Thursday, October 30, 2003

PDC:Security Panel: What�s Next? Directions in Security

Security Panel: What�s Next? Directions in Security Both security technology and the threats that they must counter have changed over the last year and will continue to do so over the next few years. The industry is full of security solutions that are beginning to meet the needs of today's threats. The panel: James Hamilton (SQL), Carl Ellison (atstake), Howard Schmidt (at Ebay, ex FBI, US Air Force, ), Jason Garms (security architect at MS SBU), Michael Howard

. Q: What can we do with sandboxing to use code safely? Is this the future or just a stop gap.

MH: the managed environment is all about this - you will get software from lots of places, some will be more or less trusted. This doesn't really help with unmanaged code (there probably is no good story there), but managed code is the future direction.

JH: we need to do more - particularly with respect to specifying what resoruces an assembly can consume. HS: stuff like strong naming is another important aspect to addressing the issue.

Q: Following on, what can we do to manage code

JH: First, you have to have security in depth - firewalls, stopping call-out, process/machine security and isolation is all part of it.

MH: Isolation is important. For example, he's locked down his wife's computer to the point where she just can't do much. The issue is how can we do this without annoying them.

HS: Defense in depth is a good thing - but the problem does not have to be solved only on the client.

JG: Sandboxing is great, but it is not enough. With the newer threat models, you need to think about dependencies between components and you need to be familiar with the compoennts being created. You have to think about this in more engineering terms - it's more than just 'making it work'. EG: a bridge out of balsa wood - it might work, but it's not robust.

Q: Will there ever be a time when everything is secure and unified?

JH: "At MS we're well down the road' but we need to do more. We need to develop models that model our social intereactions.

JG: we have some great opportuniees, thanks to Moores law, to help us. We have type-safe languages by C# that help. Web services, with detailed interface contrants - we're on a road to a better future.

HS: He had a conversation with Vint Cert, and they agreed that had we known then what we know now, the Internet would have been architecte differently.Look at cards, you can't get a car today without seatbelts, air bags, etc. IPV6 is an example of this moving forward.

CE: The firewall is just a band-aid - we shouldl not just always accept anonymous connections - anynoymus should probably not be the default

Q: Key management - it's hard - what can be done?

HS: Amazed we have not done more to adopt PKI. There are scaling issues but there should be better PKI. MOD: key maangement is not somethign you can just code - you have to design the ceremonies too (key exchange). There needs to be multiple cert levels (one for a simple web site, 2nd to buy something, 3rd for bank-bank). Need to balance the interaction against the key pretection. The level of automation can be an issue.

Q:Does VM technology provde a way forward?

JG: yes, but it's hard too - not a good user experience. SEE is possibly a better approach.

Q:What is being done to improve thigns? MH: MS is going to product a security cert for devs. This is in the early days, so no details, but it's coming.

Q. How much effort is beign put into Security?

JG: Jason started by pointing out that it's MS's goal to never have to take an entire team offline again. It was a remediation, but should not be needed again. Having said that, things are still not good enough and 'steady state' has not been achived yete. MS is overspending on resources - but that's probably ok!

MH: Secuirty adds around 12% to the overall project timescaales - but security is not extra, it's part of doing the job.

Q: Will we evver have security untill MS manufactures hardware (smart cards) and make this ubiquitious. A: not sure - what about the UI? It's possibly not the full answer. Q: What would make networks more secure - if you could have it? JH: Hardware is not the only issue - we have the software tools to secuiryt systems today. JG: There's not too much at the chip leve - but NGSCB is MS's wish list - but it will take a while. Offload processing is also something that needs to be looked at - crypto offload is available today. Q: what about the ISPs? Smart cards, biometrics are all wonderful, but until the ISPs stop disallowing spammers, and virus infected systems onto their networks we're still in a bad situation. A: there's more to do. It was an interesting session - more for the brutal honesty and total lack of marketing fluff. I'm convinced that the transcript of this session should be published.

PDC: The Longhorn sizzle

I went to the session "Making it Sizzle: Enabling and Building Next-Generation User Experiences on Windows Longhorn " The panel was David Massy; Pablo Fernicola; Tjeerd Hoek; Chris Anderson; Michael Wallent This was an interesting panel, looking at how Longhorn would enable lots and lots of cool stuff. The new "Longhorn" platform is designed to enable developers and designers to work together to produce gorgeous and effective new user experiences. Sadly I missed the opening of this session due to the busses being slow.

The first question was MS is MS doing this?'. The speaker suggested that there is a perception of unreliably or difficulty in using MS software (some laughs from the audience!) and suggested that Longhorn can help. For example, "responsible" animations help people understand relationships better. Also, when you are doing things like streaming video, the glitches are a pain. Longhorn's driver scheduling should make the experience better and smoother. I People want PCs to be an appliance - people buy them both for their functionality and for their looks. Longhorn will address both.

There was an interesting demo on the Longhorn logon screen. It looks like the XP one, but clicking on each picture changed the look and feel of the login screen. This looks like eye candy. There was a comment to this point. We've seen lots of cool things, but no tools. MS need to get the fundamentals right first - then could build the tools (and I guess the guidelines). We can expect more guidelines at B1 time.

There is a need to affect both behaviour and look and feel. This is going to be the focus of much work. And there is a clearly a dichomoty - teen-ager vs knowledge worker. MS is aware - one Longhorn persona is a teenager, but the focus is on the business user.

How do developers starting from scratch getting up to speed? Start with .NET, and look at Whidbey, and go from there.

1. Just do it (managed code, etc)

2. MS wants 'broadband' feedback, to deliver the longhorn wave together

Wednesday, October 29, 2003

MS PDC: MS Rersearch steels the show

The keynote this morning was done by Rick Rashid, who runs MS Research. What a show! There were several really cool bits of research that were demonstrated. A cool demo was based on Sload Digital Sky Survey - Sky Server This is the old terraserver, but based on the sky, not the earth. But perhaps the coolest was the Tablet 'math pad'. The idea is that you can type in Math equations, and have them auto-graphed.

While a lot of the things shown this morning are far off, some of them look very promising.

Happy Birthday

Happy Birthday Rebecca Marie

Rebecca Lee-Tanner is 7 years old today. Sadly, I'm 7000 miles away. :-(

Google are nice folks

I stopped over at the Google booth at PDC today. I asked them why I could not get RSS on my blog here at It should just work, they said, but I demoed how I could not get it. So they fired off email to the support guys, and they're sorted it. Nice.

But it gets better. When I was at the booth, the stand folks gave me an invite to a small reception, with drinks, etc. I got a chance to chat with the folks behind Google. Mega cool. I can't wait for the IPO.

Monday, October 27, 2003

PDC Web Access

I'm trying to get to the net to get my Longhorn product key - but there's real issue with the speed. As ever, there's not enough bandwidth. And the woreless is not overly available - I've not managed a wireless connection yet - and most of the folks I've talked to have a similar expience. Thankfully MS has provided a wired network as well but it's very slow. I'm sure I'm not the only geek to want this to just work.

The joys of providing a comm network for active geeks.

Live from PDC - Bill Speaks

The Next Wave

Bill Speaks

So the PDC has started. I suppose it would not be a PDC without a keynote - so we're starting with Bill. Bill looks tired and a lot older! His shirt looks rumpled, like he just flew in to do this talk. Bill says PDC is about making better software, the next generation of Windows, and everything that MS is doing around that."Catching the next wave" is his theme, MS has high expectations on the future - and a $6.8 billion budget! You can buy a lot of futures with that soft of cash behind you.

Bill talks about security - and is still banging the TWC drum. Two big future releases will include better security - XPSP2 (the firewall is on by default, better memory protection, etc - due in beta by end of 2003. WS2003 SP1 - Beta next spring, with role based security configuration, remote access client inspection, local inspection on connection.

