For several years, I've known that I have a Windows Live SkyDrive account with 25 GB of free storage. However, I never actually tried to use it. Today I tried to use it and I see what's the catch: it's too annoying for storing large amounts of data.
I was hoping to upload all of my photos. Theoretically, it seemed like a good idea. The photo viewer is great, the per-file size limit is not an issue, and the overall size is more than other free services allow but only a fraction of the 25 GB limit.
The first problem is that the web uploader is quite limited. It can't upload folders, so I would have to manually create them and upload their contents. It doesn't even support drag and drop, except for in IE. Since uploading would be a lot of work, I rejected this option.
Then I learned that SkyDrive can be accessed via WebDAV and mounted as a drive in Windows. (It uses proprietary Passport authentication, so I'm not sure if any other clients can access it.) This was easy once I sorted out some firewall issues. Unfortunately, only document file types can be uploaded. Attempts to upload JPEG images and archives result in an error telling me that the file "is too large for the destination file system". It's not a file size issue because it happens with small files. I guess Microsoft only wants the WebDAV access to be used for Office documents.
Since PDFs are supported, I thought about using using them. JPEG images can be included in PDFs without re-encoding, and PDFs also support attachments for other file types. However, this is a kludge without any benefits besides WebDAV access, and so I decided to try ordinary multi-part archives instead.
Archives can be uploaded via the web interface, and files of 104,857,600 bytes (100 MB, 100 * 2^20) may be uploaded. Unfortunately, this is unreliable. The Silverlight uploader only seems to allow one 100 MB file to start uploading in a batch, and even that file seems to stop before the end. The upload seems to complete successfully, because the downloaded file is bit-identical to what I uploaded. The classic form based uploader also fails before the end, and I'm not sure if it's usable for large files.
Friday, September 23, 2011
Some per-service firewall rules don't work in Windows 7
The Windows 7 Firewall with Advanced Security allows you to specify a service in addition to a process. This is important because many services run under svchost.exe. Rules which simply reference svchost.exe may be too broad.
This works well with the Windows Update and Windows Time* services. When outbound connections are disabled by default, rules can be created to permit those services. However, it doesn't always work.
In the past I spent a lot of time trying to figure out how to permit Windows Media Center schedule updates. I guess that part of the update is via the Background Intelligent Transfer Service (BITS). I said "I guess" because "netstat -b" sometimes showed them using the User Profile Service (ProfSvc), which doesn't make sense. Rules which permit outbound communication from BITS, ProfSvc, and even a large number of other services never accomplished anything. I finally gave up and created a rule permitting outbound communication on port 80 by svchost.exe (without specifying a service).
I was just trying to figure out how to allow the WebDAV client through the firewall. It obviously uses the WebClient service. In this case "netstat -b" also shows this. However rules permitting outbound communication by the WebClient service do nothing. I was forced to create a rule permitting outbound communication by svchost.exe on port 443 for SSL WebDAV access.
I'm not sure if these are bugs or intentional limitations. When creating a rule for svchost.exe, I am warned that "Windows services have been restricted with rules that allow expected behavior only. Rules that specify host processes, such as svchost.exe, might not work as expected because they can conflict with Windows service-hardening rules." Maybe Microsoft chose to not permit rules involving BITS and WebClient because they are general purpose communication services which could also be used for malicious purposes. However, it doesn't make sense that a rule specifying svchost.exe and a particular port is allowed, but when the rule is further narrowed by specifying a service, it is ignored.
* If Windows Time Service is not allowed Internet access, the first "Update now" attempt will fail with a timeout. However subsequent attempts may appear to succeed, and the time when the clock was synchronized will be updated.
This works well with the Windows Update and Windows Time* services. When outbound connections are disabled by default, rules can be created to permit those services. However, it doesn't always work.
In the past I spent a lot of time trying to figure out how to permit Windows Media Center schedule updates. I guess that part of the update is via the Background Intelligent Transfer Service (BITS). I said "I guess" because "netstat -b" sometimes showed them using the User Profile Service (ProfSvc), which doesn't make sense. Rules which permit outbound communication from BITS, ProfSvc, and even a large number of other services never accomplished anything. I finally gave up and created a rule permitting outbound communication on port 80 by svchost.exe (without specifying a service).
I was just trying to figure out how to allow the WebDAV client through the firewall. It obviously uses the WebClient service. In this case "netstat -b" also shows this. However rules permitting outbound communication by the WebClient service do nothing. I was forced to create a rule permitting outbound communication by svchost.exe on port 443 for SSL WebDAV access.
I'm not sure if these are bugs or intentional limitations. When creating a rule for svchost.exe, I am warned that "Windows services have been restricted with rules that allow expected behavior only. Rules that specify host processes, such as svchost.exe, might not work as expected because they can conflict with Windows service-hardening rules." Maybe Microsoft chose to not permit rules involving BITS and WebClient because they are general purpose communication services which could also be used for malicious purposes. However, it doesn't make sense that a rule specifying svchost.exe and a particular port is allowed, but when the rule is further narrowed by specifying a service, it is ignored.
* If Windows Time Service is not allowed Internet access, the first "Update now" attempt will fail with a timeout. However subsequent attempts may appear to succeed, and the time when the clock was synchronized will be updated.
Thursday, September 22, 2011
Brown polarized sunglasses are great!
I used to wonder why someone would want brown or amber sunglasses. Why add a colour cast to everything? Now I know. The colour:
Polarization is also an important enhancement. It:
When buying polarized sunglasses, it's important to check whether the effect works well. Turn the glasses and block some reflections. Cheap glasses may not be able to block reflections very much, or the blocked reflections may show a strong purple colour cast.
- decreases sky brightness, equalizing the overall brightness of the scene
- removes glare, while still making the scene appear bright in a pleasant way
- accentuates green foliage and various other colours
- makes hazy days seem sunnier
- helps decrease glare when driving toward the sun
Polarization is also an important enhancement. It:
- decreases the intensity of annoying bright reflections from non-metallic surfaces, such as reflections from the paint of cars or bodies of water
- increases colour saturation by removing reflections (Foliage reflects a lot of light, and looks much greener when that reflection is blocked. Water surfaces also reflect light, and when that reflection is blocked, the colours of the water itself stand out.)
- makes the sky darker and bluer in certain directions, making clouds stand out and helping equalize the overall brightness of the scene
When buying polarized sunglasses, it's important to check whether the effect works well. Turn the glasses and block some reflections. Cheap glasses may not be able to block reflections very much, or the blocked reflections may show a strong purple colour cast.
Subscribe to:
Posts (Atom)