Kurt Shintaku's Blog

This is so cool it’s sick: 
Introducing the Dell Studio Hybrid.

• IT’S SMALL
  Same footprint as a Mac Mini Combo.
• IT’S MORE AFFORDABLE
  Cheaper than a Mac Mini Combo. ($499)
• IT’S MORE POWERFUL
  1.86Ghz Dual Core Pentium, 2GB memory (twice that of Mac Mini Combo), 250GB hard drive. (3x that of Mac Mini Combo)  And it comes with Windows Vista Home Premium.
• IT’S CONNECTED
  It comes with HDMI & DVI ports along with AC3 audio, Gigabit networking, and both firewire and 3 USB ports.
• IT’S GOT VALUE
  Unlike Mac Mini, it includes keyboard & mouse.  And for $199 more, you can get a very nice 19” widescreen flat panel monitor.
• IT’S PERSONAL
  It has with a bunch of customizations like a red frame and Blu-Ray drive.
• IT’S GREEN
  Systems power consumption is only 65 watts.

It’s got a lot of options to upgrade the memory or the hard drive or whatever you want.  I’m partial to this bamboo model:

http://www.dell.com/content/products/productdetails.aspx/desktop-studio-hybrid

I had the privilege of taking an Active Directory Rights Management Services for Windows Server 2008 course over the last two days containing content that should have been delivered over 4 days, and learned more than I could have imagined about the product.

Because I know that a lot of you have been strongly considering licensing Active Directory Rights Management Services or have purchased licenses for it and are planning on deploying Active Directory Rights Management Services, I’m going to document what information I was able to glean in a series of blog posts because this material simply doesn’t appear to be documented anywhere.

TIME OUT:  SUPPORT FOR ACTIVE DIRECTORY RIGHTS MANAGEMENT SERVICES
Before I begin, the most important thing to take away from this is that the lead Product Support engineer for Active Directory Rights Management Services at Microsoft is a guy named Jason Tyler, and he has a blog that he maintains at http://blogs.technet.com/rmssupp that is SCARY GOOD. 

Very rarely is there a blog with this much unique and pertinent content on a given product.  In fact, I wish there were more “support oriented” blogs out there written by the support geniuses that have to answer calls and debug issues on the products.

That being said, here we go:  A random series of notes that I took regarding Active Directory Rights Management Services for Windows Server 2008.

——————–

MICROSOFT ACTIVE DIRECTORY RIGHTS MANAGEMENT CAPABILITIES

1. Active Directory Rights Management Services is the only cross-application product on the market that support email encryption & policy-based usage restriction.  Other products – like Adobe – do not.
   
2. Windows Mobile-based devices are the only mobile devices on the market that can ORIGINATE Rights Managed content out of the box – specifically usage restricted emails.  Blackberries and other devices can at best – leveraging 3rd party add-on solutions for RMS – “read” and “consume” rights-managed email and content, but not originate it.
   
3. MSDN has a “Content Protection Tool” that enables a developer to write flawless code leveraging Active Directory Rights Management Services by literal “code creation” which the developer can cut & paste into their application.
   
4. The 3 major partners of Microsoft’s in the Rights Management Services space are Gigatrust, Titus, and Liquid Machines.

ADRMS ARCHITECTURE & DESIGN

1. Scaling of Active Directory Rights Management Services depends on the number of devices, the document count to be protected, the enforcement policies used.
   
2. Scaling Active Directory Rights Management Services is very easy.  It simply involved deploying more load balanced Rights Management Servers in a cluster that connect to a highly available cluster of SQL Servers with a RMS database. 
   
3. The Active Directory Rights Management Servers themselves can be formatted, reinstalled & hooked up to the SQL Server with no problem being that all the configuration data, policies, logs and certificate information are stored in the SQL back end and not configured on the ADRMS Server installation.
   
4. Active Directory Rights Management Server is supported in virtualized configurations HOWEVER the deploying customer must strongly consider the security & performance implications of doing so.  “Mobilizing” the RMS system by virtualizing it is not likely a good idea.
   
5. Both Windows Vista Services Pack 1 & Windows Server 2008 contain the Active Directory Rights Management Services client built into the operating system code.  It is not an “installable” component nor is it visible in Control Panel.  It’s just there in the OS itself.
   1. This makes every deployed Windows Vista machine ready to use Active Directory Rights Management Services out of the box.  Just add Group Policies and RMS Template distribution to configure appropriately.
   2. The same can be said for Windows Server 2008 which may require the use of the Active Directory Rights Management Services client’s libraries for various server side operations.  For example, if the server is an Exchange Server 2007, Exchange requires the ADRMS Client libraries to pre-cache licenses for emails so that the client doesn’t need to retrieve them.
6. Active Directory Rights Management Services client has no client-side logging.  This is a function provided by 3rd party add-on vendors like Gigatrust, Titus, and Liquid Machines.
   
