Build a powerful and silent office computer for under $600 – no display

This is a computer build list for a good office computer with solid graphics performance.  This computer has very low power consumption with NVIDIA passively cooled 9500 GT graphics adapter and Intel dual-core 45nm processor.  The nice thing about this set-up is that it has two digital display outputs and one analog display output so you can hook up multiple monitors.

Component Price
ASUS P5Q SE/R LGA 775 Intel P45 chipset with – ICH10R RAID 114
Intel Core 2 Duo E7200 Wolfdale 2.53GHz 3MB L2 Cache 120
MSI N9500GT MD512Z GeForce 9500 GT 512MB – VGA/DVI/HDMI 88
2 GB DDR2-800 DIMM 41
Cooler Master Elite 330 – ATX tower (in store pickup) 50
SeaSonic S12 II SS-330GB ATX12V 330W “80 Plus” Power Supply 68
Western Digital 512 GB SATA hard drive (lowest power consumption) 70
LG 20X DVD burner, SATA 26
Sub total (including shipping) 577

This system could be considered an entry-level gaming computer with decent gaming performance for 22″ LCD displays or less.  It can also be converted to a great HTPC computer with bigger multiple hard drives and a Blu-ray optical drive.  When the AMD/ATI Radeon 4600 series comes out, those will be a great substitute as well.

Broken Search in Windows Server 2008

Windows Server 2008 has the most broken feature I have seen in a Micrisoft product in a long time: file searching. Like Vista, Server 2008 has some really nice file searching features that make heavy use of the file indexing. Sadly, some idiot decided to make the system search only indexed items by default, and then turned off the indexing by default!

The end result? A hopelessly broken search system that is insanely frustrating to use. You either need to manually tell each search to use non-indexed content, turn on indexing (you may very well not want to do this on a server!), or change the default settings to always use non-indexed content. Whoever set up these defaults is a fool. It’s a lot like the problem in Server 2003, where the checkbox for “Search Tape Backups” also seems to regulate whether or not it will actually search on a network drive, even if you’ve specified a network drive as being where to search.


NT 4 to Windows 2008 Migration – almost ready!

The monster project on my plate (I’ve been building up to it since around March) is to migrate our existing NT 4 domain to Windows 2008. This project has been joy and pain, and it is finally nearly done.

For the last few months, I’ve been getting the new domain ready, like upgrading the domain controller to server 2008, getting a new SQL Server install in place, SharePoint, and so on. I still need to do Exchange, CRM 4,0, and Office Communications Server, but we agreed that those items need to wait until after the migration.

When I went to do the initial batch of migrations, though, I hit a snag. The Active Directory Migration Tool (ADMT) version 3.0 supports migrating from NT 4, but not migrating to 2008. The newest version 3.1, supports 2008 as a target but not NT 4 as a source. So we needed to get the NT 4 server upgraded to 2000 or higher. For safety’s sake, we decided to use a VMWare image of the server for this.

The VMWare conversion process worked fine, but when we fired up the VM, it claimed that there was no system disk. This wasn’t a huge surprise – the original machine is an ancient Compaq Proliant with an EISA SCSI controller in it; the MBR points to a tiny 36 MB partition on the RAID 1, which contains the SCSI tools to get into the card’s firmware, and then boot off of the true C drive. Gotta love 1990’s technology. After contacting VMWare, we decided that the best route was to do the following:

  1. Take a drive image of the original server, and copy it to the VMWare computer’s local drive.
  2. Create a new VM with disks of the appropriate size (I made the C drive 20 GB larger than the original, to provide ample space for the upgrade to take place), and also mount the local drive with the image file as a disk in the VM.
  3. Start the VM and boot off of the imaging software’s CD.
  4. Blast the image onto the virtual drives.
  5. Copy the VM back to the NT 4 server (to ensure the same version of NTFS) and run the virtual machine conversion wizard.

This worked great, except for when it didn’t work. Why not? Well, we still didn’t have an MBR pointing to the right place, since we weren’t going to get the EISA SCISI tool partition (we tried it once on a drive image, it complained about jumpers…). So what did we do? We made floppy images of the NT 4 install floppies, and a floppy image of a fresh NT 4 Emergency Repair Disk, and ran the NT 4 recovery mode, to “Inspect Boot Sector”. That fixed the MBR issue!

Now, we got NTLDR issues. So we brought the VM back to the NT 4 server, and tried to run the conversion utility. It groused about not being able to identify the OS. Huh? Looking at the VMWare converter logs, we found the problem. It turns out that the VM was still set to mount the local drive of the VMWare workstation; removing that virtual drive solved that problem, and the conversion continued.

And lo and behold, it worked! We actually managed to virtualize a server that I originally built when I was (I beleive) a sophomore in college. This machine was my introduction to SCSI, TCP/IP, NT 4 (I had experience with NT 3.51, 3.5, and 3.1 before that, as well as NetWare), multi-CPU machines (it had 2 CPUs, amazing for the time), and a lot of other technologies (DNS and DHCP come to mind immediately). This machine really got me started hardcore in systems administration. And now it is a VMWare VM.

