Have been running this on Oracle VirtualBox (in 64bit mode using Windows 7 as host) I won’t re-invent the wheel and do a full review – lots of that already out there – eg http://www.pcadvisor.co.uk/reviews/windows/3284198/microsoft-windows-8-review/

Not finding the user experience that great – I hope they are going to do a fair amount of polishing before this gets released! Anything that requires an official blog post this long to explain the basics of how to use it with a keyboard and mouse has to be a bit worrying?

Great post on the Guardian that sums up similar thoughts to me nicely: http://www.guardian.co.uk/discussion/comment-permalink/14922607. Reading through the mixture of comments makes me think that Windows 8 should be renamed Windows Marmite!

Will be interesting to see how things play out here – will MS just get sidelined by another wave of Apple product adoption (this time more mainstream desktop users at home and in the office) or will this work and they manage to cling on to OS dominance – only time will tell!

I think this is a silly move – surely one of the things that keep people tied to Windows is the fact that they know how to use it. If they (badly) copy Mac / Linux and force people to re-learn how to navigate the OS won’t more people just switch to Mac/iPad and Linux? Especially given Android’s recent successes, and the continuing Apple obsession?

Just need Google to ditch the cloud obsession from their Chromebook / Chrome OS or create an Android for PCs to accelerate it…

I hope for MS sakes they keep an option in to make the OS look like Windows 7 – eg a basic theme?

Originally wrote this back in April 2011! Being a dad doesn’t allow much time for blogging! In fact I am tempted to shut down this blog (given my usage of twitter, linkedin and FB means it gets less of a look in these days) – or move it to the cloud…

Good Stuff

Sony Vaio SA Core i7 laptop – will post a separate review in due course, but this is a really nice machine for Windows 7 (and running a couple of other OS via VirtualBox!) upped mine to 8GB RAM – amazingly quick, small, light and very good battery life on stamina (only downside – can be a but noisy / hot in speed mode under load).

Flat Ethernet cables – awesome – see my other post about home AV setup – but they are great for running under carpet, laminate through closed (and locked) window openings!).

Google Chrome Browser – very fast (makes even Firefox feel sluggish, and IE is distinctly snail like in comparision), robust and now it has plugins its great – my main browser at home.

Blackberry Bold – call me a luddite (and behind the times given the recent down with RIM news that is all over the media) but I like a good straightforward work phone, no touchscreen just a plain old qwerty keypad for quickly typing out emails and texts and amazing battery life. Oh ok so yes I wouldn’t say no if work offered me an Iphone instead…!

Amazon selling laptop batteries for £20 – with the SSD drive and upgrade to Win7 my 4 year old Vaio  is running really well (update – well it was! Its now been replaced with an SA Series Vaio – now gets used when the daughter is around and don’t want to risk the new one getting attacked!).

HP Elitebook laptops – have had a Tablet and a 14″ laptop and both have been excellent. I will be disappointed if HP do drop their PC line – they do some good (if perhaps a little bulky by today’s standards) kit.

Bad

Going back to XP and Office 2003 at work, although I have now managed to get up to 2007 which is a relief! Windows 7 should come later in the year fingers crossed!

SSD Hybrid hard disk drive – good idea in principle but needs to mature a bit (friend had one fail on him with medium term use, might have just been a dodgy one though).

You may not be aware that you can use a Playstation 3 to act as a media streaming/playback client using a system called DNLA (also known as uPNP). This allows you to view content on your computer on your main TV in HD. Windows Media Player can act as the “Server” portion but its not ideal for connecting to the Playstation.

Crude diagram here, might expand this with my full setup when I get a chance:

I have been trying to get this working for a while. Essentially the plan is to get access to downloaded videos, videos from my camcorder (now HD) to save burning it to DVD or Blu-Ray and also access my photos and music collection from my Ubuntu Linux server that holds all my content (on a RAID 1 mirrored disk setup) to my TV and home cinema/HiFi setup.

Last time I tried to use a small command line utility and my PS3 was only connected via Wireless to the Server – the result was stuttering music let alone videos. So its something I gave up on for the time being.

Recently I have been able to overcome this as I have discovered flat gigabit ethernet cables that I can run out of my double glazed windows (even when shut!) so I have hacked a gigabit backbone that connects my TV and AV kit (including PS3) to my Linux Server (in fact the very one that served this blog page to you) that hold gigabytes of multimedia (now there’s a word you don’t hear much these days!)

Also discovered http://code.google.com/p/ps3mediaserver/ which is a great Java based server component for PNP based streaming – as the name suggests its specifically designed for connecting the PS3 up to content…

Hey presto excellent quality video (including 1080p video) and music on the TV / HiFi!