7. The Active Directory Rights Management Service leverages 3 databases:
   – Configuration Database
   – Logging Database
   – Directory Services Database  (Used as a replica of AD for Group Membership caching – synchronized every 12 hrs with AD Domain Controller)

   These databases are represented by a SINGLE INSTANCE on a SINGLE PHYSICAL SERVER; i.e. you can not separate these databases out into different host SQL Servers.

8. There is only ONE ADRMS implementation per Active Directory forest.  To have two forest implementations work together, one must leverage the NEW ADRMS TRUST functionality of RMS in Windows Server 2008.  This configuration requires both an AD trust as well as a ADRMS Trust.
   
9. Audit reporting for access attempts, successes, & failures is not readily available out of the box; i.e. 3rd party partners develop comprehensive solutions for this.  Despite the availability of a log in ADRMS, we provide only basic reporting that is primarily used for troubleshooting – not for auditing.  (ex:  how many people have accessed this file, who specifically has read it so far, etc.)

There’s no Windows Mobile app/client available yet but it’s clear that it’s so close you can smell it.

Mobilized Windows Live Mesh… coming to a Windows Mobile device near you!

LINK:  http://m.mesh.com

[This was important enough that I thought I should post this here]

Not all SSL-encrypted Internet connections are secure.  Just like how certain area codes (900) or prefixes (976) are not "free", there are SSL sites out there that people need to be aware of that are ultimately not secure & very vulnerable… and the worst part is the vendor or web site owner may not even know it.  The problem is that there are SSL certificates out there on Internet sites that leverage weak certificates that are very easy/trivial to crack, due to an error in the current distribution of Debian Linux.

Anyway, there is a tool that’s been released by ‘heise Online’ that installs into any Windows 2000/XP/Vista machine that automatically detects these weak SSL connections and pauses for input when it finds one.  Called Heise SSL Guardian, the tool can prevent you from going to a weakly protected site, and will even report the site back to heise Online itself.

Note that the tool only works for Windows & Internet Explorer.  If you’d like to download the tool go to:

LINK:  http://www.heise-online.co.uk/security/Heise-SSL-Guardian–/features/111039

UPDATE 7/26/08: 
It looks like we’ve going to post the results here at http://www.mojaveexperiment.com/.

ORIGINAL POST:
There’s been some buzz recently about Windows "Mojave":

Microsoft last week traveled to San Francisco, rounding up Windows XP users who had negative impressions of Vista. The subjects were put on video, asked about their Vista impressions, and then shown a "new" operating system, code-named Mojave. More than 90 percent gave positive feedback on what they saw.

Then they were told that "Mojave" was actually Windows Vista.

That’s just ROFLtastic – especially in this day and age where Internet news seems to be very rarely researched, checked, and qualified.  Everyone knows that negative press sells more than positive press does but it’s impact is made doubly so with the advent of the Internet being that apparently it’s more fun for people to pile onto a negative story and let it snowball, going from "Windows Vista lacks drivers," to "M$ Vista is for l4merz – it lost my homework, stole my allowance, & kills babies!!!LOL"

You can just imagine these folks going into the room goin’, "I hate Vista!  Hateithateithateithateit!  It’s just bad!  Because that’s what I read on the Intenret.  And the kid down the street told me so."  Then the bomb drops on them and they go:  "Uh… erm… oh wow."

LINKS: 

• Microsoft looks to ‘Mojave’ to revive Vista’s image
  http://news.cnet.com/8301-13860_3-9998336-56.html
• Once Tricked Into Using It, XP Users Start to Love Vista
  http://www.realtechnews.com/posts/5893

I’ve seen this pop up recently as a discussion topic and I thought I’d try to shed some light on the answers being that this was a curiosity of my own a year or so back.

FLASH MEMORY DIES
It’s a fact of life that Flash memory has a relatively short life span in comparison to other read/write storage technologies.  There are only so many reads & writes that can be executed against a given flash memory cell before it becomes unreliable and unusable.  This failure or inability to read/write reliably is often referred to as "burnout".

The number of ‘writes’ that can be executed against a flash cell has historically been something like 50,000 to 100,000 changes, but what’s often disregarded is the fact that ‘reads’ also diminish a flash memory cells life span as well.  The bottom line is that flash memory goes bad over time.  It’s just a matter of ‘when’.

