Not Good Enough

By default the Start menu in Windows XP looks quite different to Windows 2000. I quite like the new menu – I find it increases my productivity. However, some people prefer the old style Start menu. Nothing wrong with that – Windows XP has an option to change to the “Classic Start menu”.

Now, to reduce training costs (or because the management in IT don’t like change), some organisations want to make the Classic Start menu the default. Again, nothing wrong with that. The problem is that the normal way of doing this is to set the Explorer option NoSimpleStartMenu via the registry or Group Policy (where it’s called “Force classic Start Menu”). Unfortunately, when you set this entry you don’t just make the classic the default, you also disable the new “Simple Start menu” so no-one can use it.

Now I get given my new PC at work. I log in and see the classic Start menu. I then go to change it to the new simple Start menu and I can’t because that option isn’t available anymore. Not happy Jan.

I mean didn’t someone at Microsoft think that perhaps there should be an option to set the classic Start menu as the default but allow users to choose the simple Start menu if they wanted? Would that be such a revolutionary idea?

It’s just not good enough!

Some organisations choose to use a Packeteer PacketShaper on their Internet link. This gives them some rudimentary reporting and the ability to shape their Internet traffic*. When doing this it’s important that the box is secured. One of the steps in securing a PacketShaper is to not allow management access over the outside interface (called securing the interface). Some models also have a MGMT interface. So, why not connect the MGMT interface to the local network and then disable all management access to the Inside and Outside ports. That should allow us to manage the device internally while keeping it safe from all the script kiddies.

Unfortunately, no. To quote the page Specify Security Settings in Packeteer’s PacketGuide:

“Enable/disable access to the unit over the inside and/or outside interfaces (for example, ping, Telnet, or web access). The MGMT port (available on certain models) is considered an outside port. Therefore, securing the outside interface will secure the MGMT port as well.”

Now, some might call me stupid (and may do), but for the life of me I cannot think of any reason why the MGMT port should be linked to the Outside interface. I can think of a reason why it shouldn’t – so I can secure the Outside interface and use the MGMT port to manage the device.

What I can’t figure out is why Packeteer decided to do it the way they did.

It’s just not good enough!

* Shaping traffic like streaming video down to less than 1Kbps is popular. It means that IT can hold their hand on their heart and swear to all things holy that they aren’t blocking such traffic – while making such applications unusable.

I have seen this several times. You buy a new IBM server (perhaps a xSeries 3650) and connect to the Remote Supervisor Adapter. After logging in you get the error:

The firmware on this ASM does not include functionality to support this server. You can update its firmware on the next page. Click “OK” to continue. 

See the screen shot below for an example:

How hard can it be to ship a server with a working RSA adapter? I mean all they have to do is make sure it has the appropriate firmware.

It’s just not good enough!