Most of this document describes details of what has previously been disclosed. The details are nevertheless interesting reading!!
Wednesday, December 17, 2003
Saturday, December 13, 2003
The client is hard coded to go to a server every 22 hours (less a random amount of up to 20%). Thus in 'steady state' each clinet will ask for updates every 17.6 to 22 hours. But what if you want to push out an update a bit faster how can you do it? Turns out there are 2 ways - neither of them very pretty. GPO Workaround
1. Assign a temporary GPO to the appropriate part of the Organizational Unit structure and use security filtering to ensure it applies to the appropriate computers.� Note that this temporary SUS GPO should be of a higher priority then the SUS GPO which is normally in use.�
2. The policy settings within this GPO should be configured to disable the AU client and change the default Group Policy refresh interval for computers to 5 minutes.
3. Force DC replication to occur so that all domain controllers have a copy of the new group policy object.
4. Wait up to 120 minutes for all clients within the OU to refresh Group Policy (default GPO refresh time for domain members is 120 minutes).
5. Amend the policy settings within the new GPO policy so that the automatic updates client is enabled and set to automatic download and automatic installation. Automatic installation should be set to occur 1 hour from the current time.
6. Force DC replication to occur so that all domain controllers have a copy of the changed group policy object.
7. Wait for all the SUS clients to refresh the updated SUS GPO settings (which is now happening 5 minutes).� Once the GPO takes effect, the automatic update clients should begin to download the new update from the SUS server. Installation will begin once the specified time is reached.
8. Once the update has been successfully installed on all target computers, delete the temporary GPO used to make all these changes. Servers will fall back to the existing AU download and installation options once they refresh their Group Policy settings.
----------- Net Stop/Start method
1. From the cmd.exe prompt: net stop "Automatic Updates"
2. Delete HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastWaitTimeout (if it exists)
3. Delete HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\DetectionStartTime (if it exists)
4. Make sure that HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\AUState=0x2
5. Net Start "Automatic Updates"
Wednesday, December 10, 2003
While most folks reading this will not be likely to get hit by such tricks, the average user may well be. Let's get the patch for this, and get it applied quickly!
Monday, December 01, 2003
Many fine hours of reading ahead!
Thursday, November 27, 2003
The problem occurs if you install Microsoft Windows SharePoint Services (STS as it used to be called), which from 3 days ago, fails with a fairly obscure error message. You also get this problem if you try to provision a new virtual server or you try to create a new content database when you are running Windows SharePoint Services by using MSDE (the KB appears to be inaccurate on this point).
The error is caused by a bug in the code that verifies the signatures of DLLS installed with SPS. All installations of Windows SharePoint Services experience this behavior after November 24, 2003. And guess which product installs this component by default? Small Business Server. Ouch!
Problems hapen. But the workaround is interesting: Set the date in the Date and Time Properties dialog box to a date that is between May 24, 2002 and November 23, 2003. That's right, lie to the OS. Trustworthy computing, maybe not, but it works. OH, be careful to not set it too far adrift, or you might trigger product activation.
My view of WPA is further diminished.
This attack comes close on the heels of both an attempt to hack the Linux kernel, and and an attack at the Free Software Foundation. These hacks show two things: First that security is everyone's problem (not just for customers of Microsoft) - attackers do not play by any rules and will attack pretty much anything that is not totally locked down. Second, it proves, yet again, that any OS can be installed insecurely.
What the Linux bigots often fail to remember is that security requires three things: people, processes, and technology. Even the most secure technology can be defeated by poor processes or by people not doing the right things. This is not a Microsoft vs Linux thing, but more a simple recognition that security of your systems is only as strong as the weakest link.
Wednesday, November 26, 2003
Both techs I talked to were cheerful, but the responses bore no relationship to my questions. They had a script and totally had to follow it - any deviation was met with a refusal to go further. It took forever, and in the end, they were unable to help in time - so I go another hard drive from another source and made do with that. Next week, when I settle down a bit, I'll call again and get the disk replaced. See CNN.com for full details of this story
Thursday, November 20, 2003
Microsoft Announces Availability of Open and Royalty-Free License For Office 2003 XML Reference Schemas
As it turns out, MS also formally used Copenhagen and IT forum to announce the availability of Open and Royalty-Free License For Office 2003 XML Reference Schemas.
This is a good step forward!
Tuesday, November 18, 2003
Each provider provides a drive, which in turn contains containers, and items. Containers, of course, can contain more containers and items. Each item is some fundamental data structure, as surfaced by the provider. If, for example, you built a DNS provider DNSProvider.dll), a particular server could be identified by a different "drive", which could then be enumerated to list all the zones on that DNS server. For example, you could do something like:
new/provider -Provider DNS -assembly DNSProvider.dll
new/drive -name MyDNSServer -Provider DNS -root ns1.kapoho.net
This would then list all the zones defined on the DNS server ns1.kapoho.net, as well as some information (eg when created) about those zones. You could then navigate to a zone (
cd \cookham.kapoho.net and enumerate the resource records in a zone.
This is incredibly powerful stuff. You could easily create a wealth of providers such as ones for IAS, IIS, ISA, Exchange, etc. Once created, they can easily be used in MSH command scripts.These should be relatively easy to write (at least the read/only bits!) and could be added easily. And since they are just plug-ins, there is no reason why a particular provider has to come from Microsoft. Cool!
Monday, November 17, 2003
As I understand it, drives can point to any provider, the most obvious being the file system. Thus, "C:\" makes sense at an msh command prompt. However, C:\ is just a pointer to a (filestore) name space provider. Monad extents that to allow you to add other providers. I'm still working out the documentation on how to do this, but one provider that's in the PDC MSH bits is an AD provider. You first have to load the provider, which is not presently done by default, but almost certainly will in later releases. Then you create a drive - in other words an alias to a DN. In my case, I used the alias QANET to point to the distinguished name of "DC=corp,DC=qanet,DC=net".
Once you have the drive created you can simply go 'CD QANET:' and you are pointing to a directory like view of, well guess what - the AD. You can move up and down OUs/Containers, viewing contents, etc. And since all MSH cmdlets are pretty much multi-provider, you can use things like Where (to filter), sort (er, to sort) and format (to format the data).
Another seriously cool feature of MSH is that you can format output as XML. ANYTHING you can generate in MSH can be sent to XML. Do I really have to explain why this is mega-seriously cool?!?!?
Monday, November 10, 2003
Sunday, November 09, 2003
Tuesday, November 04, 2003
SPECS is a computer-camera based system. As you go past the sign a digital camera reads your number plate. When you go past the next sign your number plate is read again. The computer 'knows' how far apart the signs are so it can work out your average speed between the two or three or four. The system is fully automatic and will issue a ticket without any form of human intervention. It does this for every single vehicle that passes.
You will not know you've been caught as the cameras don't flash. They work 24/7, 365 days a year, and theoretically, there's absolutely no limit on the number of tickets that the system can issue. The whole section of the M4 between Theale (J12) and Membury Services (between J14 and J15) is wired, both ways. The system is set to triger a ticket at 78 mph. Radar detectors will be of no use as SPECS is entirely passive, there is no radar or laser beam to detect.
" Fortunately, the BBC have a different view.