But I digress.

We then performed the upgrade to Windows Server 2003 R2. This went extremely well; the only hiccups we had were remembering to make a floppy image containing the VMWare SCSI controller driver to feed to the Windows setup program, and then remembering to disconnect the floppy image before the next reboot (we got another scary NTLDR error… woops!).

On a side note, we needed to make the Active Directory install post-upgrade be in a completely separate forest, since the 2003 domain can’t participate in the 2008 forest.

But we are now finally ready to migrate this domain, and I can’t wait. If our NT 4 domain could last from 1997 to 2008, I shouldn’t have to upgrade this domain until around 2019. :)


qmail – How to lose 3 night’s sleep in a hurry

I’ve been having a few major problems with my FreeBSD server for over a year now. In a nutshell, a bad CPU caused compiling to fail quite often, which trashed the installed software packages pretty badly. Even after replacing the CPU, I could never quite get PHP working. No matter what I did, it wouldn’t take POST data! I tried upgrading to FreeBSD 7.0, and that didn’t do the trick, and even created additional problems in the process. So why didn’t I just rebuild the server? One word: “qmail”.

See, qmail is a mail system. Like “sendmail” but without sendmail’s insecurity. But qmail likes to be “special”. It’s creator has certainly principles that he likes to stick to, which spill over into the software. In this case, he beleives that the directory hierarchy that he prefers is so much better than the default for your OS (directory hierarchy is a favorite religious arguement in Unix-land), that his stuff is really tricky to make work outside of his structure. On top of that, most of the tutorials out there are from the “compile from source” crowd, so they don’t help too much for people (like me) who use the OS’s package or port system.

To make matters worse, qmail takes the Unix modularization to a truly sick extreme. There are so many sub-programs that it seems like each class in the code became its own module, so the functionality can be “drop-in replaced” at an extremely granular level. While there is something commendable and “elegant” in this, it makes problem solving nearly impossible.

The last time I set up this server, qmail took me nearly 3 days of non-stop effort to get working the way I wanted it to. The first time I did it, qmail took me nearly a week of 20 hour days. when I finally broke down this week and rebuilt the server, qmail took me merely 3 nights’ worth of effort. It is a measure of how twisted this is, that I consider spending three nights’ worth of effort an “improvement”. Indeed, I could have earned enough money in that period of time to purchase a Windows Server SBS license, provided that I had enough articles lined up.

I am not going to go into what went wrong this time and what the resolution was. A quick summary would simply be, “qmail’s strong preference for certain defaults, coupled with qmail’s preference for pure source compilation, multiplied by the extreme modularity of qmail, with a small dose of operator error, created a situation which was untenable”. In other words, the system is so bloody complex that a simple mistake not only makes the whole thing unworkable, but eliminates the possibility of getting any kind of meaningful troubleshooting information, and the resources online are all wildly different as well as often being quite out of date.

If you value your time, stay clear of qmail. Sadly, it is the best game in town for BSD users, but if you are on a Linux distribution that supports Scallix or Zimbra, go with them and save yourself some pain.


Be sure to check the clock whenever there are many certificate errors

I just spent an hour trouble shooting my mother’s computer over the phone.  Apparently, all the certificates were throwing up errors and giving the scary message that someone might be hijacking your computer session.  One thing I forgot to check was the date on the computer which got reset and the date mismatch was forcing every secure website to report scary messages.

This is one of those things I just want to scream at Microsoft developers for in the way they changed Internet Explorer 7.  IE6 use to tell you if the certificate was legitimate but it had a bad date which easily tipped you off.  Now Microsoft gives you an inline web message that doesn’t let you inspect the certificate unless you hit continue anyways accept the certificate.  Like many things in Windows Vista, Microsoft has crippled and dumb down the new interface making it far less useful.

Windows XP use to have a simple status on the network connection icon which lets you see the IP address and now I have to bark out start-run-cmd-ipconfig orders letter by letter whenever I’m doing troubleshooting.  Just wait till we get IPv6 when we get to bark out those long 128-bit addresses instead of the simple 32-bit address and I’m glad I’m not doing helpdesk support.

The fundamental problem with the web browser and SSL is that the browser allows the user to ignore the certificates at all an no amount of green-lit extended trust nonsense is going to fix that.  The whole certificate expiration thing was a horrible tradeoff that makes the system unfriendly and expensive because you’re forced to spend hundreds of dollars a year on certificates.  The system is prioritized on making certificate authorities rich and consumer security comes second.  It’s not that I have a problem with companies making a profit, but the whole certificate business model of forcing you to buy every single certificate rather than delegate a signing authority to your domain like DNSSEC is just too draconian.

Anyhow, that’s my fuming for the day.