Bill showed a nice video - "Behind the Technology" - it was very funny. I wish these were available!

Bill talks about this decade as the digital decade. Didn't he use that theme for the 90s? This will include some important breakthorughs: Advanced Web Services, Workflow and process, distributed management, and ad hoc communications. He says that there are some Information driven breakthroughs, including rich search/views, unified storage, self-organisation, information agents. All these breakghroughs come to us via Longhorn, the "Biggest OS since Win95." Longhorn, is meant to deliver on the fundamentals, but to use it in an easier fashion. Key components of Longhorn:

  • Fundamentals - Base OS System Servives
  • Avalon - presentation - lots of XML
  • WinFS - Data - unified storage (Gates has been talking it up 10 years).
  • Indigo - Communications between apps.
  • Hillel Cooperman - Product Unit Manager Windows User Expereience gave a cool demo on Longhorn's new UI. It looks pretty, but I'm not sure it's anything other than cool. the Searching, however, is very impressive! You have to see it!! What is better - all the controls are available to devs to play with. There are lots of pretty gimmicks in the UI - the clock so BLUE! Hillel showed a sample longhorn/avalon app. Very interesting - shows the power or WinFS schema extensions.

    To summarise Bill's vision, he sees three waves: Today (XP, Server 2003, Office 2003, VS.NET), soon: Yukon, Whidbey, and later (with Longhorn Client, Server, Office, VS.Orcas). There is a lot of new technology to come onstream, et 64 bit computing.

    To ride this wave, MS is doing several things:

  • Fundamentals - building it into the base - software updates, management, etc
  • Web Services - moving on, with Indigo
  • Managed Code - the way forward
  • Smart Clients - delivering data with XML and having rich local presentation layer
  • Community involvement - Bill wants feedback - years of work here shaped by the community

    It all looks interesting!

  • Sunday, October 26, 2003

    Stuck in NYC

    It was all going so well. I staggered of the London flight onto the LAX flight. I was all curled up, snoozing away as we taxied out. Then the Captain came on the intercom and mumbled something about fires in LA, and rather quikcky dumped us off at a gate. As ever when such things happen, there was utter confusion - with neither staff nor passengers having any clue as to what is happening.

    At present, I'm surfing courtesy of t-mobile in the Admirals Club. Just waiting to get out. I've got a flight booked in the morning, just in case, but who knows. The airline will make a call in an hour. In the meantime, I'm annoyed I'm missing a good party!

    What do I want in Longhorn Server

    What will go into the Longhorn server? That is a question I hope to see answered at PDC. Certainly there will be some integration of the currently separate services (eg DRS, GPMC, MACS, etc). But what else? I would certainly hope for a better management story. And given that MS has 3 years to go before release, I'd like to see some shake up in some fundametals. Here are some things I'd like to see changed:
  • A more sensible partition layout., There is far too much junk dumped deep into the folder structure. For example, I'd like to see all my outlook express files in %profile%\OutlookExpress\Settings, instead of deeply hidden. And I'd like just one high level temp folder.
  • ONE way to add/remove every component. Right now, some compoents are loaded by default, some are loaded but not made active (eg rras), Others have to be added (EG IPv6) via Network Connections, while still others are in add/remove program (eg netmon lite).
  • A separation of network hardware from identity. In Dial Up Networking, multiple identies can be associted with a modem (one at a time!). But with wired/wireless networking, you can't. I'd like to see the ability to have multiple connections possible. Thus, I'd be able to be,, and depending on where I am at the time!
  • A goal of ZERO reboots. Rebooting should NEVER be needed. Sure, I can accept a few, but let's make the design goal sensile. And I think that it shoudl be manadatory for all 'application' udates to be reboot free. Come on Microsoft, What's the deal with requiring a reboot afterr loading media player??
  • Consistency, consistency, and more consistency. I think I do NOT have to say more on this front!
  • So what do I want to see at the PDC?