For Microsoft, I can totally see the logic. Their own search technology is miles behind that of Google. Allegedly, one of the drivers behind Longhorn's WinFS was Gate's observation that Google can search the Internet faster than Windows can search your C:\ drive. I don't know if the quote is even close to being accurately ascribed - but it's underlying truth is indisputable.
At the PDC I got to meet some of the people at Google. They are a lot like the good folks at Microsoft - open,fun, and with a great work real hard play even harder mentality. Everything I see is simple, clean and with an incredible underlying elegance - which is everything that Windows is NOT. Don't get me wrong, Windows is an outstanding OS, but it's hardly simple (if it were, I'd not be in business!). It's far from clean, with way too much eye candy and it's hardly likely to win an award from Weight Watchers. While parts of Windows are truly breathtaking, there are too many elegant hacks - things done in the name of performance and there are far too many inconsistencies (how you load/activate/remove components, etc, etc, etc). I suppose this why I'm so in love with Monad - a simple, elegant concept.
But back to Google - if they get bought, their folks would have to change. I mean, you couldn't have the lava lights in the offices (just think of the possible litigation from an employee who gets burnt). And those silly updates to the google's logo.gif on their homepage would have to stop, since they might offend someone somewhere somehow and we just couldn't take the risk. The cool clean look of www.google.com would have to change to more closely resemble www.microsoft.com. (By way of checking the google.com home page is a mere 12.9kb of data, while www.microsoft.com's home page is nearly 140kb). And finally, how long do you think they'd be allowed to run Linux?
As I see it, Google is still fun - a fun to work at, fun to use, and fun to watch grow. Whereas, Microsoft almost by necessity, has had to become all too corporate. Sure it does cool and fun things, but at the same time, it acts ruthlessly when it has too. While I can certainly see the logic in Microsoft buying them, and the potential benefit to millions of Microsoft customers, I guess I'd hate to lose the fun.
Is this the beginning of the end for 'free' operating systems, or just the end of the beginning???
Saturday, November 01, 2003
MSH Rocks!!!One of the coolest things I saw at the PDC was Microsoft's new command shell, code named Monad. Also known as msh, this new tool is possibly the biggest advanced in scripting since Unix scripting was invented. Yeah, I know, big words. But let me tell you about it!
Before getting into what Monad is, let's look at conventional Unix scripting. One of the real power features of Unix (and here I include Linux, BSD, etc, etc) is the ability to string along a bunch of tiny commands via the pipe commands. This allowed you to crate truly useful tools. This is something that was never really possible with Windows. Possibly the very best thing about Unix is the huge array of very simple programs that can be strung together to do everything you need.
In the Unix world, you take tiny commands, cmdlets in MSH-speak, which are either built in (eg ps, ls, cat, touch) or which you can easily write, and let them communicate via the normal stdin/stdout/stderr pipes. In the Unix world, this works very well. However, there is one fundamental obstacle here. Cmdlets communicate in the pipeline via text.
Now text input/output (stdin, stdout) is cool. BUT: the individual cmdlets are written using absolutely no standard way of expressing or mandating input and output data formats. Thus, in order to do good shell programming, you also have to master grep, sed/awk/perl, etc. in order to manipulate the various inputs and outputs. Unix scriptmeisters will be familiar with the having to "drop the 1st two lines, then go to col 34 and take the next 10 chars but if there were tabs instead of spaces, etc, etc." Let's face it: text sucks as a method of inter-command processing.
MSH takes the incredible power of the pipelined cmdlet approach of Unix, but instead of passing raw text, MSH sends NET Managed objects between cmdlets. That's right, objects, not raw text. Managed, type safe, and easy to write/extend .NET Managed objects! Now with such .NET objects, you get rich metadata available to the cmdlets. The MSH shell then uses .NET reflection to get this information into the cmdlet.
Now the format take a bit of getting used to, but you can type something like: "get /process" to get a list of processes running. You could string this together with the where cmdlet giving: get/process | where "handlecount -gt 500" to print out a list of processes with large handle counts. Now since you are passing .Net objects, the second cmdlet (where) has the full metadata of the process objects create by the process cmdlet. So it can do a 'where' based on all the processes attributes such as handle count, memory usage, etc, etc. And of course, there are a ton of formatting options since you know all about the attributes of the passed objects.
You can also write more complex scripts, such as:
$p = get/process
This assigns the output of the get/process to an array then prints the file name property of each array member (i.e. prints the file names of the executables for each process in the process list) . At least I think this is right! Apologies if the syntax is a big mangled
The next cool thing is how msh handles namespaces. In Unix, cmdlets essentially have just one namespace: the file system. MSH has this, but also adds the registry, active Directory etc as namespaces. So you can go: CD AD:\ and get into the AD, where you can type DIR and get a listing of the top level objects. Or, type "CD HKLM:\" and be able to see the top of the registry. And of course, you can write your own namespace provider! MS plan to add a provider for SQL, and are open to adding others. I want a DNS namespace provider!
Then there's all the cool output options. Builtin, MSH supports output formats including HTML, XML, Excel, Word or even good old formatted Text. If you want to output text, you have all the formatting options you want, either from the shell, or in code if you write your own cmdlets.
Developers will love the cmdlets - they're incredibly easy to write - and being .NET based, you can write them in any .NET language. Your cmdlet class inherits from the commandlet base class. You just need to add a few attributes and hey presto you have a cmdlet!. And since the cmdlet has the full .NET namespace at its disposal, your cmdlet has access to anything and everything you could possibly want!! There are a bunch of simple examples in Jeffrey Snover's PDC deck.
Finally, the MMC will in future be based on this. So you can use the MMC to do some command, then dump out the MSH script that would be needed to do that action again. Then you can apply this to your entire domain
And as to the name. At first sight, it seemed odd, but Jeffrey Snover told us that: "the name came from Leibniz's Monadology, a philosophy which says that everything is a composition of smaller things (the smallest being a Monad)". I could go on - but I was totally blown away by the presentation and the demos. I'll post more details once I get them! Watch this space!! [a later update] I've written a couple of more posts on MSH: MSH Continues to Rock and MSH provider architecture. Enjoy
Thursday, October 30, 2003
. Q: What can we do with sandboxing to use code safely? Is this the future or just a stop gap.
MH: the managed environment is all about this - you will get software from lots of places, some will be more or less trusted. This doesn't really help with unmanaged code (there probably is no good story there), but managed code is the future direction.
JH: we need to do more - particularly with respect to specifying what resoruces an assembly can consume. HS: stuff like strong naming is another important aspect to addressing the issue.
Q: Following on, what can we do to manage code
JH: First, you have to have security in depth - firewalls, stopping call-out, process/machine security and isolation is all part of it.
MH: Isolation is important. For example, he's locked down his wife's computer to the point where she just can't do much. The issue is how can we do this without annoying them.
HS: Defense in depth is a good thing - but the problem does not have to be solved only on the client.
JG: Sandboxing is great, but it is not enough. With the newer threat models, you need to think about dependencies between components and you need to be familiar with the compoennts being created. You have to think about this in more engineering terms - it's more than just 'making it work'. EG: a bridge out of balsa wood - it might work, but it's not robust.
Q: Will there ever be a time when everything is secure and unified?
JH: "At MS we're well down the road' but we need to do more. We need to develop models that model our social intereactions.
JG: we have some great opportuniees, thanks to Moores law, to help us. We have type-safe languages by C# that help. Web services, with detailed interface contrants - we're on a road to a better future.