Broadband Populism or Broadband Pragmatism

In his recent OPEC 2.0 op-ed, Columbia University law professor Tim Wu offered his vision of a broadband policy by declaring the broadband market a “bandwidth cartel” that has gouged the public like the energy market. To remedy the situation, Wu advocated much more facilities-based competition, particularly through municipally-provided fiber-optic Internet service and called on the government to open up wireless radio spectrum to “liberate us from wires, cables, and rising prices”. While this bash-the-corporation rhetoric may have some populist appeal, Wu’s analysis is both factually and logically flawed.

See rest of post here

TFS SP1 Fails to install, SSRS is to blame (again)

I tried to install the new Service Pack for Team Foundation Server 2008 today. Not surprisingly, it failed. It failed for the same reason that it took me quite a number of days to get it installed in the first place, which is the integration with SQL Server Reporting Services (SSRS).

UPDATE (8/12/2008 2:00 PM EST): To resolve this problem, I logged into the SQL Server machine, and in the Resporting Services Configuration Tool, I exported the encryption keys, then on the TFS server, I imported the same encryption keys.

Microsoft, I really hope that you are listening. You cannot go anywhere with TFS while it has this wretched dependency on SSRS. My employer has lost about a week’s worth of my time doing something that should have taken a few hours, because SSRS is such a steaming pile of manure. With all of the problems that I have had with TFS and SSRS, I promise that I will not be likely to build anything involving SSRS for a very long time, and I would not recommend that anyone have SSRS as a dependency for any product they ship. It simply does not work.

I really don’t know what value SSRS brings to the table, but I doubt that it is substantially beter than, say, Crystal Reports. And Crystal Reports actually works. So does Cognos (I can’t speak to the Cognos install process, just developing for it). The number of posts around the Web regarding the problems with TFS and SSRS are astounding. Even more frustrating, the most common error (error code 29112) has a huge number of potential resolutions, ranging from deleting the encrypted content in your database (sounds risky to me), to verifying that the SSRS installation was from the same SQL Server edition (Enterprise, Workgroup, etc.) as the actual SQL Server installation. It is pure madness.

I like TFS, a lot. I think that it is a really good product. But if you have any hopes of installing it, particularly in a dual server configuration (I didn’t see SSRS problems on a single server install), set aside a lot of time for yourself, and don’t plan on any particular project completion date. And stock up on tranquilizers so you don’t rip your server out of the rack in frustration and burn it with a blowtorch.


A new era for China and a new era for the Internet

Photo credit: Jeff Gross/Getty Images

With the 2008 summer Olympics upon us, 8/8/2008 marks the dawn of a new era for China and for the Internet.  As one commentator said during the opening ceremony, this is probably the most important event to date in China’s 5000 year history on the world stage.  The budget for this opening ceremony was ten times greater than that of the Athens Greece opening ceremony and it blended state of the art technology with classic Chinese artistry with 15,000 human performers.

For the first time, I get to watch all of the Olympics events that I wanted to see because it’s available on demand from the Internet.  In past Olympics, I either missed the event on TV or TV didn’t have the event I wanted to watch.  This time, just about every single event is being streamed live or on demand on  While the quality of the video is slightly below standard definition TV broadcasts, it’s good enough and I suspect many people will be taking advantage of this once they hear about it.

Another great way for Windows Vista 32-bit Premium/Ultimate owners to watch the 2008 Olympics is with the TVTonic download service which delivers pseudo HD quality video.  While it’s not nearly as good as 15+ Mbps NTSC broadcast HD, it’s still good quality.  Be prepared to have at least tens of gigabytes of hard disk space available and be prepared to have your broadband connection filled.  While the TVTonic service doesn’t require you to act as a peer-to-peer server, it does add a service and process to your Windows startup.  You can undo that with my crapware removal guide.

For office IT managers and administrators, you may want to block these video services from the desktop if you don’t want your business Internet connection slowing to a crawl because just two of these streamers will fully saturate a business-class T1 line.  What you might do is designate one computer in some common area hooked up to a projector could serve as the dedicated Olympics streaming computer.  If your bandwidth permits, you can even set up that one computer to pull the pseudo HD service from TVTonic.  That way you’re only streaming the video once and not 50 different times with 50 times the traffic load.  You can put refreshments there and let employees take routine breaks from their work schedule to socialize and catch the festivities in higher quality.  This is an excellent way to compromise between office productivity and a friendly work place.

Scott Wasson noted that while their heart may have been in the right place, the mask antics of the American athletes was silly and embarrassing and I would have to concur.  I have not been back in China since 1999 and 2000 but I remember the air being horrendous and there is no question that China needs to get its act together on many things like pollution, health care, and building safety.  Most of the high rise buildings for example only have one stair well entrance to the top and if it gets blocked by a fire or earth quake (assuming you’re not already buried under the building), you’re probably not going to get out alive.

This is unfortunately the state of a developing nation.  Our own San Francisco burned down to the ground twice in the mid 1800s and in the 1906 quake.  The same is true of labor conditions and we only need to look at the misery of American child/adult laborers at the turn of the 20th century.  China is going through that state right now and they’re trailing the west in large part because of Communist oppression, which I and my parents are unfortunately all too familiar with, but they will get there.