    I want to see the future.

    Just a good glimpse of what Microsoft has planned for the next 2-3 years. I see PDC as an important opportunity to see the long term vision start to take shape. Longhorn, Yukon and Whidbey are the three key technologies I want to understand more about.

    Yukon, I think. represents a major change in the way we design multi-tier systems. Tim Sneath recently wrote about this - and i think he may be on to something. Tim argues that with ability to put business logic, expressed as managed code, into the database, that the middle tier is dead. I think he's right that the purpose of the current middle tier, business logic, really belongs in the db. But I think he's wrong about predicting the death of the middele tier for two reasons. First, it will take companies years to migrate to Yukon. Mainstream adoption is at lead 18 months away so inertia is a factor. But more importantly, the middle tier will exist to orchestrate, The front end UI tier will remain client side - but i see the middle tier as orchestrating the various services that are available in a SOA approach.

    Longhorn is both the next client and the next server, so it too is highly important. The cliente is some what less interesting although I have to be careful how I say this - Scoble will give me too much grief!! In the space I work in, businesses have trouble understanding the value proposion of XP, let alone something beyond that. When I see all the fantastic UI shots, I have to ask: will this make the knowedge worker more productive? Can he/she answer emails, write documents or prepare presentations faster? I don't know the answer to this - although I can see how WinFS will help me to organise the chaos that is my workstation!!

    Whidbey, of the three, is the least exciting aspect of the PDC. I've seen some of the new features (generics, iterators, etc) and have been playing with the Whidbey alpha for a while - I guess I'm just not enough of a geek to get overly excited.

    Off to PDC

    Off to PDC

    So I'm off to the PDC. The journey to LHR was uneventful - a quick drive, a comfortable checkin. Secuity is tigher than it used to be, but I got upgraded so it's comfortable class to LAX via JFK (and for the return as it turns out). The plane to JFK is totally full. As I traveled to and through LHR, I could not get the image of Concorde out of my memory. A truly 1st class experience from start to end. By comparison today's flight is just so ordinary. Concorde, to me at least, represented the best. From the Dom Perignon and Hospice de Beuane to drink to the quiet professionalism of the crew. I don't think any airliner will ever be quite the bird that concorde was. This flight is a 777. Relative quiet and with good legroom. Which is a good think as we're cooped up here for 6 more hours.

    Saturday, October 25, 2003

    Packing for PDC

    I'm just getting started packing for PDC. The first think I started doing is freeing up disk space on my laptop for all the new code we're going to get. My objective by the time I get back from PDC is to have two VMs running: One an XP VM that has VS Whidbey and the other a VM with Longhorn. The plan is to get them loaded during the PDC, and spend the long plane ride back to London playing with them. I'll be blogging as much as possible during the PDC, although I've not yet worked out my schedule.

    MVPs get source code access.

    MVPs get source code access

    The word is finally out. This is a fantastic idea - giving some of the folks that support the OS access to the code. There is some good news and bad news of course.

    First, there is a very tight NDA in place. Even so, I can only imagine how hard the MVP team at MS must have argued with the lawyers to let individuals, vs companies, to have access to the source. When MS provides source accesss to companies, the normal license calls for an unlimited liability. With individuals, e.g. MVPs, this simply would not work for obvious reasons. It will be interesting to see what happens on this front.

    Thus far there have only been a handful of MVPs who have it. Only MVPs who are "up to date and ho are in a few restricted groups will get it. So it's not all of the 2000 or so MVPs who will get it, and it's not a gift for life!

    And not all the code is there. Most of the 3rd party drivers are missing, as are some large chunks of the security code, and some stuff that MS feels is IPR-intensive. That makes sense, although it does restrict MVPs from looking at some of the more interesting areas of the source tree! The access license is also pretty restricted. The licenseee can't compile or build anything, you can't use it to create a derivitive product, and you can't talk much about what you actually see.

