Microsoft’s all in one wizard create a kiosk solution. I’m not entirely convinced on the scenario that there is things in which you can do with this, that active directory is not more suited for. So while we work through this document we’ll be exploring the options of SteadyState and comparing it to group policies that you can push down to a computer or user account from a central location.
This is the start page of Microsoft SteadyState from here there are 6 things you can do: 1. Set Computer Restrictions 2. Schedule Software Updates 3. Protect the Hard Disk 4. Add a New User 5. Export a User 6. Import a User
This is the “Set Computer Restrictions” page. This is broken down to different sections and show you how limiting the computer settings are in group polices that can be applied to this state. While there are still further windows computer policies you can apply to the machine especially if you wish to conform to your companies security plan, we’ll stick with Microsoft’s options for now. Privacy Settings: 1. Do not display user names in the Log On to Windows dialog box Group Policy equivalent: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Do Not Display last user name in login screen 2. Prevent locked or roaming profiles that cannot be found on the computer from logging on Group Policy Equivalent: Disable interactive logon for all accounts except the approved accounts for use with the kiosk machine Registry Equivalent: “Computer Configuration\User Settings\Administrative Templates\System\User Profiles\Log users off when roaming profile fails” [HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\System\ProfileErrorAction] 3. Do not cache copies of locked or roaming profiles for users who have previously logged on to this computer - Group Policy Equivalent: Disable interactive logon for all accounts except the approved accounts for use with the kiosk machine Registry Equivalent: [HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\System\DeleteRoamingCache] Security Settings: 1. Remove the Administrator user name from the Welcome Screen Group Policy Equivalent: The XP Welcome screen is automatically changed to the classic logon screen after a computer is joined to a domain - no policy change is needed unless this has been adjusted. Registry equivalent: [HKEY_LOCAL_MACHINE\SOFTWARE\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList\Administrator] 2. Remove the Shut Down and Turn Off options from the Log On to Windows and the Welcome Screen Group Policy Equivalent: User Configuration \ Administrative Templates \ Start Menu and Taskbar
Policy:Disable Logoff on the Start Menu Description:Removes the "Logoff" button from the Start menu and prevents users from adding the Logoff button to the Start menu. Registry Value:"StartMenuLogoff" Policy:Disable and remove the Turn Off Computer button Description:Removes the "Turn Off Computer" button from the Start Menu and prevents shutting down Windows using the standard shutdown user interface. Registry Value:"NoClose" 3. Do not allow Windows to compute and store passwords using LAN Manager Hash values Group Policy Equivalent: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Do not store LAN Manager hash value on next password change 4. Do not store user names or passwords used to log on to Windows Live ID or the domain Group Policy Equivalent: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Do not allow storage of credentials or .NET Passports for network Authentication By disabling interactive logins for all users accept the kiosk user acount - this isn’t an issue 5. Prevent users from creating folders and files on the drive c:\ Security configured on the drive to give the kiosk only read access to information it needs should handle this. 6. Prevent users from opening Microsoft Office documents from within Internet Explorer Registry Equivalents: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Excel.Sheet.5\BrowserFlags] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Excel.Sheet.8\BrowserFlags] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSProject.Project.8\BrowserFlags] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerPoint.Show.8\BrowserFlags] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.6\BrowserFlags] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.8\BrowserFlags] 7. Prevent write access to USB storage devices Registry Equivalent: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies\WriteProtect] Other Settings: 1. Turn off the Welcome Screen Group Policy Equivalent: The XP Welcome screen is automatically changed to the classic logon screen after a computer is joined to a domain - no policy change is needed unless this has been adjusted. If you notice the Microsoft does have some understanding of using machines with this configuration applied to them in a Domain environment since they provide the not “In a Domain managed environment the Domain Group Policy supersedes any settings made here.”
This is the Schedule Software updates screen. From you can configure the interval in which you update the Windows Operatings and auxillary programs. For updating windows a SteadyState computer supports Microsoft Update, Windows update or WindowServer Update Services. The supported security program updates are limited the only programs that have native support are Computer Associates eTrust 7.0, McAfee VirusScan, and TrendMicro 7.0. You have the option of creating a custom script to handle any other program updates you may need. In a domain environment this can easily be handled by central update servers such as SMS and AV servers.
Windows disk protection allows the user to install any programs they want or download whatever they wish, but the hard drive will just wipe out the data. I can’t seem to find a registry or policy equivalent that allows this, so it seems that this is one main benefit of steady state.
The “Add a New User” screen only allows you to create local users which doesn’t really help you in a secure domain based enviroment. It will however check you domain’s password policy’s that you may have pushed down to the machine via group policy. If you do use this wizard to create accounts be aware that user policies from the domain can not be applied.
The first screen of User Settings is the “General” tab. Here we get into some more unique settings to the SteadyState product. While it has the function to prevent the user from making permanent changes the most interesting thing is the log off options, The ability to add a maximum amount of use time or an idle time is done by the use of two helper applications that are installed with SteadyState. Being able to always display the session countdown allows the user to see how much time they have left before the log off procedure is invoked. Restart computer after log off allows the Windows Disk Protection to kick in and reset the machine back to a clean state. While this is nice, the same option could be invoked by creating a log-off script.
The User Settings \ Windows Restrictions tab allows you to hide drives, set default restriction levels and takes the start menu restrictions straight out of the security policy. This is simple to replicate with a domain group policy.
Screen 2 of Windows Restrictions
Screen 3 of Windows Restrictions
Screen 4 of Windows Restrictions
Feature restrictions are more policies that have been taken straight out of the local security policy (domain policy manager).
