Microsoft revokes Passport

Given that E-Bay has dropped Passport, The Register's story: Microsoft revokes Passport service was not all that surprising. When it worked, Passport was great - and enabled me to not have to remember the myriad of passwords that MS sites seem to require. But it was all too often the cause of problems (and to this day the 'automatically log me on' feature rarely works and every site that became Passport enabled seemed to have had teething troubles. And it was not cheap for partners either. Perhaps the most interesting point in the article comes towards the end, where the story notes that Microsoft has some "real identity management aspirations". It will be interesting to see where MS goes in this area.

US ISP wins $1bn in damages from spammers

In a recent article, The Register reports that a US ISP wins $1bn damages from spammers. I wonder if any of the spammers will ever pay.

Windows Update Services Wiki

In a recent post, I wrote about the WUS Service Beta 2. I've been playing with it a lot over the holidays (and filing a bunch of bug reports). Due out by the end of the 1st half of 2005, this is a great step forward from SUS. But there is a lot of work still to do on usability! One neat feature of the beta has been the creation of the Windows Update Services Wiki. This is all community developed and includes information on installation, deployment as well as FAQs and details of confirmed issues. The cool thing is that this is all being developed by the community - this is not a Microsoft site (although some MS employee do contribute!). An interesting thing about the site is the traffic analysis - take a look, it's global (and IE only accounts for 78% of the traffic). The site is getting around 180 hits/day, with an average of 3.4 page hits/visit. Not bad given the new-news of the product!

UK Internet Traffic High Over the Holidays

The London Internet Exchange (LINX) is the worlds largest Internet hub by volume, as well as begin an for world wide ISPs. 170 ISPs use LINX's switching facilties across 8 London-based 'tele-hotels'. Linx has just issued a press release regarding data traffic in the UK over the holiday period. Traffic on Chritmas Day and Boxing Day, for example, was, says Linx "substantially higher than on the same two days in 2003 - itself a record year". Traffic on Christmas day peaked at around 50GB/second on Boxing Day, and abotu 45GB/sec on Christmas Day. This is roughly double the amounts for 2003! It shows how much the Internet is a part of people's daily lives (and not just for work stuff).

Sadly the spam merchants have been unrelenting over the holdays. But these days, I'm not sure which is worse - the spammers, or the clueless admins who insist on bouncing me the full message (with virus payload or other crap intact) since the original mail came FROM: me. :-)

Microsoft Certified NON-Professional

Microsoft has just kindly added a new certification for me - I've now have the Microsoft Certified Non-Professional certification. It's on my transcript. Apparentlyl, I achieved this certification on the 17th of Dec, although I am uncertain just how I managed this. Or did I upset someone?

An update (29.12.2004)

It looks like this was just a a database-goof and it's now been fixed.

Windows Server 2003 R2 Enters Beta

As reported in ENT News - Microsoft has now shipped a first beta of Windows Server 2003 R2. R2 is essentially Windows Server 2003 SP1 plus some of the feature packs previously issued for Win2k3 plus some new services and features. R2 comes, as ENT reports, on two CDs: the first is SP1, the second the R2 add-ons. R2 has three key focuses:

Branch Office Support - increasingly, enterprises want to deploy systems to branch offices, for a variety of reasons including local productivity and resilience. R2's branch office features will allow you to consider a branch office nothing more than a lazy cache of something held (and managed, and backed up and analysed!) at a central hub site. To achieve this, R2 has major updates to FRS (including a differencing file transfer protocol) and DFS.

Active Directory Federation - this extends AD to support web single sign-on as well as B2B/B2C systems. For more info on ADFS see the .NET Show epidode with David McPherson and Don Schmidt.

Storage - R2 has a number of features in the storage area, including real filestore quotas, simple SAN support, the abilty to deny storing inappropriate content (where the admin determines what is appropriate) etc.

With Windows 2003 SP1 nearing completion, 2005 looks like seeing quite a lot of new technology from Microsoft, including the first serious beta of Longhorn, Windows 2003 SP1 RTM and R2 RTM, as well as other smaller programs (e.g. SUS, MACS, etc).

Linux kernel bug analysis

Coverity produces a tool that analyses source code and discovers defects. Coverity has spent some time analysing source for Linux and has published a report looking at the bugs in Linux kernel 2.6.9. This is interesting research, but it's probably not accurate to report, as Wired.com did that "Linux: Fewer Bugs Than Rivals", if only because similar analyses were not done on those rivals. This seems to be another bit of interesting research that Linux advocates will point to as proof of Linux superiority. Meanwhile MS points out it's MS Research group has doing this sort of analysis since the late 90s, gradually moving its research into shipping products. Tools like PREfix and PREfast are widely deployed inside MS at least, and account for something like 1/6th of all bugs found in Server 2003.

Mary Jo reports on problems in MVP Land

Mary Jo Foley writes a nice site over at http://www.microsoft-watch.com/. She also writes a subscription newsletter (Microsoft Watch). This week she's reporting on "Trouble in MVP Land" suggesting in a roundabout way that the programme might be cancelled, in whole or in part. It seems folks are adding 2 and 2 and getting 22 again.

The MVP programme certainly has ramped up quickly from around 600 a couple of years ago to over 2000 today. Much of that growth has been in taking the programme global - with Japanese, Indian, and other MVPs being added to the ranks. And with this huge growth in the number of MVPs has come the growth in the amount of staff required to manage the programme. When your CEO wants to shave $1bn off the cost structure, every large programme needs to look for economies of scale!.

At the same time, MVPs come in many different shapes and sizes - and MS is looking at how to get the best out of their significant investment. Some MVPs operate at different levels, and provide a different degree if 'value' - and may need to be recognised differently.

Of course, in addition to the MVPs, there are also Regional Directors, and other influential communities. There are a bunch of things (administrivia mainly) that probably could usefully be consolidated, and at the same time, there's the age old questions of who gets what, when, how, etc. The constant readjustment of any on-going programme continues. One very positive sign for the MVP programme, to me at least, is how so many of the product groups are pro-MVP.

So will the MVP programme be killed? I very much doubt it. But I'm certain it will evolve. Expect a formal reaction from Microsoft to Mary Jo's article shortly.

Windows Update Services - Comming Soon, Evaluate NOW!

After a period of darkness, Microsoft has now shipped Beta 2 of Windows Update Services. There is a closed beta, which is full, but there is also an open beta for everyone to participate in. If you are serious about patching, head over to Microsoft Windows Update Services page and sign up for the Open Evaluation Program (OEP).

Microsoft UK Tackles Software Piracy

Microsoft UK is taking an interesting route to tackle software piracy. If you navigate to MS's Genuine Product Verification - Software Piracy - Microsoft UK site, you can see how to turn your illegal copy of XP into a legal one. Basically, if you bought a PC with Windows Pre-installed, and it's a counterfit copy, MS UK will replace it with a fully licensed version.

ISO Recorder Resurfaces

Alex Feinman, another extraordinary MVP, produced a nice add on for Windows XP. It added fatures beyond the CD burning built into XP. In particular, it enables you to burn an iso image and to convert a CD into an ISO image, which you can use in your Virtual Machines, or to reburn later. Alex has just completed his ISO Recorder 2 Beta product which now supports Server 2003, as well as not requiring admin rights. Oh - and it's free!

Microsoft Windows Update Services Open Evaluation

The latest beta for Windows Update Services has now been posted to the web. This is an open programme - so go to Microsoft Windows Update Services Open Evaluation Page to register for the programme and to download the software. A cool feature of the OEP is the WUS Wiki page, initially created by Scott Korman, a SUS MBP.

I strongly reccomend ALL MS customers to get this and test it (and file bugs if you encounter problems).

MCT Renewals

The (now) annual cycle of trainers renewing their Microsoft Certified Trainer status is nearing an end. Existing MCTs have only a few more days to renew their status, or face de-certification. Speaking to the MCT Program Manager last week, it looks like a large number of MCTs have renewed. With MCT 2005, Microsoft is going to be changing some of the rules of the programme. Going forward, delegates will be asked to fill in online evaluations, through a programme called Metrics That Matter (MTM). From Jan 2005, MCTs are required to maintain a good satisfaction rating, based on MTM. From then, MCTs must have not more than 10% of scores in the range 1-4 in MTM's 1-9 scale. They call this DSAT - dissatisfifed - the idea is you don't want dissatisfied customer experiences. From Jan 2006, MCTs will be required to keep at least 70% of all evaluations in the 8-9 scale. This is the VSAT (very satisfied) range. The only issue I have is that my delegates grade hard. Which is good - it makes me work harder. The current MTM evaluation puts the word 'outstanding' at the 9 end of the scale. I know very few trainers that can consistently be truly outstanding (or nearly outstanding). Of course, if students are told that 9 is OK or better, 8 is just average, and 1-7 are different levels of suckiness, then maybe. We'll see.

At IT Forum last week, Bill Gates mentioned a smart card based on .NET, produced by Axalto. This technology is pretty neat - it is a smart card that has the CLI built in. This sounds pretty neat, although the details on Axalto's site are sketchy.

