Looking though Seloc just now I followed a link to a great article by Steve McQueen from a 1966 edition of Sports Illustrated. He talks about his love of racing and reviews eight of the best cars of the day. It’s a good read if you’re a car fan (or a Steve McQueen fan!), I’m not sure whether he wrote more, but if not he should have! :)
The article is hosted on mcqueenonline.com, and was provided to them by Wade Chitwood.
I’ve never really thought of myself as a Rolls Royce kinda guy. My fantasy garage has always been filled with machines from Sant’Agata, Gaydon or Hethel rather than Goodwood. Sport rather than comfort has always been what’s impressed me. After this weekend however I might be squeezing one of Goodwoods finest into my lottery win spending plan.
Last weekend I was a very very lucky guy. How it came about is a long story, but my girlfriend and I found ourselves with a fabulous ‘09 spec Rolls Royce Phantom for the weekend. A few hundred miles later and I’m smitten.
The first thing that struck me about the Phantom is it’s scale, it’s simply massive. I’ve seen them up close before, but it’s always a surprise. It carries it’s size well though, projecting a huge amount of presence wherever it goes. On the road it seems somehow smaller. It’s odd you’re always aware of it’s size, but it seems natural. That’s not to say that narrow roads and when parking don’t focus the mind though!
With the only requirement on us a request to put at least 400 miles on the clock, on Sunday we headed out on a road trip to my parents house in London, stopping off to to see friends and family on the way. It’s a journey that takes us across some great Sussex A and B roads, a 40 minute burst of motorway then a few miles of busy town roads. The ease with which the Phantom covered those miles was shocking. The ride is so smooth and the cabin so comfortable that time just flies by. It seemed like every time I glanced at the (rather good) sat-nav we’d devoured another 10-15 miles off the route. If you needed to get from one side of Europe to the other I can’t think of a better way to do it.
Climbing into the cabin you soon notice the attention to detail that’s gone into the Phantoms design and construction, it’s a wonderful place to be. Our car was trimmed in white leather with black lacquered wood and black carpets which, lush as they were, also had thick rugs for good measure. Every surface inside is perfectly finished. The stitching in the leather is millimetre perfect no matter how long the seam and the chrome and wood are like mirrors.
The real fun starts at night, with dials and buttons being sharply lit, and subtle lighting around the cabin adding an almost art deco feel. It’s hard to describe, and photo’s don’t really do it justice. In the back, the headliner has hundreds of fibre optic strands sewn into it, giving the roof it’s own ‘star light’.
Whilst I didn’t drive – the car was entrusted to my girlfriend only unfortunately – the driving position is high and comfortable. The view is dominated by the long bonnet and Spirit of Ecstasy mascot. You tower above other cars, with even big Mercedes and BMW’s seeming small (and dare I say insignificant!).
In front of you the dash has a large centre speedometer, with fuel and fluid gauges on the right and the and a ‘Power Reserve’ dial on the left. No rev counter for the Phantom then, just a guide letting you know just how effortless your progress is. And with a 6.75 litre V12 providing the go, any sensible progress really is effortless. Despite it’s size the Phantom is a very quick car. Not sporting, but quick none the less. By contrast even at motorway speeds there’s next to no noise. Whilst there’s the underlying sound of a car running, it doesn’t really change with speed. 70mph isn’t noticeably louder that 30mph. A single seats air conditioning is easily louder than the wind noise even at speed.
What more can I say? I’ve been very fortunate over the years to have driven and been in some pretty special cars. Not much has impressed me as much as the Phantom. Maybe it’s because I’d usually be more interested in performance than luxury, but the Phantom left quite an impression.
Having the Phantom for the weekend was probably a once in a lifetime opportunity. Hopefully I’ve done it justice here! Needless to say, the Monday morning commute in my daily drive Peugeot was particularly long and uncomfortable the following day. I’d really like the Phantom back.
I just read a good article with some first impressions of Google’s Voice service. It’s worth a read and cover most of the good and bad points.
If you’ve not come across Google Voice (GV) before it provides you with a single phone number that you can link to multiple phones – for example your mobile, home and work phones. When someone calls your GV number all phones ring until you pick one up. GV will also forward text messages to mobile phones.
Through the web interface you can setup groups for your contacts and set behaviours for voicemail etc. on those groups. It also does things like transcribe voicemails.
It’ll be a few months before it’s available here in the UK, but I can’t wait as I have a couple of numbers that I use and consolidating down to one number will be fantastic.
Anyways, take a look at the post here:
I’ve a couple of posts now about Windows 7 DirectAccess (here and here), and particularly about it’s use of IPv6. It’s all been fairly technical, but despite the title of one of those posts I’ve only briefly touched on what DirectAccess is and why you might want to use it in your organisation. So here goes…
There are a few trends to consider when you think about DirectAccess (DA) as it’s been built to answer some of the challenges that they pose. The first is Mobile Working.
In my experience over the past few years the amount of mobile workers, or at least those that are equipped with laptop computers to allow them to work remotely, has been steadily increasing. With home broadband now available to most people, wireless networks common in peoples homes as well as in hotels and airports, peoples ability to work out of the office has never been greater. And with them goes your corporate data, whether that be on their laptop, or a USB key or in an email to their GMail account – applying security closer to your data will become more important as time goes on.
Another trend to think about is cloud computing. ‘Cloud’ is the new buzzword these days but it covers a wide range of topics. The chances are most big companies are already using cloud services of some sort, whether that’s full on Google Enterprise or a Message Labs email filtering service. Either way, that sort of managed or outsourced service will be a big factor over the next few years, and they introduce a few new things to consider. First, relying on systems and services that you don’t have on your network, or managed by your guys, means that again security needs to be moved closer to those systems and the data they contain. Secondly, if the services your end users access are out on the Internet somewhere perhaps the best way of accessing them remotely might not be via your corporate network. Mobile clients may need to access both your network and the wider internet at the same time.