HS: He had a conversation with Vint Cert, and they agreed that had we known then what we know now, the Internet would have been architecte differently.Look at cards, you can't get a car today without seatbelts, air bags, etc. IPV6 is an example of this moving forward.
CE: The firewall is just a band-aid - we shouldl not just always accept anonymous connections - anynoymus should probably not be the default
Q: Key management - it's hard - what can be done?
HS: Amazed we have not done more to adopt PKI. There are scaling issues but there should be better PKI. MOD: key maangement is not somethign you can just code - you have to design the ceremonies too (key exchange). There needs to be multiple cert levels (one for a simple web site, 2nd to buy something, 3rd for bank-bank). Need to balance the interaction against the key pretection. The level of automation can be an issue.
Q:Does VM technology provde a way forward?
JG: yes, but it's hard too - not a good user experience. SEE is possibly a better approach.
Q:What is being done to improve thigns? MH: MS is going to product a security cert for devs. This is in the early days, so no details, but it's coming.
Q. How much effort is beign put into Security?
JG: Jason started by pointing out that it's MS's goal to never have to take an entire team offline again. It was a remediation, but should not be needed again. Having said that, things are still not good enough and 'steady state' has not been achived yete. MS is overspending on resources - but that's probably ok!
MH: Secuirty adds around 12% to the overall project timescaales - but security is not extra, it's part of doing the job.
Q: Will we evver have security untill MS manufactures hardware (smart cards) and make this ubiquitious. A: not sure - what about the UI? It's possibly not the full answer. Q: What would make networks more secure - if you could have it? JH: Hardware is not the only issue - we have the software tools to secuiryt systems today. JG: There's not too much at the chip leve - but NGSCB is MS's wish list - but it will take a while. Offload processing is also something that needs to be looked at - crypto offload is available today. Q: what about the ISPs? Smart cards, biometrics are all wonderful, but until the ISPs stop disallowing spammers, and virus infected systems onto their networks we're still in a bad situation. A: there's more to do. It was an interesting session - more for the brutal honesty and total lack of marketing fluff. I'm convinced that the transcript of this session should be published.
The first question was MS is MS doing this?'. The speaker suggested that there is a perception of unreliably or difficulty in using MS software (some laughs from the audience!) and suggested that Longhorn can help. For example, "responsible" animations help people understand relationships better. Also, when you are doing things like streaming video, the glitches are a pain. Longhorn's driver scheduling should make the experience better and smoother. I People want PCs to be an appliance - people buy them both for their functionality and for their looks. Longhorn will address both.
There was an interesting demo on the Longhorn logon screen. It looks like the XP one, but clicking on each picture changed the look and feel of the login screen. This looks like eye candy. There was a comment to this point. We've seen lots of cool things, but no tools. MS need to get the fundamentals right first - then could build the tools (and I guess the guidelines). We can expect more guidelines at B1 time.
There is a need to affect both behaviour and look and feel. This is going to be the focus of much work. And there is a clearly a dichomoty - teen-ager vs knowledge worker. MS is aware - one Longhorn persona is a teenager, but the focus is on the business user.
How do developers starting from scratch getting up to speed? Start with .NET, and look at Whidbey, and go from there.
1. Just do it (managed code, etc)
2. MS wants 'broadband' feedback, to deliver the longhorn wave together
Wednesday, October 29, 2003
While a lot of the things shown this morning are far off, some of them look very promising.
But it gets better. When I was at the booth, the stand folks gave me an invite to a small reception, with drinks, etc. I got a chance to chat with the folks behind Google. Mega cool. I can't wait for the IPO.
Monday, October 27, 2003
The joys of providing a comm network for active geeks.
The Next Wave
Bill SpeaksSo the PDC has started. I suppose it would not be a PDC without a keynote - so we're starting with Bill. Bill looks tired and a lot older! His shirt looks rumpled, like he just flew in to do this talk. Bill says PDC is about making better software, the next generation of Windows, and everything that MS is doing around that."Catching the next wave" is his theme, MS has high expectations on the future - and a $6.8 billion budget! You can buy a lot of futures with that soft of cash behind you.
Bill talks about security - and is still banging the TWC drum. Two big future releases will include better security - XPSP2 (the firewall is on by default, better memory protection, etc - due in beta by end of 2003. WS2003 SP1 - Beta next spring, with role based security configuration, remote access client inspection, local inspection on connection.
Bill showed a nice video - "Behind the Technology" - it was very funny. I wish these were available!
Bill talks about this decade as the digital decade. Didn't he use that theme for the 90s? This will include some important breakthorughs: Advanced Web Services, Workflow and process, distributed management, and ad hoc communications. He says that there are some Information driven breakthroughs, including rich search/views, unified storage, self-organisation, information agents. All these breakghroughs come to us via Longhorn, the "Biggest OS since Win95." Longhorn, is meant to deliver on the fundamentals, but to use it in an easier fashion.
Key components of Longhorn:
To summarise Bill's vision, he sees three waves: Today (XP, Server 2003, Office 2003, VS.NET), soon: Yukon, Whidbey, and later (with Longhorn Client, Server, Office, VS.Orcas). There is a lot of new technology to come onstream, et 64 bit computing.
To ride this wave, MS is doing several things:
It all looks interesting!
It all looks interesting!
Sunday, October 26, 2003
At present, I'm surfing courtesy of t-mobile in the Admirals Club. Just waiting to get out. I've got a flight booked in the morning, just in case, but who knows. The airline will make a call in an hour. In the meantime, I'm annoyed I'm missing a good party!
Just a good glimpse of what Microsoft has planned for the next 2-3 years. I see PDC as an important opportunity to see the long term vision start to take shape. Longhorn, Yukon and Whidbey are the three key technologies I want to understand more about.
Yukon, I think. represents a major change in the way we design multi-tier systems. Tim Sneath recently wrote about this - and i think he may be on to something. Tim argues that with ability to put business logic, expressed as managed code, into the database, that the middle tier is dead. I think he's right that the purpose of the current middle tier, business logic, really belongs in the db. But I think he's wrong about predicting the death of the middele tier for two reasons. First, it will take companies years to migrate to Yukon. Mainstream adoption is at lead 18 months away so inertia is a factor. But more importantly, the middle tier will exist to orchestrate, The front end UI tier will remain client side - but i see the middle tier as orchestrating the various services that are available in a SOA approach.
Longhorn is both the next client and the next server, so it too is highly important. The cliente is some what less interesting although I have to be careful how I say this - Scoble will give me too much grief!! In the space I work in, businesses have trouble understanding the value proposion of XP, let alone something beyond that. When I see all the fantastic UI shots, I have to ask: will this make the knowedge worker more productive? Can he/she answer emails, write documents or prepare presentations faster? I don't know the answer to this - although I can see how WinFS will help me to organise the chaos that is my workstation!!
Whidbey, of the three, is the least exciting aspect of the PDC. I've seen some of the new features (generics, iterators, etc) and have been playing with the Whidbey alpha for a while - I guess I'm just not enough of a geek to get overly excited.
