Archive for September, 2007

http://www.pcretailmag.com/news/28749/Microsoft-hand-out-XP-to-Vista-haters

Buyers of laptops with Vista Business or Ultimate editions installed will find they have the option to downgrade to XP as part of a scheme that Microsoft would prefer to be kept quiet.

Even though the company is pushing the Vista operating system hard, it has made an announcement via the Lenovo website, which sheepishly states that: “For a limited time only Lenovo customers that have Windows Vista Business or Ultimate installed on their machines will have the chance to purchase a Windows XP Recovery CD.”

Fujitsu, however, has taken disgruntled Vista users a bit too seriously and will be compensating by including a copy of Windows XP in the box with their laptops and tablets.

“That’s going to help out small- and medium-size businesses,” Fujitsu marketing manager Brandon Farris told CNET News.com.

Interesting article, dependent on my mood I move between feeling positive about Vista to my memories of spending £200 or so on Vista, finding it to be rather argumentative and slow on my Dell D505.

Let’s remove the emotion, for the business customer who’s got supported images, they’ll rebuild the laptop anyway with the standard build, for the small business, they’ll go with whatever the IT guys are comfortable with. Including XP in the box/on the drive is simply a tactic I suspect to limit debate, don’t want Vista, then fine, the cd’s in the box, fill your boots.

We’ll need to see going forward with Vista SP1 whether this activity continues, as much as I love XP (particularly on those pcs a bit too old for Vista but fine otherwise like my P3 X30 ThinkPad), it’s getting on a bit.

http://ap.google.com/article/ALeqM5gqCosrdLVqek0gxcf9tnSNXSZ0Qw

NEW YORK (AP) — Three spreadsheets containing more than 5,000 Social Security numbers and other personal details about customers of ABN Amro Mortgage Group were inadvertently leaked over an online file-sharing network by a former employee.

Tiversa Inc., a Pittsburgh company that offers data-leakage protection services, traced the origins of the ABN data to a Florida computer with the BearShare software installed.

BearShare, LimeWire and scores of other programs are designed to distribute and find songs, movies and other files over the Gnutella file-sharing network.

Tiversa Chief Executive Robert Boback said file-sharing programs are commonly misconfigured to share documents their owners never intended to make public.

This highlights the need for data security within an organization, obviously it’s an issue that’s industry wide, and regardless of what processes there are, you can only limit your liability, your exposure so far, ensuring though that you follow due diligence, IT governance is a way of not only (ideally) preventing it, as well as showing from an audit/liability/compliance angle that you did everything possible to contain customer data. Remember a small article discussing customer data loss can easily end up in the news, leading to damage of your brand, your business.

http://www.infoworld.com/article/07/09/24/39FE-virt-case-credit-suisse_1.html

With 20,000 servers to manage, financial services powerhouse Credit Suisse had a long list of reasons to consider server virtualization: reducing the number of physical servers to manage, cutting power needs, improving software provisioning time, and deferring expensive datacenter buildouts. But it also needed a clear set of guidelines to determine when to virtualize, plus a clear set of procedures for managing a virtualization initiative.

Credit Suisse began by eliminating servers as candidates for virtualization. For example, the company had already created server efficiencies by sharing instances of Web servers on one box and sharing databases on another box — both time-honored, proven techniques, notes Stephen Hilton, managing director for enterprise server and storage. “Putting a hypervisor there doesn’t necessarily help you,” he says, because Credit Suisse had already raised utilization rates and reduced hardware needs for those applications.

Other sets of servers just didn’t make sense for virtualization, Hilton says, including I/O-intensive servers, servers with specialized add-on hardware, and servers whose transactional applications had very tight processing windows, where the overhead of virtualization added milliseconds that would cause timing problems.

That still left a large pool of virtualization candidates — about 10,000 servers, in fact, most running either Windows or Solaris. In general, their utilization was low, particularly those used in development and test environments where, in both cases, the boxes tended to have more horsepower than needed. That low utilization is apparent in Hilton’s expectations of how many VMs he will get per physical server: at least a 20:1 ratio for servers in the development environment; 15:1 to 10:1 for the test and disaster recovery environment; and 5:1 in the production application environment. Hilton’s team is now in the process of virtualizing these servers, with plans to be done with 5,000 by early 2009.

The group has already virtualized 1,000.

Check out this great article illustrating how Credit Suisse has used virtualization as a tool for consolidating the server infrastructure, it also discusses how they went about it etc.

http://www.computerweekly.com/Articles/Article.aspx?liArticleID=226960&PrinterFriendly=true

Newham Borough Council has delayed a major desktop roll-out after hitting a barrier in its 10-year strategic relationship with Microsoft and Hewlett-Packard.

The council has put back the deployment of Windows Vista in its new 1,500-desktop corporate head office by 12 months, because of a lack of Vista-certified applications from its third-party suppliers.

As a result, Newham will incur the cost of deploying XP in the new office, only to have to upgrade the machines to Vista at a later date. The council will now roll out Windows XP in March 2008 instead of Vista as originally planned.

Let’s not get too worked out, Vista has a few issues, application certification for your operating system is important, but ultimately you need to establish what’s good for your business, accept/sign off the risk, that an application isn’t ‘Vista certified’, is often more a badge than anything else, I’ve had similar issues with the Windows server operating systems.

Vista is settling down, Microsoft continue to improve it, and hopefully with the new service pack which I’ve been hearing about, performance and reliability should improve.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1001724

This patch fixes the following security issues:

• Fixes a security vulnerability that could allow a guest operating system user with administrative privileges to cause memory corruption in a host process, and thus potentially execute arbitrary code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following name to this issue: CVE-2007-4496.

Thanks to Rafal Wojtczvk of McAfee for identifying and reporting this issue.

• Fixes a denial of service vulnerability that could allow a guest operating system to cause a host process to become unresponsive or exit unexpectedly. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following name to this issue: CVE-2007-4497.

Thanks to Rafal Wojtczvk of McAfee for identifying and reporting this issue.

I was reading an article talking about the need to secure the VMWare servers, and it mentioned a new security vulnerability identified on Friday, check it out. Securing the VMWare ESX servers is just as important as patching the virtual or physical windows/linux/unix servers, in a virtualized world you could argue it’s even more important as one physical asset could cause disruption to several business lines/applications (arguably as could any share infrastructure).