Sunday, September 30. 2007
Recently install a Windows update or service pack and now your .NET applications are running slower than usual?
This can be caused by assemblies needing to be recompiled.
You can read more about it here, but in general, you can force a rebuild by opening a command prompt window with administrator rights and running:
%WINDIR%\Microsoft.NET\Framework\[version of framework]\ngen.exe executeQueuedItems
For example, on my laptop, I have v1.0.3705, v1.1.4322, v2.0.50727, and v3.0 installed.
If I wanted to rebuild/recompile the v2.0 Framework assemblies, I would run:
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\ngen.exe executeQueuedItems
.NET 3.0 is a bit of an oddball, because it is a combination of technologies to go along with .NET 2.0, so there isn't an ngen.exe executable in the v3.0 directory.
A coworker recently received his every two year work laptop refresh and was in the middle of loading his new laptop with Vista. For some reason, his hard drive C: was partitioned to only 25GB and the rest of the space reserved for a much larger drive D:.
Anyway, after loading many Windows Updates, he was left with hardly any drive space left on C:, and for some reason, the WinSxS directory had ballooned to over 8GB.
While I knew what the WinSxS (Windows Side-by-Side) directory was for, I wasn't quite sure why that directory would explode in size so fast with normal operating system updates.
A little digging and I think I have part of the answer, based on two different postings from MS's jonwin's blog. You can read the WinSxS specific posts here and here.
The most interesting and/or relevant sections of those posts, which explains quite a bit about the WinSxS directory:
Content is added to this directory in response to installing applications, enabling packages in the add-remove-programs UI, and installing Windows Out-of-Band releases. Content is removed from this directory as a result of uninstall + scavenging - a topic for another time. One important note - uninstalling your application or Windows app will not necessarily remove the physical bits from the system. The servicing stack marks the bits as unusable and prevents their use through "normal" means. Files and directories will be removed over time as the servicing system cleans up after itself. Administrators should not, for any reason, take it upon themselves to clean out the directory - doing so may prevent Windows Update and MSI from functioning properly afterwards. Preventing accidental deletion from the directory is accomplished by putting a strong security descriptor on the directory that inherits to its children.
In Windows Vista, the directory %windir%\WinSxS has much stronger protection on it than it did in Windows XP and Server 2003. The owner/group is now a SID named "Trusted Installer", a service SID used to start the TrustedInstaller service. Users other than the trusted installer are granted only generic-read/generic-execute by default. This increased protection ensures that only the trusted installer service is allowed to modify the servicing-related metadata and files. If a limited user could modify a file in the directory, for example, they could convince the servicing stack to overwrite one binary with another when the next administrator comes along to enable the Games for Windows package.
You may or may not have ever peeked into the %windir%\winsxs directory on your system. If you haven't, now would be a good time. First thing you'll notice is that there are a lot of those funkily-named directories. You might further notice that there seem to be several that differ only by what looks like a version number and some random-looking eight characters on the end of the name. Next you might see that some of them differ only by the second-to-last stringish thing. Lastly, note that mostly, the strings can be deciphered with a little help.
Each shared component (in the winsxs directory) gets its own directory into which its payload bits are placed. Somehow, we have to generate (mostly) unique & repeatable directory names for this purpose. The requirements of directory names are reasonably simple - can't overall be more than MAX_PATH (260) characters, can't contain certain characters, etc. Given the naming requirement, it was impossible to use the entire identity as the name of the directory, as someone could name their component "foo\bar" and mess things up. With the extensibility requirement for identities themselves, we couldn't possibly use the entire identity, as the set of tuples would end up being far longer than MAX_PATH. Most importantly, we wanted the directory names to be readable to your average administrator or PSS representative. Finally, generation of the keyform from an identity had to be fast.
My take on all of this:
There should be a way to move this directory out of the %windir% directory structure. This directory has a potential to grow pretty much unchecked over time. As it stands right now, it is a huge hard drive space hog on any default Vista install.
Check out this list of WPF applications to try out.
You will be hearing about WPF more as Visual Studio 2008 gets closer to RTM, and as more people adopt .NET Framework 3.0.