Off to PDCSo I'm off to the PDC. The journey to LHR was uneventful - a quick drive, a comfortable checkin. Secuity is tigher than it used to be, but I got upgraded so it's comfortable class to LAX via JFK (and for the return as it turns out). The plane to JFK is totally full. As I traveled to and through LHR, I could not get the image of Concorde out of my memory. A truly 1st class experience from start to end. By comparison today's flight is just so ordinary. Concorde, to me at least, represented the best. From the Dom Perignon and Hospice de Beuane to drink to the quiet professionalism of the crew. I don't think any airliner will ever be quite the bird that concorde was. This flight is a 777. Relative quiet and with good legroom. Which is a good think as we're cooped up here for 6 more hours.
Saturday, October 25, 2003
MVPs get source code accessThe word is finally out. This is a fantastic idea - giving some of the folks that support the OS access to the code. There is some good news and bad news of course.
First, there is a very tight NDA in place. Even so, I can only imagine how hard the MVP team at MS must have argued with the lawyers to let individuals, vs companies, to have access to the source. When MS provides source accesss to companies, the normal license calls for an unlimited liability. With individuals, e.g. MVPs, this simply would not work for obvious reasons. It will be interesting to see what happens on this front.
Thus far there have only been a handful of MVPs who have it. Only MVPs who are "up to date and ho are in a few restricted groups will get it. So it's not all of the 2000 or so MVPs who will get it, and it's not a gift for life!
And not all the code is there. Most of the 3rd party drivers are missing, as are some large chunks of the security code, and some stuff that MS feels is IPR-intensive. That makes sense, although it does restrict MVPs from looking at some of the more interesting areas of the source tree! The access license is also pretty restricted. The licenseee can't compile or build anything, you can't use it to create a derivitive product, and you can't talk much about what you actually see.
And did I mention that even though there's stuff missing, the source tree is big. Very, very big. Humooungouse in fact. When I was working on the resource kit team, I had source code access which I put to good use. The source tree is huge, complex and confusing to the new user. You could tell that the source code tree grew, versus having been designed as it currently exists. New (to the team) developers quickly find their way around (as developers tend to do). But for the casual lay user, it is tough to get into it.
As an MVP, I can see that the access could be interesting and fun. I've got enough background to at least look up the DNS stuff (I think). Whether I can really read the code to the level I'd like is a much different story.
This is cool.
This leads me to think that the telcos don't quite get wireless yet - at least they don't provide me with what I need. What I need is simple. I want one type 2 PC card that I can pop into my laptop that gives me internet connectivity (wirelessly) pretty much everywhere I go (and could possibly use wireless client). I'd like this for a reasonable flat rate/month, for world-wide access. In Sept/Oct, I've been to Boston, London, Chicago, Redmond, New Orleans and Los ANgeles, plus stays at those airports plus visits to DFW, MIA and ORD. I would have liked just one plan. Is this an unrealistic requirement?
Monday, October 20, 2003
My first taste of product activation came with Novell, many,many years ago when they were the market leader in PC Lans. I had to install several servers, in an office late at night. With two of the four kits, there were problems with the serial number disk. One had been seemingly dropped in something, and the label was only partly legible, and the other floppy was destroyed. We never did figure out how either happened - but knowing the shipping guys I can guess. But I managed to get the servers up and running, and am forever grateful to some great help I got from Compuserve (and not from Novell). I'm sure I aged greatly that night.
By comparison, Windows NT 3.1 was a dream. I remember so vividly the openness MS UK presented with this release. They were talking to ME - the IT Pro - and made it easy. Well easier - don't forget that NT 3.1 was released at a time when CD Roms were very much the upcoming things. After doing ONE installation of 3.1 Advanced server by floppy, a 2xCD was heaven! By way of diversion, the CD along was �400 ($US600) and the whole system nearly �4000 ($6k). Just imagine what you could get for that today. Oh never mind - I just did :-). Opps, I did it again. But I digress.
In summary: I just don't WPA.I've listened long and hard to most of the arguments for, and against it. It's certainly been a hotly debated topic. I'd like to think I've helped argue MS to be a little more lenient in their application of WPA. WPA has been good for Microsoft too but when I see the WPA stuff, I just see an attitude of "we don't trust you" that's very much in my face.
It's much the same resentment I feel towards the 'security' at US airports these days. Traveling in/through several of the bigger US airports (Chicago, Miami, Seattle, Dallas, Lax, and Boston) in the past few weeks, well all I can say is it sucks. There are all these folks just there hassling a population that is overwhelmingly honest. This is another manifestation of the "I don't trust you so you really have to prove yourself" attitude. I find it bordering on degrading to have to nearly strip off (having to remove my shoes and walk across a pretty filthy "carpet" and removing my belt and having to hold trousers up with my hand) as well as having to unpack my bags (I managed 4 trays on the last trip to the US) then repack them (much to the annoyance to the people behind and to the TSA bods who seem to have partly lost the will to live and seem just a bit highly strung. I put up with it because I have to, but that does not stop me for wanting to get rid of it (and the associated costs). At the end of the day, I'd like it to be a lot simpler - and I'd love to get rid of all forms of product activation. It's nice to see I'm not totally alone in disliking "we assume you are dishonest" type product activation schemes. Intuit users didn't either - and they let Intuit know. It's really nice to see that Intuit listened to their customers and removed product activation. See the PC World article where Intuit Apologizes for Product Activation.
Well done Intuit.
Saturday, October 18, 2003
RMS is closeMS is building up it's support for the launch of the Rights Management Server software later this year. RMS is a very interesting product - which solves some important security issues for many customers. The problem is how to protect information that is inside the firewall.
I remember many years ago reading an internal memo from a member of the Windows 2000 development team to the team. It was addressed as 'Dear Mary Jo' - since he knew that, within hours of being sent Mary Jo Foley would have a copy and would be putting spin on it in her column. At that time both she and Paul Thurrot sort of made a habit of posting internal information - stuff marked MS Confidential DO NOT COPY. I can feelfor Iain - it's tough to be honest in email where you need to discuss and evalute tough issues and come up with a good resolution, when you know your every word will be sent to people with very different motives (by people with very different motives!).
RMS enables you to create documents whose usage you can determine. You can, for example, make a document no print, no forward. The receipient can read the mail, but can't send it on (e.g. to Mary Jo), or print/fax it. Of course this won't stop analog attacks (taking a digital photograph of the screen, or simply re-typing all the text), but it will cut down on a heck of a lot of more casual abuse.
Right now there are only really two products that make use of RMS: Office 2003 and IE. With Office 2003, you'll need to have the Professional edition in order to create rights managed documents - you can view RM'd docs using Office 2003 Standard. But this will certainly change. I'd expect every native app that ships with Longhorn, for example, to be RMS capable. I look forward to seeing what innovations the ISV community has here! IE integration will provide security on documents provided via an Intranet solution. The IE stuff will ship separately. RMS, however, is not free. Take a look at the Windows Rights Management Services for Windows Server 2003 Pricing and Licensing Overview for the full license detail.
In summary, each RMS user (document creator and document reader) must have an RMS Cal (US$37.00 each). If you want external users to be able to access RMS software, an external Connector license is required: $18,066. So a 500 seat company will need to stump up in the region of US$50,000 for the CALs, the External Connector, and the RMS server - presumably this would be a new system requiring harware/software/services/backup/etc. Given the instant document security this gives you, the cost seems pretty reasonable, especially when seen in the light of of the cost of accidental disclosure.