These trends combine with a third which is around the changing nature of the security perimeter around corporate information. On the DA class I went on at Microsoft they referred to this as ‘re-perimeterisation’ which I think is a much better term than ‘de-perimeterisation’ which is favoured by the Jericho forum. Whilst this is a big subject in its own right, the gist is that the traditional model of securing your information by firewalling off you network and relying on that perimeter to protect your systems hasn’t been sufficient for a couple of years now. We need to start moving security in towards the host and the data.
So how does DirectAccess help with all this?
Well DirectAccess provides your organisations remote computers with transparent access to both the Internet and your corporate network. If a DA enabled laptop connects to the Internet, a connection to the corporate network is automatically established at the same time. This connection is authenicated against both the computer and the user, and secured using IPSec between the client and corporate resources it accesses (not just between the client and the gateway).
The computer can be authenticated either using a machine certificate issued to validated it’s from your domain, or by a health certificate from a Network Access Protection system to validate that the computer is ‘healthy’ (patched, AV’ed) enough to enter your network.
As DirectAccess launches the corporate network connection automatically the end user experience is… well… invisible. They just logon as usual and they’re connected (assuming that they have internet access of course). What’s more, the connection to the corporate network does not compromise their general internet connectivity – or visa versa. You can specify the namespace of your internal network (for example intranet.mycompany.com) and any applications that attempt to access resources within that namespace are directed to internal DNS servers to ensure that the right resources are accessed.
Because DA connectivity is ‘always on’ computers connected in that way are much easier to manage and support. With traditional VPN access solutions the remote laptops are only really manageable if and when the VPN is connected, meaning maintenance and patching tasks can be hard to achieve. DA clients are visible to to any internal systems of support teams. Patches can be applied, applications delivered and remote control tools used.
As DA can establish a corporate connection before the user has even logged on you also get the benefit of being able to apply changes to group policy and update the mobile users security token etc. just as if the user was in the office.
So in short, DirectAccess has the potential to greatly improve both the end users remote working experience, and the IT groups ability to support those remote users. It’s good stuff (but you might want to read about some of the pre-requisites!).
The other day I posted some some information about the DirectAccess features of Windows 7 and Windows Server 2008 R2. DirectAccess offers some fantastic functionality for mobile workers, making remote access to corporate systems completely seamless.
When setup, DirectAccess provides simultaneous connectivity to both the Internet and the corporate network. If the client is connected to the Internet, it’s connected to the corporate network. This allows mobile workers to access the corporate resources they need and allows IT groups to better manage and support remote computers. It’s requirement for IPv6 however is a little bit scary.
I’ve never really delved into IPv6 in any detail, it’s always been one of those things that I’ll get around to later. To be honest I don’t know a whole lot more about it now, it’s a huge subject and I hadn’t appreciated just how different is was from IPv4. I don’t want to go into too much detail here as there’s tonnes of info out there already. There are a few interesting things to consider in the context of DirectAccess though.
Whilst the networks like the Internet run quite successfully on IPv4, the 32-bit address space it offers is actually pretty small. This means that most of the computers accessing the internet probably don’t have addresses that are publically addressable. Of course this could be seen as a benefit to security, but if you want to access these machines for genuine reasons (management etc.) the fact these computers aren’t globally addressable is a real problem. Oh, and the the last estimate I saw predicted that the public IPv4 address range will run out in 2 years!
The solution for these problems is IPv6. It offers a 128-bit address space, which is simply h u g e. I heard somewhere you could effectively give every grain of sand on earth an IP address or two and not worry about it. It also has IPSec security built in (existing IPv4 solutions are retrofitted from v6) to provide better, more granular, security and supports much better prioritisation of traffic.
So IPv6 sounds great… but a full implementation is a huge change for networks designed and built to run IPv4. A lot of network kit just wouldn’t work within a native IPv6 environment. So a full IPv6 implementation is more of a long term goal, fortunately there are a few transition technologies available to help IPv4 and IPv6 co-exist.
From Vista onwards, Windows has shipped with an IP stack that supports IPv6 natively. In fact, Windows now favours IPv6 and will use it to communicate with other Vista/2008/7 nodes if it can. To allow IPv6 traffic to pass thorough existing IPv4 networks, IPv6 can be encapsulated within IPv4 packets. Again, Windows will automatically encapsulate IPv6 should it determine that there is IPv4 connectivity between two IPv6 nodes (it can also be forced).
The encapsulation is done using the following technologies:
ISATAP – Used to provide unicast communication between IPv6/IPv4 hosts across an IPv4-only intranet.
6to4 – Used to provide unicast communication between IPv6/IPv4 hosts and IPv6-capable sites across the Internet (which is IPv4).
Teredo – Used to provide unicast communication between IPv6/IPv4 hosts across the IPv4 Internet, even when they have private IPv4 addresses and are located behind a NAT (Network Address Translation) device.
IP-HTTPS – Allows IPv6 to be tunnelled in using HTTP with SSL as a transport, thereby allowing connectivity even if clients are behind a restrictive proxy or firewall. This is only available in Windows 7 and Server 2008 R2
For older equipment, there are also IPv4-IPv6 gateways that can be used to provide communication to equipment not compatible with IPv6.
DirectAccess uses these technologies to provide communication between the remote Windows 7 client and the Windows Server 2008 R2 DirectAccess server. They (well ISATAP specifically) is then used to allow traffic to traverse an IPv4 Intranet from the DirectAccess Server to the resources being accessed.
The solution looks roughly like this:
