Wednesday, December 17, 2003

Details on XP SP2 Emerge

Microsoft have started releasing details on what XP Service Pack 2 will look like. All 73 pages worth!

Most of this document describes details of what has previously been disclosed. The details are nevertheless interesting reading!!

Saturday, December 13, 2003

Making the AU client run a little more often

I've been doing a few presentations on Patch Management (see for the slides and pointers) and got asked an interesting question relating to the speed by which an Automatic Update client can request updates from a Software Update Services (SUS) server.

The client is hard coded to go to a server every 22 hours (less a random amount of up to 20%). Thus in 'steady state' each clinet will ask for updates every 17.6 to 22 hours. But what if you want to push out an update a bit faster how can you do it? Turns out there are 2 ways - neither of them very pretty. GPO Workaround

1. Assign a temporary GPO to the appropriate part of the Organizational Unit structure and use security filtering to ensure it applies to the appropriate computers.� Note that this temporary SUS GPO should be of a higher priority then the SUS GPO which is normally in use.�

2. The policy settings within this GPO should be configured to disable the AU client and change the default Group Policy refresh interval for computers to 5 minutes.

3. Force DC replication to occur so that all domain controllers have a copy of the new group policy object.

4. Wait up to 120 minutes for all clients within the OU to refresh Group Policy (default GPO refresh time for domain members is 120 minutes).

5. Amend the policy settings within the new GPO policy so that the automatic updates client is enabled and set to automatic download and automatic installation. Automatic installation should be set to occur 1 hour from the current time.

6. Force DC replication to occur so that all domain controllers have a copy of the changed group policy object.

7. Wait for all the SUS clients to refresh the updated SUS GPO settings (which is now happening 5 minutes).� Once the GPO takes effect, the automatic update clients should begin to download the new update from the SUS server. Installation will begin once the specified time is reached.

8. Once the update has been successfully installed on all target computers, delete the temporary GPO used to make all these changes. Servers will fall back to the existing AU download and installation options once they refresh their Group Policy settings.

----------- Net Stop/Start method

1. From the cmd.exe prompt: net stop "Automatic Updates"

2. Delete HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastWaitTimeout (if it exists)

3. Delete HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\DetectionStartTime (if it exists)

4. Make sure that HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\AUState=0x2

5. Net Start "Automatic Updates" Ordered to Change Name in Europe

PC World reports that - has been ordered to Change Name in Europe. The US case is still ongoing, but judges in both Finland and Sweden have given Microsoft an early Christmas gift.

Wednesday, December 10, 2003

Another Internet Explorer Vulnerability

The latest Internet Explorer URL Spoofing Vulnerability, reported by Secunia. This is nasty - as it allows IE to show an arbitrary FQDN in the address bar, which is different from the actual location of the page. Thus, you might see "" in the address bar, yet IE is actually trying to render "www.badsite.XXX".

While most folks reading this will not be likely to get hit by such tricks, the average user may well be. Let's get the patch for this, and get it applied quickly!

Monday, December 01, 2003

The Annotated XML Specification

I've been trying to learn more about, inter alia, XML and XML Web Services. I came across an interesting web page - The Annotated XML Specification, which is what it says, an annotated XML spec. The annotations have been written by Tim Bray (who was a co-editor of the Spec).

Many fine hours of reading ahead!

Thursday, November 27, 2003

Windows SharePoint Services - Installation is Interesting

We all goof - and I'm not alone in being guilty of it. But the issue highlighted in KB article 833019 is beyond a goof. And the complications it can generate in some installations are a worry!

The problem occurs if you install Microsoft Windows SharePoint Services (STS as it used to be called), which from 3 days ago, fails with a fairly obscure error message. You also get this problem if you try to provision a new virtual server or you try to create a new content database when you are running Windows SharePoint Services by using MSDE (the KB appears to be inaccurate on this point).

The error is caused by a bug in the code that verifies the signatures of DLLS installed with SPS. All installations of Windows SharePoint Services experience this behavior after November 24, 2003. And guess which product installs this component by default? Small Business Server. Ouch!

Problems hapen. But the workaround is interesting: Set the date in the Date and Time Properties dialog box to a date that is between May 24, 2002 and November 23, 2003. That's right, lie to the OS. Trustworthy computing, maybe not, but it works. OH, be careful to not set it too far adrift, or you might trigger product activation.

My view of WPA is further diminished.

And here I thought Linux was secure!

PC World reports that Servers belonging to the Open Source Debian project were hacked. It suggests that there was no impact on the software update issued last Friday. Debian's site carries more information about the attack.

This attack comes close on the heels of both an attempt to hack the Linux kernel, and and an attack at the Free Software Foundation. These hacks show two things: First that security is everyone's problem (not just for customers of Microsoft) - attackers do not play by any rules and will attack pretty much anything that is not totally locked down. Second, it proves, yet again, that any OS can be installed insecurely.

What the Linux bigots often fail to remember is that security requires three things: people, processes, and technology. Even the most secure technology can be defeated by poor processes or by people not doing the right things. This is not a Microsoft vs Linux thing, but more a simple recognition that security of your systems is only as strong as the weakest link.

Wednesday, November 26, 2003

Dell Ditch India - and not before time

According to Dell is cancelling their Indian tech support. I've recently had the misfortune to have had to make 2 calls to this center and they were both awful. My trusty laptop (a Dell Latitude) had it's hard disk begin to go. I needed an urgent replacement as I was using the laptop to present sessions at IT Fourm.

Both techs I talked to were cheerful, but the responses bore no relationship to my questions. They had a script and totally had to follow it - any deviation was met with a refusal to go further. It took forever, and in the end, they were unable to help in time - so I go another hard drive from another source and made do with that. Next week, when I settle down a bit, I'll call again and get the disk replaced. See for full details of this story

I couldn't make this stuff up if I tried!

Only an American could make a soft drink flavoured with turkey and gravy (so awful, even its creator admits is undrinkable) and sell out. See BBC NEWS | Business | 'Gross' turkey tipple gobbled up for the details.

Thursday, November 20, 2003

Microsoft Announces Availability of Open and Royalty-Free License For Office 2003 XML Reference Schemas

I was in Copenhagen last week at IT Forum. I was co-presenting sessions on Microsoft and Shared Source, in which we looked at how MS viewed Open Source, Linux, and all that. One issue that was raised was over file formats - one thing that seemed to be wanted by customers was an open XML schema for Office documents.

As it turns out, MS also formally used Copenhagen and IT forum to announce the availability of Open and Royalty-Free License For Office 2003 XML Reference Schemas.

This is a good step forward!

Tuesday, November 18, 2003

MSH Provider Architecture

I've been delving a bit more in to the provider architecture of MSH. In MSH, you have the several default providers, including a file store provider, a registry provider, etc. I discussed this in my post yesterday. The idea of providers is that they provide a way to surface data into MSH. The PDC bits come with an AD provider and a Registry provider, although the latter at least is pretty primitive.

Each provider provides a drive, which in turn contains containers, and items. Containers, of course, can contain more containers and items. Each item is some fundamental data structure, as surfaced by the provider. If, for example, you built a DNS provider DNSProvider.dll), a particular server could be identified by a different "drive", which could then be enumerated to list all the zones on that DNS server. For example, you could do something like:

new/provider -Provider DNS -assembly DNSProvider.dll
new/drive -name MyDNSServer -Provider DNS -root

This would then list all the zones defined on the DNS server, as well as some information (eg when created) about those zones. You could then navigate to a zone (cd \ and enumerate the resource records in a zone.

This is incredibly powerful stuff. You could easily create a wealth of providers such as ones for IAS, IIS, ISA, Exchange, etc. Once created, they can easily be used in MSH command scripts.These should be relatively easy to write (at least the read/only bits!) and could be added easily. And since they are just plug-ins, there is no reason why a particular provider has to come from Microsoft. Cool!

Monday, November 17, 2003

MSH Continues to Rock

I've been playing more with the Monad command shell for Windows (aka MSH). In reading the downloaded documentation (ok, I confess, I RTFM'd!), I found another really cool feature of MSH, which is Drives.

As I understand it, drives can point to any provider, the most obvious being the file system. Thus, "C:\" makes sense at an msh command prompt. However, C:\ is just a pointer to a (filestore) name space provider. Monad extents that to allow you to add other providers. I'm still working out the documentation on how to do this, but one provider that's in the PDC MSH bits is an AD provider. You first have to load the provider, which is not presently done by default, but almost certainly will in later releases. Then you create a drive - in other words an alias to a DN. In my case, I used the alias QANET to point to the distinguished name of "DC=corp,DC=qanet,DC=net".

Once you have the drive created you can simply go 'CD QANET:' and you are pointing to a directory like view of, well guess what - the AD. You can move up and down OUs/Containers, viewing contents, etc. And since all MSH cmdlets are pretty much multi-provider, you can use things like Where (to filter), sort (er, to sort) and format (to format the data).

Another seriously cool feature of MSH is that you can format output as XML. ANYTHING you can generate in MSH can be sent to XML. Do I really have to explain why this is mega-seriously cool?!?!?

Monday, November 10, 2003

Linux hacked (almost)

This article from last Friday in The Register is highly interesting. The key thing is showed is the importance of good code control tools - without which this hack attempt could have been very damaging.

Sunday, November 09, 2003

Virtual Server Beta Slated For November - Quelle Surprise!

CRM says that Virtual Server beta is slated for November and that Microsoft is prepping its Virtual Server for beta-testing in mid Nov. Hooray - the beta is long overdue. The customer preview release in May was OK, but was clearly lacking in many areas. Since then, beta testers have seen no new builds, and no significant details on product direction. One thing seems clear: Microsoft's VM products may support Linux (etc) - but don't count on it. For those trying to server consolidate, this seems a shame, although both understandable and a market opportunity for VMware.