Oh, and to get much use out of it just now, you'll need to upgrade to Office 2003. Maybe RMS is the killer reason for upgrading to Office 2003. I can see a huge number of firms who will love this and will rush to buy it. The IE component will be useful too, especially for firms with large intranet applications.
Tuesday, October 14, 2003
Back from MomentumI'm just back from MS's partner conference, Momentum. Held in New Orleans, it was the first time that the traditional MS partner channel (Partner Classic) and the MBS partners (who look after the Great Plains etc product lines) all met at a single partner event. We got to hear Microsoft's plans for providing a single partner channel - with room for both sets of partners. The plans for combining the channels made sense to me, but one felt that the MBS partners were less than happy.
One interesting aspect of the new programme is how performance is to be recognised. Partners will earn "points" that are the basis for future status and benfits incoming years. These points are awarded based on Skills, Customer Satisfaction, Influence, Sales (for MS), and Certifications.� These Partner points will be for example, 50 says you are a Certified Partner, 120 says you are Gold.�That will make it a bit easier for the larger CTECs, for example, to differentiate themselves.
Samba beats Windows Server 2003
Or does it?I've been reading in IT Week that Samba 3 extends is lead over Windows Server 2003. But before getting too excited, I felt it worthwhile to read the details carefully.
Two comments stood out for me: First: "We selected a low-specification but otherwise modern server for our tests. We used an HP ProLiant BL10 eClass Server fitted with a 900MHz Pentium III chip, a single 40GB ATA hard disk and 512MB of RAM. We did not tune any of the software to improve performance." And later: "Each NetBench client makes a constant stream of file requests to the server under test, whereas in real-world environments many users would remain idle for long periods. Consequently our test environment simulates the workload of some 500 client PCs in a typical production environment." So out of the box, on a low end server, a Linux/Samba box performed better than Win2k3 out of the box and untuned. I guess the first question I have on this is to ask why you'd seriously consider putting an important mission critical file server, serving a large community, on a single ATA disk, using a small, underpowered blade computer with limited memory. The test is meant to simulate 500 users, that equates to around 80mb per user - this is 1/3 the size of the memory card for my digital camera.
Their comment about not tuning the system also does not ring totally true. In my experience, installing Linux is an exercise in tuning at least to a degree. If they chose a very thin Linux kernel, possibly one compiled only for only the PIII chip, and loaded only Samba, then they are doing tuning. One thing that could make a huge difference to Windows is how the file and print service is setup.
What I'd really liked to have seen where the bottle neck was while this test was underway and to have seen what effect adding a decent amount of RAM would have had. I suspect the system was kind of busy paging. I've not studied the NetBench benchmark well enough to know how it works when running in this configuration.
So, I'm not really sure if this test if all that valid. Of course, it looks good but what I'd like to see is this test repeated on a properly specified/configured system.
Friday, October 10, 2003
Microsoft launches Desktop Support Technician CertToday in New Orleans, Microsoft have announced a new entry level certification: Microsoft Certified Desktop Support Technician (MCDST). There are two exams (70-271, and 70-272), and two courses. Course 2261 (3 days) covers Supporting users on XP and and Course 2262 (2 days) which covers supporting users running applications. The MCDST is aimed at an entry level technical support person - and comes in 'below' the MCSA. This looks like a great certification!
Sadly, the certification does not cover any soft skills - this is a shame.
Monday, October 06, 2003
Versign calls halt to .com detoursI must have missed this over the weekeend, but it seems that VeriSign has shut down "Site Finder". While I and many more complained to Verisign, the company refused, as I commened in an earlier blog entry. However, it looks like the recent ICANN letter to Verisign has had the desired effect.
For a good overview to the issue, and reaction, read the Washington Post's analysis. Horray.
Learning C#I'm trying to learn C#: here's some C# Tutorials that I've found useful.
I'm preparing for a talk at IT Forurm, and I've put up a new page on Reskit.net to hold background stuff, links, etc. See http://www.reskit.net/dotnetmcse/index.htm as a starting point.
Sunday, October 05, 2003
More on Keeping Up To Date on MSDNMS now publish updates to MSDN using RSS. The RSS feed itself is at http://msdn.microsoft.com/rss.xml.
Use a RSS client like FeedDemon and you're all set.
For tonight,use google to search for the urls for the above. I'll update this entry later.
Concorde - The End of an EraBritish Airways is ceasing the operation of Concorde in just a few weeks. This sad day was announced in a British Airways Press Release, issued in April, but the final day looms.
The last flight you can buy tickets for will be BA001, LHR-JFK Thursday 23 October, although BA are running further private flights for friends, staff, VVIPs, etc. The fares, for travel between London and New York, cost from the standard �£4,350 for one way Concorde returning in World Traveller, and up to �8292 for a return trip both ways on Concorde. Yes, it's steep, but it is truly a once in a lifetime opportunity.
If you can't afford the ticket price, then there's a web site selling Concorde memorabiliaia
I've been lucky enough to fly in Concorde a few times. I surprised my wife on the occasion of her 40th birthday by flying her to New York (she thought she was going to Malta). She was surprised, to say the least. It was cool for me too - I got to sit in the cockpit for takeoff! I've also had the chance to pilot the Concorde Simulator in Bristol, which was a real thrill.
Concorde is a noisy, fuel guzzling technologically outdated aeroplane - but she's a fantastic site. I love watcning her take off, land, or just fly by. And inside, it's a nice 3 hour lunch, while you also cross the Atlantic.
I shall miss her.
Saturday, October 04, 2003
Details of MS Use of KerberosIn a document on the MSDN site, entitled Utilizing the Windows 2000 Authorization Data in Kerberos Tickets for Access Control to Resources, Microsft set out the contents of the Authorisation Data section of the Kerberos ticket. The article is dated February 2002, although the MSDN RSS feed has just pushed this out as being just published.
Wednesday, October 01, 2003
Another security vulnerabilty?Could this post on NTBugtraq be another problem? Russ confirms it to be a problem at a number of sites in a later bugtraq post. Oh Joy.
The Online Toolbox looked good - but none of the tools work. :-(
Now all I need to do is to work out how to fix the router!
Update on IP TheftIn a recent blog entry I pointed out a guy called Brent Larsson had stolen some of my pages for his site. I was not annoyed that he'd nicked the pages, but he hadn't even changed half the URLs - so many of them pointed to content on MY site (actually some outdated material long since gone!). I discovered this when I got some junk mail from one of those spammers (you know the ones: "We noted your link is not in the search engines, we can help"). Helpfully, the spammer included the link to Larsson's page. Anyway, the ISP has taken the page down. Thanks to http://www.passagen.se/!
IIS6 Administration - A New BookI've just picked up Mitch Tulloch's latest (or perhaps nearly latest) book, IIS 6 Administration published by McGraw Hill/Osborne. My summary is that this is a good book on the subject of IIS6 administration. Mitch covers the basic ground of what IIS is (and some history), it's architecture and how to deploy and manage it. He also covers some more advanced topics, such as setting up mail and news, working with the metabase, administering IIS 6 from the command line.
A particularly nice feature of this book are the 'blueprint' pages in the centre of the book. These give some nice views of the Architecture, and a nice map of the IIS6 site property sheets (very helpful for navigating around a fairly rich dialog box). I give it 4.5 stars. It's a good solid reference manual on administering IIS.
I'm glad to see that one of my favorite typos (typing SMPT instead of SMTP) has taken root in this book in a couple of places.