WEAR LEVELING
To compensate for this problem, algorithms have been written into Windows operating systems (XP, Vista, Windows Mobile, etc.) that recognize flash storage mediums and use a different method of I/O.  The basic concept is to distribute the usage of the flash storage across each and every cell so that ever part of the flash memory gets used equally over time, instead of one area getting "burned out" faster than others.

As a result of these wear distribution algorithms, flash manufacturers (especially the manufacturers of the recent new breed of solid state devices/SSD) claim that failure occurs only after many years of usage – assuming an even spread of I/O calls across all flash memory cells.

DIFFERENCES IN FLASH I/O ALGORITHMS:  FREE CELL WRITE DISTRIBUTION
With regard to the algorithms themselves, one basic technique I’ve heard of is to maximize the usage of free space by writing to non-sequential cells.  This has the benefit of scattering the "wear & tear" of the memory used without diminishing performance since unlike ferro-magnetic/mechanical drives, flash memory seek times are a constant no matter where the data resides meaning writting data sequentially is unnecessary.  (And in the case of flash memory, possibly even dangerous to the life of the storage medium)

The problem with this technique is while it maximizes I/O performance, it relies on the existence of free space on the flash storage medium.  If you have very little free space, the same areas of the storage may be written to over and over again.  Take for example the usage of flash storage for an Internet Browser cache or an RSS feed repository.  If the content of either of these caches are constantly deleted then rewritten with new data, because there is little free space you can see how the same memory cells might be written to over and over again.

This might not seem like a feasible scenario until you realize that most cellular phones use a lot of flash memory.  All of a sudden, reading/writing to flash memory for the use of a mobile browser or a mobile newsreader becomes very disconcerting.

DIFFERENCES IN FLASH I/O ALGORITHMS:  CELL SWAPPING
Another more complex technique is to literally swap data content between frequently used memory cells and less frequently used cells.  This technique essentially takes data that "hasn’t moved in a long time" and puts it in cells that have been used a lot recently.  This has the benefit of more evenly distributing wear & tear across all memory cells – not just free memory.

Of course the problem here is that the additional read/writes to accomplish this may affect performance but this could be compensated for using background I/O during periods in which the medium isn’t actively being used and proactively swapping data between cells.

THE CONSEQUENCE OF SIZE
So if you have a larger storage medium, you have more "flash surface" to write to and that means a longer life, correct?  After all, if you’re wear-leveling effectively and distributing I/O across the entire storage medium, making more space available equates to making more reads/writes available over the life of the flash, right?

For the most part, the answer is ‘yes’:  A simple solution is to use larger flash storage to distribute I/O across.  And better yet, if you are using an algorithm that distributes just across free space, then having more free space available in general should increase the life of your flash medium.

The problem is that people assume flash has an even quality across all manufacturers and rarely discriminate between flash brands.  Flash is flash is flash, in the minds of most consumers, but as any tech will tell you, that just isn’t the case.  Speed, life span, storage capacities, cost, all of these vary widely between manufacturers and even a single manufacturer can change across product lines.

The bottom line is that if you do get a larger capacity and expect greater life spans for your flash, be sure that the manufacturer is the same to at least have some semblance of comparing apples to apples and also check to see if their have differing life span ratings if they even give them.  Just because you have more capacity on your new flash drive doesn’t mean it’ll last longer if the flash itself is more prone to failure on your new storage.

[Once I get the time, I’ll enhance this post with what we’ve done in Windows to provide wear distribution for flash memory]

I should throw out the caveat that this is just what I read – I have little knowledge of any of these technologies except in the context of how it is used in Microsoft products.

• A good discussion of flash wear leveling is available here:
  http://blog.datalight.com/?p=32 
• A whitepaper from WinHEC was published by Micron on some of this:
  http://download.microsoft.com/download/d/f/6/df6accd5-4bf2-4984-8285-f4f23b7b1f37/WinHEC2007_Micron_NAND_FlashMemory.doc
• Yet another whitepaper on the topic of wear leveling algorithms is available at:
  http://www.inf.fu-berlin.de/lehre/WS07/DBS-Tech/Reader/flashCSurv-2005.pdf
• STEC Electronics published an interesting guide to how to determine the lifetime/life span of a given flash memory card of their manufacturing:  (In addition to explaining why they don’t believe multi-level cell flash is mature or reliable enough to use yet)
  http://www.stec-inc.com/downloads/AN-0702_STEC_SMALL_CARDS_WEAR_LEVELING_LIFETIME_CALCULATOR.pdf
• Jim Gray of Microsoft Research wrote a Powerpoint entitled, "Flash is good"
  http://research.microsoft.com/~Gray/talks/Flash_Is_Good.ppt

OMG!  Are you interested in three-dimensional modelling?

