Michael Lucas has done it again. In documenting arguably one of the driest topics on the planet, Mr. Lucas manages to add fun, trivia, and extremely useful knowledge of the OpenBSD team’s latest OS offering to an already excellent book. I read the first one 10 years ago or so, and this one is even better. The updated information on ProPolice, W^X, and the new PF features makes this book a no-brainer for *any* UNIX admin looking to add some extra security to his network, as well as a hobbyist who may be thinking of learning the ways of the shell.
As far as I’m concerned, chapters 21 and 22 were well worth the purchase price alone. If ANY member of the Princeton Area OpenBSD User’s Group would like to read this book, let me know, and I can get you a copy. My only request is that you post what you think of the book on this thread, so the fine folks at No Starch Press can see it, as they were kind enough to get us this advanced copy!

Mr. Lucas has auctioned the first (signed) copy to directly benefit the OpenBSD Project! Take a look here:
http://blather.michaelwlucas.com/archives/1646

The URL for the auction was here:
http://www.ebay.com/itm/Absolute-OpenBSD-2nd-Ed-by-Michael-Lucas-Special-signed-first-copy-printed-/200913454300?

HUGE thanks goes to Jessica Miller of No Starch Press for supplying us with an advanced copy! Thank You! It was a great book! :)

I recently wanted to make a screen recording for a demo. I downloaded and installed CamStudio, and frankly, I’m *amazed* at how well it works.
You not only want this, you need it. Go download it now.
http://sourceforge.net/projects/camstudio/?source=dlp

The general gist of the message is that this attack will be in retaliation for war crimes committed by the USA against Iraq, Afghanistan, and Pakistan.
The attack is supposedly to “wipe the US government off the cyber map” and is being organized from a nation (according to Wikipedia) known for lots of not-so-good stuff:

## From Wikipedia ##
The government of Mauritania was overthrown on 6 August 2008, in a military coup d’etat led by General Mohamed Ould Abdel Aziz. On 16 April 2009, General Aziz resigned from the military to run for president in the 19 July elections, which he won. In Mauritania about 20% of the population live on less than US$1.25 per day. Slavery in Mauritania has been called a major human rights issue as well as female genital mutilation, child labor, and human trafficking.
##

According to the FBI, Open Source reporting claims that their previous attempt to “wipe Israel off the cyber map” was a total failure, with little to no impact.

A new, wild Nancy beat her husband hard.
ADDRESS – Get IP address 172.32.45.36 = 10101100.00100000.00101101.00100100
NETMASK – Get subnet mask 255.255.248.0 = 11111111.11111111.11111000.00000000 = /21
WILDCARD – Find wildcard mask/bits = 00000000.00000000.00000111.11111111 = 0.0.7.255 (11 bits)
NETWORK – Drop wildcard mask from IP address = 10101100.00100000.00101000.00000000 = 172.32.40.0
BROADCST – Add wildcard to the IP address = 10101100.00100000.00101111.11111111 = 172.32.47.255
HOSTMIN – Drop the wildcard mask, and add 1 = 10101100.00100000.00101000.00000001 = 172.32.40.1
HOSTMAX – Add the wildcard mask, minus 1 = 10101100.00100000.00101111.11111110 = 172.32.47.254
HOSTS/NET – 2*(WILDCARD_BITS)-2 = 2(11)-2 = 2x2x2x2x2x2x2x2x2x2x2 = 2048-2 = 2046
Find hosts per net using the formula 2 to the power of the bits in the wildcard mask, minus 2.

