November 2006

The Apple Support page that describes the firmware update states that after the update, the Boot ROM Version will be reported by System Profiler as MBP11.0055.B08 (for 15-inch MacBook Pros) or MBP12.0061.B03 (for the 17-inch MacBook Pros).

OK, fair enough—but System Profiler on my 15-inch Core 2 Duo-based MacBook Pro reports the Boot ROM Version as MBP22.00A5.B00.  Now, unless I’m reading that wrong, that would appear to be a newer version than what the firmware update is reporting.  That, in turn, implies that the newer MacBook Pros should not apply this firmware update.  However, that information is not disclosed anywhere that I have yet seen.

Does anyone have more information on this?

There were two concerns I had about buying a MacBook Pro, neither of them huge concerns but sufficient enough nevertheless.  The first was the heat; there were just so many reports of MBPs running hot.  (Yes, I know that this was primarily early-run MBPs.)  The second was the performance of non-Universal applications.

I’m happy to report that both of these concerns are unfounded.  I’ve had my MBP under some fairly significant loads in the last few days; just today, for example, I had VMware Fusion running (with a Windows XP Professional VM running Visio 2002 Professional), Mail, iCal, Camino, NetNewsWire, Address Book, Terminal, Microsoft Word, ecto, and four Remote Desktop Connection sessions all running simultaneously.  The MBP was a very warm above the keyboard, but not any more so than my old PowerBook G4 and certainly not enough to make me really worried.

Even on previous occasions, when I’ve had Cyberduck, multiple SSH sessions and tunnels, X11, and tons of applications open, it still hasn’t gotten hot enough for me to be concerned.  Warm?  Yes.  Overly hot?  Not in my opinion.

The second concern, the performance of PowerPC applications under Rosetta, has proven not to be a real concern either.  It’s true that the applications are a bit slower than Universal applications, but the non-Universal applications that I run aren’t heavy hitters like Photoshop or Illustrator.  Therefore, the performance penalty isn’t really a big deal for me.  If these applications were my lifeblood, then I would certainly be more concerned.  Dealing with a minor slowdown in Microsoft Office isn’t enough to really be worried about (at least, not for me).

Battery life has been good, a bit less than I had hoped but I haven’t really had time to train the battery yet.  The wireless range and performance is also good.  I’m also really pleased with the brighter display and the higher resolution, the backlit keyboard, and two finger scrolling.

Overall, I’m very happy with the new laptop.

As a system administrator, no doubt you’ve had the occasion where you’ve needed to review the security event log on a server or a domain controller to retrieve information about when a particular user logged in or logged out.  It’s a time consuming and laborious process.  Or it was, until now.

Try this Log Parser command on for size:

logparser -i:evt -o:csv "SELECT TimeGenerated AS LogonDate,
EXTRACT_TOKEN(Strings, 0, '|') AS Account INTO filename.csv FROM
\Server1\Security, \Server2\Security WHERE EventID NOT IN
(541;542;543) AND EventType = 8 AND EventCategory = 2

Whoa!  That’s quite a command.  Let’s break it down just a bit:

• The “-i:evt” and “-o:csv” options specify the event log input format and the CSV output format, respectively.
• The TimeGenerated field is selected and presented as LogonDate, and the EXTRACT_TOKEN function is used to extract the username from the event text and present it as Account.
• The results from the query are placed into the file named filename.csv.
• Next, we specify the servers and event logs we’d like to include in the query.  Here you can specify as many servers as you’d like (within reason, of course), just tacking additional servers on in front of the WHERE clause separated by commas.  In the example above, we’re looking only at the Security logs on Server1 and Server2.
• Finally, we restrict the results with a WHERE clause that specifies only events with a type of 8 and a category of 2 that are not event codes 541, 542, or 543 should be returned.

That’s pretty cool, but it returns “logon” events by computer accounts as well, including the local computer account.  To filter that down to only user accounts, we’ll trot out our favorite text filtering tool and a simple regex:

grep -v -E \$$ filename.csv > filename2.csv

This command returns all the lines that don’t end in a dollar sign (as a computer account in Active Directory would end in a dollar sign).  Make note that your particular version of grep may use slightly different parameters or syntax.