Caligari’s trueSpace, now part of the Microsoft Virtual Earth team, is now being made available completely FREE.  The whole thing:  FREE!

It includes export technology for usage with Virtual Earth (of course) as well as XNA gaming technology for Xbox Live & Xbox 360.

“…included is an export to Virtual Earth which will let you place your 3D creations straight into Virtual Earth from trueSpace. Now you can place whatever you make into real world locations in Virtual Earth and share them with others!

trueSpace also supports import from a wide variety of formats, letting you take existing objects and use them in Virtual Earth.”

http://www.caligari.com/Products/trueSpace/tS75/brochure/intro.asp?Cate=BIntro

DOWNLOAD: http://cart1.caligari.com/web/Truespacemainreg.aspx

Looking for a Windows Mobile alternative to the iPhone?

Look no further.  Check out these amazing models with stylish designs and all the Enterprise security, management, and an infrastructure integration (Exchange, Rights Management, Sharepoint, Office Communications Server, Systems Center Configuration Manager, Systems Center Mobile Device Manager, etc.) that you’d expect from a Windows Mobile device!

————————

Sony Xperia X1

• Carrier TBD
• Windows Mobile 6 Professional
• UMTS/HSDPA/HSUPA (850/1700/1900/2100MHz)
• VGA 800×480
• 3.2MP Camera
• Bluetooth & Stereo Bluetooth A2DP
• Assisted GPS
• WiFi
• MicroSD
• 400MB RAM

http://www.engadget.com/2008/02/10/sonyericsson-xperia-x1-qwerty-with-windows-mobile/

—————————

HTC Touch Pro Diamond

http://www.engadget.com/2008/06/04/the-htc-touch-pro/

—————————

Palm 800w

http://www.engadgetmobile.com/photos/verizon-slide-deck-reveals-verizon-i770-palm-800w-fun-facts/835635/

—————————

Samsung i770

• Verizon Wireless
• 1xEvDO & Rev-A/GPRS
• 256MB Flash/128MB RAM
• Windows Mobile 6.1 Professional
• WiFi – 802.11b/g
• BBAC Bluetooth & cable support
• External Memory/MicroSD
• Bluetooth v2.0 & Stereo Bluetooth (A2DP)
• 2MP Camera
• LBS/VZ Navigator (GPS-like functionality)

http://www.engadgetmobile.com/photos/verizon-slide-deck-reveals-verizon-i770-palm-800w-fun-facts/835627/

—————————

Samsung i900 Omnia

• Carrier TBD
• Windows Mobile 6.1 Professional
• 3.2-inch WideQVGA display (240 x 400 pixels)
• Optical Mouse (like on i780)
• 5.0MP Camera with Face & Smile detection & auto-panarama shot
• GPS with Geotagging integration with camera
• Two memory models:  8GB & 16GB
• MicroSD
• Quad-band GSM/GPRS/EDGE support plus HSDPA 7.2Mbps
• WiFi
• Built-in accelerometer for automatic rotation of the UI based on handset orientation
• FM Radio with RDS
• Stereo Bluetooth (A2DP)

http://www.gsmarena.com/samsung_i900_omnia_announced_live_pics_inside-news-519.php

Ooh.  Nsoftware is giving away these cool PowerShell laptop stickers.  Talk about jumping on a niche and running with it.  Even I want one.

Nsoftware is a company that manufactures a product called NetCmdlets for PowerShell which expands the power of PowerShell through a set of network management and messaging capabilities.

Apparently they’ll even give you a free “hobbyist” copy/license if you order their bumper sticker/laptop sticker.

LINK: http://www.nsoftware.com/PowerShell/promo/

[taken from the Windows Live for Windows Mobile Team Blog]

Wait no more! The latest bits for Windows Live Client for your Windows Mobile are available for download. To get yours now, point your mobile browser to http://wl.windowsmobile.com

If you have Windows Live already installed on your device, you will need to uninstall it first. To do that, go to Settings->Remove Programs, select Windows Live entry from the list (if any) and click Remove. If you don’t find Windows Live on the list, then you are good to go.

With Windows Live client you will be able to:

• Synchronize Live contacts with your contacts on the device
• Synchronize your Live email (msn, hotmail, live)
• View graphics, web links and contact photos in emails
• Respond to emails with voice recordings
• Upload photos to your Windows Live Spaces

Go ahead, give it a try and let us know what you think!