As you can probably imagine IPv6 is generally considered a Good Thing(TM), by many technical people. After all, we don’t want to make our lives harder, do we?

The problem is uptake has been slow. The first official specs were released in 1996, but work on defining the protocol is tracable back to 1992. That’s a long time ago in the computer industry. The main issue was a chicken and egg problem; why bother upgrading your network when no one uses it? And no one will use if it there’s no reason (read: content). The other problem has been sometimes you can get an IPv6 address without having an actual IPv6 network, and sometimes it won’t work. That’s the non-technical explanation.

These 2 issues are whats caused IPv6 to really stutter.

However last year, on June 8th 2011, major websites and services enabled IPv6 by default to gauge the impact. It turned out that most of the potential problems weren’t really problems for over 99.9% of their users.

So this year, on June 6th 2012, major players who rely on the Internet, and produce hardware and software to access the Internet, will be enabling IPv6 permanently including, but not limited to;

• Akamai
• AT&T
• Cisco (& Linksys)
• Comcast
• D-Link
• Facebook
• Free Telecom
• Google
• Internode
• KDDI
• Limelight
• Microsoft Bing
• Time Warner Cable
• XS4ALL
• Yahoo!

So where am I going with this?

Glo Networks are proud to announce that we are now able to provide native IPv6 accessible web hosting right now. We’re working on the rest of our services at the moment, but we feel this is an important first step. One of our website host boxes is happily server on IPv6 -
dig -t AAAA stem.glo-net.net

; <<>> DiG 9.7.3 <<>> -t AAAA stem.glo-net.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER< ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;stem.glo-net.net. IN AAAA

;; ANSWER SECTION:
stem.glo-net.net. 3600 IN AAAA 2a01:4f8:121:2322::defa:ced

;; Query time: 44 msec
;; SERVER: 213.133.99.99#53(213.133.99.99)
;; WHEN: Wed Jan 18 16:13:07 2012
;; MSG SIZE rcvd: 62

If you already host your site with us and want access either open a support ticket on GloHelp or give us a ring.

If you don’t already host your site with us, feel free to give us a ring.

If you want to talk about IPv6 enabling your corporate office network, again feel free to get in touch.

Want to know more? Check out world www.worldipv6day.org, www.worldipv6launch.org.

Just run the following under a Powershell instance with the Exchange modules loaded (i.e. the Exchange Management Shell).

foreach ($u in $(Get-User)) { Write-Host "Clearing the msExchDelegateListLink for $($u.distinguishedname)"; $ad = [adsi]"LDAP://$($u.originatingserver)/$($u.distinguishedname)"; $ad.msExchDelegateListLink.Clear(); $ad.SetInfo(); }

Be aware that if you do this, all auto mappings for all users will get removed. This may not have the desired behaviour as some users may be relying on an automapped account. It should be feasible to alter this as required, as it’s pretty damn simple!

As with all things, do this at your own risk, we accept no liability, yadda yadda yadda.

If you’re curious (and lets face it, if you’re modifying the Active Directory en bulk, you should be!), basically what this does is loop over all users, and clear all values against their Active Directory account msExchDelegateListLink attribute. This attribute is where the automapping gets written to.

As an example imagine 2 users, Bob and Alice. Bob is an Exchange admin and at some point was granted full access (with permission, naturally) to diagnose a problem with Alice’s mailbox without having to disturb her too much directly. Bob will now be added to Alice’s msExchDelegateListLink attribute. It’s this entry that needs to be removed.

Apparently in SP2 there is the facility to disable automapping, at the time of adding the relevant permission; the shiny new “-AutoMapping” argument to Add-MailboxPermission. As with many things Exchange 2007 and newer, it’s just a facility available at the Powershell console, for now. And you know what? We’re ok with that.

One would assume that Apple, who are surely aware of the business application of their product, would ensure that its default settings are the most secure, with the option to lower the security for convinience sake if the owner should wish.

Alas this is not the case. In iOS5 at least (this is the only OS we’ve tested on) the setting which allows the new Smart Cover to unlock the iPad 2, which is enabled by default, can be exploited to enable access to the last app left open without entering the password!

The exploit is incredibly simple too:

• Lock the iPad 2 (make sure it’s passcode protected);
• Hold down the power button for 2 seconds until the “turn off” slider appears;
• Close the Smart Cover;
• Open the Smart Cover;
• Press Cancel.