Tuesday, November 04, 2003

Test Post via email

Blogger just gets better. This post is being sent by email.


They are watching you.

I got an email today from my wife. It said " For those of you who travel the M4 west of London - youwill have noticed the New electronic signs. These were switched on, on Tuesday 21st October 2003. The bad news is that they are rigged with the SPECS speed cameras.

SPECS is a computer-camera based system. As you go past the sign a digital camera reads your number plate. When you go past the next sign your number plate is read again. The computer 'knows' how far apart the signs are so it can work out your average speed between the two or three or four. The system is fully automatic and will issue a ticket without any form of human intervention. It does this for every single vehicle that passes.

You will not know you've been caught as the cameras don't flash. They work 24/7, 365 days a year, and theoretically, there's absolutely no limit on the number of tickets that the system can issue. The whole section of the M4 between Theale (J12) and Membury Services (between J14 and J15) is wired, both ways. The system is set to triger a ticket at 78 mph. Radar detectors will be of no use as SPECS is entirely passive, there is no radar or laser beam to detect.

" Fortunately, the BBC have a different view.

Microsoft and Google: Partners or rivals?

OK - I've heard the story from a couple of sources, but this article in the on-line edition of Seattle's Post Intelligencer was sober reading. I have been giving it a lot of thought. At one time I sort of thought it made sense for everyone. While it would certainly benefit Microsoft, I'm not convinced it would be good for Google to be bought.

For Microsoft, I can totally see the logic. Their own search technology is miles behind that of Google. Allegedly, one of the drivers behind Longhorn's WinFS was Gate's observation that Google can search the Internet faster than Windows can search your C:\ drive. I don't know if the quote is even close to being accurately ascribed - but it's underlying truth is indisputable.

At the PDC I got to meet some of the people at Google. They are a lot like the good folks at Microsoft - open,fun, and with a great work real hard play even harder mentality. Everything I see is simple, clean and with an incredible underlying elegance - which is everything that Windows is NOT. Don't get me wrong, Windows is an outstanding OS, but it's hardly simple (if it were, I'd not be in business!). It's far from clean, with way too much eye candy and it's hardly likely to win an award from Weight Watchers. While parts of Windows are truly breathtaking, there are too many elegant hacks - things done in the name of performance and there are far too many inconsistencies (how you load/activate/remove components, etc, etc, etc). I suppose this why I'm so in love with Monad - a simple, elegant concept.

But back to Google - if they get bought, their folks would have to change. I mean, you couldn't have the lava lights in the offices (just think of the possible litigation from an employee who gets burnt). And those silly updates to the google's logo.gif on their homepage would have to stop, since they might offend someone somewhere somehow and we just couldn't take the risk. The cool clean look of would have to change to more closely resemble (By way of checking the home page is a mere 12.9kb of data, while's home page is nearly 140kb). And finally, how long do you think they'd be allowed to run Linux?

As I see it, Google is still fun - a fun to work at, fun to use, and fun to watch grow. Whereas, Microsoft almost by necessity, has had to become all too corporate. Sure it does cool and fun things, but at the same time, it acts ruthlessly when it has too. While I can certainly see the logic in Microsoft buying them, and the potential benefit to millions of Microsoft customers, I guess I'd hate to lose the fun.

The End of Linux as we know it?

In an article on NewsForge, Red Hat tells customers, 'No more freebies!"

Is this the beginning of the end for 'free' operating systems, or just the end of the beginning???

Saturday, November 01, 2003

MSH Rocks

MSH Rocks!!!

One of the coolest things I saw at the PDC was Microsoft's new command shell, code named Monad. Also known as msh, this new tool is possibly the biggest advanced in scripting since Unix scripting was invented. Yeah, I know, big words. But let me tell you about it!

Before getting into what Monad is, let's look at conventional Unix scripting. One of the real power features of Unix (and here I include Linux, BSD, etc, etc) is the ability to string along a bunch of tiny commands via the pipe commands. This allowed you to crate truly useful tools. This is something that was never really possible with Windows. Possibly the very best thing about Unix is the huge array of very simple programs that can be strung together to do everything you need.

In the Unix world, you take tiny commands, cmdlets in MSH-speak, which are either built in (eg ps, ls, cat, touch) or which you can easily write, and let them communicate via the normal stdin/stdout/stderr pipes. In the Unix world, this works very well. However, there is one fundamental obstacle here. Cmdlets communicate in the pipeline via text.

Now text input/output (stdin, stdout) is cool. BUT: the individual cmdlets are written using absolutely no standard way of expressing or mandating input and output data formats. Thus, in order to do good shell programming, you also have to master grep, sed/awk/perl, etc. in order to manipulate the various inputs and outputs. Unix scriptmeisters will be familiar with the having to "drop the 1st two lines, then go to col 34 and take the next 10 chars but if there were tabs instead of spaces, etc, etc." Let's face it: text sucks as a method of inter-command processing.

MSH takes the incredible power of the pipelined cmdlet approach of Unix, but instead of passing raw text, MSH sends NET Managed objects between cmdlets. That's right, objects, not raw text. Managed, type safe, and easy to write/extend .NET Managed objects! Now with such .NET objects, you get rich metadata available to the cmdlets. The MSH shell then uses .NET reflection to get this information into the cmdlet.

Now the format take a bit of getting used to, but you can type something like: "get /process" to get a list of processes running. You could string this together with the where cmdlet giving: get/process | where "handlecount -gt 500" to print out a list of processes with large handle counts. Now since you are passing .Net objects, the second cmdlet (where) has the full metadata of the process objects create by the process cmdlet. So it can do a 'where' based on all the processes attributes such as handle count, memory usage, etc, etc. And of course, there are a ton of formatting options since you know all about the attributes of the passed objects.

You can also write more complex scripts, such as:
$p = get/process
foreach ($p)
{ $p.FileName.ToString()
This assigns the output of the get/process to an array then prints the file name property of each array member (i.e. prints the file names of the executables for each process in the process list) . At least I think this is right! Apologies if the syntax is a big mangled

The next cool thing is how msh handles namespaces. In Unix, cmdlets essentially have just one namespace: the file system. MSH has this, but also adds the registry, active Directory etc as namespaces. So you can go: CD AD:\ and get into the AD, where you can type DIR and get a listing of the top level objects. Or, type "CD HKLM:\" and be able to see the top of the registry. And of course, you can write your own namespace provider! MS plan to add a provider for SQL, and are open to adding others. I want a DNS namespace provider!

Then there's all the cool output options. Builtin, MSH supports output formats including HTML, XML, Excel, Word or even good old formatted Text. If you want to output text, you have all the formatting options you want, either from the shell, or in code if you write your own cmdlets.

Developers will love the cmdlets - they're incredibly easy to write - and being .NET based, you can write them in any .NET language. Your cmdlet class inherits from the commandlet base class. You just need to add a few attributes and hey presto you have a cmdlet!. And since the cmdlet has the full .NET namespace at its disposal, your cmdlet has access to anything and everything you could possibly want!! There are a bunch of simple examples in Jeffrey Snover's PDC deck.

Finally, the MMC will in future be based on this. So you can use the MMC to do some command, then dump out the MSH script that would be needed to do that action again. Then you can apply this to your entire domain

And as to the name. At first sight, it seemed odd, but Jeffrey Snover told us that: "the name came from Leibniz's Monadology, a philosophy which says that everything is a composition of smaller things (the smallest being a Monad)". I could go on - but I was totally blown away by the presentation and the demos. I'll post more details once I get them! Watch this space!! [a later update] I've written a couple of more posts on MSH: MSH Continues to Rock and MSH provider architecture. Enjoy

Thursday, October 30, 2003

PDC:Security Panel: What�s Next? Directions in Security

Security Panel: What�s Next? Directions in Security Both security technology and the threats that they must counter have changed over the last year and will continue to do so over the next few years. The industry is full of security solutions that are beginning to meet the needs of today's threats. The panel: James Hamilton (SQL), Carl Ellison (atstake), Howard Schmidt (at Ebay, ex FBI, US Air Force, ), Jason Garms (security architect at MS SBU), Michael Howard

. Q: What can we do with sandboxing to use code safely? Is this the future or just a stop gap.

MH: the managed environment is all about this - you will get software from lots of places, some will be more or less trusted. This doesn't really help with unmanaged code (there probably is no good story there), but managed code is the future direction.

JH: we need to do more - particularly with respect to specifying what resoruces an assembly can consume. HS: stuff like strong naming is another important aspect to addressing the issue.

Q: Following on, what can we do to manage code

JH: First, you have to have security in depth - firewalls, stopping call-out, process/machine security and isolation is all part of it.

MH: Isolation is important. For example, he's locked down his wife's computer to the point where she just can't do much. The issue is how can we do this without annoying them.

HS: Defense in depth is a good thing - but the problem does not have to be solved only on the client.

JG: Sandboxing is great, but it is not enough. With the newer threat models, you need to think about dependencies between components and you need to be familiar with the compoennts being created. You have to think about this in more engineering terms - it's more than just 'making it work'. EG: a bridge out of balsa wood - it might work, but it's not robust.

Q: Will there ever be a time when everything is secure and unified?

JH: "At MS we're well down the road' but we need to do more. We need to develop models that model our social intereactions.

JG: we have some great opportuniees, thanks to Moores law, to help us. We have type-safe languages by C# that help. Web services, with detailed interface contrants - we're on a road to a better future.

