Category Archives: General Tech Stuff

I have had a blast on our DC trip making panoramic photos with Microsoft’s Photosynth application. The basic idea is simple: you point your iPhone at something, move it according to the on-screen prompts, and get a beautiful panorama when you’re done. Here’s an example: the Great Hall at the LIbrary of Congress.

Photosynth makes it really easy to take panoramas, and it does a fine job of stitching them. I’d love to see this app running on a device with a better camera (hint, hint, Windows Phone 7 from Nokia…) but it’s well worth the price: $0.

If you want to see the panoramas I’ve created so far, they’re here.

I couldn’t take it another minute– my old MoveableType blog was full of bugs, misfeatures, and poor implementation choices. I decided to start over with WordPress, so here I am!

I’ve been trying to make time to deploy Windows SharePoint Services 3.0 and Search Server Express 2008. This week I finally got around to it, but then I decided "hey, why not go with the shiny new 2010 versions instead?"

Thus it came to pass that I installed SharePoint Foundation 2010 and Search Server Express 2010 on our application server.

I’ll preface the rest of this post by saying that I don’t know jack about SharePoint. I have actively avoided it, in fact, which made me kind of an outcast at 3Sharp. However, we can really make use of its feature set, even though we won’t (at first) be customizing it or building new applications on top of it.

SPF Installation was absolutely painless. The new installer is superb; it automatically figures out which prerequisites you need, downloads them, and installs them. Hey Microsoft UC team! We want this same level of seamless behavior in the Exchange and OCS/CS installers!

Search Server Express installation was likewise easy. I found it a little odd that you have to manually specify access controls for visitors; I would have expected this to be done by default. However, the steps required are easy to follow.

(side note: man, some of the default SPF themes are F-U-G-L-Y. I hope my eyes stop bleeding soon.)

The next step was to add the Search Center URL to the top navigation bar of the main site. Again, this is something that I was halfway expecting the installer to do for me, or at least to offer, and it was easy to do it manually.

There are a ton of other integration points between SPF 2010 and other parts of our infrastructure:

• you can display Exchange calendar public folders as part of the site calendar
• you can search Exchange public folders (something that will be very handy for our source code control system)
• you can connect Windows 7 desktop search to it, so that searches automatically include Search Server Express-indexed content

I don’t know how to do any of these things yet, but it’s just a matter of time!

Update: turns out you can’t use the Windows 7 desktop search connector with SPF; for that you need SharePoint Standard. Oh well.

I had quite the merry chase running down a problem at work this morning: a Windows 7 workstation on which VMware Server 2.0 could neither be removed nor installed. (Side note: yes, I know VMware Server 2 isn’t officially supported on Win7.)

The first clue was the Windows installer error message saying that the installer couldn’t read the "UNKNOWN\Components\{GUID}" registry key. UNKNOWN, huh? You’d think that the installer would know what keys it was trying to read.

I started by doing a little binging to find anything relevant. VMware KB article 1308 described the steps to take to manually remove a failed install so I followed its steps… twice, just to be on the safe side (well, and because I skipped a couple of steps the first time). No luck.

Next, I fired up one of my favorite-ever troubleshooting tools, Process Monitor. It told me that the failure was actually happening when the installer tried to get write access to a subkey of HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18. I’d never even heard of that particular key, so off to bing I went. It’s actually owned by the LocalSystem account, except that in this case it wasn’t– the permissions on the key that VMware wanted (and its subkeys) were all out of whack.Resetting the permissions manually didn’t work because the parent key was still (correctly) owned by LocalSystem. So, I fired up psexec to open an interactive session with regedit owned by LocalSystem, set the correct ownership on the key and its subkeys, and ran install again.

This time it got further before failing; there was another key under that subtree that also had wrong permissions. Fortunately I’d left regedit running, so a quick ownership change and another reinstall and boom! back in business.

How’d this happen in the first place? Well, as much as I like to bash VMware (and boy, do I ever), this wasn’t their fault. As near as I can tell, the problem arose because this machine was originally built with a 160GB SSD as the boot volume and a 1TB drive as the data volume. Our app performs better on an SSD, but it also has a lot of data, so the better configuration would have been to have the 1TB drive be the boot volume. Someone tried to reconfigure the machine by imaging the SSD, putting the image on the 1TB drive, and changing the boot configuration. However, when they did so, they neglected to notice that the LocalSystem token changed, so the permissions on some entries in the registry were wrong. I think they’re all fixed now.

Not a bad way to start a Monday morning– but only because I fixed the problem.

I’ve gotten a lot of questions about my job, so I thought it would be a good idea to explain more about what I do, mainly because we’re looking for more people who can do this kind of work.