Microsoft Virtual Server 2005 Migration Toolkit is Released

The Microsoft Virtual Server 2005 Migration Toolkit has shipped. This tool enables you to convert a physical system into a virtual machine image you can run inside Virtual Server. In order to use VSMT, you must also have Microsoft's Automated Deployment Services installed.

Fiddler - an HTTP traffic logging utility

Fiddler is an HTTP debugging tool. Fiddler acts as a local proxy and then logs HTTP traffic between your computer and your intranet, and the Internet. Fiddler allows you to inspect TTP Traffic, set breakpoints, and in a sense "fiddle" with incoming or outgoing data (hence the name). Fiddler is simpler than Netmon, but it acts only on HTTP traffic. While you see none of the lower layers, the view at the HTTP level is good. Fiddler also looks extensible, with scripting, custom inspectors, and menu extensibility. And: it's free!

MSH has a Wiki: MSHWiki

For those of you wanting to learn more about MSH, there's now an MSHWiki up on Microsoft's Channel9 site. The wiki has a few pages already, including an MSH Quick Start Page, a Sample Scripts Page, and an MSH Power Toys Page. This wiki is still in in its infancy, but it does provide some help and assistance!

Microsoft Partner Pack for Windows XP

Microsoft have launched the Microsoft Partner Pack for Windows XP, with the bold statement that "The Partner Pack is the ultimate application package for your Windows XP PC." You can download the Microsoft Partner Pack for Windows from the Microsoft Web Site. One nice feature of this is a free year's subscription to CA's etrust Anti Virus tool!

One small problem - you can't download if you are using Firefox. However, if you use Firefox's Agent Switcher to lie to the site, the download works fine. Why does Microsoft, or any site, require IE just to enable a download?

Slides from the Microsoft Technical Briefing and other MS events

Microsoft UK have posted the slides from the revent Technical Briefing at Wembley to the Microsoft TechNet UK Previous Events page. This also has the slides from other UK TechNet events, including the road show, the evening events and the web casts.

Five million Firefoxes released into the wild

In a story at Silicon.com , entitled Five million Firefoxes released into the wild the news that over 5 million people have downloaded the FireFox preview version. Make that 5 million and 1 - I've downloaded it and am very, very happy with it.

No, Firefox is not perfect, it loads a bit slowly, it has crashed a few times and on some web sites, it's not useable (Microsoft's Office Update site, for example, will not work with Firefox - it requires IE). Despite these issues, I find FireFox superior in a number of ways. I've been keeping a list of all the things I like and when I get a chance, I'll post this list (and my list if things that have gone wrong).

Windows Server 2003: Network Access Protection

For almost every organisation, ensuring that netework clients are 'healthy' is a major problem. How do you ensure that clients have up to date virus signatures, up to date patches, etc? And how do you manage clients that are not in compliance? In very small networks, you can do this by wandering around, and manually checking each system - but this does not scale. Microsoft's Network Access Protection (NAP) is a set of technologies tha will provide a ground up solution. Microsoft has a site Windows Server 2003: Network Access Protection that describes this. At present, the plan seems to be that this technology is to ship with R2, the next minor release of Windows Server 2003 (expected in 2005). NAP is a fundamental re-think in how network protection is performed. I look forward to playing with this!

Download details: Microsoft Virtual PC 2004 Service Pack 1

VPC SP1 finally ships See the Microsoft Virtual PC 2004 Service Pack 1 page.

Microsoft's Help and Support site updated

Microsoft has launched an update to the Microsoft Help and Support page. It looks like some of the features, particulalry the KB Search feature, have been dropped - or made more difficult to find. And the searching still results in far too much irrelevant material: for example, when searcing for content related to, say, Windows Server 2003, many of the hits related to other, not direclty related, technolgies. I do wish MS would stop making searching for content more difficult.

HTTP-Tunnel

I'm sitting in the MS Technical Briefing today, listening to Fred Baumhardt doing an ISA talk, where he's pointing out that port 80 has become the 'universal firewall bypass protocol'. He then showed the audience the HTTP-Tunnel home page. This page has an interesting application which enables you to bypass yoru firewall. The page says: "Your Internet application sends data to the HTTP-Tunnel Client, which in turn tunnels the data over HTTP (port 80) to the HTTP-Tunnel servers. The servers then send the data to the intended destination and forward the responses back to the HTTP-Tunnel client. This forwarding technique effectively bypasses firewalls, permitting the users to successfully use most Internet applications."

In other words, this application blows a complete hole in your firewall. Scary! But very, very useful.

Worried about Window's GDI+ buffer overflow?