    And did I mention that even though there's stuff missing, the source tree is big. Very, very big. Humooungouse in fact. When I was working on the resource kit team, I had source code access which I put to good use. The source tree is huge, complex and confusing to the new user. You could tell that the source code tree grew, versus having been designed as it currently exists. New (to the team) developers quickly find their way around (as developers tend to do). But for the casual lay user, it is tough to get into it.

    As an MVP, I can see that the access could be interesting and fun. I've got enough background to at least look up the DNS stuff (I think). Whether I can really read the code to the level I'd like is a much different story.

    This is cool.

    Hey Little Chef/Travel Lodge - Get with the Program

    So I'm staying away at a Travel Lodge - and dining at Little Chef. The hotel is "quiet" (except for the constant roar of the A14 - which is worse when it rains), the bed is comfortable and the shower's hot. The food is not good news (the less said the better), but it's only for a couple of nights. So where's the internet connection? Surely they should put in a nice g-WAP and flog us the access. Or BBand in the room - both no doubt priced outrageously! But no sign. Come on - get with the progam! The lodge is full of business folk, economising on hotel costs. We still need to stay in touch.

    This leads me to think that the telcos don't quite get wireless yet - at least they don't provide me with what I need. What I need is simple. I want one type 2 PC card that I can pop into my laptop that gives me internet connectivity (wirelessly) pretty much everywhere I go (and could possibly use wireless client). I'd like this for a reasonable flat rate/month, for world-wide access. In Sept/Oct, I've been to Boston, London, Chicago, Redmond, New Orleans and Los ANgeles, plus stays at those airports plus visits to DFW, MIA and ORD. I would have liked just one plan. Is this an unrealistic requirement?

    Monday, October 20, 2003

    Intuit users force rethink on Product Activation

    I love MS's latest OSs, and I can't wait for the next one (longhorn). I derive great satisfaction out of testing and using them. While I love the OS, and nearly all of the features, there are some things I really dislike, and a few I'd gladly re-design. But the top of my dislike list is product activation. Yeah - I know the arguments, and I openly respect Microsoft's issues with piracy. I still think product activation sucks.

    My first taste of product activation came with Novell, many,many years ago when they were the market leader in PC Lans. I had to install several servers, in an office late at night. With two of the four kits, there were problems with the serial number disk. One had been seemingly dropped in something, and the label was only partly legible, and the other floppy was destroyed. We never did figure out how either happened - but knowing the shipping guys I can guess. But I managed to get the servers up and running, and am forever grateful to some great help I got from Compuserve (and not from Novell). I'm sure I aged greatly that night.

    By comparison, Windows NT 3.1 was a dream. I remember so vividly the openness MS UK presented with this release. They were talking to ME - the IT Pro - and made it easy. Well easier - don't forget that NT 3.1 was released at a time when CD Roms were very much the upcoming things. After doing ONE installation of 3.1 Advanced server by floppy, a 2xCD was heaven! By way of diversion, the CD along was �400 ($US600) and the whole system nearly �4000 ($6k). Just imagine what you could get for that today. Oh never mind - I just did :-). Opps, I did it again. But I digress.

    In summary: I just don't WPA.

    I've listened long and hard to most of the arguments for, and against it. It's certainly been a hotly debated topic. I'd like to think I've helped argue MS to be a little more lenient in their application of WPA. WPA has been good for Microsoft too but when I see the WPA stuff, I just see an attitude of "we don't trust you" that's very much in my face.