Monday, September 29, 2003
I love reading stuff by Dan Gillmor. His latest column for Silicon Valley, Remembering the People Who Give Back to the Net, and All of Us is a nice reminder that while the Internet has a lot of nasty folks doing nasty things, there's a lot more good out there than bad. He cites a couple of examples of this, not least of which was Verisign's decision effectively to hijack the world's DNS servers, promptly fixed by Paul Vixie's release of a patch to BIND to mitigate against Verisign's act of vandalism. It's nice, every now and then, to read nice things about the Internet now and then!
What I'd like to see at the PDCI'm getting fairly excited about the new stuff we'll see at the PDC. It's clear that this will be a key event on the road to Longhorn, as well as a useful update for both Yukon and Whidbey. Longhorn, if Paul Thurrot's Supersite for Windows' is be believed, will offer (yet another) new UI. And of course Scoble has been hyping some of the things Longhorn will do over in his blog.
But what I want to see is how Longhorn will make a difference in terms of getting real work done. The flashy new interface is, for me, a turn off - businesses don't want to have to upgrade machines to have larger disks, more RAM, bigger CPUs, and better graphics cards. What they need is systems that will make things faster for the end user and, for the IT staff, systems that are easier to support and manage.
WinFS will undoubtably make a difference for me - the ability to search my own hard disk faster will make it a useful upgrade. When I think that I can search the internet, via Google, faster than I can search my hard disk I have to smile a bit. WinFS should change all that!
But all the other stuff? I'm just not convinced. Where's the real business value in all this stuff? Is Avalon really something that will make a user truly more productive or will it really bring down the support? Or is it just eye-candy that will make folks want to upgrade? Frankly, a lot of this looks like bloat-ware. Stuff that, in the labs at Redmond are utterly cool, but in the offices of Mom and Dad Ltd are a gratutious waste of money.
So what I want presentations on at PDC are ones that also address the issues of security, real end-user productivity and administrations. I want to see how Longhorn is going to be managed, controled and how it will make a difference to TCO. Sure, I love the cool stuff - but I want to see the real business value too.
Sunday, September 28, 2003
With MP9, you can speed up the rate at which the video plays. This was one of those little features that I missed when MP9 was released, but now that I know about - I love it. It enables me to watch a video in much less time. Experimenting this morning, I was able to watch a video at 1.6 times normal speed. Dominic claims to be able to watch it at up to 2.2, but I think that might take some getting used to. A neat feature!
Some places I'm getting videos to watch from include:
Saturday, September 27, 2003
The original tracert program used to send packets to a random UDP port while varying the TTL. This worked as long as the receiver did not actually use this port - if it did, random things could hapen. Later versions of tracert send IPMP echo requests to the target host, which was a bit safer. But then came pings of death attacks, and many administrators would close ICMP off.
But the attack documented here is interesting in that it is effectively a tracert 'inside' an otherwise legitimate session. Using this approach, just about every stateful firewall and NAT devlce in existance would allow/pass the packet (since in theory the packet is valid within the session). Most sensible firewall administrators might close off traditional tracer-ing, but would be pretty powerless to stop this sort, assuming they even noticed it in the first place!
This is an entire new class of espionage tools for internal espionage. An employee could run a tool build to do this and pretty much blueprint the entire network in a matter of a few minutes. This is also open to attach from an "
Thursday, September 25, 2003
Please Microsoft UK, think again??
Wednesday, September 24, 2003
The theory is that this move will protect children. I susupect cost might have a thing or two to do with it. The costs of running the chat servers must be considerable, and Microsoft has not been slow to start to try to make money from Internet services (the extra for-pay services added to Hotmail, for example). According to the New York Times, Microsoft's key competitors will not be axing chat. For AOL, the chats are private to subscribers anyway. But Yahoo apparently has no plans to charge. We'll see what happens!
Monday, September 22, 2003
I did a look around the web for other tools - I must get around to doing a tools round up! In the mean time, here's a good starting point on blogging software.
Friday, September 19, 2003
How much is inside a Sharpie?For those not in the know, Sharpies are meant to be the best tool to use for labeling the CDs you burn. I do NOT want to get into an argument as to whether this is true or not, but I use them and they work ok for me. One question, that we now know the answer to is: How Much is Inside a Sharpie?
Some folks clearly have too much time on their hands!
There will be some restrictions. First, it looks like VPC will be supported on XP and Windows 2000 only - and unsupported on Windows 2003. Also, there will be no SCSI or USB support. :-(
Thursday, September 18, 2003
Wednesday, September 17, 2003
As far as Longhorn is concerned, I've been using Google's news alerts to get information about the product. Microsoft MVP Jim Eshelman is also tracking the stories on his web site. The site is not up to date (last entry is late July) but it's probably worth bookmarking. Take a look!
Sunday, September 14, 2003
Saturday, September 13, 2003
Friday, September 12, 2003
Another Windows patch!Just when you thought it was safe, along comes another patch (and associated holes in Windows). :-(( Or as Mary Jo Folley puts it: Another Wednesday, another Windows security patch.
Do you need to deploy this patch? Well, there are actually 3 holes that are fixed (actually this should probably read as 're-fixed'). MS have marked this as critical so I guess the answer is yes: you do need to deploy this patch.
At TechEd in June, Scott Charney said some things that I sure hope he (and Microsoft) delivers on! He said "When I came to Microsoft...customers said to me that patch management was their biggest concern. So I started looking at it, and what I realised was that patch management was broken"
Patch Management was broken in June, and it's still broken Scott. :-(((
Tuesday, September 09, 2003
A tool for code weaniesIn Tim Sneath's blog, I saw a reference to bothJeff Key's blog and to a cool utility Jeff's written called Snippit Compiler. If you've ever had to demo code and you want to compile it and see the results , this is a neat tool.
I am doing some training this week in the .NET Framework for a client and this would really, really have been useful today!
Monday, September 08, 2003
Microsoft Encyclopedia of SecuityJust got a copy of the new MS Press Encyclopedia of Security by Mitch Tulloch. Mitch also maintains an interesting technical Blog at Blogspot.
This book is a good A-Z reference guide to all the key security issues likely to face any IT Pro. It's not a definitive look, by any means, with around 1000 entries in some 480 pages. But it is a good basic intro to all the key terms. It even covers .NET security concepts such code access policies which is good. The level of depth is not great - but there is a good introduction provided with some references for more information.
If you have to understand more about security - and let's face it, most IT Pros need this understanding, this book is worth buying!
Sunday, September 07, 2003
The question of keeping up is a good one. At one time, I relied mainly on network news (NNTP) and mail. Increasingly, I'm relying on online content. Since May, I've been playing with both blogging software and RSS readers (the intenet was to read and consume via RSS). I can see the arguments for RSS, and Feed Demon is a cool tool. I've also started using Google News Alerts. Email is, increasingly, just a vechicle for spam. And I'm tired of it. I was away for a week and must have had 1000 spams. Even with filtering kicking out about 40% of the mails received! Jeesh. I am finding RSS aggregators as a better way of looking at things, but it needs RSS feeds. I'd love, for example, to get google searches via RSS. But this is a topic for another day.