HS: He had a conversation with Vint Cert, and they agreed that had we known then what we know now, the Internet would have been architecte differently.Look at cards, you can't get a car today without seatbelts, air bags, etc. IPV6 is an example of this moving forward.

CE: The firewall is just a band-aid - we shouldl not just always accept anonymous connections - anynoymus should probably not be the default

Q: Key management - it's hard - what can be done?

HS: Amazed we have not done more to adopt PKI. There are scaling issues but there should be better PKI. MOD: key maangement is not somethign you can just code - you have to design the ceremonies too (key exchange). There needs to be multiple cert levels (one for a simple web site, 2nd to buy something, 3rd for bank-bank). Need to balance the interaction against the key pretection. The level of automation can be an issue.

Q:Does VM technology provde a way forward?

JG: yes, but it's hard too - not a good user experience. SEE is possibly a better approach.

Q:What is being done to improve thigns? MH: MS is going to product a security cert for devs. This is in the early days, so no details, but it's coming.

Q. How much effort is beign put into Security?

JG: Jason started by pointing out that it's MS's goal to never have to take an entire team offline again. It was a remediation, but should not be needed again. Having said that, things are still not good enough and 'steady state' has not been achived yete. MS is overspending on resources - but that's probably ok!

MH: Secuirty adds around 12% to the overall project timescaales - but security is not extra, it's part of doing the job.

Q: Will we evver have security untill MS manufactures hardware (smart cards) and make this ubiquitious. A: not sure - what about the UI? It's possibly not the full answer. Q: What would make networks more secure - if you could have it? JH: Hardware is not the only issue - we have the software tools to secuiryt systems today. JG: There's not too much at the chip leve - but NGSCB is MS's wish list - but it will take a while. Offload processing is also something that needs to be looked at - crypto offload is available today. Q: what about the ISPs? Smart cards, biometrics are all wonderful, but until the ISPs stop disallowing spammers, and virus infected systems onto their networks we're still in a bad situation. A: there's more to do. It was an interesting session - more for the brutal honesty and total lack of marketing fluff. I'm convinced that the transcript of this session should be published.

PDC: The Longhorn sizzle

I went to the session "Making it Sizzle: Enabling and Building Next-Generation User Experiences on Windows Longhorn " The panel was David Massy; Pablo Fernicola; Tjeerd Hoek; Chris Anderson; Michael Wallent This was an interesting panel, looking at how Longhorn would enable lots and lots of cool stuff. The new "Longhorn" platform is designed to enable developers and designers to work together to produce gorgeous and effective new user experiences. Sadly I missed the opening of this session due to the busses being slow.

The first question was MS is MS doing this?'. The speaker suggested that there is a perception of unreliably or difficulty in using MS software (some laughs from the audience!) and suggested that Longhorn can help. For example, "responsible" animations help people understand relationships better. Also, when you are doing things like streaming video, the glitches are a pain. Longhorn's driver scheduling should make the experience better and smoother. I People want PCs to be an appliance - people buy them both for their functionality and for their looks. Longhorn will address both.

There was an interesting demo on the Longhorn logon screen. It looks like the XP one, but clicking on each picture changed the look and feel of the login screen. This looks like eye candy. There was a comment to this point. We've seen lots of cool things, but no tools. MS need to get the fundamentals right first - then could build the tools (and I guess the guidelines). We can expect more guidelines at B1 time.

There is a need to affect both behaviour and look and feel. This is going to be the focus of much work. And there is a clearly a dichomoty - teen-ager vs knowledge worker. MS is aware - one Longhorn persona is a teenager, but the focus is on the business user.

How do developers starting from scratch getting up to speed? Start with .NET, and look at Whidbey, and go from there.

1. Just do it (managed code, etc)

2. MS wants 'broadband' feedback, to deliver the longhorn wave together

Wednesday, October 29, 2003

MS PDC: MS Rersearch steels the show

The keynote this morning was done by Rick Rashid, who runs MS Research. What a show! There were several really cool bits of research that were demonstrated. A cool demo was based on Sload Digital Sky Survey - Sky Server This is the old terraserver, but based on the sky, not the earth. But perhaps the coolest was the Tablet 'math pad'. The idea is that you can type in Math equations, and have them auto-graphed.

While a lot of the things shown this morning are far off, some of them look very promising.

Happy Birthday

Happy Birthday Rebecca Marie

Rebecca Lee-Tanner is 7 years old today. Sadly, I'm 7000 miles away. :-(

Google are nice folks

I stopped over at the Google booth at PDC today. I asked them why I could not get RSS on my blog here at It should just work, they said, but I demoed how I could not get it. So they fired off email to the support guys, and they're sorted it. Nice.

But it gets better. When I was at the booth, the stand folks gave me an invite to a small reception, with drinks, etc. I got a chance to chat with the folks behind Google. Mega cool. I can't wait for the IPO.

Monday, October 27, 2003

PDC Web Access

I'm trying to get to the net to get my Longhorn product key - but there's real issue with the speed. As ever, there's not enough bandwidth. And the woreless is not overly available - I've not managed a wireless connection yet - and most of the folks I've talked to have a similar expience. Thankfully MS has provided a wired network as well but it's very slow. I'm sure I'm not the only geek to want this to just work.

The joys of providing a comm network for active geeks.

Live from PDC - Bill Speaks

The Next Wave

Bill Speaks

So the PDC has started. I suppose it would not be a PDC without a keynote - so we're starting with Bill. Bill looks tired and a lot older! His shirt looks rumpled, like he just flew in to do this talk. Bill says PDC is about making better software, the next generation of Windows, and everything that MS is doing around that."Catching the next wave" is his theme, MS has high expectations on the future - and a $6.8 billion budget! You can buy a lot of futures with that soft of cash behind you.

Bill talks about security - and is still banging the TWC drum. Two big future releases will include better security - XPSP2 (the firewall is on by default, better memory protection, etc - due in beta by end of 2003. WS2003 SP1 - Beta next spring, with role based security configuration, remote access client inspection, local inspection on connection.

Bill showed a nice video - "Behind the Technology" - it was very funny. I wish these were available!

Bill talks about this decade as the digital decade. Didn't he use that theme for the 90s? This will include some important breakthorughs: Advanced Web Services, Workflow and process, distributed management, and ad hoc communications. He says that there are some Information driven breakthroughs, including rich search/views, unified storage, self-organisation, information agents. All these breakghroughs come to us via Longhorn, the "Biggest OS since Win95." Longhorn, is meant to deliver on the fundamentals, but to use it in an easier fashion. Key components of Longhorn:

  • Fundamentals - Base OS System Servives
  • Avalon - presentation - lots of XML
  • WinFS - Data - unified storage (Gates has been talking it up 10 years).
  • Indigo - Communications between apps.
  • Hillel Cooperman - Product Unit Manager Windows User Expereience gave a cool demo on Longhorn's new UI. It looks pretty, but I'm not sure it's anything other than cool. the Searching, however, is very impressive! You have to see it!! What is better - all the controls are available to devs to play with. There are lots of pretty gimmicks in the UI - the clock so BLUE! Hillel showed a sample longhorn/avalon app. Very interesting - shows the power or WinFS schema extensions.

    To summarise Bill's vision, he sees three waves: Today (XP, Server 2003, Office 2003, VS.NET), soon: Yukon, Whidbey, and later (with Longhorn Client, Server, Office, VS.Orcas). There is a lot of new technology to come onstream, et 64 bit computing.

    To ride this wave, MS is doing several things:

  • Fundamentals - building it into the base - software updates, management, etc
  • Web Services - moving on, with Indigo
  • Managed Code - the way forward
  • Smart Clients - delivering data with XML and having rich local presentation layer
  • Community involvement - Bill wants feedback - years of work here shaped by the community

    It all looks interesting!

  • Sunday, October 26, 2003

    Stuck in NYC

    It was all going so well. I staggered of the London flight onto the LAX flight. I was all curled up, snoozing away as we taxied out. Then the Captain came on the intercom and mumbled something about fires in LA, and rather quikcky dumped us off at a gate. As ever when such things happen, there was utter confusion - with neither staff nor passengers having any clue as to what is happening.

    At present, I'm surfing courtesy of t-mobile in the Admirals Club. Just waiting to get out. I've got a flight booked in the morning, just in case, but who knows. The airline will make a call in an hour. In the meantime, I'm annoyed I'm missing a good party!

    What do I want in Longhorn Server

    What will go into the Longhorn server? That is a question I hope to see answered at PDC. Certainly there will be some integration of the currently separate services (eg DRS, GPMC, MACS, etc). But what else? I would certainly hope for a better management story. And given that MS has 3 years to go before release, I'd like to see some shake up in some fundametals. Here are some things I'd like to see changed:
  • A more sensible partition layout., There is far too much junk dumped deep into the folder structure. For example, I'd like to see all my outlook express files in %profile%\OutlookExpress\Settings, instead of deeply hidden. And I'd like just one high level temp folder.
  • ONE way to add/remove every component. Right now, some compoents are loaded by default, some are loaded but not made active (eg rras), Others have to be added (EG IPv6) via Network Connections, while still others are in add/remove program (eg netmon lite).
  • A separation of network hardware from identity. In Dial Up Networking, multiple identies can be associted with a modem (one at a time!). But with wired/wireless networking, you can't. I'd like to see the ability to have multiple connections possible. Thus, I'd be able to be,, and depending on where I am at the time!
  • A goal of ZERO reboots. Rebooting should NEVER be needed. Sure, I can accept a few, but let's make the design goal sensile. And I think that it shoudl be manadatory for all 'application' udates to be reboot free. Come on Microsoft, What's the deal with requiring a reboot afterr loading media player??
  • Consistency, consistency, and more consistency. I think I do NOT have to say more on this front!
  • So what do I want to see at the PDC?