    It's much the same resentment I feel towards the 'security' at US airports these days. Traveling in/through several of the bigger US airports (Chicago, Miami, Seattle, Dallas, Lax, and Boston) in the past few weeks, well all I can say is it sucks. There are all these folks just there hassling a population that is overwhelmingly honest. This is another manifestation of the "I don't trust you so you really have to prove yourself" attitude. I find it bordering on degrading to have to nearly strip off (having to remove my shoes and walk across a pretty filthy "carpet" and removing my belt and having to hold trousers up with my hand) as well as having to unpack my bags (I managed 4 trays on the last trip to the US) then repack them (much to the annoyance to the people behind and to the TSA bods who seem to have partly lost the will to live and seem just a bit highly strung. I put up with it because I have to, but that does not stop me for wanting to get rid of it (and the associated costs). At the end of the day, I'd like it to be a lot simpler - and I'd love to get rid of all forms of product activation. It's nice to see I'm not totally alone in disliking "we assume you are dishonest" type product activation schemes. Intuit users didn't either - and they let Intuit know. It's really nice to see that Intuit listened to their customers and removed product activation. See the PC World article where Intuit Apologizes for Product Activation.

    Well done Intuit.

    Saturday, October 18, 2003

    Windows Rights Management Services for Windows Server 2003 Pricing and Licensing Overview

    RMS is close

    MS is building up it's support for the launch of the Rights Management Server software later this year. RMS is a very interesting product - which solves some important security issues for many customers. The problem is how to protect information that is inside the firewall.

    I remember many years ago reading an internal memo from a member of the Windows 2000 development team to the team. It was addressed as 'Dear Mary Jo' - since he knew that, within hours of being sent Mary Jo Foley would have a copy and would be putting spin on it in her column. At that time both she and Paul Thurrot sort of made a habit of posting internal information - stuff marked MS Confidential DO NOT COPY. I can feelfor Iain - it's tough to be honest in email where you need to discuss and evalute tough issues and come up with a good resolution, when you know your every word will be sent to people with very different motives (by people with very different motives!).

    RMS enables you to create documents whose usage you can determine. You can, for example, make a document no print, no forward. The receipient can read the mail, but can't send it on (e.g. to Mary Jo), or print/fax it. Of course this won't stop analog attacks (taking a digital photograph of the screen, or simply re-typing all the text), but it will cut down on a heck of a lot of more casual abuse.

    Right now there are only really two products that make use of RMS: Office 2003 and IE. With Office 2003, you'll need to have the Professional edition in order to create rights managed documents - you can view RM'd docs using Office 2003 Standard. But this will certainly change. I'd expect every native app that ships with Longhorn, for example, to be RMS capable. I look forward to seeing what innovations the ISV community has here! IE integration will provide security on documents provided via an Intranet solution. The IE stuff will ship separately. RMS, however, is not free. Take a look at the Windows Rights Management Services for Windows Server 2003 Pricing and Licensing Overview for the full license detail.

    In summary, each RMS user (document creator and document reader) must have an RMS Cal (US$37.00 each). If you want external users to be able to access RMS software, an external Connector license is required: $18,066. So a 500 seat company will need to stump up in the region of US$50,000 for the CALs, the External Connector, and the RMS server - presumably this would be a new system requiring harware/software/services/backup/etc. Given the instant document security this gives you, the cost seems pretty reasonable, especially when seen in the light of of the cost of accidental disclosure.

    Oh, and to get much use out of it just now, you'll need to upgrade to Office 2003. Maybe RMS is the killer reason for upgrading to Office 2003. I can see a huge number of firms who will love this and will rush to buy it. The IE component will be useful too, especially for firms with large intranet applications.

    Tuesday, October 14, 2003


    Back from Momentum

    I'm just back from MS's partner conference, Momentum. Held in New Orleans, it was the first time that the traditional MS partner channel (Partner Classic) and the MBS partners (who look after the Great Plains etc product lines) all met at a single partner event. We got to hear Microsoft's plans for providing a single partner channel - with room for both sets of partners. The plans for combining the channels made sense to me, but one felt that the MBS partners were less than happy.