Just to give you a slight idea of how useful this technique can be, I managed to parse over 600,000 security event entries in less than a minute and a half with this command.  Beats the heck out of searching through them manually, doesn’t it?

The Secunia advisories (ESX 2.x here and ESX 3.0.0 here) are dated today and were brought to my attention via Thincomputing.net.  Updates are available for both ESX 2.x (2.0.2, 2.1.3, 2.5.3, and 2.5.4 all have updates available) as well as for ESX 3.0.0 (please note that ESX 3.0.1 is not affected by the same vulnerability).

More information on the fixes (and the associated flaws or vulnerabilities) can be found in the original VMware advisories:

VMware ESX Server 2.0.2 Upgrade Patch 2
VMware ESX Server 2.1.3 Upgrade Patch 2
VMware ESX Server 2.5.3 Upgrade Patch 4
VMware ESX Server 2.5.4 Upgrade Patch 1
ESX Server 3.0.0 Patch ESX-2533126

Here is where the beauty of VMotion comes into play.  So you’ve got a farm of ESX servers running a boatload of virtual servers, and need to take the ESX hosts down to apply this patch, right?  No problem…just VMotion the virtual machines on one host off to another host, apply the patch, and reboot the host.  When that host comes back up, repeat the process with another host, and then another, until all your ESX servers are patched.  The users will never even know that anything was happening.

I suppose it could have been worse; I could have gotten in a car accident, been injured, or any number of things.  So, it’s important to keep that in perspective.

Still, it was a really bad day.  First, I overslept this morning because I turned the alarm off after my wife left for work (she had an early shift today), so that put the whole morning into a tailspin as I tried to recover.  Once at work, I had so much catching up to do after spending last week in Los Angeles at VMworld 2006.  Then, I found out that two of my virtual servers in the VMware farm were corrupted because we had a power surge while I was out last week; that meant I had to rebuild two servers (a remote desktop-type server and a mail server).  Fun.

I run home from work only to have to turn right around and go to a PTSA executive board meeting.  However, the night doesn’t end there; it would appear that during the meeting, a pipe burst under the house and nobody noticed until a couple hours later when I got home.  By that point, almost the entire crawl space was flooded under a couple inches of water.  Oh, joy.  Hence the title of this post—soaked.

As a result I get to spend the rest of the evening with a Shop Vac sucking water up and pumping it outside.  Tomorrow I get the unique pleasure of attempting to fix the problem that caused all this grief.

Needless to say I’m tired, I’m hungry, and I’m frustrated.  Time to go to bed and take care of the tired part, at least.

Of course, I’ve done the requisite Google search, which turned up a few hits.  Most of them suggested a rebuild of the mailbox, which I’ve done.  No change.  I’ve also tried forcing Spotlight to re-index the mail data (via “mdimport -f ~/Library/Mail”).  Also no change.  It’s funny because using the Spotlight menu works just fine, and will return mail messages that contain the requested text.  It’s just the search filter in Mail.app that appears to be affected.

Hmmm…that’s interesting.  While sitting here typing out this post, I went to verify that the Spotlight filter for Mail was being loaded and used.  Although the Mail.mdimporter file exists in /System/Library/Spotlight, the “mdimport -L” command doesn’t list it.  After copying the file over to /Library/Spotlight, the “mdimport -L” command does list it.  How odd—why would Spotlight pick up importers in one location, but not the other?

OK, so I copied the file over to /Library/Spotlight, the “mdimport -L” command shows the Mail Spotlight importer, and I just re-indexed the Mail files with “mdimport -f ~/Library/Mail”.  Still no go.  What is up with that?

Anyone have any ideas?  I’m open to suggestions.