Are you worried about the potential impact of the GDI+ buffer overflow bug? If so download Dynicity's GDIPlus Reporter Utility. This tool shows up issues that the Microsoft provided tool does not. For example, I use Camtasia to record screen demos, and Dynicity's tool found a vulnerable DLL in the camtasia installation folders - one that was not detected by the MS tool.

319740 - MFC Applications Leak GDI Objects on Windows XP

As previously reported, Windows XP SP 2 re-introduces a GDI object leak in MFC applications. This bug was present in XP RTM and was resolved by a hot fix that was rolled into XP SP1.

This bug was re-introduced into SP2. I first reported this to Microoft on or about 29 August. I was finally sent a fix few weeks later, that did appear to resolve my GDI leak. I asked the MS representative dealing with this case if he could ensure that the KB was updated (or a new KB article issued) and I was told that he was not able to do it. It was suggested that I could post a suggestion to MS via the web site. I even offered to write the KB article, but this offer was declined, so I left it at that.

The issue might have just been forgotten, except that there was a little problem. It turns out that the fix, while getting rid of the GDI handle leak, had the side effect of killing the theme service. For me this was not an issue as I had turned the theme service off. But for those who wanted to use the service, and wanted to use long-running MFC applications, the only solution was to remove SP2.

I reported this through every channel I could think of, and thus far, I've had no formal reply, or a formal fix to this problem. The good news is that someone else I know has also reported this and has been sent a working hot fix. Interestingly, when he first called, Microsoft apparently were unable to trace my earlier problem report. But whatever, I now have this and it does indeed solve the issue!

The hot fix comes in a file called WindowsXP-KB319740-x86-enu.exe. You might think that this fix related to the KB article 319740 - MFC Applications Leak GDI Objects on Windows XP and it does. At present, the KB article refers to the original bug and it's original fix (rolled into SP1). There is an updated version of the fix that applies to SP2 - but the KB article has not been amended to reflect the issue. I assume that MS will be updating this KB at some point.

This whole incident leaves me less than delighted. It also raises some questions. First, how could a bug fixed in SP1 be re-introduced, and not be caught? Was this just a source code management issue (and if so, how many more errors are there lurking)? Or was it due to other changes made at SP2 and if so, why did MS not catch it during routine testing? Doesn't MS re-test earlier bug fixes to ensure they are rolled up in later SPs? And finally, what does a customer have to do to ensure that bug fixes actually result in proper documented fixes?

DNS in Windows - what I'd like to add

Here's a list of 10 things I'd like to see implemented in Microsoft's DNS server, in no particular order.

1. Some Equivalent of BIND's view feature. Uers with one server who want to both host AD and host Internet web sites could use this feature.

2. EDNS0 client awareness. It would be nice for DNS clients to have the option to use EDNS0 to get larger UDP packets back. This could be controlled by client UI (an additional check box), reg settings, and/or group policy.

3. DIG.exe, as a replacement for nslookup. Nslookup is ok if you know what you are doing, but not much help in diagnoisis.

4. Full support for DNSsec. The tools to create a key and sign a zone or specific resource record and generate NXT records are needed, as is client support for DNSSec.

5. Better DNS and DCHP integration. DHCP servers should replicate their DHCP databases etc, via AD and then to co-ordinate the zones. This would give a better intergration with DNS, and better control over DHCP servers.

6. An additional command in NET.EXE: net restart which would stop then start the respective service (e.g NET RESTART "DNS SERVER" to bounce the server). This should work with ALL NET services!

7. Decent documentation on DNS statistics provided by by dnscmd. There are hundreds of statistics produced - and these are not documented. I'd like to see better documentation on what these are, plus a -v option to only display some of them when really needed (and to limit the number shown by default).

8. English language explanations for DNS errors in AD. I see, all too often, bogus error messages that are _really_ DNS errors. For example, go to DNS, and delete the zone for your AD, then run one of the DNS tools. The error message (for example,RPC failure) might be strictly speaking true, but it's very little use in roubleshooting. I'd like to see better diagnostic messages returned from the MMC tools - and have them consistent. Ideally, these tools should work out that the DNS lookup has failed, do some more testing, then put up a more meaningful and accurate error message!

9. More prescriptive guidance for DNS.

10. DNS MOC course. A 2-3 day course covering all about DNS, including interop with BIND, setup, deployment, DNS architecture, troubleshooting.

I suspect there are more things you could add - let me know and I'll try to keep this list up to date!

Ed Foster's Gripelog || No IE? No Can See

I've just moved over to using FireFox as my browser. I'll post a longer artilce on why, but for now, it's what I'm using, and using very happily. However, there are some sites that will not render unless you use Internet Explorer. See this post over on Ed Foster's Gripelog, titled "No IE? No Can See."