    I want to see the future.

    Just a good glimpse of what Microsoft has planned for the next 2-3 years. I see PDC as an important opportunity to see the long term vision start to take shape. Longhorn, Yukon and Whidbey are the three key technologies I want to understand more about.

    Yukon, I think. represents a major change in the way we design multi-tier systems. Tim Sneath recently wrote about this - and i think he may be on to something. Tim argues that with ability to put business logic, expressed as managed code, into the database, that the middle tier is dead. I think he's right that the purpose of the current middle tier, business logic, really belongs in the db. But I think he's wrong about predicting the death of the middele tier for two reasons. First, it will take companies years to migrate to Yukon. Mainstream adoption is at lead 18 months away so inertia is a factor. But more importantly, the middle tier will exist to orchestrate, The front end UI tier will remain client side - but i see the middle tier as orchestrating the various services that are available in a SOA approach.

    Longhorn is both the next client and the next server, so it too is highly important. The cliente is some what less interesting although I have to be careful how I say this - Scoble will give me too much grief!! In the space I work in, businesses have trouble understanding the value proposion of XP, let alone something beyond that. When I see all the fantastic UI shots, I have to ask: will this make the knowedge worker more productive? Can he/she answer emails, write documents or prepare presentations faster? I don't know the answer to this - although I can see how WinFS will help me to organise the chaos that is my workstation!!

    Whidbey, of the three, is the least exciting aspect of the PDC. I've seen some of the new features (generics, iterators, etc) and have been playing with the Whidbey alpha for a while - I guess I'm just not enough of a geek to get overly excited.

    Off to PDC

    Off to PDC

    So I'm off to the PDC. The journey to LHR was uneventful - a quick drive, a comfortable checkin. Secuity is tigher than it used to be, but I got upgraded so it's comfortable class to LAX via JFK (and for the return as it turns out). The plane to JFK is totally full. As I traveled to and through LHR, I could not get the image of Concorde out of my memory. A truly 1st class experience from start to end. By comparison today's flight is just so ordinary. Concorde, to me at least, represented the best. From the Dom Perignon and Hospice de Beuane to drink to the quiet professionalism of the crew. I don't think any airliner will ever be quite the bird that concorde was. This flight is a 777. Relative quiet and with good legroom. Which is a good think as we're cooped up here for 6 more hours.

    Saturday, October 25, 2003

    Packing for PDC

    I'm just getting started packing for PDC. The first think I started doing is freeing up disk space on my laptop for all the new code we're going to get. My objective by the time I get back from PDC is to have two VMs running: One an XP VM that has VS Whidbey and the other a VM with Longhorn. The plan is to get them loaded during the PDC, and spend the long plane ride back to London playing with them. I'll be blogging as much as possible during the PDC, although I've not yet worked out my schedule.

    MVPs get source code access.

    MVPs get source code access

    The word is finally out. This is a fantastic idea - giving some of the folks that support the OS access to the code. There is some good news and bad news of course.

    First, there is a very tight NDA in place. Even so, I can only imagine how hard the MVP team at MS must have argued with the lawyers to let individuals, vs companies, to have access to the source. When MS provides source accesss to companies, the normal license calls for an unlimited liability. With individuals, e.g. MVPs, this simply would not work for obvious reasons. It will be interesting to see what happens on this front.

    Thus far there have only been a handful of MVPs who have it. Only MVPs who are "up to date and ho are in a few restricted groups will get it. So it's not all of the 2000 or so MVPs who will get it, and it's not a gift for life!

    And not all the code is there. Most of the 3rd party drivers are missing, as are some large chunks of the security code, and some stuff that MS feels is IPR-intensive. That makes sense, although it does restrict MVPs from looking at some of the more interesting areas of the source tree! The access license is also pretty restricted. The licenseee can't compile or build anything, you can't use it to create a derivitive product, and you can't talk much about what you actually see.

    And did I mention that even though there's stuff missing, the source tree is big. Very, very big. Humooungouse in fact. When I was working on the resource kit team, I had source code access which I put to good use. The source tree is huge, complex and confusing to the new user. You could tell that the source code tree grew, versus having been designed as it currently exists. New (to the team) developers quickly find their way around (as developers tend to do). But for the casual lay user, it is tough to get into it.

    As an MVP, I can see that the access could be interesting and fun. I've got enough background to at least look up the DNS stuff (I think). Whether I can really read the code to the level I'd like is a much different story.

    This is cool.

    Hey Little Chef/Travel Lodge - Get with the Program

    So I'm staying away at a Travel Lodge - and dining at Little Chef. The hotel is "quiet" (except for the constant roar of the A14 - which is worse when it rains), the bed is comfortable and the shower's hot. The food is not good news (the less said the better), but it's only for a couple of nights. So where's the internet connection? Surely they should put in a nice g-WAP and flog us the access. Or BBand in the room - both no doubt priced outrageously! But no sign. Come on - get with the progam! The lodge is full of business folk, economising on hotel costs. We still need to stay in touch.

    This leads me to think that the telcos don't quite get wireless yet - at least they don't provide me with what I need. What I need is simple. I want one type 2 PC card that I can pop into my laptop that gives me internet connectivity (wirelessly) pretty much everywhere I go (and could possibly use wireless client). I'd like this for a reasonable flat rate/month, for world-wide access. In Sept/Oct, I've been to Boston, London, Chicago, Redmond, New Orleans and Los ANgeles, plus stays at those airports plus visits to DFW, MIA and ORD. I would have liked just one plan. Is this an unrealistic requirement?

    Monday, October 20, 2003

    Intuit users force rethink on Product Activation

    I love MS's latest OSs, and I can't wait for the next one (longhorn). I derive great satisfaction out of testing and using them. While I love the OS, and nearly all of the features, there are some things I really dislike, and a few I'd gladly re-design. But the top of my dislike list is product activation. Yeah - I know the arguments, and I openly respect Microsoft's issues with piracy. I still think product activation sucks.

    My first taste of product activation came with Novell, many,many years ago when they were the market leader in PC Lans. I had to install several servers, in an office late at night. With two of the four kits, there were problems with the serial number disk. One had been seemingly dropped in something, and the label was only partly legible, and the other floppy was destroyed. We never did figure out how either happened - but knowing the shipping guys I can guess. But I managed to get the servers up and running, and am forever grateful to some great help I got from Compuserve (and not from Novell). I'm sure I aged greatly that night.

    By comparison, Windows NT 3.1 was a dream. I remember so vividly the openness MS UK presented with this release. They were talking to ME - the IT Pro - and made it easy. Well easier - don't forget that NT 3.1 was released at a time when CD Roms were very much the upcoming things. After doing ONE installation of 3.1 Advanced server by floppy, a 2xCD was heaven! By way of diversion, the CD along was �400 ($US600) and the whole system nearly �4000 ($6k). Just imagine what you could get for that today. Oh never mind - I just did :-). Opps, I did it again. But I digress.

    In summary: I just don't WPA.

    I've listened long and hard to most of the arguments for, and against it. It's certainly been a hotly debated topic. I'd like to think I've helped argue MS to be a little more lenient in their application of WPA. WPA has been good for Microsoft too but when I see the WPA stuff, I just see an attitude of "we don't trust you" that's very much in my face.

    It's much the same resentment I feel towards the 'security' at US airports these days. Traveling in/through several of the bigger US airports (Chicago, Miami, Seattle, Dallas, Lax, and Boston) in the past few weeks, well all I can say is it sucks. There are all these folks just there hassling a population that is overwhelmingly honest. This is another manifestation of the "I don't trust you so you really have to prove yourself" attitude. I find it bordering on degrading to have to nearly strip off (having to remove my shoes and walk across a pretty filthy "carpet" and removing my belt and having to hold trousers up with my hand) as well as having to unpack my bags (I managed 4 trays on the last trip to the US) then repack them (much to the annoyance to the people behind and to the TSA bods who seem to have partly lost the will to live and seem just a bit highly strung. I put up with it because I have to, but that does not stop me for wanting to get rid of it (and the associated costs). At the end of the day, I'd like it to be a lot simpler - and I'd love to get rid of all forms of product activation. It's nice to see I'm not totally alone in disliking "we assume you are dishonest" type product activation schemes. Intuit users didn't either - and they let Intuit know. It's really nice to see that Intuit listened to their customers and removed product activation. See the PC World article where Intuit Apologizes for Product Activation.

    Well done Intuit.

    Saturday, October 18, 2003

    Windows Rights Management Services for Windows Server 2003 Pricing and Licensing Overview

    RMS is close

    MS is building up it's support for the launch of the Rights Management Server software later this year. RMS is a very interesting product - which solves some important security issues for many customers. The problem is how to protect information that is inside the firewall.

    I remember many years ago reading an internal memo from a member of the Windows 2000 development team to the team. It was addressed as 'Dear Mary Jo' - since he knew that, within hours of being sent Mary Jo Foley would have a copy and would be putting spin on it in her column. At that time both she and Paul Thurrot sort of made a habit of posting internal information - stuff marked MS Confidential DO NOT COPY. I can feelfor Iain - it's tough to be honest in email where you need to discuss and evalute tough issues and come up with a good resolution, when you know your every word will be sent to people with very different motives (by people with very different motives!).

    RMS enables you to create documents whose usage you can determine. You can, for example, make a document no print, no forward. The receipient can read the mail, but can't send it on (e.g. to Mary Jo), or print/fax it. Of course this won't stop analog attacks (taking a digital photograph of the screen, or simply re-typing all the text), but it will cut down on a heck of a lot of more casual abuse.