UPDATE:  Finally fed up with the situation, I took matters into my own hands and fixed the problem.  First, I forced Spotlight to re-index the entire hard drive by adding it to the exceptions list, then removing it.  After that process was complete, full-text searching in Mail.app worked, but the MailTags stuff stopped working.  Fortunately, the MailTags FAQ pointed me in the right direction—I just needed to copy the MailTags Spotlight importer into ~/Library/Spotlight (instead of /Library/Spotlight or /System/Library/Spotlight) and forced a reimport.  Problem solved!

Tuesday night we drove from downtown LA to Covina, a suburb east of LA where I lived as a kid.  After some initial difficulties (it turns out my parents’ directions weren’t as good as we thought they were), I managed to locate the house and the neighborhood in which I had lived for most of my childhood.  It was amazing to see how much the neighborhood had changed over the last (almost) 30 years, and yet how much it was still the same.  I had expected that the neighborhood would have changed so drastically that I wouldn’t recognize areas, but that was not the case.  Unfortunately, due to traffic on the freeway headed east out of LA, it was dark by the time we arrived in Covina, and so I wasn’t able to get any good pictures of the old house or the old neighborhood.

We did, though, get a chance to eat dinner at the North Woods Inn of Covina, a place where I had eaten numerous times as a kid.  It also turns out that the waiter that served us at dinner had worked there many years and remembered some of the same things that I remembered, like the stuffed black bear that used to be positioned behind the entrance to the restaurant.  (I remember being startled by that bear when we visited the restaurant.)  It was pretty cool.

The next day my wife drove out to find her old home in Corona, which is farther to the east and the south of Los Angeles than Covina.  Again, amazingly enough, she was able to locate her old home and found that the house and the neighborhood looked much the same as it had when she left.  I wasn’t able to go with her (I was at VMworld), which really stunk, but I’m glad she was able to go.  Two down, one to go.

As it would work out, we were unable to find the third home we were looking for, and it was the one that my wife had really wanted to find.  She’d lived for a time in Colton, but when we arrived in Colton on Thursday we couldn’t locate the area where her house had been.  We’re not sure if the roads had been renamed or renumbered, but the area where her old house should have been was now a Catholic church and cemetery.  We did manage to find a couple of landmarks that she recognized, but no luck finding the home itself.  After a while driving around Colton, we returned to Los Angeles and went back to the hotel.

All in all, we’re glad we took the time to go back home again.  It’s not every day that you get the chance to go back to someplace you lived 20 or 25 years later and see how things have changed (or haven’t changed).

Given that my employer is a big partner of both VMware and Network Appliance, I was particularly looking forward to the session on using NetApp SnapMirror to provide business continuity/disaster recovery for virtual machines hosted on ESX Server.  Unfortunately, the session turned out—in my opinion, at least—to be more marketing fluff than solid technical information.  I did pick up a couple of useful ideas and a few technical tips, but it wasn’t as technical as I had hoped it would be.

It actually turns out that many of the sessions to which I had looked forward turned out not to provide as much “technical meat” as I had hoped they would.  That’s not to say that they weren’t helpful, since I was still able to glean some useful ideas and helpful tips here and there.  For example, while the command-line session I attended on Day 1 didn’t unveil any major information I didn’t already know, I was able to pick up a couple of useful tricks (like Tab-Tab to show all possible commands that match what you’ve typed—of course, this is a shell feature not a VMware feature).  Likewise, in the NetApp session I mentioned earlier, their discussion of the use of tiered storage (classified as gold, silver, and bronze) and the construction of service levels and service management around those classifications was a pretty good idea.  Even so, I had really hoped that the sessions would be much more technical in nature than they were.

Next year (assuming I get the opportunity to attend), I’ll probably focus almost exclusively on the “internals in-depth” sessions.  The networking internals session I attended was very informative and very technical and helped deepen my understanding of how VMware’s networking infrastructure actually works.  For me, at least, having a deeper understanding of how it works means that it is easier for me to find new ways of utilizing the functionality or integrating the functionality into a customer’s existing infrastructure.

