Dealing With Unfused JCOP Java Cards Sold from AliExpress or eBay

Recently I acquired a set of 5 JCOP J2A040 Java Cards with the intention of loading the GidsApplet on them for Windows Smart Card Logon with an Active Directory Domain Controller.

Upon receipt of the smart cards in the mail, I’ve ran into this error with GlobalPlatformPro:


pro.javacard.gp.GPException: STRICT WARNING: Unfused JCOP detected
at pro.javacard.gp.GlobalPlatform.printStrictWarning(GlobalPlatform.java:184)
at pro.javacard.gp.GlobalPlatform.select(GlobalPlatform.java:213)
at pro.javacard.gp.GPTool.main(GPTool.java:334)

After a few hours spent with Google and various search engines and some trial and error, I’ve put together an explanation on what an unfused JCOP card really is and how to perform the pre-personalization steps that a card manufacturer would have taken to enable the GlobalPlatform Card Manager so a developer can load a .CAP file on to the card for the end user to use.

Continue reading “Dealing With Unfused JCOP Java Cards Sold from AliExpress or eBay”

Windows Azure Pack Update Rollup 5

This morning Microsoft pushed out update KB3023209 out to the Updates channel. This update is meant for systems running Windows Azure Pack in their private cloud.

The full text of the update is as follows:

This update contains functionality fixes. Among them are: 1) Support for SQL Resource Governor in the SQL Server Resource Provider. 2) Admin support for disabling native Virtual Network Extension to allow for 3rd Party Network Providers. 3) Provide detail on VM Memory type, Memory Startup and Maximum values in the Tenant Portal. 4) Fix to the Get-MgmtSvcRelyingPartySettings PowerShell cmdlet. 5) Fix to the issue of failing to establish an RDC (Remote Desktop Connection) to VMs placed behind a NAT. 6) Fix to the โ€œAttached Networkโ€ dialog in the Virtual Machines Extension where the network entries in the list were disabled. 7) Support for increasing capacity of SQL hosting server in WAP.

For clouds that also run Windows Azure Pack Web Sites v2, sorry there aren’t any updates on that for this rollup release.

As always when it comes to applying this update – You gotta bring down all of the machines that serve out Windows Azure Pack before installing the update – you don’t want your tenants messing up things while you’re applying updates.

Hyper-V Generation 2 Support for Linux Guests

Recently Microsoft announced Generation 2 Virtual Machines which really is an UEFI guest without the emulated PCI bus. Initially the only supported Operating Systems were:

  • Windows 8 (Integration Services Update Required)
  • Windows 8.1
  • Windows Server 2012 (Integration Services Update Required)
  • Windows Server 2012 R2

Well, now you can add pretty much any Linux distribution to the list right now. Thanks to the hard work being done by the Linux Integration Services team, they’ve got the mainline Linux kernel working right on Hyper-V under a Generation 2 platform. However the only distribution that will install correctly inside a Generation 2 Virtual Machine is OpenSuSE 13.1.

However if you want your Linux distribution to run inside a Generation 2 VM right now, you’ll have to install it manually via debootstrap or something similar. One thing to keep min mind is if your kernel is older than 3.11, you’ll need to either backport specific changes or upgrade to a newer mainline version of the kernel before you can even proceed to install your favorite distribution inside a generation 2 virtual machine.

Integration components wise, most of the modules will load just fine except hyperv_fb, the framebuffer device driver for Hyper-V guests. Unfortunately hyperv_fb is broken under a generation 2 VM hence why you’ll need to have EFI framebuffer support compiled in your kernel or you won’t get any video at all! The same goes for GRUB, it’ll also need efi_uga and efi_gop modules built in your bootx64.efi GRUB image. And oh, did I forget to mention that you’ll also have to disable Secure Boot as Hyper-V doesn’t support any way to loading public certificates into the Secure Boot database?

So if you want to take the plunge on having a Linux Generation 2 VM, be my guest. Start reading those git commit logs and start cherry picking! Remember, your mileage may vary. ๐Ÿ˜‰

A few words about native VHD boot on 4K/512e Hard Drives…

I’ve gone cruising on the Interwebs for “Windows 8 Haters” just for laughs recently and I’ve found this portion of a comment left on some random site’s blog quite amusing:

2) It was so slow it hurt. And i have a quad core i5 @2.6 with 4 gb ram.

