Monday, November 21, 2011

Copy Cisco Disk Image via FTP

Tonight, I found myself having to copy the AnyConnect binaries from one ASA 5505 to another without a device on-LAN to TFTP to. I did, however, have a public FTP server that could use to move the data around.

This feature seems to be relatively un-discussed, so here is the syntax.

ASA/Router Binary: my-win-package-k9.pkg
FTP Server:
FTP Server User Name: aarong
FTP Server Password: password1

copy disk0:my-win-package-k9.pkg

Yes, it's really that simple. Would have been nice if someone told me.

Thursday, September 22, 2011

The Underbelly of Economics No One Talks About

It's the economy, stupid.

Truer words have never been spoken in a political context.

I find it unfortunate that both political parties spend more time in demagoguery than speaking the truth that will set the U.S. economy free. There are a few principles that I'd like to soapbox about for a few minutes:

  1. Supply and demand. It's the basis of capitalism--more demand than supply causes prices to go up; more supply than demand causes the inverse. Scarcity and price are in lock-step. Relatively simple on the whole; it, unfortunately, lends itself to monopoly and supply manipulation (for example--oil companies. They can single-handedly control how much their product costs and their profit margin by artificially restricting supply).
  2. Competition. Another cornerstone of capitalism is competition--more people making the same thing drives the price down; fewer providers of said good or service causes the price to go up.
  3. Productivity. This is the differentiating factor between companies providing the same product or service--the more productive a company's workforce, the lower it can price its product or service (see #2) and use that price advantage to gain marketshare.
  4. Investment. Money used for the development and growth of a company can be spent in a few different areas, such as: equipment (computers, desks, chairs, machinery), facilities (buildings or building improvements, land), labor (employees or contractors), research and development, or marketing.
  5. Taxes. They make the world go round; they're the bane of business and wage-earner alike.
That's really the foundation of our economy. Or is it?
The debate over taxes and the effectiveness of economic stimulus has reached the point where neither side has any new information to add--they just keep repeating the same talking points over and over again, hoping that their arguments will eventually wear someone down into agreeing with them.
That being said, I'd like to start off with my take on how our economy works.
In our credit-based economy, corporations utilize a variety of private investment capital, stock issues, and loans to do everything from acquire inventory to pay salaries. According to monetarists, managing the interest rates on borrowing and the total money supply is the key to managing the speed of economic growth. Higher interest rates and less money in the economy means it costs more to borrow and invest in and grow the company; lower interest rates mean it's cheaper to borrow money in an attempt to grow the company or cover day-to-day expenses.
The Federal Reserve Board controls this core interest rate. As William McChesney Martin, the longest-serving and most notable Federal Reserve Chairman once said, the job of the Federal Reserve is to "take away the punch bowl just as the party gets going," meaning, that raising interest rates and tightening the money supply is necessary in a robustly-growing economy to help prevent bubbles and unsustainable growth.
Martin knew a thing or two about how money worked--he became a partner at A.G. Edwards after having only worked there two years and earned himself a seat at the NYSE. Having studied economics at Columbia for 6 years and been president of NYSE, he understood exactly how capital markets functioned and how to keep an even keel on business.
With those concepts in mind, managing interest rates and money supply are traditionally the only tools that the Federal Reserve has to be able to manipulate the economy (policies such as quantitative easing will be put in the parking lot for the purposes of this discussion).
The problem that our economy now faces is bigger than managing interest rates. If monetary policy was really the cure to economic woes, certainly lowering the interest rate to 0% would cause companies to borrow and invest like gangbusters, since they would have all this free money. Unfortunately, we've seen that monetary policy alone cannot bring a country out of a recession.
Many people credit Roosevelt's Keynes-influenced New Deal with infusing the U.S. economy with enough money to grow out of the problem. While many economists debate whether it's true or not, I think there's strong evidence to support that thought (at least in part).
In current political dogma, Democrats think in Keynesian terms--by injecting massive amounts of cash into public works projects, the government can drive up employment, which will turn the unemployment-collectors into taxpayers. Republicans think in Reaganomic or supply-side terms--that lowering the tax burden on the wealthy and corporations will cause them to spontaneously start investing and hiring more people.
Critics of the Democratic policies point to Obama's stimulus as "failed," proclaiming that hundreds of billions of dollars were spent to achieve minimal growth and have incurred large deficits along the way. Defenders of the stimulus plan point to reports that millions of jobs were at a minimum, saved, and that it sped up economic recovery.
Critics of supply-side economics (such as myself) will point to the fact that income and investment taxes are at their lowest level in decades and that the Fed has set the funds rate near 0% (it's been there for nearly 3 years), and we are still having massive unemployment problems. Defenders of those policies say that we haven't cut taxes to the point where it incents employers to create jobs.
I personally believe that the stimulus package, while large, was not large enough. A good portion of it was actually diverted into investments in Chrysler and GM, which staved off an enormous crisis. I think what we really needed (and still do) is an influx of around a trillion dollars. Most economists believe that, at its best, our economy was flourishing with about a 4.5-5% unemployment rate. In Keynesian economic thought, the stimilus should be big enough to simulate economic output of our nation operating at an optimal unemployment rate. In layman's terms:
Consider our country as having 100 citizens. At our peak output, 95 of them are employed making $1,000 per year, and 5% of them are unemployed. Then, at some point, disaster strikes, and our employment goes to 10%. We now have 90 people making $1,000 per year. The result is that there are 5% fewer people to buy the goods and services we are producing, which leads to fewer products being sold and eventually, layoffs. In Keynesian terms, we would need a stimulus package of at least $5,000 to put that 5% of people back into the labor force and both producing and consuming goods. The world is back at equilibrium.
While that's an overly simplistic view, it illustrates how Keynesian economic theory works. The problem that most economists see with the previous stimulus package is that it wasn't enough to drive the employment of the extra 3 or 4% of the unemployed labor force. Instead, a smaller bill was passed--it may have softened the blow, but we still got hit with a sledgehammer.
Of course, Republicans (and Tea Partiers, in particular) point to the fact that $800bn was spent for nominal effect; Democrats say that it was like a bandaid on an amputation--too little too late.
In order to jump start the economy, Republicans continue the supply-side economic mantra--lowering taxes will create jobs. The problem is the same one that the Fed is having with its monetary policy--the rates are low, but it's not causing investment.
I think that we could have near zero taxes and still not create a meaningful amount of jobs. The problem that we're in now is that we have a workforce fearful of losing their jobs. Corporations have discovered this fear, and have piled more and more work on their employees while cutting pay and benefits. Employees are now working harder for less, driving up productivity and adding to the company's bottom line. As long as companies can continue to squeeze work out of their existing labor force through fear, there's not going to be a meaningful positive change in unemployment.
I believe that the only way out of this downward spiral is a truly massive influx of cash into public sector employment (especially infrastructure) to drive demand for other goods and services to a level that companies are forced to hire more workers to meet that demand. Getting the unemployment down a few points by itself isn't enough--it needs to be large enough to cause us to exceed our current economic output capacity, which will then cause the private sector to create jobs to meet that demand. Employers aren't going to create jobs until they know there will be a sustainable demand for their products and services.
The large anti-government crowd are naive pawns being used by conservative politicians to promote a lower-tax agenda. Unfortunately, most of us will never make the kind of money to be impacted one way or another by increasing the marginal tax rate on income over $1,000,000 or raising the capital gains tax. The trickle-down economic policies don't work--the rich keep their wealth or move it overseas to avoid being taxed; they don't create jobs with it.
In the end, we need a balanced approach--something that neither side of our polarized political system is interested in pursuing.