Oh, and the VCP exam?  I passed.  Woo hoo!  (And I got a nifty lime green T-shirt to boot!)

The majority of the keynote was handled by Mendel Rosenblum, cofounder of VMware and an operating system researcher who also teaches OS classes at Stanford University.  Mendel spoke at length about the functions of the virtualization layer and how those functions might be extended and/or enhanced.

While nothing was officially announced, Mendel did demonstrate the idea of using the virtualization layer to capture or record a stream of execution by a virtual machine (VM).  This stream of execution could then be replayed against another VM, which he demonstrated using a prerelease version of VMware Workstation 6.0.  This has immediate implications for OS forensics, but I also see tremendous implications in BC/DR (business continuity/disaster recovery).  Think of the idea of a VM running on a virtual infrastructure in one datacenter, with a stream of execution on that VM being shipped across to a hot standby VM in another datacenter in an entirely different city.  It’s like using SAN replication between geographically separate datacenters, but includes real-time changes to memory state and CPU activity—not just disk changes.  That’s very exciting stuff.  The possibilities of what could be done with that kind of information are almost endless.

After Mendel concluded his speech, a group of academic researchers took the stage to discuss the future of virtualization.  Mendel was included here again, as were researchers from Columbia University and the University of Wisconsin, among others.  It was an interesting discussion with a variety of other viewpoints regarding virtualization and where it may head in the future.

One thing keeps popping into my head, though, and it was something mentioned during my BoF discussion at breakfast.  Twice during the VMworld 2006 conference the idea of taking a hosted desktop (hosted in a VDI-type scenario) offline to be used on a local system has been mentioned.  Is this the next direction for VMware ACE?  To me, making a connection between VDI and VMware ACE such that ACE images could be hosted on an VI3 farm and then “checked out” to be run on a local workstation when the user is away is a powerful and compelling innovation that I think would really change the picture of VDI and VMware ACE today.  ACE is a great idea, but companies just haven’t gotten ahold of it.  Could a connection between VDI and VMware ACE drive greater adoption?  Is this also related to the push on virtual appliances, further reinforced by Mendel Rosenblum’s mention of virtual appliances to handle desktop images today during the panel discussion?  Put your two cents’ worth into the comments and tell me if you think I’m on to something or if I’m just crazy.

Don’t get me wrong, here—“bad” is a relative term.  It’s just that some of the presentations were really top-notch, and some of the presentations were…well, not.  Some speakers clearly had been “on platform” before, but others just as clearly had no prior platform experience as a speaker.

After the general session ended this morning, I went into one of my two hands-on labs, this one focused on VMware Consolidated Backup.  The lab staff were very technical, very understandable, and appeared to be quite approachable.  The problem was the lab materials.  They were unclear and inaccurate.  Normally this wouldn’t be a problem, especially if the instructors know the material inside and out.  Unfortunately, the VMware instructors weren’t as knowledgeable about the lab materials specifically (and the steps defined in the lab manual) and this showed through in the final presentation.  This is not to say they didn’t know the product—they just weren’t familiar enough with how the lab was supposed to run.  In addition, they were trying some new stuff that had never been done before, and so there were some glitches here and there.  Having been an instructor myself, I could certainly empathize with them as they struggled to work through the glitches with the lab procedures.  However, VCB (VMware Consolidated Backup) is a very cool technology, so that makes up for whatever glitches we ran into during the lab.

Then off to grab some lunch, and into a session on troubleshooting VMware.  I was really hoping for some additional in-depth information on extra troubleshooting tools, some hidden commands or features.  Instead, there was too much of the same old information being rehashed again.  Accurate information, yes, but information that I think most everyone already knew.

I wrapped up the day with a session around VMware command-line tricks.  This presentation was lively, entertaining, and quite informative (like a presentation should be).  I gleaned a couple of useful tips but unfortunately did not find an answer to a problem I’ve been running into with vmware-cmd (where it reports an error trying to disconnect a device from the VM).  I’ll have to keep working on that one.

More information tomorrow…