I'm just back from a relaxing week in the US - a few days in Boston and then some time in Rhode Island. Took my wife and daughter and we had a great time. The weather in Boston was great - although it did Rain in Rhode Island. Never mind - the food was great and the wine outstanding. The flight over to Boston was kind of grim, although just bearable. The flight attendants were somewhat out of it and they now charge for booze in economy. But coming back was not too bad - American did well on that leg (and I had my own gin). It turns out now that the Boston crew no longer gets a full day's rest before the flight back. No wonder they were so beat on the way over to Boston. Anyway - it's nice to be home. For a little while at least.
The next few weeks look like being "hectic". I'm off to Redmond in mid-Sept. Then back for a week before a week in New Orleans. Then a week at home before the PDC in LA. Or something like that.
I'll try to keep up with the blog - but it may not be easy. And worse if blogger is DOS's again. Sadly, it appears from evhead's blog entry yesterday that the site had a DOS attack. Bummer.
So when will Google re-open it's Blogger Pro� - Power Push-Button Publishing service to new subscriptions?
I started using blogger.com back in May for this blog - and would love to publish in RSS. I like the overall service at blogger.com and am a long time Google fan. I'd like to upgrade to the pro version. Either that, or I move this blog. Choices...
So now it's September - and where's the Pro version? Or rather the ability to sign up for it?
Wednesday, August 27, 2003
FeedDemon is an RSS News Reader for Windows. Using the RSS protocol, FeedDemon gathers news from a variety of sources, including news sites (eg BBC, Yahoo News), technology sites such as Microsoft Watch as well as on-line blogs, etc. In most cases, the information provided by RSS is the a summary of the content on a web page (but without formatting)
FeedDemon feels like a good Windows Based newsreader, which presents a set of channel groups. Each channel group contains a number of channels. A channel is a single feed from a site. One channel I get is BBC News Technology site. The home page for the web site is http://news.bbc.co.uk/go/rss/-/1/hi/technology/default.stm. To get this site's RSS feed, you'd need to go to http://www.bbc.co.uk/syndication/feeds/news/ukfs_news/technology/rss091.xml. This XML document is then rendered by the RSS client application, e.g. a news aggregator such as FeedDemon. RSS feeds feature autodiscovery to make setting things up. And there are channels with links to other channels, etc. Getting channels into your reader is the easy thing. Getting time to read it all, however, is another.
What the news aggregator does is to go out to each configured channel on a regular basis, and download the channel's XML document. This document will contain all the items the site has. Each item has a title, a description, and a link. Once the XML document is obtained, any new items are then presented to the user. Since each news item has a link property, i.e. the URL to the full article, the publisher can decide on how much detail to provide in the item's desctiption, and how much should remain on the web site whose URL is included. In reality, depending on the feed, the item's description property can be anything from very little to the full text of the article.
FeedDemon is cool. It's got a ton of neat features for presentign this information. It helps you to combine information from a variety of sources. You can, in effect, make your own newspaper!
If I could, I'd set this blog up with RSS. As soon as blogger allows me to subscribe...
[update - this blog is now published with RSS!]
Monday, August 25, 2003
Well maybe NOT if the MINI COOPER Online site is accurate. Seems BMW can't understand the value that independent enthusiasts bring to the market.
Even Microsoft understand this - with their MVP program. They may not like it when folks, like me, are critical of them, but they do react well. They invite the MVPs to give inpute direct to the people matter and are committed to making the input count. BMW could learn something from Microsoft.
That page looked familiar! The thief did not even know enough to change all the links. Now it's not big time IP theft, but the guy really should know better.
The ISP who hosts this guys page has had a complaint, but thus far have done nothing. :-(
An update: the nice folks over at www.passagen.se have sorted this out and the pagea are gone.
Saturday, August 23, 2003
Friday, August 22, 2003
XP SP2 DelayedIf The Register is to be believed, XP SP2 has been pushed back till a year from now. And looking around the web, it seems other sites have picked up on this story too.
What are they thinking?
To look at how bad things really are, take a look at this Windows XP Post-SP1 Hotfixes list produced by MS. And if you do a wider KB search, you will see even more bugs (limited by the 150 max records that the asp page will actually return!). The Post SP1 patch page currently shows one hundred patches. But who knows if this list is up to date? And just how will home or small business users ever be able to work this out? And what large enterprise wants to devote this much tiem and energy?? If you buy Windows XP (RTM) today, or if you download it from the MSDN site, you get a CD with an almost lethal set of bugs. This version would simply not be safe to deploy on any network without patching it heavily. At an absolute minimum, you have to download SP1 plus a bunch of patches. Most of the OEM's seem to ship an integrated SP1 (which is helpful), but all my CDs are just plain RTM.
After getting SP1, you then need to go to Windows Update (or SUS) and add all the extra patches and validate that your system is both safe and functional. This is non-trivial. It's not only the sheer amount of patches you have to find and install, but you also have to test that you've not broken anything in the patching. Given MS's reputation and track record, testing is vital.
There's got to be a simpler way! Microsoft should offer to provide updated CD images for a relatively patched version of Windows XP (home, pro, and both rtm/msdn/vlk) - as well as every other key product (2003 Server, SQL, E2k3, etc). I don't want a bunch of CDs that are, in effect, dangerous!
No, the viruses are not Microsoft's fault. But I believe Microsoft has an obligation to make it simpler for customers. And as a matter of some urgecy.
Wednesday, August 20, 2003
I generally like reading Paul Thurrot's WinInfo newsletter, sent in email courtesy of Windows &.NET mag. But in his article Opinion: Windows Worm Should Never Have Been a Problem he just plain misses the point. OK - I agree with him when he suggests that Microsoft is not really the main culprit here - the fix was out and it wasn't applied. Thus it's not really MS's problem.The real problem is that systems simply were not patched
What he misses, sitting in that ivory tower of his, is the sheer difficulty of actually keeping everything up to date. I've said it before:it's just too hard. I'm not beating MS up for this latest bug, but for making it so difficult to patch things. Anyway - today it's the sobig virus. I've had around 40 mails this evening (each 100k or so) with this. Yuck.
There just has to be a better way. Admins deserve an easier life.
Editing MSI FilesI've been watching the hits on my weblog and find that a number of folks are looking for more information about Orca - a free Microsoft .MSI file editing tool. Orca enables you to do some basic .MSI table editing including simple things such as fixing a condition that stops an MSI file installing. You can get ORCA from Microsoft. However, contrary to KB article 255905, Microsoft seem to have removed orca.msi.
There is probably an easier way, but I did the following to get this:
- Install the Platform SDK
- Install the MSI SDK
- Open up C:\program files\Microsoft SDK\bin - and there is orca.msi.
- Run orca.msi to install Orca
If I get a chance, I'll do a deeper writeup of Orca for my ESM column.
Tuesday, August 19, 2003
Windows Update Runs on LinuxAccording to the folks at Netcarft, Windows Update Runs on Linux.
To some degree, it begs the question 'what's that site running'. After all, what is the Microsoft site? It clearly includes these global caches so the answer probably is - it runs a lot of things. I supose this is more an issue about how Netcraft does it's survey - and how it determines that a site is 'running' on a platform.
Like most statistics,
Tuesday, August 12, 2003
IE A Risk?I've been trying to keep up with details on the mblaster worm, and came aross an interesting page from a compan callied PivX Solutions. Called IE Security Holes this page is, as it's name suggests, one showing IE security holes that remain unpatched.
At present there are 21 listed vulnerabilities.