Uhm… Okay… I’ll fire off a few questions I’ve got in my back of my mind:

  • Are you using a brand new hard drive with that?
  • Did it also have an AF logo slapped on it?
  • Did you also try to do what the masses would have done, test Windows 8 out on a VHD?

If you answered yes to all of the questions above, then you’d seriously need to re-think what you’re doing. For the average “tech-savvy” user, I’d go easy on them, I mean who would really spend their time reading the TechNet Library for kicks. ๐Ÿ˜‰

Pro tip for “speeding up” Windows 8 – Use the VHDX format to native boot into Windows 8 if you have a 512e disk. Doing so could greatly reduce the negative effects that RMW does on a hard drive. If you don’t know what RMW stands for and what the effects are, just think of it this way: If you have to make the disk read 2 physical sectors to address one NTFS block that spans across the 2 sectors, do you really think that it’s going to take longer to read that one sector? Heck yeah.

On the flip side, users who decide to hold out with Windows 7 or Server 2008 R2 are unfortunately out of luck. They can not native boot with a VHDX file at all. But they can boot the VHDX file under Hyper-V that’s for sure ๐Ÿ˜‰

VMware and their FUD

I’m talking about a post on VMware’s “Virtual Reality” blog detailing on how their solution is cheaper than Microsoft’s Hyper-V offering and how hard it is to “administer”.

The post in question is here.

Let me tell you this: Personally speaking, I find Microsoft’s Hyper-V v3.0 platform a pleasure to learn and toy with. Sure, Microsoft’s Hyper-V 3.0 is free, but we all know that free has a cost attached to it right? Yes there is. It’s called read the fine manual. Not to mention the cost of reading the manual, for the price of free you get the following features I can list off the top of my head for free:

  • Live Migration (Can also be done in a shared nothing setup)
  • Native 512e/4K sector disk support (also known as Advanced format)
  • Failover Clustering
  • 4TB of RAM on the host, 1TB of RAM per active VM

Do note the last part of where I’m making it a selling point. VMware’s free vSphere (aka ESXi 5.x) offering has an artifical limit of 32GB and some DIY desktops/workstations are getting to that limit, potentially higher when we finally see DDR4 platforms hitting the market anytime soon. Now the features above are also offered by VMware, but for how much? Certainly not free. Just go grab a free ESXi license key and plug it in, you’ll see what I mean pretty quick.

Unfortunately what VMware’s trying to convey here is that Microsoft’s Hyper-V solution is much more expensive than what their offerings are. What’s funnier is they also referenced to a post on Microsoft’s TechNet forums where a bunch of people complained that standalone Hyper-V Server is quite painful to use.

In reality, from the feedback I’ve gotten with one of the potential employers at career fairs, one of them said that VMware is probably the best out of all the virtualization solutions, but is the most expensive one out of the solutions they’ve looked at. We’ve made mention of other solutions such as KVM, but overlooked Hyper-V. Then again, this was a few months ago when nobody really bothered to look into Windows Server 2012’s Hyper-V solution as it wasn’t RTM’d yet.

Fast forward to GA, Hyper-V Server 2012 has been released for general consumption earlier this month for a price tag of free. But the issue with the free Hyper-V is due to the security bulit around it. This problem really is about people using the standalone offering in a Workgroup environment. In Hyper-V Server 2012, this really is a non-issue. If a wise person did read the manual and does know how to use PowerShell, administering it remotely or locally shouldn’t be a huge issue. Also, Hyper-V Server 2012 was meant for administrators who have a strong background in Windows administration. It wasn’t really meant for people who just want a virtualization solution, but have no prior experience with administering a Windows Server machine.

I may be leaving out huge amount of details and scenarios above, but I’d like to keep things as simple as possible ๐Ÿ˜› It all comes down to this: If you know what you are doing and have already planned an Active Directory system, you’ll enjoy administering Hyper-V Server 2012 boxes in no time. But if you just had poorly thought out plans and no patience or will to learn new things, you’ll find administering anything foreign a nightmare. This is true for any system that you or me may come across in the future.

The point of my “rant” is – Open minds help understand things much better. And much more resistant to FUD launched by anybody. ๐Ÿ˜›