Showing posts from November, 2007

nac -a bandaid for your network v07.21.11.txt

This is just a blog storming session about why I feel NAC is over-rated.. It may be the best marketing invention in a while to give vendors the opportunity to sell you a security solution, but it clearly isn't the best use of technical minds to come up with an effective way of securely managing diverse networks.

NAC - Posture Assessment

If you are responsible for keeping the corporate workstations up to date, then you are just proving to yourself that your method is ineffective if you perform posture assessment and fail the workstation. Why not concentrate on way to deliver updates and patches to a workstation while it is not directly connected to your corporate network?

- Windows Update can be configured to access an internet site accessible: (ie: that works internally and externally.

- SMS and GPO updates can't easily be applied unless you have a VPN connection back to the corporate network.. seems like a good place for MS to work on ISA Server…

using vlc to create a web-based vod library v07.18.11.txt

There are many reasons why you would want to create Video-on-Demand library with a web interface.. training videos, past security recordings, news clips, etc..

My reason was different this weekend.. it is starting to become difficult to weed through all of the DVDs with children's show for my daughter. While she has no problems sorting through the DVDs and picking out a show to watch if we label it correctly, it still is time consuming and over time the discs become worn and damaged. I needed a way to create a video on demand library and have it easy to use for her. Since she can navigate around on the web just fine, I wanted to make it as simple as YouTube for point and click access to her shows.

Enter VideoLAN VLC Player/Server

Now we can do the following:
TV -> DVR -> DVD -> VLC -> RTSP -> PC = Happy Child

The quick and dirty approach for serving DVDs over wired/wireless for VOD via the web:

Download and install VLC 0.8.6c here.
Copy the entire VIDEO_TS folder fr…

xen-based vmm with san-less ha from thinsy v07.16.11.txt

After reading the latest blog post from

I just can't help wonder how many more Xen-based virtualization packages are going to delivered and how well they are going to keep up with Xen's release of the VMM along with their own enhancements and modifications. It seems like everyone is ready now that Xen 3.1.0 supports Windows-based guest OSes.

What is interesting in this release is that I've just finished a proof-of-concept with XenEnterprise 4.1 to perform disk to disk replication and XenMotion utilizing LVM on top of DRBD 8.2.1 since XenSource (now Citrix) provides a DDK image to recompile kernel modules for Dom0. It worked and I was able to perform XenMotion with running DomUs between the two hosts utilizing a primary/primary cluster with the "allow-two-primaries" option in the DRBD resource config file.

It will be interesting to see what Thinsy's EnSpeed VMM is …

thin clients, library shared workstations, vdi for a perfect combo v07.15.11.txt

Microsoft has matured their original Shared Computer Toolkit to Windows SteadyState. The new version is well documented and really becomes a player against existing Deepfreeze environments for libraries. The Windows Disk Protection feature is very similar and now supported scheduled update windows.

If this product were to be combined with thin clients at libraries along with VDI and a SteadyState prepared load of Windows XP you would have a great combo for an IT staff and librarian freedom for implementation of new software in computer lab or kiosk environments.

Utilizing thin clients, you could reduce the hardware costs and risk of theft or damage at the physical lab setting. Having the image run on backend servers would minimize replacement or addition time frame of new lab computers. This would work especially well if you utilized a single virtual drive that they all boot from..

Library staff would be able to make changes and add software very easily with wizard interface in the St…

site content introduction v07.13.11.txt

The purpose of this blog is to document thoughts and ideas about events that relate to my daily work and research. It's hard to try and give back thoughts and opinions in a digital communication form when you are so used to formulating ideas and concepts from Googling everything, subscribing to a hundred or so RSS feeds, and drilling through all of the marketing hoopla with vendors. There is not enough time to digest the information I've read and heard, let alone try and comment on it in any meaningful way.

Nonetheless, I feel it is about time I tried.. we'll see how it goes, and hopefully there will be some unique content that will be considered a contribution back to the greater good.

Topics that are currently at the top of my interest:

virtualization - comparison of hypervisors and the end game of commodity enterprise v12n
network security - documentation of best practices, focusing more real ways to solve problems instead of buying alot of appliances to make you feel tha…