Monday, August 11, 2003
Microsoft has produced a resource kit for every version of Windows NT since NT 3.1. As it turns out, I have every one produced thus far. The Resource Kit Team is a pretty amazing group (I worked for them for over a year). For Windows 2000, the entire Server Resource Kit is on line at http://www.reskit.com.
For Windows 2003, Microsoft decided to do even more! First, they decided to add a lot of new and improverd content. In a move which must have been designed to remove the threat of litigation from book shop ownnwers whose employees backs would have been damaged by lifting the new volue, MS has separated out the deployment information into a separate Microsoft Windows Server 2003 Deployment Ki.t This kit is now published, with some great content. And it's online too.
BUT: even cooler - you can download the entire kit. Not just as PDF files, but as word documents, thus you could (at least in theory) use some of the text in your own deployment plans.
I'm kind of surprised MS is putting the full word documents up for free download, but they have. The Resource Kit Team continues to do great things!
Now all we need is the actual Resource Kit itself...
Saturday, August 09, 2003
An oustanding script for managing Microsoft DNS ServersWritten by true uber-geek Dean Wells, DNSDUMP is the ultimate managment script for managing Windows DNS Servers! The man is a genius - either that, or he's sad and has no life. I know part of the latter to be untrue!
But don't take my word for it - download it and try it. And to avoid confusion, the file referenced above has an extension of cm_. When you save it, make sure you rename the extension to '.cmd'.
And if you do take a look, and find anything missing or if you have any feature request, let me know and I'll send your comments along to Dean.
No Bull Here!
Thanks Very MuchDeloitte Consulting have produced a free download writing tool called Bullfighter which, they say, Strips The Bull Out Of Business The product is a additional tool bar for Word - which analyses your writing, produces some basic metrics on the text,and points out anywhere the document is using 'bull' words. You'll understand it instalnatly when you see it- but for more info, see the BullFighter FAQ on the website for more info on the product. I like this for a couple of reasons.
I do quite a bit of writing - books, magazine articles, etc. Any simple tools that help me write better and easier are welcome. Especially if they help me avoid feedback from editors over unclear meaning.
I mainly use Word and PowerPoint - producing Word documents and PowerPoint slide decks. I also use tools like Blogger, O, etc. Where possible, I like to be able to use Word as the editor. My systems are big and fast enough to support this). So a tool that works in the environment is useful.
Bullfighter helps find the bullshit. I hope to avoid using phrases like "A value-added, leverageable global knowledge repository", or referring to products that are "Repurposeable, leading edge thoughtware that delivers results-driven value". But just in case I did lapse into marketing-eese, bullfighter lets me know.
Now we don't toally see eye - it complains when I use 'Enterprise". As I write for "Enterprise Server Magazine", avoiding the word is somewhat tricky. Still - a useful tool.
I also like it because it points out average sentence and word length and calculates the Fleich index. Keeping the writing simpler is good for editor, for me and hopefully for the reader. And it is very quick too.
The tools is a 4mb download. But do not run it on a system with sound in a crowded office. At least turn the sound down! :-) The flash image that is loaded while the product is installed is fun, and loud. You have been warned!
And what gives with the forced reboot after installation? It's just a tool bar for heaven's sake. Tool bar installs should never do a reboot. Should they? Grrrrr
Friday, August 08, 2003
It's almost funnyIn an article in The Register we now learn that IBM is suing SCO over Lunux. So now we have SCO sueing IBM (and trying to obtain extra license income from Linux users), and both Red Had and IBM suing SCO!
If it wasn't so serious, it would be funny.
This sort of action must have them rolling in the aisles in Redmond. It sure isn't the way to obtain any sort of corporate loyalty. Personally, I'd ask some very hard questions if we had any Linux - and even Unix for that matter - running here.
But this does illustrate one important thing - you can make money out of Linux. Just become an Intellectual Property lawyer...
Wednesday, August 06, 2003
When is a Free OS expensive???Clearly when the free OS called Linux - at least that's what SCO seems to believe. I can't help finding this mildly amusing amusing. Here we have all the Linux vedors at each other's throats - it actually makes Microsoft look better and better.
If I were a conspiracy theorist, I might be tempted towards the view that MS and SCO are in this together. Of course, it's unture, but it does make a somewhat amusing story. I wonder what the movie rights on this are worth?
But all in all, this can't be doing Linux, or the Linux community any good and I find that just a bit sad.
Sunday, August 03, 2003
Update: I've moved things around and the Security+ link page has moved to a separate page!
Saturday, August 02, 2003
It says so on the Internet - so it must be true!
In Mitch Tulloch's techBLOG, Mitch describes me as an Uber-geek. What kind words. He also liked the first TCP/IP book, but it looks like he hasn't yet gotten the update Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference.
Thursday, July 31, 2003
Saturday, July 19, 2003
Every organisation can make use of both MSF and MOF, and woud benefit from using them together. However Microsoft's current positioning of them is to make them as diferent as possible. It looks like he two framework teams are in different buildings and just don't talk together much. While the web pages may look similar, that's where the divergence begins, Any Microsoft Certified Trainer can teach the MSF course, but wolud have to go through extra hoops to teach MOF. You can get a MSF course at any Gold MS CTEC, who are required to have an MCT on staff certified on MSF, but not MOF. The MSF course is MOC, which means it can be used by partners, sold to third parties, etc. The MOF course isn't. Etc, etc, etc. These differences hold back adoption
If MS wants to do big joined up stuff with MSF and MOF, then, they should:
1. Make the 2 MOF courses MOC and include them in the MOC curriculum. Enable them to be ordered in the same way as we can order all other MOC. MS training should be delivered through one channel - MOC, not many different, inconsistent ones.
2. Make MCT requirement of MOF consistent with MSF - namely any MCT can teach (although as for MSF recommend the MSF practitioner exam). It would be good to insist on the practitioner exams for MCTs, but that might be pushing it. If an MCT is good enough to teach MSF, then he should be good enough to teach MOF.
3. Create a MOF Practitioner exam similar to MSF exam (this time please use VUE too!). The two frameworks should have similar levels of certificationf requirement.
4. Drop the requirement in MOF for the external ITIL certification. Don't get me wrong, ITIL contains a great deal of great information, but there should be no need for an external certification. MS should create a MOF Practitioner exam that means something and covers the ITIL underpinnings of MOF. ITIL should very heavily 'recommended' - but it should not be mandatory.
5. Include MOF and MSF exams as electives for MCDBA, MCSD and MCSE. If you want to build ground-root support, then make it part of the MCP path.
6. Create a public microsoft.public.mof newsgroup and select MVPs for .mof and .msf groups. Again, make MOF equivalent to MSF in terms of support.
7. Require Gold CTECs to have MOF and MSF practitioners on staff. This really is a no-brainer!
8. Ensure every MOC course, MSDN book, and every related MS Press includes some mention of solution design (using MSF) and solution operation (MOF). Evangelise the frameworks
9. Ensure MSF/MOF exams appear on MCP transcript and on MCT CEC section. MSF and MOF certifications should be part of the MCP programme and included on the transcript.
10. Sit back and watch adoption of these two key frameworks grow.
I've now published these ideas in the private MCT newsgroups and the public MSF newsgroup. Everyone I know who's read the ideas think it's a good idea. One MS Product manager said 'good input'. Thus far, nothing's actually been done.