    Right now there are only really two products that make use of RMS: Office 2003 and IE. With Office 2003, you'll need to have the Professional edition in order to create rights managed documents - you can view RM'd docs using Office 2003 Standard. But this will certainly change. I'd expect every native app that ships with Longhorn, for example, to be RMS capable. I look forward to seeing what innovations the ISV community has here! IE integration will provide security on documents provided via an Intranet solution. The IE stuff will ship separately. RMS, however, is not free. Take a look at the Windows Rights Management Services for Windows Server 2003 Pricing and Licensing Overview for the full license detail.

    In summary, each RMS user (document creator and document reader) must have an RMS Cal (US$37.00 each). If you want external users to be able to access RMS software, an external Connector license is required: $18,066. So a 500 seat company will need to stump up in the region of US$50,000 for the CALs, the External Connector, and the RMS server - presumably this would be a new system requiring harware/software/services/backup/etc. Given the instant document security this gives you, the cost seems pretty reasonable, especially when seen in the light of of the cost of accidental disclosure.

    Oh, and to get much use out of it just now, you'll need to upgrade to Office 2003. Maybe RMS is the killer reason for upgrading to Office 2003. I can see a huge number of firms who will love this and will rush to buy it. The IE component will be useful too, especially for firms with large intranet applications.

    Tuesday, October 14, 2003


    Back from Momentum

    I'm just back from MS's partner conference, Momentum. Held in New Orleans, it was the first time that the traditional MS partner channel (Partner Classic) and the MBS partners (who look after the Great Plains etc product lines) all met at a single partner event. We got to hear Microsoft's plans for providing a single partner channel - with room for both sets of partners. The plans for combining the channels made sense to me, but one felt that the MBS partners were less than happy.

    One interesting aspect of the new programme is how performance is to be recognised. Partners will earn "points" that are the basis for future status and benfits incoming years. These points are awarded based on Skills, Customer Satisfaction, Influence, Sales (for MS), and Certifications.� These Partner points will be for example, 50 says you are a Certified Partner, 120 says you are Gold.�That will make it a bit easier for the larger CTECs, for example, to differentiate themselves. Samba 3 extends lead over Win 2003

    Samba beats Windows Server 2003

    Or does it?

    I've been reading in IT Week that Samba 3 extends is lead over Windows Server 2003. But before getting too excited, I felt it worthwhile to read the details carefully.

    Two comments stood out for me: First: "We selected a low-specification but otherwise modern server for our tests. We used an HP ProLiant BL10 eClass Server fitted with a 900MHz Pentium III chip, a single 40GB ATA hard disk and 512MB of RAM. We did not tune any of the software to improve performance." And later: "Each NetBench client makes a constant stream of file requests to the server under test, whereas in real-world environments many users would remain idle for long periods. Consequently our test environment simulates the workload of some 500 client PCs in a typical production environment." So out of the box, on a low end server, a Linux/Samba box performed better than Win2k3 out of the box and untuned. I guess the first question I have on this is to ask why you'd seriously consider putting an important mission critical file server, serving a large community, on a single ATA disk, using a small, underpowered blade computer with limited memory. The test is meant to simulate 500 users, that equates to around 80mb per user - this is 1/3 the size of the memory card for my digital camera.

    Their comment about not tuning the system also does not ring totally true. In my experience, installing Linux is an exercise in tuning at least to a degree. If they chose a very thin Linux kernel, possibly one compiled only for only the PIII chip, and loaded only Samba, then they are doing tuning. One thing that could make a huge difference to Windows is how the file and print service is setup.

    What I'd really liked to have seen where the bottle neck was while this test was underway and to have seen what effect adding a decent amount of RAM would have had. I suspect the system was kind of busy paging. I've not studied the NetBench benchmark well enough to know how it works when running in this configuration.

    So, I'm not really sure if this test if all that valid. Of course, it looks good but what I'd like to see is this test repeated on a properly specified/configured system.

    Friday, October 10, 2003

    Microsoft launches Desktop Support Technician Cert

    Today in New Orleans, Microsoft have announced a new entry level certification: Microsoft Certified Desktop Support Technician (MCDST). There are two exams (70-271, and 70-272), and two courses. Course 2261 (3 days) covers Supporting users on XP and and Course 2262 (2 days) which covers supporting users running applications. The MCDST is aimed at an entry level technical support person - and comes in 'below' the MCSA. This looks like a great certification!

    Sadly, the certification does not cover any soft skills - this is a shame.

    Monday, October 06, 2003

    Landover Baptist Community Message Boards

    Serious or not?

    I can't decide if the Landover Baptist Community Message Board is a serious site or not. It is rather amusing in any event.

    VeriSign calls halt to .com detours | CNET

    Versign calls halt to .com detours

    I must have missed this over the weekeend, but it seems that VeriSign has shut down "Site Finder". While I and many more complained to Verisign, the company refused, as I commened in an earlier blog entry. However, it looks like the recent ICANN letter to Verisign has had the desired effect.

    For a good overview to the issue, and reaction, read the Washington Post's analysis. Horray.

    C# Tutorials

    Learning C#

    I'm trying to learn C#: here's some C# Tutorials that I've found useful.

    I'm preparing for a talk at IT Forurm, and I've put up a new page on to hold background stuff, links, etc. See as a starting point.

    Sunday, October 05, 2003

    Keeping up to date - redux

    More on Keeping Up To Date on MSDN

    MS now publish updates to MSDN using RSS. The RSS feed itself is at

    Use a RSS client like FeedDemon and you're all set.

    For tonight,use google to search for the urls for the above. I'll update this entry later.

    British Airways - Online Press Office - News Releases

    Concorde - The End of an Era

    British Airways is ceasing the operation of Concorde in just a few weeks. This sad day was announced in a British Airways Press Release, issued in April, but the final day looms.

    The last flight you can buy tickets for will be BA001, LHR-JFK Thursday 23 October, although BA are running further private flights for friends, staff, VVIPs, etc. The fares, for travel between London and New York, cost from the standard �‚£4,350 for one way Concorde returning in World Traveller, and up to �8292 for a return trip both ways on Concorde. Yes, it's steep, but it is truly a once in a lifetime opportunity.

    If you can't afford the ticket price, then there's a web site selling Concorde memorabiliaia

    I've been lucky enough to fly in Concorde a few times. I surprised my wife on the occasion of her 40th birthday by flying her to New York (she thought she was going to Malta). She was surprised, to say the least. It was cool for me too - I got to sit in the cockpit for takeoff! I've also had the chance to pilot the Concorde Simulator in Bristol, which was a real thrill.

    Concorde is a noisy, fuel guzzling technologically outdated aeroplane - but she's a fantastic site. I love watcning her take off, land, or just fly by. And inside, it's a nice 3 hour lunch, while you also cross the Atlantic.

    I shall miss her.

    Saturday, October 04, 2003

    Utilizing the Windows 2000 Authorization Data in Kerberos Tickets for Access Control to Resources

    Details of MS Use of Kerberos

    In a document on the MSDN site, entitled Utilizing the Windows 2000 Authorization Data in Kerberos Tickets for Access Control to Resources, Microsft set out the contents of the Authorisation Data section of the Kerberos ticket. The article is dated February 2002, although the MSDN RSS feed has just pushed this out as being just published.

    Speeding up time

    In a recent blog entry, I mentioned that I liked Media Player 9 bacause it allowed me to listen to stuff speeded up. Turns out The New York Times has an article about how this technology is being used in a more general way.

    Wednesday, October 01, 2003

    NTBugtraq - NTBugtraq Archives

    Another security vulnerabilty?

    Could this post on NTBugtraq be another problem? Russ confirms it to be a problem at a number of sites in a later bugtraq post. Oh Joy.

    Online Network Diagnostic Tools

    I'm doing some network tracing today - a client has an ADSL router that looks to be configured wrongly. So I'm in search of tools that will allow me to ping/tracert/telnet into the network from an external source. Here are some of the tools I've found that were useful: First in my search was Online IP-Tools @ . I used the Visual Tracert, and some of the other IP tools. The port scanner only partly worked, however. Still, some useful tools.

    The Online Toolbox looked good - but none of the tools work. :-(

    Now all I need to do is to work out how to fix the router!

    Update on Identity Theft

    Update on IP Theft

    In a recent blog entry I pointed out a guy called Brent Larsson had stolen some of my pages for his site. I was not annoyed that he'd nicked the pages, but he hadn't even changed half the URLs - so many of them pointed to content on MY site (actually some outdated material long since gone!). I discovered this when I got some junk mail from one of those spammers (you know the ones: "We noted your link is not in the search engines, we can help"). Helpfully, the spammer included the link to Larsson's page. Anyway, the ISP has taken the page down. Thanks to!

    Mitch Tulloch's net Book

    IIS6 Administration - A New Book

    I've just picked up Mitch Tulloch's latest (or perhaps nearly latest) book, IIS 6 Administration published by McGraw Hill/Osborne. My summary is that this is a good book on the subject of IIS6 administration. Mitch covers the basic ground of what IIS is (and some history), it's architecture and how to deploy and manage it. He also covers some more advanced topics, such as setting up mail and news, working with the metabase, administering IIS 6 from the command line.

    A particularly nice feature of this book are the 'blueprint' pages in the centre of the book. These give some nice views of the Architecture, and a nice map of the IIS6 site property sheets (very helpful for navigating around a fairly rich dialog box). I give it 4.5 stars. It's a good solid reference manual on administering IIS.

    I'm glad to see that one of my favorite typos (typing SMPT instead of SMTP) has taken root in this book in a couple of places.