One such page, as Ed reports, is the Microsoft KB search page. If you try to hit this page with Firefox (I'm using v1.0PR), you get bounced back to http://support.microsoft.com/default.aspx. For Firefox users, there is a simple solution - just download the User Agent switcher extension, change your user agent string to either Opera or IE, and it works.

Some people might call this a bit of pretty lame programming - I'm possibly not as charitable. But, at the end of the day, given how much better Google is in terms of searching MS content, and how much better a browser FireFox is, I'm just not prepared to give up a far superior browser in order to use a sub-optimal search facility, even if it does allow Microsoft to show the huge numbers of IE-enabled users are hitting their site, and how few folks use FireFox.

Here we go again

While all my systems are (now!) patched, and none seem to show any signs of infection, this article from easynews.com makes grim reading.

Make sure your IT People are aware of it and are dealing with it. As an interim measure, and for home users, consider blocking your firewalls to stop the virus from 'phoning home'. It's not a real defense, but it might stop a few issues. Having said that, the FTP site the virus was using seems down - but that could be for any number of reasons.

I guess the real question is, if a common component like a jpg decoder has a buffer overflow - just how good was the MS security push? If it left serious bugs like this, what other horrors are waiting?

Securing USB - Part 2

Over the weekend, I posted an blog entry regarding an XP2 registry key that could help to secure USB devices, and an ADM file to help set the regisry key via policy. Ben Smith, Microsoft Security Guru and a really nice guy made a great point over in the MCT forum: "Keep in mind, this feature has very limited security value. There are still many ways to use storage devices via USB to get data off the machine. For instance, an attacker could make the files .mp3 and copy them to an IPOD or .JPEG and copy them to a digital camera, or even plug a USB CDRW in and burn a disc. Great point Ben - this is registry key closes one hole, but by all means not all. Clearly, there needs to be more control, at the policy level, over all forms of writeable removeable-media. Just when you think you've closed a door, several more open up!

Speaking about patch management

Oddly - I am! I'll be giving a 200-300 level talk about Patch Management at Microsoft's upcoming Technical Briefing on October 4th. It' free - you can sign up by going here!

Configuring USB Devices to be Read/Only - Windows XP SP2 only

There's been quite a bit of talk recently about the security risk posed by portable USB devices. I saw a neat entry over on Jerry Bryant's security blog which describes a new features that was added to SP2. Basically, there's a new registry key that will turn USB storage devices into Read Only! So I thought it would be fun to see if I could write an ADM file to deploy this via group policy. It turned out to be an interesting learning exercise!!

Here's the template file, ControlUSB.ADM:

#if version <= 2 #endif
CLASS MACHINE
CATEGORY !!WindowsSystemCat
 CATEGORY !!USBControlCat
   POLICY !!ConfigureUSBDeviceStatus
     KEYNAME "System\CurrentControlSet\Control\StorageDevicePolicies"
     VALUENAME "WriteProtect"
     VALUEON Numeric "1"
     VALUEOFF Numeric "0"
    #if version >= 3
      EXPLAIN !!USBUpdateCfg_Help
    #endif
  END POLICY
 END CATEGORY ;; USBControlCat
END CATEGORY ;; END CATEGORY ;; WindowsSystemCat
[strings]
WindowsSystemCat="System"
USBControlCat="USB Device Control"
ConfigureUSBDeviceStatus="Set ALL USB Devices on this System to Read Only"
SUPPORTED_WindowXPSP2="Windows XP SP2"
USBUpdateCfg_Help="Specifies whether this system's USB Drives are Read Only or Read Write"

To use this policy - first save it away with your other templates (%systemroot%\inf). Next open up either your local or the group policy editor, import the policy and away you go.

There is one small issue here that caused me to scratch my head. When I first imported the template, I could see the node in the MMC console tree, but the policy did not appear in the results window. I scratched my head for several hours, then got some help from my Greek MCT buddy Dimitris. He pointed out that I had to change the setting in the MMC (View/Filtering and de-select the 'Only show policy settings that can be fully manaThis happens because the registry key that is used for this setting is not part of Policy sub-key. If you apply this setting to a machine, then remove the policy, the setting will remain on your system (unless you reverse it, or take the registry key out). Once you change the view settings, the MMC tool even tells you this!

A new drop of MSH

MSH is Microsoft's next generation command shell. I've blogged about it here, here, here, and here (and from my log files, MSH seems to be a very popular search term!). The latest news is that MS has released a major new build of MSH, which I've been playing with. It's looking more and more complete. There are still a lot of rough edges! Get it and play!