32-bit IPv4 Network Address
Octet1 Octet2 Octet3 Octet4
128|64|32|16|8|4|2|1.128|64|32|16|8|4|2|1.128|64|32|16|8|4|2|1.128|64|32|16|8|4|2|1
11111111 . 11111111 . 11111000 . 00000000 = 255.255.248.0
10101100 . 00100000 . 00101101 . 00100100 = 172.32.45.36

And I’m sorry, but no. I can’t make it ANY simpler than that. ;)

1. Download the vSphere CLI, and the ESXi upgrade file you need from vmware.com.(~200MB)
(install the CLI, and save the ESXi update file as c:update.zip)
2. Place the ESXi host in Maintenance Mode and either power off or migrate all VMs on the host
3. Launch the vSphere CLI. (Start -> All Programs -> VMware -> VMware vSphere CLI -> Command Prompt)
4. type cd bin
5. Enter this command:

## For ESXi 4.x to 5.0:
vihostupdate.pl -b c:esxiupdate.zip -url https://SERVER_NAME_OR_IP/sdk/webservice -i

## For ESXi 5.0 to 5.0.x:
esxcli --server=SERVER_NAME_OR_IP software vib install --depot="[DATASTORE_NAME]esxiupdate.zip"

Provide the root account username and password when prompted.
After the install completes, you will be instructed to reboot your ESXi Host.
After your host comes back, exit maintenance mode, and start up your VMs

**UPDATE for ESXi 5.0 machines**

ESXi 5.0 uses a single installer wizard for fresh installations and upgrades.
ESXi 5.0 also provides a new option for deploying ESXi directly into the host
memory with vSphere Auto Deploy. The vihostupdate and esxupdate utilities
are not supported for ESXi 5.0. You cannot upgrade or migrate to ESXi 5.0 by
using any command-line utility. After you have upgraded or migrated to
ESXi 5.0, you can upgrade or patch ESXi 5.0 hosts using vCLI esxcli commands

such as:

Install all new VIBs from a ZIP file on the target server, copied into a datastore
esxcli --server=SERVER_NAME_OR_IP software vib install --depot="[DATASTORE_NAME]esxiupdate.zip"

##IMPORTANT##
After you upgrade or migrate your host to ESXi 5.0, you cannot
roll back to your version 4.x ESX or ESXi software. Back up your host before
you perform an upgrade or migration, so that, if the upgrade or migration fails,
you can restore your 4.x host.

HAHAHAHAHAHAHA
Told ya.
Here it comes, check this out. If you work in the technology field, you need to read this:
http://dmarc.org/

Registration just opened for the annual Twin Cities TechPulse event www.tctechpulse.com. Please register as soon as possible as it will fill quickly and there are limited spots available. I know you would enjoy this free event and would come away with some great information. This year if you bring a guest(s) who has never been before, we will give you an extra raffle ticket for each attendee to win one of the great prizes we will be giving away (iPads, Xbox, Laptops, LCD TVs, etc.) Just remember to have them register as a guest of SCC (Brian Hershey).

The event is April 17th in St Paul. It’s an educational event with break-out sessions covering different technology & business subjects along with a great keynote speaker, free breakfast & lunch and over $25,000 in prize giveaways.

I recently needed to migrate 7 different websites, with content, from IIS6 to IIS7.
Rather than copy everything by hand, and re-setup all the site bindings, and data sources, I decided to try using msdeploy, from http://www.iis.net

From the old server running IIS6, I ran this command first:
msdeploy -verb:getDependencies -source:webserver60
This displays all site dependencies for the IIS6 server. You need to make sure that all dependencies are installed on the new destination server. **

After insuring that all dependencies were installed, I issued this command from the new IIS7 server, to see what would happen without *actually* changing anything:
msdeploy -verb:sync -source:webserver60,computerName='MACHINENAME',authType='NTLM',userName='MACHINENAMEadministrator'
,password='password' -dest:auto <strong>-whatif</strong> > msdeploysync.log

Then, to actually fire the command, and migrate the websites, I ran this:
msdeploy -verb:sync -source:webserver60,computerName='MACHINENAME',authType='NTLM',userName='MACHINENAMEadministrator'
,password='password' -dest:auto > msdeploysync.log

YMMV, I’ll try to help if you get stuck. Let me know how it goes.