    Monday, September 29, 2003

    The Internet is not ALL bad

    I love reading stuff by Dan Gillmor. His latest column for Silicon Valley, Remembering the People Who Give Back to the Net, and All of Us is a nice reminder that while the Internet has a lot of nasty folks doing nasty things, there's a lot more good out there than bad. He cites a couple of examples of this, not least of which was Verisign's decision effectively to hijack the world's DNS servers, promptly fixed by Paul Vixie's release of a patch to BIND to mitigate against Verisign's act of vandalism. It's nice, every now and then, to read nice things about the Internet now and then!

    MSDN Has O2k3!

    Office 2003 is on MDSN

    The rest of Office 2003 is now up on the subscriber's download site. I've just pulled FrontPage, OneNote and am starting to get SPS and Visio. At last!

    What I'd like to see at the PDC

    What I'd like to see at the PDC

    I'm getting fairly excited about the new stuff we'll see at the PDC. It's clear that this will be a key event on the road to Longhorn, as well as a useful update for both Yukon and Whidbey. Longhorn, if Paul Thurrot's Supersite for Windows' is be believed, will offer (yet another) new UI. And of course Scoble has been hyping some of the things Longhorn will do over in his blog.

    But what I want to see is how Longhorn will make a difference in terms of getting real work done. The flashy new interface is, for me, a turn off - businesses don't want to have to upgrade machines to have larger disks, more RAM, bigger CPUs, and better graphics cards. What they need is systems that will make things faster for the end user and, for the IT staff, systems that are easier to support and manage.

    WinFS will undoubtably make a difference for me - the ability to search my own hard disk faster will make it a useful upgrade. When I think that I can search the internet, via Google, faster than I can search my hard disk I have to smile a bit. WinFS should change all that!

    But all the other stuff? I'm just not convinced. Where's the real business value in all this stuff? Is Avalon really something that will make a user truly more productive or will it really bring down the support? Or is it just eye-candy that will make folks want to upgrade? Frankly, a lot of this looks like bloat-ware. Stuff that, in the labs at Redmond are utterly cool, but in the offices of Mom and Dad Ltd are a gratutious waste of money.

    So what I want presentations on at PDC are ones that also address the issues of security, real end-user productivity and administrations. I want to see how Longhorn is going to be managed, controled and how it will make a difference to TCO. Sure, I love the cool stuff - but I want to see the real business value too.

    Sunday, September 28, 2003

    Watching Videos Faster

    Thanks to Dominic Hopton, I've found a really neat way to watch videos - it's Media Player 9. I've got a stack of videos I am downloading to watch. Stuff like all MSDN TV and the .NET Show.

    With MP9, you can speed up the rate at which the video plays. This was one of those little features that I missed when MP9 was released, but now that I know about - I love it. It enables me to watch a video in much less time. Experimenting this morning, I was able to watch a video at 1.6 times normal speed. Dominic claims to be able to watch it at up to 2.2, but I think that might take some getting used to. A neat feature!

    Some places I'm getting videos to watch from include:

    Saturday, September 27, 2003

    Broken Packets and Espionage

    I came across a very interesting site today: The Museum of Broken Packets. For TCP/IP geeks like me, this is fascinating stuff. But what was most interesting was Exhibit 3, titled 'Espionage'. This is a very interesting packet, as it shows a really cool new sort of tracert program!

    The original tracert program used to send packets to a random UDP port while varying the TTL. This worked as long as the receiver did not actually use this port - if it did, random things could hapen. Later versions of tracert send IPMP echo requests to the target host, which was a bit safer. But then came pings of death attacks, and many administrators would close ICMP off.

    But the attack documented here is interesting in that it is effectively a tracert 'inside' an otherwise legitimate session. Using this approach, just about every stateful firewall and NAT devlce in existance would allow/pass the packet (since in theory the packet is valid within the session). Most sensible firewall administrators might close off traditional tracer-ing, but would be pretty powerless to stop this sort, assuming they even noticed it in the first place!

    This is an entire new class of espionage tools for internal espionage. An employee could run a tool build to do this and pretty much blueprint the entire network in a matter of a few minutes. This is also open to attach from an "RJ45 hoover - a device brought in by the cleaners. They could just plug a device into the network, hit go and within a few minutes your entire network could be analyzed and blueprinted. Makes good food for thought.

    Thursday, September 25, 2003

    No more Cover Disk Patches?

    The Register reports that Microsfot has banned cover disk updates. According to the story it's all because of Sun. This hits us harder in the UK, where not everyone has broadband and where phone calls are much more expensive. Sadly, not everyone in the UK is able to download 166mb DirectX 9 update or the 134mb Windows Service Pack 1a. I've made use of cover disk patches for years. It was one reason why I subscribe to PC Pro!

    Please Microsoft UK, think again??

    Wednesday, September 24, 2003

    Good-bye Powerquest?

    The Register reports that Symantec is buying Powerquest. I suppose this is an end to the competition in the disk imaging arena.

    Microsoft Monitor: PR Goes Splat Over MSN Chat

    Some days you have to wonder. The folks over at Microsoft Monitor report that Microsoft will charge for Chat.

    The theory is that this move will protect children. I susupect cost might have a thing or two to do with it. The costs of running the chat servers must be considerable, and Microsoft has not been slow to start to try to make money from Internet services (the extra for-pay services added to Hotmail, for example). According to the New York Times, Microsoft's key competitors will not be axing chat. For AOL, the chats are private to subscribers anyway. But Yahoo apparently has no plans to charge. We'll see what happens!

    Monday, September 22, 2003

    Some background info on patching

    Just came across a nice little paper from Phil Liberman. The paper is Command Line Options for Microsoft Patches and Service Packs. Phil is a pretty switched on guy and the paper is useful reading. His paper also points to another cool resource - titled Summary of Command-Line Syntax for Software Updates, the kb article looks a useful one to bookmark.

    Moving this blog

    I've been in contact with the nice folks that run blogger and, sadly, they appear to not be willing to do an RSS feed from this site. I regard RSS as an important feature, so I'm planning on moving. I've set upa new blog home, but the RSS feed is almost, but not quite working right. Once I get this all setup and working, I'll be moving over to Web Crimson . At least that's the plan for today!

    I did a look around the web for other tools - I must get around to doing a tools round up! In the mean time, here's a good starting point on blogging software.

    Friday, September 19, 2003

    How Much is Inside a Sharpie? - Part 1

    How much is inside a Sharpie?

    For those not in the know, Sharpies are meant to be the best tool to use for labeling the CDs you burn. I do NOT want to get into an argument as to whether this is true or not, but I use them and they work ok for me. One question, that we now know the answer to is: How Much is Inside a Sharpie?

    Some folks clearly have too much time on their hands!

    MS VPC gets close to RTM

    MS is getting close to the RTM of it's Virtual PC product. This is part of the product set that Microsoft bought from Connectix in the spring. It's been through a security review, and is currently in beta and nearing release. The product will only be supported on Windows 2000 or Windows XP and will be aggressively priced.

    There will be some restrictions. First, it looks like VPC will be supported on XP and Windows 2000 only - and unsupported on Windows 2003. Also, there will be no SCSI or USB support. :-(

    Thursday, September 18, 2003

    MS Competes with Linux

    Microsoft has released some new tools to help customers 'compete' with Linux. Dubbed the Tools to Compete There are a bunch of tools here that might be useful. Funnily enough, the CD costs US$3.50 plus shipping/handling. Makes one think that Microsoft really does view Linux as competition.

    Wednesday, September 17, 2003

    The Road To Longhorn, Whidbey, and Yukon

    I am at a seminar this week looking forward to a number of new Microsoft products. We're hearing about Whidbey, Yukon and Longhorn. For those of you not up with the latest MS Code names, Whidbey is the next version of Visual Studio and .NET, Yukon is the next version of SQL Server and Longhorn is the next version of Windows XP/Win2k3 Server.

    As far as Longhorn is concerned, I've been using Google's news alerts to get information about the product. Microsoft MVP Jim Eshelman is also tracking the stories on his web site. The site is not up to date (last entry is late July) but it's probably worth bookmarking. Take a look!

    Sunday, September 14, 2003

    Off to Redmond

    Off I go again

    Lap top is packed, tickets/passport organised, seat power adaptor packed, along with a bunch of DVDs, good book (.NET Security), etc. Oh clothes too. Time to go. Back home in a week.

    Saturday, September 13, 2003

    Jeff Key

    A Cool Tool Gets Cooler

    Jeff Key's Snippet Compiler that I posted about earlier this week has been improved already. There's a new edit control (thanks to those nice folks at Syncfusion which makes editing even easier. Cool!!

    Friday, September 12, 2003

    Yet more patches?

    Another Windows patch!

    Just when you thought it was safe, along comes another patch (and associated holes in Windows). :-(( Or as Mary Jo Folley puts it: Another Wednesday, another Windows security patch.

    Do you need to deploy this patch? Well, there are actually 3 holes that are fixed (actually this should probably read as 're-fixed'). MS have marked this as critical so I guess the answer is yes: you do need to deploy this patch.

    At TechEd in June, Scott Charney said some things that I sure hope he (and Microsoft) delivers on! He said "When I came to Microsoft...customers said to me that patch management was their biggest concern. So I started looking at it, and what I realised was that patch management was broken"

    Patch Management was broken in June, and it's still broken Scott. :-(((

    Tuesday, September 09, 2003

    PDC Bloggers

    PDC will be Popular

    Judging from the PDC Bloggers site, PDC will be popular. I'm heading there too and will be adding comments here on what I see. It should prove to be a good week.

