- Detach all USB devices from the host.
The Recovery CD installs the ESXi image on the first USB memory device that it discovers. Unplug all USB devices before you use the Recovery CD to rebuild the ESX image on the internal USB device. - For Dell servers with DRAC 5 firmware, disable the Virtual Flash drive.
- Insert the Recovery CD into the ESXi host.
- Use the system BIOS to change the boot order so that the CD-ROM drive is listed first. To modify the boot sequence:
- Reboot the host.
- While the host is powering on, press a function key or Delete to open the BIOS setup.
- Select the CD-ROM drive and move it to the first position in the list.
The option to open the BIOS setup might be different for your server. You might need to open the BIOS configuration screens to modify the boot setting. As the host continues to power on, the Recovery CD Welcome screen appears.
- Press Enter to continue through the screens.
To cancel the recovery operation, press the Esc key. If you press the Esc key, the host reboots and the data contained on your server’s embedded USB flash remains intact. If you press Enter through all the screens and the recovery operation begins, you cannot cancel or undo the recovery. - Press Enter to reboot the host.
- Remove the CD from the CD-ROM drive.
- Reopen the system BIOS to change the boot order so that the USB flash is listed first.
- Verify that the host boots into ESXi.
Jul 29 2010
How To – VMWare ESXi 4.1 on a SD Card
Jul 29 2010
Phones are Giving Away Private Information
In a scan run by Lookout Inc., nearly 300,000 free applications for Apple’s iPhone and phones built with Google’s Android software were tested, and it was found that many of them had software that is secretly pulling private information out of your phone.
This private info includes full details about your contacts, your pictures, text messages, and Internet search histories. This is a huge concern everyone who actively use the free applications available on the services.
In general, this info is used by companies to personally tailor ads to the specific person, the danger is malicious hackers, and can enable people to easily commit the crime and identity theft if the company isn’t careful about the security of the information.
Lookout released the info at this weeks Black Hat computer security conference held in Las Vegas.
Lookout stated that they found nearly a quarter of Apple applications and almost half Android capable applications, had this software hidden within it.
The code used has been written by 3rd parties, and is placed in the applications, primarily for the purposes of the adverts. But the code winds up forcing the application to collect more information than it actually requires. Developers may not even realize that this is happening on their applications. John Hering, CEO of the San Francisco-based Lookout had this to say:
“We found that not only users, but developers as well, don’t know what’s happening in their apps, even in their own apps, which is fascinating,”.
The problem arises when the smart phones don’t inform the users of the data that they are accessing and sending to the company. iPhones only alert the user when the application is accessing their location, not when it is accessing other personal information. Android applications have a wider set of warnings, but most users would go straight through them without properly reading what is being said.
Neither Apple or Google responded when questioned about this topic, it may be best to be more careful when downloading free applications from either service in future.
Jul 29 2010
100 Million Facebook Acounts Exposed
Facebook has taken a lot of heat recently over its security settings and implementation. With the wealth of information some people expose on their profiles for would be identity thieves, it’s a gold mine of information. So when 100 million Facebook pages leak to the web, it’s a security concern.
The file, which weighs in at 2.8GB, was compiled by a hacker from Skull Security and, according to thinq.co.uk, used a program to harvest data from Facebook’s open access directory. This directory lists users who have either forgotten or neglected to change their privacy settings to remove them from search engines.
The total file contains over 1/5th of all the users on Facebook which just recently hit 500 million members. But to call this a hack is somewhat misleading as the it’s actually data harvesting from users who didn’t change their security settings.
This default open access has become a hot topic, raising questions about Facebook’s need to change its practices to set the default settings to private. But, as Facebook needs this data to feed to marketers to make money, it’s a tough call between user privacy and the company’s bottom line.
It should be noted that what Skull Security has done is not illegal. They have simply gathered public data and compiled it into a torrent file.
Jul 27 2010
FlashFXP v4.0 build 1457 BETA (Preview Release 1) Released
This release is available to users who currently own a FlashFXP license via Live Update from within FlashFXP, from the main menu > Help > Check for new version.
Everyone else can create an account on the flashfxp website <Sign Up> (if you don’t already have one) or <Sign In> and then Download FlashFXP v4.0 Preview release 1
This release will be posted on the main download page in the next couple days.
Here’s a breakdown of some of the changes.