** Also, here’s the link I used to install ASP.Net 1.1 on Windows Server 2008. Thanks, Bill. You rock.
http://blogs.iis.net/bills/archive/2008/06/02/installing-asp-net-1-1-with-iis7-on-vista-and-windows-2008.aspx

Export the DHCP database from Windows 2003:
1. On the Windows 2003 DHCP server, navigate to a command prompt
2. Type the following Command: netsh
3. Type the following Command: DHCP
4. Type the following Command: server <\Name or IP Address>
5. Type the following Command: export c:\dhcpexportfile all

Note You must have local administrator permissions to export the data.

Import the DHCP database to the Windows 2008 DHCP server:
1. Copy the exported DHCP database file to the local hard disk of the Windows Server 2008-based computer.
2. Install the DHCP Role on the server.
3. Stop the DHCP server service on the server. To do this, follow these steps:
a. Log on to the target DHCP server using an account that is a local Administrator.
b. Click Start, click Run, type cmd in the Open box, and then click OK.
c. At the command prompt, type net stop DHCPserver, and then press ENTER.
d. Type exit, and then press ENTER.
4. Delete the DHCP.mdb file from c:windowssystem32DHCP folder.
5. Start the DHCP server service.
6. Right-click on the Command Prompt (cmd) and select “run as administrator”.

Note You must have local administrator permissions to import the data.
7. Type the following Command: netsh
8. Type the following Command: DHCP
9. Type the following Command: server <\Name or IP Address>
10. Type the following Command: import c:\dhcpexportfile
11. Restart DHCP and verify the database has moved over properly.

Back up your IIS Metabase.
To do this, follow these steps:
Start IIS Manager.
Right-click Default Web Site, point to All Tasks, and then click Save Configuration to a File.

Delete the virtual directories for Outlook Web Access.
To do this, right-click Exadmin in the left pane of IIS Manager, and then click Delete. Click Yes when you are prompted with the question of whether you want to delete this item.

Repeat this step for the following virtual directories:
Exchange
ExchWeb
Microsoft-Server-ActiveSync
OMA
Public
Quit IIS Manager.
Click Start, click Run, type cmd, and then press ENTER.

Change to the following folder. In this example, Drive is the hard disk drive where Windows is installed:
Drive:inetpubadminscripts
Type adsutil, and then press ENTER.

Important By default, CScript is not the default scripting host for Windows Server 2003. To run the adsutil command, CScript must be configured as the default scripting host. To do this, click Yes if you are prompted to register CScript as you default host for VBscript, and then click OK.

Note: If you receive a list of adsutil command options, CScript is already configured as the default scripting host for VBscript.

Type adsutil delete ds2mb, and then press ENTER.

Note: To set the default scripting host to WScript, type WScript //H:WScript at the command prompt, press ENTER, and then click OK.

Click Start, point to All Programs, point to Administrative Tools, and then click Services.
To restart the Microsoft Exchange System Attendant service, follow these steps:
Click Start, click Run, type services.msc, and then click OK.
Right-click Microsoft Exchange System Attendant, and then click Restart.
When you are prompted to restart the dependant Exchange Server services, click Yes.

Note: When you restart the Microsoft Exchange System Attendant service, the Microsoft Exchange Information Store service is also restarted. In this scenario, your Exchange Server users lose connectivity to their Exchange Server mailboxes.

The virtual directories are re-created. To verify that the virtual directories are re-created, start IIS Manager, and then view the Default Web site folder.

Important If the virtual directories are not re-created after 15 minutes, restart the computer.
Reset the access permissions to Anonymous. To do this, follow these steps:
Start IIS Manager, right-click ExchWeb, click Properties, and then click the Directory Security tab.
Under Authentication and access control click Edit, and then verify that the Enable anonymous access check box is turned on.
Click to select the Integrated Windows authentication check box, click OK, and then click Apply.
If an Inheritance Overrides dialog box appears, click Select All, and then click OK.
Under Authentication and access control, click Edit, and then click to clear the Integrated Windows authentication check box.
Click OK two times, and then quit IIS Manager.

Use a Web browser to verify that you can connect to your Outlook Web Access server. If you are also running other mobility services, verify that you can connect to these services by using an appropriate client.