Of course, you can develop WPF applications today with Visual Studio 2005 and the updated SDKs, but I have a sneaking suspicion that it won't take off until Visual Studio 2008 comes out.
Not sure what WPF is? Wikipedia has a nice article about it here.
If you check out the webpage here, you can download a program that can search your hard drive to find out which executables use .net and which do not.
You will also learn about the interesting history of Vista's beginnings as a managed-code operating system and how little by little, it went back to unmanaged code. This also helps explain some of the interesting eHome (Media Center) and other curious files in the WinSxS directory.
Saturday, September 29. 2007
Originally I was going to make this Serendipity (s9y) specific, and portions of this might slant that way, but the concepts and programs mentioned here are typically blog software agnostic. Any specific examples are going to center around Apache, PHP, and S9y. I am also assuming you have the ability to install extra software on your web host account.
#1: Akismet - First on the list, especially if you allow anonymous blog comments, is obtaining an Akismet API key and enabling your blog software to use it. S9y has built in support for Akismet through the use of a recent version of the Spamblock module. Enabling Akismet typically blocks around 95%+ of the spam attempts by itself. Most blog programs have Akismet support these days.
#2: Bad Behavior - Although the documentation is a bit sparse, Bad Behavior does a good job of detecting spammers by use of heuristics. To install and use it with s9y, for now, you will want to unzip the package into separate directory of your website and add require_once( '/yoursite/bb-directory/bad-behavior-generic.php'); near the beginning of s9y's serendipity_config.inc.php file.
#3: Project Honeypot - By itself, this won't prevent comment spam, but it does an excellent job of collecting IP addresses of spambots that are looking for e-mail addresses. Every website that joins the collective helps with the cause. Once you have joined, you can also take advantage of Project Honeypot's http:BL, which will help reduce comment spam.
#4: mod_security - I recommend installing mod_security, which is an installable module for Apache, and has a nice community of rule writers behind it. You could almost think of it as a Snort module for web servers. Some of the more clever rules will protect sites from unknown and unpatched exploits due to SQL injection detection and other 'script kiddie' countermeasures.
Serendipity specific spam zombie network workaround involving comments.php:
Many years ago, around the 0.7 revision level of s9y, there was a bug in comments.php that script kiddies latched on to. Version 0.7-rc1 patched this bug, and any newer version cannot be exploited this way.
With that said, my site typically receives about ten exploit attempts per minute from IPs around the world. To help lighten the load on your web server and SQL server, your best bet is to make use of a custom .htaccess entry in your blog directory.
Assuming you are running Apache with mod_setenvif enabled, add these lines to the bottom of your .htaccess:
SetEnvIf user-agent ^$ commentexploit
Deny From env=commentexploit
If your site had been pegging the CPU from all the invalid requests before, it should handle the load much better now.
You will most likely see entries in your HTTP error log like this:
[Sat Sep 29 20:59:38 2007] [error] [client x.x.x.x] client denied by server configuration: /yoursite/comment.php
With all of these countermeasures in place, about one spam comment per month sneaks through my blockade, and most of the time, it will get marked for moderation so I can delete it before anyone sees it. Overall, I am currently winning the battle against the spammers, but their tactics are always changing.
Friday, September 28. 2007
Want to take advantage of the potential power savings of Deep Power Down with your brand new 45nm Intel CPU? Request this hotfix for official support.
Don't know what Deep Power Down is?
To quote Intel:
This is a radically new and advanced power management state (C-state) that significantly reduces the power of the processor during idle periods so internal transistor power leakage is no longer a factor. This latest processor "sleep" state is the lowest power state a processor can reach and significantly helps extend laptop battery life. It enables Penryn to achieve up to a substantial improvement over the lowest power state of Merom, the previous generation Intel Core mobile architecture.
Upon entering Deep Power Down, the processor flushes cache, saves the processor microarchitecture state internally, and shuts off power to cores and L2 cache. While in Deep Power Down, the chipset continues to service memory traffic for input/output (I/O), but doesn't wake up the processor. When the core is needed, the voltage is ramped up, the clocks turned on, the processor reset, the microarchitecture state is restored, and instruction execution resumed.