Next to work out how to get my iTunes (stuff that only plays on iTunes rather than MP3s) music across and available to the PS3. I have moved and shared the my iTunes media folder (as have that on the network too – as per these instructions – http://lifehacker.com/230605/hack-attack-share-your-itunes-music-library-over-your-home-network - so I can re-use iTunes across different machines – and keep it backed up).

I also recently attended the excellent Zapthink SOA and Cloud course in Amsterdam – so I am now a Licensed/Certified Zapthink Architect!

Zapthink course (creating a SOA implementation roadmap), my colleague Martin is on the left

Time for a change?

In the continued difficult financial climate will organisations continue to have the appetite and budget to  invest in large scale greenfield COTS IT projects and licensing? e.g. Large scale commercial enterprise systems such as ERP? And what’s the next success for Open Source Software (OSS)?

Is the future a more incrementally / agile delivered open source, best of breed systems? Rather than big monolithic, generic packaged software that does everything ok but doesn’t excel at much if anything. And worst of all, often requiring the business to change its processes to fit the software.

Instead I am thinking of solutions that are developed on Open Standards / common platforms (eg J2EE) using common / standards based middleware and the XML family of technologies  to connect them together. Of course there is a risk that if you pick and choose lots of niche software that serves its job well then you can end up with a big mess of spaghetti integration and duplication. But that is where effective Architecture, standards and Governance comes in; to keep things on the right track and aligned with business priorities.

Certainly the agile (iterative) methodology seems to be taking hold in larger companies, although waterfall still seems to be favoured in government – due to the perception that it will result in a fixed cost (shame that too often it doesn’t deliver successful results as its too rigid, ends up costing far more through cunning use by the vendor of change control and depending on the project the initial build can be as little as 10% of the total costs in any case).

What about the cloud? Isn’t that supposed to reduce costs…

I think many in the IT industry (well vendors anyway) right now would argue that the answer to this is delivery via the cloud using a pay as you need it service based model (to get away from having to make the big upfront investment in hardware and licensing). I guess this is an option but I think most large businesses (who have the budgets for the larger IT projects) are looking at the cloud quite sceptically, waiting for it to mature beyond e-Commerce and online type applications and add the required security and reliability that is needed. Keeping things in their own data centre and exploiting virtualisation to optimise costs at the Infrastructure layer. Cloud as your Disaster Recovery (DR) / Data Archiving environment looks like one of the most compelling use case so far.

I am seeing some suggestions that organisations would like to adopt this approach in some areas (eg Integration). In fact one of the places I worked in the past built its own home grown ERP / eLearning platform on Open Source. In my current role we are looking at Open Source alternatives – particularly for Integration and Infrastructure glue.

Its interesting to see how the adoption of Open Source has matured – from just the Linux OS used for servers, Linux + Apache for static web moving towards LAMP and other Apache projects such as Tomcat etc even more so with “Web 2.0″. Data Integration / ETL is a big area for OSS – eg Talend, ActiveMQ, Glassfish. J2EE is a big success story too.

And of course now with Android OSS has finally come into contact with the casual end user (rather than the techies like me that run Linux on the desktop). This was brought home to me the other day when a completely non IT friend showed me his Motorola Xoom and was extolling its usability etc.

Interesting times. Wonder where OSS will infiltrate next? I guess the answer is probably wherever it can disrupt the marketplace in a engaging way for the consumer, or with a commercial model that is compelling to business/IT decision makers.

Came across “TOGAF 9 in pictures” available on http://www.orbussoftware.com/downloads which is a really effective way of getting to grips with the core concepts.

Also (on the same site) found a stencil for ArchiMate; Archimate is a means of standardising the way that Enterprise Architecture is defined at a high level. Chapter 2 of the specification makes good reading – has a nice summary on why EA: http://www.opengroup.org/archimate/doc/ts_archimate/index.html

From my research IT Architecture (in particular Enterprise Architecture) still seems to be something that different people and organisations view differently – in particular role definitions / responsibilities seem to vary massively. I also fear that often the goal behind EA initiatives aren’t clear enough and some organisations just want to “tick the EA box” rather than get true value from it.

I have a workbook for work and one for personal tasks and sync the workbooks between my home and work folders which is really neat. I have been using this setup for several months (mostly using the keyboard although sometimes in meetings the stylus is a faster and easier way of capturing thoughts and diagrams).

Visio 2010 is pretty cool tool, I would have to say that Windows 7, Visio and OneNote are my top 3 Microsoft products right now!