Wednesday, August 24, 2011

Set "Password Never Expires" for Microsoft BPOS Standard Accounts

Cries of joy are ringing throughout the Microsoft BPOS Partner community--the ability to set "Password Never Expires" for BPOS Standard Accounts has *finally* been released. Previously available only for BPOS-D customers, Microsoft has ported the command to the newest update of the Microsft Online Services Migration Tools (available for x86 here and x64 here).

So, once you've downloaded and installed the updated tools, how do you avail yourself of this helpful feature?

Set "Password Never Expires" for All Enabled Users
1. Open Migration Command Shell.
2. Copy/paste the following commands:

$cred = Get-Credential
Get-MSOnlineUser -enabled -Credential $cred | Set-MSOnlineUserPasswordNeverExpire -Credential $cred -PasswordNeverExpire $true

Drop in your BPOS administrative credentials (in the form of and password) in the pop-up dialog box when prompted.

Wednesday, July 20, 2011

Windows XP Automatic Updates service is missing

Recently, there have been a rash of "fake antivirus" viruses and trojans floating around the internet. Two of the more frustrating issues:

- Why are all my icons hidden?
- Where the heck did my Automatic Updates service go?

- Why am I getting Windows Update Error 0x80072EFE?

The icons hidden one is fairly benign and relatively easy to resolve:
1. Open Windows Explorer.
2. Select Tools > Folder Options.
3. Select the View tab.
4. Select the Show hidden files and folders radio button and click OK.
5. From Windows Explorer, navigate to C:\.
6. Right-click on the folder "Documents and Settings" and click Properties.
7. Clear the "Hidden" checkbox.
8. When prompted, choose to apply to all subfolders and files.

As far as the Automatic Updates issue goes, it's a little trickier. These particular strains of malware do everything from unregister DLLs to removing the Windows Update service altogether. Most of the time, the solution involves one or more of the following tasks:

- Re-registering the WUAU DLLs
- Re-registering Internet Explorer DLLs
- Deleting the cached update downloads
- Resetting the cryptographic service database

Copy/paste the following script into Notepad and save it as a .bat file:

net stop wuauserv /y

net stop bits /y
net stop cryptsvc /y
ren %systemroot%\system32\catroot2 catroot2_old
rd /s /q %systemroot%\SoftwareDistribution
regsvr32 /s actxprxy.dll
regsvr32 /s atl.dll
regsvr32 /s browseui.dll
regsvr32 /s cdm.dll
regsvr32 /s cryptdlg.dll
regsvr32 /s dssenh.dll
regsvr32 /s gpkcsp.dll
regsvr32 /s initpki.dll
regsvr32 /s iuengine.dll
regsvr32 /s mshtml.dll

regsvr32 /s msxml.dll
regsvr32 /s msxml2.dll
regsvr32 /s msxml2r.dll
regsvr32 /s msxml3.dll
regsvr32 /s msxml3r.dll
regsvr32 /s msxmlr.dll
regsvr32 /s oleaut32.dll

regsvr32 /s qmgr.dll
regsvr32 /s rsaenh.dll
regsvr32 /s sccbase.dll

regsvr32 /s shdocvw.dll
regsvr32 /s slbcsp.dll
regsvr32 /s softpub.dll

regsvr32 /s urlmon.dll
regsvr32 /s wintrust.dll
regsvr32 /s wuapi.dll
regsvr32 /s wuaueng.dll
regsvr32 /s wuaueng1.dll
regsvr32 /s wuauserv.dll
regsvr32 /s wucltui.dll
regsvr32 /s wups.dll
regsvr32 /s wups2.dll
regsvr32 /s wuweb.dll

net start cryptsvc
net start bits
net start wuauserv

Run. The "Automatic Updates" service should now be visible in the Services applet.

Friday, May 20, 2011

Internet Explorer 8 and the continuous "Manage Add-Ons" Prompt

While trying to deploy the Microsoft Online Services Single Sign-On Tool for a customer migrating to BPOS, I found myself sitting at a customer's computer banging my head against the wall. When I'd launch the tool and sign in as the user, I kept on getting the "Unable to prepare certificate" error.

The MSOL tool is dependent on a number of things:
- .NET Framework 2.0 or later
- Correct time (within 5 minute skew of the MSOL servers)
- Internet Explorer as your default browser

I was OK on the firsts two items, but I had noticed that my customer had installed both Firefox and Chrome. No big deal, right? I launch IE and set it as the default browser and attempt to reconfigure the sign-on tool (to no avail).

I proceed to follow the traditional troubleshooting steps:
- Uninstall/reinstall Online Services Single Sign-On Tool
- Uninstall/reinstall .NET Framework from 4.0 down to 2.0 and back again
- Reset IE to default settings.

Neither of these fixed my problem.

I launched IE and was faced with what I thought was an annoyance--the "Manage Add-Ons" window kept popping up with my default search providers. I'd set it, close IE, restart, and get the dialog box again.

I thought, "Now I'm getting somewhere." I thought maybe there was a piece of malware affecting the customer's system, so I downloaded one of my favorite programs, ran a scan, and didn't find anything.

In the end, I stumbled upon a tip from another hapless soul facing my same problem:

1. Make sure all IE windows are closed. To be sure, you can open a command prompt and run taskkill /im iexplore.exe /f .
2. Open Regedit.
3. Navigate to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders.
4. Right-click, point to New > Expandable String Value.
5. Type AppData and press ENTER.
6. Double-click the new AppData value and enter %userprofile%\Application Data and click OK.
7. Try launching IE again.