    Jeff Key's blog and snippit compiler

    Snippit Compiler

    A tool for code weanies

    In Tim Sneath's blog, I saw a reference to bothJeff Key's blog and to a cool utility Jeff's written called Snippit Compiler. If you've ever had to demo code and you want to compile it and see the results , this is a neat tool.

    I am doing some training this week in the .NET Framework for a client and this would really, really have been useful today!

    Monday, September 08, 2003

    New Security Book

    Microsoft Encyclopedia of Secuity

    Just got a copy of the new MS Press Encyclopedia of Security by Mitch Tulloch. Mitch also maintains an interesting technical Blog at Blogspot.

    This book is a good A-Z reference guide to all the key security issues likely to face any IT Pro. It's not a definitive look, by any means, with around 1000 entries in some 480 pages. But it is a good basic intro to all the key terms. It even covers .NET security concepts such code access policies which is good. The level of depth is not great - but there is a good introduction provided with some references for more information.

    If you have to understand more about security - and let's face it, most IT Pros need this understanding, this book is worth buying!

    Sunday, September 07, 2003

    Keeping Up

    I had an interesting mail from an old friend today. She asked me how I keep up. We've been communicating off and on for years after meeting many years ago on a training course. We run into each other now an then - and it's nice to say hi. So Hi - you know who you are!

    The question of keeping up is a good one. At one time, I relied mainly on network news (NNTP) and mail. Increasingly, I'm relying on online content. Since May, I've been playing with both blogging software and RSS readers (the intenet was to read and consume via RSS). I can see the arguments for RSS, and Feed Demon is a cool tool. I've also started using Google News Alerts. Email is, increasingly, just a vechicle for spam. And I'm tired of it. I was away for a week and must have had 1000 spams. Even with filtering kicking out about 40% of the mails received! Jeesh. I am finding RSS aggregators as a better way of looking at things, but it needs RSS feeds. I'd love, for example, to get google searches via RSS. But this is a topic for another day.

    Home Again - At least for a little while

    I'm just back from a relaxing week in the US - a few days in Boston and then some time in Rhode Island. Took my wife and daughter and we had a great time. The weather in Boston was great - although it did Rain in Rhode Island. Never mind - the food was great and the wine outstanding. The flight over to Boston was kind of grim, although just bearable. The flight attendants were somewhat out of it and they now charge for booze in economy. But coming back was not too bad - American did well on that leg (and I had my own gin). It turns out now that the Boston crew no longer gets a full day's rest before the flight back. No wonder they were so beat on the way over to Boston. Anyway - it's nice to be home. For a little while at least.

    The next few weeks look like being "hectic". I'm off to Redmond in mid-Sept. Then back for a week before a week in New Orleans. Then a week at home before the PDC in LA. Or something like that.

    I'll try to keep up with the blog - but it may not be easy. And worse if blogger is DOS's again. Sadly, it appears from evhead's blog entry yesterday that the site had a DOS attack. Bummer.

    I want my Blogger Pro!

    So when will Google re-open it's Blogger Pro� - Power Push-Button Publishing service to new subscriptions?

    I started using back in May for this blog - and would love to publish in RSS. I like the overall service at and am a long time Google fan. I'd like to upgrade to the pro version. Either that, or I move this blog. Choices...

    Google bought Pyra Labs back in February of this year, reports Dan Gillmor. The folks at Six Log (the company behind Movable Type) also picked up on Dan's original story.

    So now it's September - and where's the Pro version? Or rather the ability to sign up for it?

    Wednesday, August 27, 2003


    I've been playing with FeedDemon, currently in beta. It's from Nick Bradbury, the guy who did HomeSite (a cool product in its own right)!

    FeedDemon is an RSS News Reader for Windows. Using the RSS protocol, FeedDemon gathers news from a variety of sources, including news sites (eg BBC, Yahoo News), technology sites such as Microsoft Watch as well as on-line blogs, etc. In most cases, the information provided by RSS is the a summary of the content on a web page (but without formatting)

    FeedDemon feels like a good Windows Based newsreader, which presents a set of channel groups. Each channel group contains a number of channels. A channel is a single feed from a site. One channel I get is BBC News Technology site. The home page for the web site is To get this site's RSS feed, you'd need to go to This XML document is then rendered by the RSS client application, e.g. a news aggregator such as FeedDemon. RSS feeds feature autodiscovery to make setting things up. And there are channels with links to other channels, etc. Getting channels into your reader is the easy thing. Getting time to read it all, however, is another.

    What the news aggregator does is to go out to each configured channel on a regular basis, and download the channel's XML document. This document will contain all the items the site has. Each item has a title, a description, and a link. Once the XML document is obtained, any new items are then presented to the user. Since each news item has a link property, i.e. the URL to the full article, the publisher can decide on how much detail to provide in the item's desctiption, and how much should remain on the web site whose URL is included. In reality, depending on the feed, the item's description property can be anything from very little to the full text of the article.

    FeedDemon is cool. It's got a ton of neat features for presentign this information. It helps you to combine information from a variety of sources. You can, in effect, make your own newspaper!

    If I could, I'd set this blog up with RSS. As soon as blogger allows me to subscribe...

    [update - this blog is now published with RSS!]

    Monday, August 25, 2003

    BMW Loves It's Customers

    Well maybe NOT if the MINI COOPER Online site is accurate. Seems BMW can't understand the value that independent enthusiasts bring to the market.

    Even Microsoft understand this - with their MVP program. They may not like it when folks, like me, are critical of them, but they do react well. They invite the MVPs to give inpute direct to the people matter and are committed to making the input count. BMW could learn something from Microsoft.

    Bengt Larsson - who's he? More IP Theft

    I got a spam mail the other day, offering to help me promote my web site. As an aside, why do these mails always seem to say "I have seen you site and ..." when it's clear that they have never been there? Anyway, I got one to one of the mail alises that I ONLY ever use on the web. It pointed me to "Bengt Larsson home page". I was kind of suprised, to say the least.

    That page looked familiar! The thief did not even know enough to change all the links. Now it's not big time IP theft, but the guy really should know better.

    The ISP who hosts this guys page has had a complaint, but thus far have done nothing. :-(

    An update: the nice folks over at have sorted this out and the pagea are gone.

    Saturday, August 23, 2003

    Virtual PC 5.2 Available from MSDN Subscriber Downloads

    At last, if you are an MSDN subscriber, you can download Virtual PC 5.2. Just go to the MSDN Subscriber Downloads page and it's the first entry under Platforms.

    Friday, August 22, 2003

    The Register

    XP SP2 Delayed

    If The Register is to be believed, XP SP2 has been pushed back till a year from now. And looking around the web, it seems other sites have picked up on this story too.

    What are they thinking?

    To look at how bad things really are, take a look at this Windows XP Post-SP1 Hotfixes list produced by MS. And if you do a wider KB search, you will see even more bugs (limited by the 150 max records that the asp page will actually return!). The Post SP1 patch page currently shows one hundred patches. But who knows if this list is up to date? And just how will home or small business users ever be able to work this out? And what large enterprise wants to devote this much tiem and energy?? If you buy Windows XP (RTM) today, or if you download it from the MSDN site, you get a CD with an almost lethal set of bugs. This version would simply not be safe to deploy on any network without patching it heavily. At an absolute minimum, you have to download SP1 plus a bunch of patches. Most of the OEM's seem to ship an integrated SP1 (which is helpful), but all my CDs are just plain RTM.

    After getting SP1, you then need to go to Windows Update (or SUS) and add all the extra patches and validate that your system is both safe and functional. This is non-trivial. It's not only the sheer amount of patches you have to find and install, but you also have to test that you've not broken anything in the patching. Given MS's reputation and track record, testing is vital.

    There's got to be a simpler way! Microsoft should offer to provide updated CD images for a relatively patched version of Windows XP (home, pro, and both rtm/msdn/vlk) - as well as every other key product (2003 Server, SQL, E2k3, etc). I don't want a bunch of CDs that are, in effect, dangerous!

    No, the viruses are not Microsoft's fault. But I believe Microsoft has an obligation to make it simpler for customers. And as a matter of some urgecy.

    Wednesday, August 20, 2003

    Paul misses the point - and not for the first time

    I generally like reading Paul Thurrot's WinInfo newsletter, sent in email courtesy of Windows &.NET mag. But in his article Opinion: Windows Worm Should Never Have Been a Problem he just plain misses the point. OK - I agree with him when he suggests that Microsoft is not really the main culprit here - the fix was out and it wasn't applied. Thus it's not really MS's problem.The real problem is that systems simply were not patched

    What he misses, sitting in that ivory tower of his, is the sheer difficulty of actually keeping everything up to date. I've said it before:it's just too hard. I'm not beating MS up for this latest bug, but for making it so difficult to patch things. Anyway - today it's the sobig virus. I've had around 40 mails this evening (each 100k or so) with this. Yuck.

    There just has to be a better way. Admins deserve an easier life.

    Editing MSI files

    Editing MSI Files

    I've been watching the hits on my weblog and find that a number of folks are looking for more information about Orca - a free Microsoft .MSI file editing tool. Orca enables you to do some basic .MSI table editing including simple things such as fixing a condition that stops an MSI file installing. You can get ORCA from Microsoft. However, contrary to KB article 255905, Microsoft seem to have removed orca.msi.

    There is probably an easier way, but I did the following to get this:

    • Install the Platform SDK
    • Install the MSI SDK
    • Open up C:\program files\Microsoft SDK\bin - and there is orca.msi.
    • Run orca.msi to install Orca
    Like I said, there MUST be an easier way.

    If I get a chance, I'll do a deeper writeup of Orca for my ESM column.