Hacking Google - The Guide (and a tool to help!)

Google may be "just" a search engine for most folks, but it can also be a very serious hacking tool. This PDF from Johnny Long is on his I Hack Stuff site. If you want to learn more about what Google is telling other people about your site(s), read on! And if you want to get a tool to do it, take a look at SiteDigger from Foundstone. If you publish on or to the Internet, this is something you probably want to take a closer look at!

Conversion to Pure Text

In the writing I do, I often copy text from one document (a web page, another presentation, an Excel spreadsheet) to whatever document I'm working on at the moment. This can include KB Article titles, quotes attributed to the author, as well as bits of one presentation that I'm recycling in the next. One problem with this is that the old formatting is often pasted in - and then has to be adjusted to fit into the formating of the newer document. Thanks to an entry on KC Lemson's blog, I've discovered PureText. PureText strips away all the formatting from the clipboard, so that when you do a paste, you paste just the pure text. And one very nice feature - the product is free!

Virtual Server 2005 is released

After a kind of a long wait, MS has finally released Virtual Server. It comes in two editions with pricing and details here. The basic version Standard Edition) will retail at US$499, with the Enterprise Edition priced at $999. WOW - that's cheap, compared to VMware.

Visual Studio 2005 Standard Edition announced

Today in Orlando, Microsoft announced a new edition of Visual studio, Visual Studio 2005 Standard Edition. This new edition was designed specifically for the needs of Visual Basic 6.0 and Web developers and contains much of the simplicity of the Express products that were announced at TechEd Europe. Standard Edition therefore becomes the entry point for professional development on the .NET Framework. Hopefully, we'll see the betas of this before long.

WinInfo Editors change their mind over HTML content

In a blog entry last week, I mentioned that Paul Thurrot's newletter had changed to a pretty appaling HTML format. Like a lot of readers, I was not happy, and both unsubscribed from the newsletter, and wrote in to complain.

A day later, I had a nice email from Janet Robins, Editor in Chief of Windows IT Pro, which says: "Thank you very much for taking time to provide feedback about our HTML newsletters. We've listened! We will be taking WinInfo Daily UPDATE back to text format beginning Monday, September 13." Great news - and I'll resubscribe!

WinInfo Daily Update has one less subscriber

I've been reading Paul Thurrott's daily news email for several years. But last week, the publishers switched to an HTML format. Yuck. It looks horrible in Turnpike (my news and mail reader). It does a passable job of rendering 'reasonable' HTML, but not this stuff. Count me as an ex-subscriber.

Blogger having problems today

It seems as though Blogger is having a few problems publishing blog entries today. I've managed to get most of today's entries posted, but it's taken a number of attempts. Blogger keeps giving a "java.net.SocketException".

Port Reporter

I've just finished writing a review of a cool new tool. Developed by PSS GURU Tim Rains, it's called Port Reporter. The review will be in my November column in ESM, so I can't give everything away - but it is a pretty cool tool.

Port Reporter is a windows service that logs all TCP and UDP port usage on any Windows system (Windows XP, 2003, 2000). These details can be analysed to find issues, such as malware on your system. This tool rocks!

The tool generates detailed log information about the usage of every network port by a system over time, and as such can generate a lot of log data. To help you analyse the log files, Tim has also produced a neat analysis tool, Port Reporter Parser which produces a wealth of summary information.

You can download Port Logger, and the port reporter parser tool, from Microsoft. Each of these are self extracting archives containing the setup programs. You have to manually configure the start up of the service.

For an outline of the tool, see Tim Rains' WebLog article about the tool. You can also see KB 837243 which describes this tool and the generated log files in more detail.

The tool has a bunch of little niggles, but it still rocks! Using it on my main workstation showed nothing bad (thankfully),but did reveal a couple of services that could be turned off. All in all, well worth the download and time to install and configure.

ISA 2004 Firewall Alert - read

Thanks to Jimmy Andersson (aka The Sweede) for pointing me to article over on Steven Bink's Bink.nu site.

My take is simple: Enable this Registry entry now and restart your ISA firewall. And Do it NOW!"

Microsoft extends SP2 Blocking via AU/WU (again)

While SP2 for Windows XP is a great update, it can cause issues. To enable users, particularly larger larger corporate customers, to get ready, Microsoft has again extended blocking of the update via Automatic Update and Windows Update.

AU and WU will now continue to honour the blocking mechanism that prevents the offering of Windows XP SP2 until Tuesday 12 April 2005.

Accoring to Microsoft, "beginning on Tuesday 12 April 2005 AU and WU will deliver SP2 regardless of the presence of the blocking mechanism. Note that this is also the scheduled day for a monthly cumulative security update".