The deeper a C-state, the higher the energy cost of the transition to and from this state. Too frequent of transitions to deep C-states can result in a net energy loss. To prevent this, Penryn includes an auto-demote capability that uses intelligent heuristics to determine when idle period savings justify the energy cost of shutting down a processor and restarting it. If it doesn't, the Deep Power Down request is demoted to C4, a less deep power management state. The result is a power savings appropriate to the probable idle period.
Read more about it here.
Microsoft System Center Essentials 2007 is a proactive and unified management solution that enables IT professionals in midsize organizations to more efficiently secure, update, monitor and troubleshoot their IT environments.
The evaluation edition is valid for 90 days after installation. The Evaluation Edition can be activated to a full product without requiring a full re-installation. See the System Center Essentials FAQ for more information.
This patch is a rollup of important post-release fixes for System Center Essentials 2007.
KB 936339 - Fixes a problem in which Windows-based computers are not displayed in the Network Topology diagram view in System Center Essentials 2007. The WSUS component parts of Essentials 2007 also fail on the Essentials 2007 agents.
KB 937831 - Fixes a problem that occurs if the computer's NetBIOS domain name does not match the domain or if the computer's domain suffix does not match the domain.
Microsoft Office Communicator Mobile is a unified communications client for Microsoft Office Communications Server 2007. Communicator Mobile runs on Microsoft Windows Mobile 5.0 or 6.0 software for Pocket PC and SmartPhone devices.
Download the OCS client for Smartphones and PocketPCs here.
Read the release notes, FAQ, planning and deployment guide, user guide and troubleshooting guide.
There are also handy quick reference cards available for IM and presence, and Installation and Configuration.
On my left is my wife Cassandra, and on my right is my daughter Juliana.
Sabrina is missing from this picture but this came out too good not to share.
This picture was taken at Juliana's first "real" concert - Robert Randolph and the Family Band at the Frederik Meijer Gardens, back on August 2nd, 2007.
We all wore ear protection. It was a great show. If you saw a tiny three year old dragging her daddy through the crowd for the whole show, all the while dancing her butt off, that was us!
Thursday, September 27. 2007
Stumbled upon this, this morning, and figured it was worth noting for future reference.
If you are looking for Vista drivers for Microsoft mice, keyboards, headsets, media center devices and basically anything made by Microsoft Hardware, go here.
Wednesday, September 26. 2007
Get an early look at Windows Server 2008 virtualization by downloading this product overview. This document provides an overview of Windows Server Virtualization and explores Microsoft's Virtualization Strategy, how it addresses key business needs including server consolidation, business continuity, testing and development, moving toward a dynamic data center and branch office.
Office Mobile 6.1 is an upgrade to Office Mobile applications on Windows Mobile. The new upgrade supports the new Office 2007 file formats.
This upgrade to the Office Mobile applications allows viewing and editing of Word documents and Excel workbooks and viewing of PowerPoint slideshows created by using Microsoft Office 2007.
Other improvements include:
• Enhanced viewing experience for charts in Excel Mobile.
• Ability to view SmartArt in PowerPoint Mobile.
• Ability to view and extract files from compressed (.zip) folders.
If your Windows Mobile device does not have a version of Microsoft Office Mobile prior to 6.1, you can purchase the full version of Microsoft Office Mobile.
You can read about and download the update here.
This update (KB 939455) brings ISA 2006 inline, featurewise, with ISA 2004 SP3.
It fixes 20+ issues and adds:
1. Improvements to the ISA Server Management console.
2. Improved log viewing functionality.
3. Additional log filter functionality.
4. Diagnostic logging. Over 200 new diagnostic logging events are provided.
5. Integration with Microsoft ISA Server Best Practices Analyzer Tool.
In other words, a very nice update for ISA 2006!
Essentially, you can get rid of it by running:
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 00000001 /f
If you want a cool trick to integrate that into your BDD build process, read more about it here.
|