This will open the app that was open when the device was locked! You are unable to use the home button to access the home screen and switch to other apps but this is quite a big security issue none the less. If you were to lock the device with the Mail app open then someone using this exploit could access all your emails,send emails as you etc.

We’ve done a bit of testing, if you lock when on the home screen and then use the exploit you are presented with the home screen and are able to scroll between pages of apps, and use the search function, but are unable to open any apps.

Disabling the Smart Cover unlocking setting (under General Settings) will prevent this exploit, at the cost of a small amount of convenience (adds another step to unlocking the device after opening the Smart Cover). This is not a stand alone incident however; the iPhone 4S, by default, has a setting enabled which allows access to Siri without unlocking the device. This in turn allows access to many security sensitive apps (Mail, Calendar, even sending texts and making calls)!

Although the 4S may not be what was expected the device is not without its improvements compared to the iPhone 4. Much attention has been given to the dual-core A5 chip, and just a much to the 8 megapixel, f/2.4 aperture camera.

The real show stealer was Siri, which, while still in the Beta stage, has been all over the media. Fans have claimed the voice controlled personal assistant application is a ‘smart and saucy pal’, while some (notably the Android boss Andy Rubin) seem to feel we shouldn’t be talking to our phones, rather we should be using them to talk to people, and that the novelty may wear off.

Although there has been so much talk in the media regards the new iPhone version there is one feature which the 4S can be proud of that hasn’t had a great deal of attention: the inclusion of Bluetooth 4 capabilities. While other smartphones have had just as powerful processors, better resolution camera’s and voice control the iPhone 4S can claim to be the first smartphone to use the new Bluetooth version.

The Bluetooth 4 specification was completed back in June 2010 and includes the Classic (regular) Bluetooth, Bluetooth High Speed and the new Bluetooth Low Energy protocols. The low energy protocol can use as little 0.01w and run on a single coin cell (watch style) battery. This allows it to be integrated into much smaller, low power devices. Although it’s not in many products at the moment there has been lots of speculation on various devices that could benefit from this, including medical monitoring and home automation and control devices.

Perhaps the lack of fanfare is due to the current lack of compatible devices, but it seems quite likely that Bluetooth 4 will soon become the standard, with other smart phone manufacturers playing catch up with Apple in that department at least. We’re keeping our eyes peeled for new and interesting uses of the technology and will be sure to share the news when we spot it!

To this end some anti-virus providers offer their own tools for removing, but recently we found we were having difficulties in removing a deployment of E-Trust anti-virus from our customers machines, the customer was locked out of the admin consoles, and we couldn’t see any suitable tools. So rather than walk up to each machine and manually remove, we did what us IT geeks love best and created a script to fit our needs:

@echo off
REM Stopping Services
net stop "eTrust Antivirus Realtime Service"
net stop "eTrust ITM Job Service"
net stop "eTrust ITM RPC Service"
net stop "iTechnology iGateway 4.2"
REM ITM Server
msiexec.exe /qn /X{4A2635AD-91E0-4758-BD1E-CA57C9294F1F}
REM ITM Agent
msiexec.exe /qn /X{85F88F9C-6EB2-426B-88AB-28DA4A3526B9}
REM iTechnology iGateway
msiexec.exe /qn /X{847501DF-07C0-4691-B04A-893929F108AE}

Bear in mind that this works for our customers specific version of E-Trust, and for different versions the Product Codes (those bits in parenthesis after “msiexec /qn /X”) may differ.

We ran this on all computers in the Active Directory using PSExec, DSQuery.

cmd.exe /v:on /c "for /F "delims=, tokens=1" %i in ('dsquery computer -limit 0') do set name=%i & set name=!name:~4! & psexec -u Administrator -p AdministratorPassword \\!name! \\server\share\path\to\script.bat"

Be aware that the result set for DSQuery is by default limited to 1000 rows. In the example above we’ve explicitly set it to 0, which is unlimited, and generally speaking a bad idea. We’ve included the limit argument just incase you try and use this verbatim and get confused.

This won’t be executed in parallel, so the more machines you have the longer it will take.

DSQuery is part of the RSAT (Remote Server Administration Tools), installed by default on Domain Controllers, and optionally on other machines. PSExec is available from Sysinternals.

We would recommend creating a one time special administrator account, or you could pass in the administrator password via an environment variable, or read in from a file. Not providing the account may result in funny results depending on the target.

We also found one at least one or two machines there was a problem with UAC, however there did not seem to be a pattern, and we didn’t take the time to investigate the cause.