    One interesting aspect of the new programme is how performance is to be recognised. Partners will earn "points" that are the basis for future status and benfits incoming years. These points are awarded based on Skills, Customer Satisfaction, Influence, Sales (for MS), and Certifications.� These Partner points will be for example, 50 says you are a Certified Partner, 120 says you are Gold.�That will make it a bit easier for the larger CTECs, for example, to differentiate themselves. Samba 3 extends lead over Win 2003

    Samba beats Windows Server 2003

    Or does it?

    I've been reading in IT Week that Samba 3 extends is lead over Windows Server 2003. But before getting too excited, I felt it worthwhile to read the details carefully.

    Two comments stood out for me: First: "We selected a low-specification but otherwise modern server for our tests. We used an HP ProLiant BL10 eClass Server fitted with a 900MHz Pentium III chip, a single 40GB ATA hard disk and 512MB of RAM. We did not tune any of the software to improve performance." And later: "Each NetBench client makes a constant stream of file requests to the server under test, whereas in real-world environments many users would remain idle for long periods. Consequently our test environment simulates the workload of some 500 client PCs in a typical production environment." So out of the box, on a low end server, a Linux/Samba box performed better than Win2k3 out of the box and untuned. I guess the first question I have on this is to ask why you'd seriously consider putting an important mission critical file server, serving a large community, on a single ATA disk, using a small, underpowered blade computer with limited memory. The test is meant to simulate 500 users, that equates to around 80mb per user - this is 1/3 the size of the memory card for my digital camera.

    Their comment about not tuning the system also does not ring totally true. In my experience, installing Linux is an exercise in tuning at least to a degree. If they chose a very thin Linux kernel, possibly one compiled only for only the PIII chip, and loaded only Samba, then they are doing tuning. One thing that could make a huge difference to Windows is how the file and print service is setup.

    What I'd really liked to have seen where the bottle neck was while this test was underway and to have seen what effect adding a decent amount of RAM would have had. I suspect the system was kind of busy paging. I've not studied the NetBench benchmark well enough to know how it works when running in this configuration.

    So, I'm not really sure if this test if all that valid. Of course, it looks good but what I'd like to see is this test repeated on a properly specified/configured system.

    Friday, October 10, 2003

    Microsoft launches Desktop Support Technician Cert

    Today in New Orleans, Microsoft have announced a new entry level certification: Microsoft Certified Desktop Support Technician (MCDST). There are two exams (70-271, and 70-272), and two courses. Course 2261 (3 days) covers Supporting users on XP and and Course 2262 (2 days) which covers supporting users running applications. The MCDST is aimed at an entry level technical support person - and comes in 'below' the MCSA. This looks like a great certification!

    Sadly, the certification does not cover any soft skills - this is a shame.

    Monday, October 06, 2003

    Landover Baptist Community Message Boards

    Serious or not?

    I can't decide if the Landover Baptist Community Message Board is a serious site or not. It is rather amusing in any event.

    VeriSign calls halt to .com detours | CNET

    Versign calls halt to .com detours

    I must have missed this over the weekeend, but it seems that VeriSign has shut down "Site Finder". While I and many more complained to Verisign, the company refused, as I commened in an earlier blog entry. However, it looks like the recent ICANN letter to Verisign has had the desired effect.

    For a good overview to the issue, and reaction, read the Washington Post's analysis. Horray.

    C# Tutorials

    Learning C#

    I'm trying to learn C#: here's some C# Tutorials that I've found useful.

    I'm preparing for a talk at IT Forurm, and I've put up a new page on to hold background stuff, links, etc. See as a starting point.

    Sunday, October 05, 2003

    Keeping up to date - redux

    More on Keeping Up To Date on MSDN

    MS now publish updates to MSDN using RSS. The RSS feed itself is at

    Use a RSS client like FeedDemon and you're all set.

    For tonight,use google to search for the urls for the above. I'll update this entry later.

    British Airways - Online Press Office - News Releases

    Concorde - The End of an Era

    British Airways is ceasing the operation of Concorde in just a few weeks. This sad day was announced in a British Airways Press Release, issued in April, but the final day looms.