Microsoft Technical Briefing - See Steve Ballmer in London

The UK Events booking site for the upcoming free Microsoft Technical Briefing is now accepting registrations.

This briefing contains both a developer and an IT Professional track, and concludes with Steve Ballmer giving a key note. The developer track will be a little more in depth than for the IT Pro track, but both should provide solid advice and guidance.

I hope to see you there!

Ouch!

This article is really funny!

Then I saw the pictures - and these are funnier!

Enjoy!

Microsoft UK Event - Active Directory Basics

Thanks to a neat blog entry on Adam's blog, I've discovered I'm giving a talk on AD basics. This will be a pretty introductory level,but it should be fun! I've seen the initial slide deck which should be up on the web soon. These TechNet evening events are a lot of fun. There are a lot of the same faces each time, so the virtual community becomes physical. The events are also pretty casual and relaxed. So we can talk, with MS's blessing, pretty openly. During the break (where hopefully the beer is cold and the pizza hot), there are MS folks around to answer questions. There are on occasion there's even a goodies take away bag!

Microsoft Solutions Framework Version 4.0, Beta

Microsoft are in the process of updating Microsoft Solutions Framework, as part of the ongoing work on Whidbey, and Visual Studio. Details have been sketchy, but we're beginning to see some details. For reasons I can't quite totally work out, Microsoft has released part of MSF 4.0 via GotDotNet Workspaces. You can obtain the first deliverable, MSF Agile. This material is delivered as a sort of web site, with a root page (ProcessGuidance.html), which points to other documents.

MSF Agile is "a scenario-driven, context-based, agile software development process for building .NET and other object-oriented applications. MSF Agile directly incorporates practices for handling quality of service requirements such as performance and security. It is also context-based and uses a context-driven approach to determine how to operate the project. "

Three key changes from MSF 3.0 are:

1. The lifecycle for each iteration is slimmed down to just three phases: Plan, Develop, Test.

2. The roles change too, with only 5 roles: Architect, Business Analyst, Developer, Project Manager, and Tester.

3. Finally, the work products are different. New artifacts include: Threat Model Data Flow Diagram, and Quality of Services Requirements List. The Vision Statement is still included!

It looks an interesting approach. I'll have to read more about it to discern the deeper differences.

The Usefulness of MSF

Lorenzo Barbieri, recently picked up on a newsgroup post I'd made regarding the value of MSF. In the newsgroup post, I noted how I'd used MSF to design the extension to our house where the office now is. Although not following MSF rigorously, we did follow much of the spirit. We did some envisioning (the vision was "a great place to live and work"), and some scoping (i.e. what could we afford). We did multiple layers of design - conceptual (the architect's drawings), etc. As I noted in the blog entry, we spent more than we'd originally planned - but each cost addition was tested against the original vision - and where the addition made a difference we went ahead. We were also able to make great use of the trade-off triangle - when we discovered things that we did not know earlier. It was an interesting exercise, and certainly provided me with a great case study to use during my MSF trainer exam!

New visitor counter and site stats

I've just put a new visitor counter on this blog. I've been meaning to do this for a while, but finally found a neat place to get it from. Site Meter is a site that offers site meters. They have two variants: the basic free service and a paid service. Both services provide a visitor counter for your site/blog, and analysis of the hits your site gets. The paid service, costing US$6.95/months (US$59/year), provides extra analysis and some other features. This includes the Full IP address of each visitor, the internet service provider who manages(owns) the IP address, Recent Visitors by Search Words Report. And you can turn off the advertising on the reporting pages (they load faster too). There's also a FAQ describing the two account options. A neat facility of the service is the traffic prediction. If you take a look at the site, you can see the traffic projections for this blog.

More OneNote PowerToys

As a confirmed OneNote fan, I love these power toys. Like the Google file system I blogged about earlier today, this is another example of great toys! See Darron Devlin's OneNote PowerToys page for thse toys! There are two toys:

• WebPageToOneNote, adds a WebPageToOneNote button to the Standard Buttons toolbar in IE. When you click this button, the powertoy copies an image of the entire current web page to a new page in OneNote, created in a WebImageCaptures section.
• A virtual printer that allows you to print from any windows app into OneNote.

Cool stuff!

GmailFS - Gmail Filesystem

Give geeks toys, and what do you come up with? Well, in this case, the Google Gmail System has turned into a Linux mountable file system. Richard Jones has built the GmailFS Gmail Filesystem for Linux. Wow!

Sadly, this is not available for Windows.