Oh, and just one more thing. Alternatively you could assign the removal script as a start up script.

Their newest service takes your answer and pulls results from a plethora of Google services. It then displays all the results it gets from these in boxes (1 box per service) on one results page.

While searching across the numerous services Google provides could be a handy tool, unfortunately, at the moment it feels a bit like a cheap advert for everything Google.

Some of the boxes don’t really display search results, but rather just contain automatically generated image showing an example of how your search term could be used on the specified service (for example when we tried the search term ‘God’ the Google Calendar box shows a diary with an event for today’s date called ‘Date with God’). At the moment the best use for the page is probably just to find Google services that you may not even know exist.

Although the ‘What do you love?’ site is active at both www.wdyl.com and www.google.com/whatdoyoulove/ there’s not yet been an announcement from Google regards the tool. Also there is a box on the results page that states ‘More coming soon!’. Perhaps this means that Google intends to change some things before officially announcing.

As we’ve previously mentioned in our article The sky is falling on our heads; We’re running out of addresses, IPv4 addresses are running out. To very quickly recap IPv6 is the technology to replace this.  The problem is that IPv6 has a chicken and egg situation; no content is being delivered on IPv6, so there are few mass roll outs of IPv6. But why would anyone publish on IPv6 if no one is going to see it?

The point of IPv6 day was to get a number of high profile websites running both IPv6 and IPv4 on their main addresses, and to see what happened. How many out of the total IPs were hitting those companies providing their content on IPv6? If we take facebook as an example, about 0.5%.

Now you may think that’s not many. But it’s more than a lot might have thought. That’s half a percent with working IPv6, either through a tunnel or natively from their provider(s).

The really good thing is that many network engineers were predicting that because of a number of automatic tunneling protocols, there would be a lack of connectivity to major participants. From the figures we’re seeing published publicly at the moment, it seems to have been a much smaller number than many were predicting.

Sadly Glo Networks was not one of the exclusive club. Our equipment is now in a datacentre that will have IPv6 connectivity soon, however we’re waiting on them.

The fact that nothing overtly bad was reported to us makes us believe that IPv6, whilst quiet, is the start of the migration.

It saves you money on power, hardware and in some cases because of how Microsoft’s licensing works, we’ve actually reduced the number of licenses that some of our customers had to buy. In early 2007, we started hosting systems and services online – both ours and one of our very first customer’s. It could be said that we were at the forefront of “cloud computing”, mere weeks before the term was coined.

Recently we came to terms with the fact that our platform needed a good redesign. It had grown with us and our customers, but it was coming a bit unwieldy to maintain. Last month we put in our new solution – a small Hyper-V cluster, backed up by Microsoft’s DPM 2010, powered by IBM X Series x3550 M3′s, an IBM x3250 M3, an IBM DS3512 disk system, a QNAP TS-459+ and HP Procurve 2800 series switch.

We’re still migrating our services and customers to it, but boy does it make a difference. With all our hardware consolidated and updated we’re seeing more responsive, more manageable and more highly available systems.

Would we do anything different? Probably, but that’s the way we are at Glo Networks; always striving for something better and trying to push the limit available to us at that time.

If you’re interested we’ll be following this up with a more technical post about how we setup our cluster.

• The Gawker network, who run Gizmodo, IO9, Kotaku and other deliciously nerdy sites, have been accused of being the harbingers of doom and death across the internet this week. What caused this? They changed their website design so that it requires Javascript to access it. Apparently it was relatively OK when Twitter did this a few months ago. Not so for the Gawker network. Check out Tim Bray’s well written, but slight rant, on the subject. With this on top of the Gawker databases being pwned a few months ago it’s not a place I think I’d like to work at right now.
• Google’s IO conference, famous for giving away free stuff, sold out in record time this year. Just 59 minutes. That beat the previous years record by a cool 49 days, 11 hours, 1 minute. If you’re going, we’re jealous. On a slightly related note some of us here at Glo are very good at carrying and squeezing into bags, backpacks, fetching drinks. You get the picture.
• How one man tracked down Anonymous – and paid a heavy price.
• If you’ve ever had a hard drive die on you, you’ll probably recognise some of the sounds that Datacent, data recovery experts, have recorded. If you’ve got a nerd in your life we highly recommend playing them whilst they’re at their computer. Watch them twitch nervously.
• Finally, although we cannot give you a link for it yet, next week you’ll be seeing Windows Server 2008 R2 SP1 and Windows 7 SP1 released. We’ve been running it in testing .