    The last flight you can buy tickets for will be BA001, LHR-JFK Thursday 23 October, although BA are running further private flights for friends, staff, VVIPs, etc. The fares, for travel between London and New York, cost from the standard �‚£4,350 for one way Concorde returning in World Traveller, and up to �8292 for a return trip both ways on Concorde. Yes, it's steep, but it is truly a once in a lifetime opportunity.

    If you can't afford the ticket price, then there's a web site selling Concorde memorabiliaia

    I've been lucky enough to fly in Concorde a few times. I surprised my wife on the occasion of her 40th birthday by flying her to New York (she thought she was going to Malta). She was surprised, to say the least. It was cool for me too - I got to sit in the cockpit for takeoff! I've also had the chance to pilot the Concorde Simulator in Bristol, which was a real thrill.

    Concorde is a noisy, fuel guzzling technologically outdated aeroplane - but she's a fantastic site. I love watcning her take off, land, or just fly by. And inside, it's a nice 3 hour lunch, while you also cross the Atlantic.

    I shall miss her.

    Saturday, October 04, 2003

    Utilizing the Windows 2000 Authorization Data in Kerberos Tickets for Access Control to Resources

    Details of MS Use of Kerberos

    In a document on the MSDN site, entitled Utilizing the Windows 2000 Authorization Data in Kerberos Tickets for Access Control to Resources, Microsft set out the contents of the Authorisation Data section of the Kerberos ticket. The article is dated February 2002, although the MSDN RSS feed has just pushed this out as being just published.

    Speeding up time

    In a recent blog entry, I mentioned that I liked Media Player 9 bacause it allowed me to listen to stuff speeded up. Turns out The New York Times has an article about how this technology is being used in a more general way.

    Wednesday, October 01, 2003

    NTBugtraq - NTBugtraq Archives

    Another security vulnerabilty?

    Could this post on NTBugtraq be another problem? Russ confirms it to be a problem at a number of sites in a later bugtraq post. Oh Joy.

    Online Network Diagnostic Tools

    I'm doing some network tracing today - a client has an ADSL router that looks to be configured wrongly. So I'm in search of tools that will allow me to ping/tracert/telnet into the network from an external source. Here are some of the tools I've found that were useful: First in my search was Online IP-Tools @ . I used the Visual Tracert, and some of the other IP tools. The port scanner only partly worked, however. Still, some useful tools.

    The Online Toolbox looked good - but none of the tools work. :-(

    Now all I need to do is to work out how to fix the router!

    Update on Identity Theft

    Update on IP Theft

    In a recent blog entry I pointed out a guy called Brent Larsson had stolen some of my pages for his site. I was not annoyed that he'd nicked the pages, but he hadn't even changed half the URLs - so many of them pointed to content on MY site (actually some outdated material long since gone!). I discovered this when I got some junk mail from one of those spammers (you know the ones: "We noted your link is not in the search engines, we can help"). Helpfully, the spammer included the link to Larsson's page. Anyway, the ISP has taken the page down. Thanks to!

    Mitch Tulloch's net Book

    IIS6 Administration - A New Book

    I've just picked up Mitch Tulloch's latest (or perhaps nearly latest) book, IIS 6 Administration published by McGraw Hill/Osborne. My summary is that this is a good book on the subject of IIS6 administration. Mitch covers the basic ground of what IIS is (and some history), it's architecture and how to deploy and manage it. He also covers some more advanced topics, such as setting up mail and news, working with the metabase, administering IIS 6 from the command line.

    A particularly nice feature of this book are the 'blueprint' pages in the centre of the book. These give some nice views of the Architecture, and a nice map of the IIS6 site property sheets (very helpful for navigating around a fairly rich dialog box). I give it 4.5 stars. It's a good solid reference manual on administering IIS.

    I'm glad to see that one of my favorite typos (typing SMPT instead of SMTP) has taken root in this book in a couple of places.