Wednesday, February 2, 2011

Exchange 2010 Messages Stuck in Retry status in "MapiDeliveryQueue"

In case your Exchange admin life wasn't difficult enough, you can always have this problem, manifested with the following symptoms:

- Mail delivery hung
- Messages stuck in local delivery "MapiDeliveryQueue" with a status of "Retry"

Classic tactics such as restarting the server or right-clicking the queue and selecting "Retry" have no effect.

The key here is that Exchange 2007 and later treat these messages differently than standard SMTP queues. In order to process these messages, they need to be re-submitted using the following Exchange cmdlet:

Retry-Queue -Filter {Status -eq "Retry"} -Server "exchangeserver" -resubmit $true

The default re-submit queue time is 12 hours. To modify this:

1. Using Notepad, edit the file: C:\Program Files\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe.config.
2. Modify the following line in the section:

<add key="MaxIdleTimeBeforeResubmit" value="<hh:mm:ss>"/>

3. Save the file.
4. Open up the Exchange Command shell and run restart-service *rt

Saturday, January 22, 2011

IIS 6.0 404 Error for a file you *know* is there

This morning I was doing some maintenance on a customer's machine and needed to reinstall the application. The customer site is closed, but the work still needs to be done. I had a copy of the ISO media available on a server in our office, so the solution seemed obvious: drop it on a web server and pull it down from the client's machine.

So, I created a directory on one of our web servers, placed the ISO file there, and turned on "Directory Browsing" for that directory. I then logged into my customer's machine and navigated to the site and found the file. I right-clicked on the file, hit "Save Target As..." and ....

Internet Explorer cannot download myfile.iso from
Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later.

I went back to the site and this time, just clicked on the file name, and was greeted with the generic 404 message.

Fortunately, the solution is very simple and only takes a few seconds.

1. Open up IIS Manager.
2. Navigate to the web site (if you don't want to change the setting for the entire web server, you can just navigate to the directory path off the web site).
3. Right-click > Properties on the website (or directory).
4. Select the "HTTP Headers" tab.
5. Select the "MIME Types" button.
6. Click the "New" button.
7. Add the extension type (in my case, ISO).
8. Add the MIME type (in my case, application/octet-stream).
9. Click OK three times.

Try to re-download the file in your browser.

The reason for this behavior is described in detail in the IIS 6.0 documentation here.

Tuesday, January 4, 2011

How to fix a bad/corrupt/hidden source in Cydia

I was adding a new Cydia repository the other day to my iPhone and apparently mistyped something. I deleted it from the GUI, but every time I went to search Cydia for an application or manage my source list, I received an error that the repository was unavailable and then received the following error:

Sub-process bzip2 returned an error code (2)

Fortunately, there's a way to fix it. You'll need a few pieces of software:

  1. Make sure you have SSH access to your iDevice When you installed Cydia, you had the option for which tool sets you wanted. If you didnt' select a tool set that includes command-line tools, you'll need to install those first (OpenSSH is the main piece that's required). If SSH isn't working, you'll need to reinstall it and then respring your device.
  2. Test your SSH login credentials by using an SSH client such as putty connecting to your device's WiFi address and logging in as 'root.' If you have not changed the root password, the default is 'alpine.'
  3. Using a secure copy client (such as WinSCP), connect to your iDevice and navigate to /private/etc/apt/source.list.d.
  4. Right-click > Edit the cydia.list file, remove the offending line, and click Save. Close the WinSCP editor.
  5. Navigate to /private/var/lib/cydia.
  6. Copy the metadata.plist file to your computer.
  7. Using plist editor, open the metadata.plist on your computer.
  8. Search for the repository you need to remove. The line will look something like deb:http://repositoryname/:./
  9. Select and delete down to the next key tag. Your selection should start with an open key tag and end with a close dict tag and should contain approximately 9 lines of data.
  10. Copy it back to /private/var/lib/cydia and overwrite the existing file.
  11. Navigate to /private/var/lib/apt/lists and delete the files starting with the name of the source you wish to remove.
  12. Navigate to /private/var/lib/apt/list/partial and do the same.
  13. Close WinSCP and respring your iDevice.