Screen 2 of Feature Restrictions
Screen 3 of Feature Restrictions
Screen 4 of Feature Restrictions
While SteadyState allows you to block certain programs, locally installed antivirus can normally do this. Normally you wouldn’t want this in a kiosk environment. A better scenario is using group policies to allow only the programs you specify to run. Using the SteadyState scenario if someone ran a rogue application off their USB drive (if you’ve given them access) or renamed an EXE that was blocked that doesn’t need registry access, well I doubt that SteadyState could do anything to stop this.
Importing users is done via a normal windows save/open dialogue box. It loads files done with a supported *.ssu extenstion.
Exporting is done in a proprietary *.ssu file extension once again using the standard windows open / save dialogue box. Can I recommend SteadyState? For 90% of what it does I wouldn’t use SteadyState at all but would personally rely on centrally controlled and maintained group policies within a domain environement. What does shine though is the Windows Drive Protection and the helper utilities that handle logoff timers - though with the idle time out I would more likely just use a script I controlled which could be invoked by the screensaver kicking in. I didn’t go through each of the group policies under the user restrictions since it’s almost verbatim down the list under the policy management. If you have any questions on a setting to restrict without using the SteadyState feel free to ask. The biggest disadvantage to SteadyState is the fact that it uses local accounts that can’t be managed remotely with ease. Being at a company where everything is done to avoid using local accounts I can say this is bad mojo. I may use the the drive protection and timeout applications, we’ll see when this project is truly finished. The Kiosk Series: 4月8日 The Kiosk Series - Part Two - Management Considerations For Your EnvironmentOriginal URL: http://creeva.com/2008/04/08/the-kiosk-series-part-two-management-considerations-for-your-environment/ Recently I’ve been put forth to design a kiosk solution for our internal environment. This is the second part of my kiosk series which is going to examine testing and deployment of such a system. To read the first section go to Part One - Choices For Your Environment. Kiosk System Management Strategy There are multiple issues involved with managing a “kiosk system”. We have to look at the problems we will face whether they are considered to be internal or external. From a security and management scope of this document we are going to assume they are located on the company guest network. If the machines are located within the internal network the current maintenance procedures will apply. While this is still in the design period the final abilities of both the kiosk system and the where it falls have not been decided upon. Until another strategy is decided upon we are going to assume that these systems will be a member of the domain. Hotfixing and Patching: Within the internal network we currently use a mixture of WSUS, SMS, and Antivirus servers to keep computers up to date. Something similar would have to be replicated either on the guest or DMZ network. If it is located on the DMZ network controls would have to be in place that the communication is pushed to the client for updates instead of the client pulling the information. If the information absolutely must be pulled, this will be addressed in the section below titled “Securing Connections”. Break/Fix Issues: Next to the computer there will have to be a phone located so users can report any issues that a kiosk should have. Upon receiving the call and logging it, normal break/fix procedures would apply. Remote Desktop: Going from the DMZ to the guest network we should be able to RDP into the kiosk unit. Remote Monitoring: For the best security standpoint all of these units should include full auditing. The audit trail could be maintained locally with a remote server from the DMZ pulling in the logs via either a script or an off the shelf utility designed for pulling log files off of the machine. Utilization Report: Similar to the Audit log we can get a utility that monitors the utilization with these units and pull them into the internal network. This can be done after tracking down a third party program that allows for utilization monitoring or by parsing the audit log and turning that into a utilization report. Seat Type: A new seat type would have to be established to accommodate the additional costs incurred from the environment set up and maintenance of these units including but not limited the additional costs possibly incurred by having a phone nearby to inform the help desk of any issues. Security Plan: A new security plan would have to be established since there will configuration settings that do not fit into the current security plans that the company has established. While these will fall under a site security plan, none of our existing would not be able to fit these systems under their configuration options. Privacy Controls: Depending on the kiosk solution we go with – whether it be a login based solution where they have a full application suite or a web kiosk something must be done to maintain user privacy. After an inactivity time (amount to be specified later) which would either clear the process from memory or log the user out of the kiosk completely depending on which kiosk method we are using in a couple methods. One would be an off the shelf software product to this, at this point I would assume we would use all of their privacy and utilization reports. Another option would be to setup a script to kill the process or automatically log out the user and utilize the screensaver in the kiosk to run this functionality and monitor idle time. Securing Connections: If the machines must pull information from the machines in the DMZ, then the best method would be to utilize IPSEC. This would limit the amount of ports needed and allow us to lockdown communication to only the specific server that the kiosk would need to talk to. 3月21日 Second LifeOriginal URL: http://creeva.com/2006/03/21/second-life/ This is an old post I found from 03/21/06 - adding it into the correct spot on the blog I tried second life tonight. And as someone who in SWG enjoyed playing a master entertainer and a merchant (with master rifleman thrown in) it was an amazing experience. The character creation is on par with SWG if not more. It is a game that runs economy of a larger scale then SWG. The only thing it is missing is the mission/attack portion of the the game. Since I joined DnD online I may have the right mixture to do both now and happily have a medium that I can pretend is SWG the way it was - if only fleeting in my mind. But moving on, I played slot machine - though I’m not sure I completely understood how they were working. I listened to live music for an hour or so. As an ex-entertainer I though the live music was the most fascinating thing that I saw…er heard. I wonder what I’ll discover next. Very Very interesting and for anyone that enjoyed the social aspect of swg to try it out. I can tell you Second Life didn’t pan out for me. |
|
|