1. The skip list
The skip list has been completely redone, Each skip list rule has a scope of where it can be applied. name of file, name of folder, path of file, path of folder, and any. You can define per site skip lists.
When you import your v3 data files your skiplist is converted to the new format and if you had the “skip list applies to directories” option in v3 checked then all existing skiplist entries are set with a scope of any.
That means it will match name of file, name of folder, path of file, path of folder. You can multi-select and right click to change multiple rules at once. Rules containing a open bracket [ will be escaped as \[ see below for an explanation.
Please make sure your rules are set properly.
The pattern matching system has changed in v4, We now use a subset of the regular expression rules for pattern matching.
Matches a subset of regular expressions (* ? and [])
* Matches zero or more of any character
? Matches exactly one character
[<char set>] Matches character from <char set>
[^<char set>] Matches character not in <char set>
where <char set> can include multiple ranges and escaped characters \\ matches a slash \, \[ matches a open bracket [
Only characters within <char set> need to be escaped, with the exception of the [ character, If you need to match a [ then it must always be escaped.
Example:
Pattern "[a-z0-9_]bc?*c” Filename “abcabc” Match = True
2. The task scheduler.
The task scheduler uses Windows scheduling service to run the tasks, there’s email notification and lots of different options that is sure to suite your needs.
You can assign individual selective transfer rulesets to each task.
The old queue schedule is available for people who want to do one time scheduling and this is now moved to the right click queue menu.
Continue reading “FlashFXP v4.0 build 1457 BETA (Preview Release 1) Released”
Jul 26 2010
Wireless Logic Website Downtime
Seems like the website wirelesslogic.co.uk (one of the companies that Peter Jones from the Dragon’s Den TV Programme) is currently down.
Whether it was hacked or DDOS we are not sure, but I think its a bit embarassing for a company with such power (leading network technology in the UK) to not have solutions for failover/recovery and security.
Peter if you are reading this, please make sure your guys fix it asap.
Its interesting to know that the following websites are currently hosted side by side with wirelesslogic.co.uk [which of course means that they are all currently down]:
-This was first noticed by SmootHosting Ltd.
Update: Websites are now up and running
Jul 25 2010
WPA2 Exploit Vulnerability Discovered
Researchers at wireless security company AirTight Networks have uncovered a vulnerability in the widely used WPA2 security protocol, part of the 802.11 standard. The vulnerability, termed “Hole 196″, which can be exploited by attackers already authenticated to the network, allows decryption of data sent by other users across the network.
Wireless encryption uses two keys to protect the communications, firstly a Pairwise Transient Key (PTK), unique to each client, and used to protect traffic between that client and the access point, and secondly, a Group Temporal Key (GTK) that is known to all clients on the network, and used to encrypt broadcast traffic (traffic sent to all clients connected to the network).
The attack does not rely on brute-forcing, or breaking of the AES encryption used to protect the communications. The vulnerability arises when a malicious client uses the GTK to send spoofed packets to another user on the network. GTKs do not have the ability to detect spoofed packets, an ability which does exist in PTKs.
Researcher Md Sohail Ahmad, who discovered the vulnerability, says it took around 10 lines of code added to open source driver software, and an off-the-shelf wireless adaptor in order to implement the exploit. By spoofing the MAC address of the access point, clients who receive the malicious packets, believe the sender to be the gateway, and respond using their PTK, which the attacker can then decrypt.
Exploiting the vulnerability is limited to users already authorised to the network, which mitigates the risk, but security studies repeatedly indicate security breaches from inside continue to be the biggest source of loss to businesses.
WPA2 is the latest encryption protocol available for wireless networking, and as yet, there is no successor ready to take its place in order to resolve this issue, it remains to be seen what the security community can devise to work around the problem in the protocol.