Visio 2010 even has support for Inking and Multi-touch – http://blogs.msdn.com/b/visio/archive/2009/12/18/visio-2010-better-with-windows-7.aspx and the MS blog  has some other pretty handy tips: http://blogs.msdn.com/b/visio/

Firewalls and Port Access

Firewalls and access to ports – one of the most obvious – but you need to consider whether the risk profile requires one or 2 levels of hardware firewall, or whether iptables is sufficient. Can you lock down the environment such that you only expose port 80 or 443 to wider internet and create a restricted IP address based white list for administration (eg SSH access)? On many of our Architectures we only expose the load balancer(s) and or proxy layer to the internet, everything else is not available at all to general IP addresses across the internet.

If you do have to have SSH open to all make sure that you install denyhosts (which helps to prevent SSH brute force attacks by adding persistant bad username/password attempts to /etc/hosts.deny – preventing access from the offending IP address)

Cross Site Scripting (XSS) and SQL Injection vectors

Check that your application does something sensible if someone attempts to put javascript into text input boxes. Check that putting in something like:

“><script>alert(‘If you see this in an alert box there is a XSS vector in your application’)</script> into a username box (for example) does. If it brings up an alert dialog you know you have a problem. See the  XSS Wikipedia page for more info.

Similarly for SQL – if you put in rogue SQL key words does it mess with the SQL that is run? Do something non- destructive (particularly if you are spot checking a live web site environment!) A good example I like to use is can I add parameters to a where clause to see data I shouldn’t be able to see.

Personally I prefer 2 levels of checks for SQL Injection and XSS type code in application input: – one at the application input layer (eg sanitising user input asap) and another at the database interface / wrapper layer to ensure nothing nasty can get sent to be stored or messed about with on the database tier.

Server Hardening / Configuring

Ensuring the server is setup and configured properly

Google for and check the hardening guide for the operating system for recommended steps.

Ensure that security updates are being applied on a regular basis.

Ensure that anti-virus software is installed (for the Linux Platform ClamAV is an option)

Review (and peer review if possible) the configuration files for the main services on this box – for LAMP this means a minimum of:

(You can run locate <name of config file> to check where it is located)

• /etc/ssh/sshd_config

• php.ini

• httpd.conf / apache2.conf (depending on how the server is configured) and configuration files for virtual hosts / SSL configuration

• my.cnf (or other database config)

• Load Balancer config files (for Pound this is typically /etc/pound.cfg)

These checks are particularly important if you are having a white box review of your system (where you give the SSH login details to a security tester to check the configuration).

Pre test checks

Before you hand over the system to the Internet Security guys run some of the kinds of tools that they will be running yourself to see what is available. As a minimum run an NMAP command against your ip addresses:

nmap -A -vv [IP Address]

And see what ports (and information about the ports) is returned. Also check if NMAP can enumerate what Operating System and Versions of Web Server software is running (can you do anything to remove version numbers or product names?)

These days  I like to use Backtrack (a Linux Distribution design for security testing) for security checks. I am running it as a Virtual Machine from with my Windows 7 machine (http://g0tmi1k.blogspot.com/2010/01/tutorial-video-how-to-install-backtrack.html as a useful video for getting it set up).

I could probably write all day about security but hopefully this gives a feel for the key aspects. Would be interested to hear anyone’s tips or must dos for LAMP security.

My daughter Ella Cronk was born on the 28th Oct – a few days early! 1st Nov was due date. She was 6lbs 13. Now weighs 8lbs at time of writing.

Pregnancy & Birth were pretty straightforward but the first week wasn’t! In particular breastfeeding and weight loss.

Learnings:

• Even if you plan to Breastfeed, have some ready made UHT formula on hand. We’ve been using Aptimil to great success (recommended and used by the NHS near us).
• The books and advice don’t always work – take a blend of things and decide for yourself what is best.
• Be prepared to get your baby cooler if she is too sleepy to feed at least once every 3 hours or so.
• Nappy changes aren’t as bad as I thought they would be – in fact in most cases they are a nice opportunity to have some awake time with a newborn (they will spend a lot of time asleep).
• We quickly learned that Medela kit for breast feeding is very good (as is the Philips Avent stuff according to friends and NHS staff). We’ve binned most of our Tommy Tippee stuff. This Amazon review (and the fact that its been reduced so heavily and the Medela hasn’t) says it all:

http://www.amazon.co.uk/product-reviews/B002HMNGFA/ref=dp_top_cm_cr_acr_txt?ie=UTF8&showViewpoints=1

The good review says its not noisy – I don’t think they have have seen (and not heard) a Medela – ie you really can’t hear them – my wife and I have fallen asleep whilst its been on! No way that would happen with the TT one. We only got one use out of the TT before it stopped working.

Will try and keep up with the occasional new dad blog post if time allows!

Off to Wales for a cheeky short Mountain Biking blast (my first exercise since Ella arrived)!

The Dual Core Opteron box this blog used to run on will now only be powered up when I am experimenting with Server Operating systems (will be re-built as VMware ESX host).

Getting in some IT geekery before my life gets turned upside down!