My official title is "content author." That means that—you guessed it—I write content for our Digital Tutor. The tutor is a complex piece of software that provides students with the same experience as sitting side-by-side with an expert human tutor. We’ve proven in both lab tests and real-world use that we can take average students—not just superstars—and help them gain real expertise, not just paper-MCSE-style book learning. Our students gain expertise far out of proportion to students who study with normal methods, especially because we can do it faster than traditional solutions. (If you want to know more about how we do that, e-mail me; much of our methodology is secret sauce.)

There are two important parts to my job title. The content part means that the tutor uses several different kinds of material to help students learn. Some are the traditional items you think of when you think of computer-based tutoring: lectures, graphics, animations, and so on. Others are unique to our product. For example, we have guided activities (e.g. "First open a command prompt and type ‘telnet’. Then…") where, at each step, we can see what the student’s doing on a live Windows network and give them guidance where needed.

We also have free-form exercises, where we give the student a real-world exercise ("Your new boss is complaining that his computer is slow. Go fix it.") and offer help, but only when the student asks for it (and only as a Socratic dialog, never as prescriptive help.) These, in a word, are awesome. They’re fun to write, challenging for students, and a key part of what makes our solution so effective… but I digress.

The author part means that I create the content using our own language and toolset. However, I have engineers who work very closely with me to make sure that whatever features I need get implemented. It’s a great partnership because I’m free to focus on what I do best, not worry about how the system will figure out what a student is pointing at, or what they just changed in AD, or whatever. The engineers do that (and we need some of them as well, come to think of it!)

What makes a successful content author?

• Deep knowledge of at least one significant aspect of IT: networking, Windows, Active Directory, etc. When I say "deep", I mean that you need to be able to talk about this stuff at any level from "ooh, shiny" down to 500-level details of internals.
• Solid teaching experience, the more the better. Whether 1:1 or in groups, you have to be able to effectively impart what you know.
• Excellent written communications skills. Many of our existing content folks are published, though that’s not a requirement.
• A desire to work on something that can, quite literally, change the world.

Are you a good fit? If you’re interested, see our jobs page and fill out the online application. That will get you into our system, and we’ll take it from there. If you have questions, I’ve set up a formspring page so that you can anonymously ask ’em.

After my previous post on OS X Server, I got a lot of good feedback from the Mac Enterprise folks. It was very helpful as I dug deeper into getting our room full of Mac minis into coherent shape.

For example, I learned that you can turn a shell script into a double-clickable executable by changing its extension to “.command”. That means that having a shell script run at logon becomes trivial, which in turn made it super-easy to start our complex Java app when the captive student account logs in. Score one for the good guys.

In regards to my complaint about binding machines to the domain, I learned (courtesy of James Relph) that you can in fact do it just like Windows does:

Regarding binding machines to the domain, just go into Server Admin > Open Directory > Settings > Policies > Binding and tick “Require authenticated binding between directory and clients”. That will ensure that when a client is joined to the domain it will ask for a domain admin account and create an associated computer record in the directory.

I learned how useful the Apple Remote Desktop “kickstart” app is, too, for setting up various aspects of ARD without manual intervention. Sadly, I also learned that there’s no way to easily apply an existing ARD task to a different set of machines, though the MacEnterprise folks helped with a couple of workarounds.

Some of the rough edges I noted earlier have disappeared as I’ve learned more about what I’m doing. One piece of excellent advice that I received is never to trust the GUI. Odd, given that Apple is supposed to be masters of all things GUI, but absolutely true. Often what you see in the GUI of the various admin tools is only loosely related to the actual status of the machine or component you’re looking at.

There are a few more serious problems lurking, too. One is that automatic logon just flat out doesn’t work if you specify an Open Directory account as the target. This is annoying, but it’s not the end of the world. Worse is that Apple pretty much leaves disaster recovery and repair up to oral tradition. There’s very little documentation on how to properly back up and restore a Mac OS X Server system. I can tell you from bitter experience that using Time Machine to back it up will only preserve files that aren’t open at the time of the backup, meaning you’ll lose your Open Directory database. Oooops. Apple doesn’t document anything about the best (or even worst) method of replacing a failed OD server, which is a real shame.

I still have a lot more to learn, including how to use the systemsetup and scutil commands, and how to tame launchd to make it do what I want to. One of these days I’ll probably feel like I know what I’m doing…

Good news: I have tag clouds working on my blog, about five years after the rest of the Internet got them working.

Bad news: now I have to go back and retag a thousand-plus posts if I want the cloud to be useful.