Jul 25 2010
VMware vCenter Converter 4.2 Release Notes
What’s New
The VMware vCenter Converter 4.2 is a substantial upgrade from vCenter Converter 4.1 and includes the following new functionality (previously found only in vCenter Converter Standalone 4.0.x):
- Physical to virtual machine conversion support for Linux sources including:
- Red Hat Enterprise Linux 2.1, 3.0, 4.0, and 5.0
- SUSE Linux Enterprise Server 8.0, 9.0, 10.0, and 11.0
- Ubuntu 5.x, 6.x, 7.x, and 8.x
- Hot cloning improvements to clone any incremental changes to physical machine during the P2V conversion process
- Support for converting new third-party image formats including Parallels Desktop virtual machines, newer versions of Symantec, Acronis, and StorageCraft
- Workflow automation enhancements to include automatic source shutdown, automatic start-up of the destination virtual machine as well as shutting down one or more services at the source and starting up selected services at the destination
- Destination disk selection and the ability to specify how the volumes are laid out in the new destination virtual machine
- Destination virtual machine configuration, including CPU, memory, and disk controller type
In addition, vCenter Converter 4.2 adds functionality not found in the standalone Converter product including:
- Support for VMware vSphere 4.1 as source and destination targets
- Support for importing powered-off Microsoft Hyper-V R1 and Hyper-V R2 virtual machines
- Support for importing Windows 7 sources
- Ability to throttle the data transfer from source to destination based on network bandwidth or CPU
- IPv6 support
Discontinued Support
- You cannot schedule recurring conversion tasks with vCenter Converter 4.2.
- Support of the following operating systems is discontinued:
- Windows 2000
- Windows NT
- VMware vSphere 4.1 is the last major release for VMware vCenter Converter plug-in. VMware will continue to provide technical support for vCenter Converter through the end of its support lifecycle. VMware will continue to update and support the free vCenter Converter Standalone product, which enables conversions from sources such as physical machines, VMware and Microsoft virtual machine formats, and certain third-party disk image formats.
Jul 22 2010
Dont Install vCenter 4.1 on an Active Directory Server
The following information was gathere from Yellow Bricks
When installing vCenter 4.1 on Windows 2008 R2 64-bit one of my colleagues ran into the following error message:
This product can only be installed on the following 64-bit operating systems:
Windows XP SP2 or above
Windows 2003
Windows 2008
Although this message is actually correct it was not what was causing this problem as he followed the documentation and installed Windows 2008 64-bit. In this case Active Directory had been installed and that was the reason it was failing. As vCenter installs ADAM it can’t run on top of a server which hosts AD.
Jul 21 2010
Facebook has 500 Million Users
Facebook announced today that is has surpassed 500 million active users worldwide on its site. That is half a billion users on a single website.
The social network started in 2004 as a way for people in Harvard to connect with one another. Within a year of it’s initial release, Facebook grew to over one million active users.
To help celebrate Facebook reaching half a billion users, Mark Zuckerberg, co-founder, CEO & president of Facebook, is launching Facebook Stories. The idea behind this new application is for users to share their success stories with the rest of the world, including one success story of a mother in Pheonix who read a friend’s status message telling her to check for breast cancer, who was diagnosed in time to treat the disease.
Facebook reached it’s last milestone of 400 million active users earlier this year in February. It took Facebook only six months to gain another 100 million active users.
In light of all of this, Facebook announced recently that a movie will be releasing soon, titled “The Social Network.” The movie will star Jesse Eisenberg as Zuckerberg, and will follow his life from through Harvard and how he created Facebook.
Jul 21 2010
Netbook OS Jolicloud 1.0
Jolicloud, the free netbook OS that strives to keep users always connected, has hit the 1.0 release milestone. An all new HTML 5-based front-end is the biggest touted feature. In a blog post describing the latest release, Jolicloud said, “Imagine an operating system centered around interacting with your friends. Imagine never having to worry about updates and software installs. Imagine that all your machines are automatically synchronized with one another. Imagine having your Internet ecosystem natively integrated to your machine, with all the coolest apps at your fingertips.”
Utilizing cloud-based syncing, among the new stand-out features is the App Directory, a curated application library that is manageable from any HTML 5 capable device. From here, apps can be organized and installed, and deleted, with all changes automatically pushed to all Jolicloud devices on the same account. App updates are also automatically pushed-out so there is no need to manually update. Jolicloud focuses on cloud-based computing, but apps may also utilize local storage. Noteable apps include: Firefox, Facebook, Twitter, Spotify, Boxee, Hulu and more. Networking is also a focus with the Social Stream hub providing integration with Facebook, Twitter, Google Reader and more.
The real draw of Jolicloud is its fresh and streamlined interface. It is compatible with most netbooks, can be installed directly from Windows, and is a free download. This may be just the thing to make the aging netbook segment exciting again.
Next Page »