    Tuesday, August 19, 2003

    Windows Update Runs on Linux

    Windows Update Runs on Linux

    According to the folks at Netcarft, Windows Update Runs on Linux.

    The Register explains it all in a recent post. It is not quite as crazy as it sounds, explains Netcraft.

    To some degree, it begs the question 'what's that site running'. After all, what is the Microsoft site? It clearly includes these global caches so the answer probably is - it runs a lot of things. I supose this is more an issue about how Netcraft does it's survey - and how it determines that a site is 'running' on a platform.

    Like most statistics,

    Tuesday, August 12, 2003

    IE A Security Risk

    IE A Risk?

    I've been trying to keep up with details on the mblaster worm, and came aross an interesting page from a compan callied PivX Solutions. Called IE Security Holes this page is, as it's name suggests, one showing IE security holes that remain unpatched.

    At present there are 21 listed vulnerabilities.


    Monday, August 11, 2003

    Microsoft Windows Server 2003 Deployment Kit

    Microsoft has produced a resource kit for every version of Windows NT since NT 3.1. As it turns out, I have every one produced thus far. The Resource Kit Team is a pretty amazing group (I worked for them for over a year). For Windows 2000, the entire Server Resource Kit is on line at

    For Windows 2003, Microsoft decided to do even more! First, they decided to add a lot of new and improverd content. In a move which must have been designed to remove the threat of litigation from book shop ownnwers whose employees backs would have been damaged by lifting the new volue, MS has separated out the deployment information into a separate Microsoft Windows Server 2003 Deployment Ki.t This kit is now published, with some great content. And it's online too.

    BUT: even cooler - you can download the entire kit. Not just as PDF files, but as word documents, thus you could (at least in theory) use some of the text in your own deployment plans.

    I'm kind of surprised MS is putting the full word documents up for free download, but they have. The Resource Kit Team continues to do great things!

    Now all we need is the actual Resource Kit itself...

    Saturday, August 09, 2003

    DNSDUMP.CMD - A script for managing DNS servers


    An oustanding script for managing Microsoft DNS Servers

    Written by true uber-geek Dean Wells, DNSDUMP is the ultimate managment script for managing Windows DNS Servers! The man is a genius - either that, or he's sad and has no life. I know part of the latter to be untrue!

    But don't take my word for it - download it and try it. And to avoid confusion, the file referenced above has an extension of cm_. When you save it, make sure you rename the extension to '.cmd'.

    And if you do take a look, and find anything missing or if you have any feature request, let me know and I'll send your comments along to Dean.

    Bullfighter eliminates bull in your writing

    No Bull Here!

    Thanks Very Much

    Deloitte Consulting have produced a free download writing tool called Bullfighter which, they say, Strips The Bull Out Of Business The product is a additional tool bar for Word - which analyses your writing, produces some basic metrics on the text,and points out anywhere the document is using 'bull' words. You'll understand it instalnatly when you see it- but for more info, see the BullFighter FAQ on the website for more info on the product. I like this for a couple of reasons.

    I do quite a bit of writing - books, magazine articles, etc. Any simple tools that help me write better and easier are welcome. Especially if they help me avoid feedback from editors over unclear meaning.

    I mainly use Word and PowerPoint - producing Word documents and PowerPoint slide decks. I also use tools like Blogger, O, etc. Where possible, I like to be able to use Word as the editor. My systems are big and fast enough to support this). So a tool that works in the environment is useful.

    Bullfighter helps find the bullshit. I hope to avoid using phrases like "A value-added, leverageable global knowledge repository", or referring to products that are "Repurposeable, leading edge thoughtware that delivers results-driven value". But just in case I did lapse into marketing-eese, bullfighter lets me know.

    Now we don't toally see eye - it complains when I use 'Enterprise". As I write for "Enterprise Server Magazine", avoiding the word is somewhat tricky. Still - a useful tool.

    I also like it because it points out average sentence and word length and calculates the Fleich index. Keeping the writing simpler is good for editor, for me and hopefully for the reader. And it is very quick too.

    The tools is a 4mb download. But do not run it on a system with sound in a crowded office. At least turn the sound down! :-) The flash image that is loaded while the product is installed is fun, and loud. You have been warned!

    And what gives with the forced reboot after installation? It's just a tool bar for heaven's sake. Tool bar installs should never do a reboot. Should they? Grrrrr

    Friday, August 08, 2003

    It's almost funny

    In an article in The Register we now learn that IBM is suing SCO over Lunux. So now we have SCO sueing IBM (and trying to obtain extra license income from Linux users), and both Red Had and IBM suing SCO!

    If it wasn't so serious, it would be funny.

    This sort of action must have them rolling in the aisles in Redmond. It sure isn't the way to obtain any sort of corporate loyalty. Personally, I'd ask some very hard questions if we had any Linux - and even Unix for that matter - running here.

    But this does illustrate one important thing - you can make money out of Linux. Just become an Intellectual Property lawyer...

    Wednesday, August 06, 2003

    When is a Free OS expensive

    When is a Free OS expensive???

    Clearly when the free OS called Linux - at least that's what SCO seems to believe.

    I can't help finding this mildly amusing amusing. Here we have all the Linux vedors at each other's throats - it actually makes Microsoft look better and better.

    If I were a conspiracy theorist, I might be tempted towards the view that MS and SCO are in this together. Of course, it's unture, but it does make a somewhat amusing story. I wonder what the movie rights on this are worth?

    But all in all, this can't be doing Linux, or the Linux community any good and I find that just a bit sad.

    Krispy Kreme comes to England

    Or so The Independent reported it!

    I'm not sure if this is good news or bad news.

    Sunday, August 03, 2003

    Security and Security+ Links

    I put up a page on my web site containing some general security stuff plus a Security+ Link List.


    Update: I've moved things around and the Security+ link page has moved to a separate page!

    Raymond Chen's Blog

    Raymond Chen needs no introduction to any true Windows geek. As the originator of the Power Toys, he's easily The Shell God! If you do anything like shell programming, or are interesed in weird things about Windows, then read his blog The Old New Thing.

    Saturday, August 02, 2003

    I am an Uber-geek

    It says so on the Internet - so it must be true!

    In Mitch Tulloch's techBLOG, Mitch describes me as an Uber-geek. What kind words. He also liked the first TCP/IP book, but it looks like he hasn't yet gotten the update Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference.

    Thursday, July 31, 2003

    A Group is its own Worst Enemy

    I came across a very interesting article written by Clay Shirky entitled: A Group Is Its Own Worst Enemy. It's about 'social software' - software that that supports group interaction. Clay's article looks at some of the issues surrounding social software - it's worth a read.

    Saturday, July 19, 2003

    Joining Up MSF and MOF

    Microsoft have two great framework methodologies Microsoft Solutions Framework (MSF) which helps teams envision, design, develop, and deploy a business solution, and Microsoft Operations Framework (MOF) which is all about you operate the solution. These two frameworks are based on proven practices - things that have been proven to really work. MOF, for example, is based on ITIL, recognised world wide for it's value in the service management arena. They also fully incorporate risk management in a highly structured way

    Every organisation can make use of both MSF and MOF, and woud benefit from using them together. However Microsoft's current positioning of them is to make them as diferent as possible. It looks like he two framework teams are in different buildings and just don't talk together much. While the web pages may look similar, that's where the divergence begins, Any Microsoft Certified Trainer can teach the MSF course, but wolud have to go through extra hoops to teach MOF. You can get a MSF course at any Gold MS CTEC, who are required to have an MCT on staff certified on MSF, but not MOF. The MSF course is MOC, which means it can be used by partners, sold to third parties, etc. The MOF course isn't. Etc, etc, etc. These differences hold back adoption

    If MS wants to do big joined up stuff with MSF and MOF, then, they should:

    1. Make the 2 MOF courses MOC and include them in the MOC curriculum. Enable them to be ordered in the same way as we can order all other MOC. MS training should be delivered through one channel - MOC, not many different, inconsistent ones.

    2. Make MCT requirement of MOF consistent with MSF - namely any MCT can teach (although as for MSF recommend the MSF practitioner exam). It would be good to insist on the practitioner exams for MCTs, but that might be pushing it. If an MCT is good enough to teach MSF, then he should be good enough to teach MOF.

    3. Create a MOF Practitioner exam similar to MSF exam (this time please use VUE too!). The two frameworks should have similar levels of certificationf requirement.

    4. Drop the requirement in MOF for the external ITIL certification. Don't get me wrong, ITIL contains a great deal of great information, but there should be no need for an external certification. MS should create a MOF Practitioner exam that means something and covers the ITIL underpinnings of MOF. ITIL should very heavily 'recommended' - but it should not be mandatory.

    5. Include MOF and MSF exams as electives for MCDBA, MCSD and MCSE. If you want to build ground-root support, then make it part of the MCP path.

    6. Create a public microsoft.public.mof newsgroup and select MVPs for .mof and .msf groups. Again, make MOF equivalent to MSF in terms of support.

    7. Require Gold CTECs to have MOF and MSF practitioners on staff. This really is a no-brainer!

    8. Ensure every MOC course, MSDN book, and every related MS Press includes some mention of solution design (using MSF) and solution operation (MOF). Evangelise the frameworks

    9. Ensure MSF/MOF exams appear on MCP transcript and on MCT CEC section. MSF and MOF certifications should be part of the MCP programme and included on the transcript.

    10. Sit back and watch adoption of these two key frameworks grow.

    I've now published these ideas in the private MCT newsgroups and the public MSF newsgroup. Everyone I know who's read the ideas think it's a good idea. One MS Product manager said 'good input'. Thus far, nothing's actually been done.