Re-appearance of GDI bug in XP SP2

[Updated 19.9.2004] Windows XP RTM had a bug in the Theme service which caused GDI handles to leak. My newsreader (Turnpike) suffered from this. The bug was resolved in KB 319740 and rolled into XP SP1. This bug has re-surfaced in the RTM version of SP2. The version of %systemroot%\system32\uxtheme.dll shipped with SP2 did not contain the necessary bug fix. The fix is straightforward. First you must obtain the copy of uxtheme from XP SP1. This is file version 6.00.2600.34. But check your system - if you are running this version then you do not suffer from this issue. If you have file version 6.0.2900.2180, then you need to install the fix as follows:

1. Reboot your system into Safe Mode.
2. Open c:\windows\system32 and re-check the version of uxtheme.dll.
3. Copy the 6.00.2600.34 version uxtheme.dll (the version from SP1) %systemroot%\system32.
4. Restart the computer.
5. After restarting, ensure the current uxtheme.dll file version in %systemroot\system32 is 6.00.2600.34.

My first RSS Advert

Well - Mary Jo has surprised me. Her RSS weblog at Microsoft Watch is now sending out adverts. I suppose it had to happen sooner or later. :-(

Microsoft Baseline Security Analyzer v1.2.1 available

At last, the updated version of Microsoft Baseline Security Analyzer (v1.2.1) that works with Windows XP SP2. Much needed.

This raises two questions. First, why wan't this available at the same time as SP2? One could go deeper and ask why wasn't MBSA simply rolled into SP2, but I'll pass on that one. The second question is: where's the updated Application Compatibility Tool Kit?

XP SP2 is running reasonably well on my main workstation, but now that SP2 is out, I feel it time for a complete rebuild from the ground up, if only to get rid of all the little bits of random beta stuff still on this box!

Recall Recalled :-(

I dowloaded Recall yesterday, blogging whilst doing the installation. Sadly, it does not work I get a .NET exception error ("Server Error in '/' Application. Object reference not set to an instance of an object") each time I try to use it. I've taken it off my system, pending getting it working. I suspect it may be a problem with my combination of Windows XP SP2 and the Whidbey beta possibly colliding with Recall (I've sent email and I'll post any resolution to this blog).

This is a bit of a shame - as the product looks most useful. Ahh - the joys of beta software!

As an aside, it seems to me that WinFS, with it's longer term ability to make searching fast and flexible, has generated some real short-term competition. Products like Lookout and Recall provide today what Longhorn may deliver some years down the road - and thus far, these are free. No, they are not as grand and glorious as the vision WinFS (and all of Longhorn) will one day become. But they're tools that help me today to manage the information overload that seems to be much of my working day.

Recall Toolbar - Search Within The Places You've Been

I visit a lot of web sites most days and often want to re-visit places I know I've been to (but which are no longer stored in IE's history). The Recall Toolbar looks like being a great solution.

Testing BlogJet

I have found (and installed) an interesting application called BlogJet. It is a cool Windows client for my blog tool Blogger and other tools.

You can get a copy here: http://blogjet.com/.

It is not free :-(

XP SP2 - First Experiences with RTM Version

I got the RTM version of XP SP2 from MSDN and immediately began the task of installing it on my two main XP workstations, and on my laptop. In other words, loading it onto systems where I have to rebuild if/when it goes wrong! :-) I've done three installs thus far. The first install was from a late beta build (2149 to RTM. It went smoothly and there seem to be no real issues. The second install was from an earlier build of SP2, and it needed to be removed before the RTM version would install. The third install was my laptop (PIV Centrino 1.8) which had been running build 2149 of SP2 beta. Some observations thus far:

• Download from MSDN was OK - not as fast as some MS subsites, but faster than others. Certainly acceptable speed.
• The SP installation process seems to take a long time. I did not measure the first two, but the third (on a 1.7mHz Centrino box) took just under 15 minutes.
• The SP installation package is BIG - the network SP iteself (xpsp2.exe) weighs in at 272MB. Running this executable expaands the SP into 332 MB temporary folder on the local hard drive (although these files are deleted after SP2 finishes installation).
• Upgrading from 2149 did not require me to remove the earlier version of the SP before installing th RTM version. The earlier build on my main workstation DID have to be removed before I could install the RTM version.

For planning purposes, if you've done any widescale deployment of interim beta versions of SP2, it probably makes sense to assume you can't upgrade the earlier version. Thus, allow time to deinstall and then reinstall SPs.

For me, the SP installation process has been relatively painless and thus far, I've had no real problems with any of these machines. So far, so good!

We're doing a pre-conference day at IT Forum!

Three of my colleages and I will be doing a preconference session at Microsoft's IT Forum 2004 in Copenhagen. COOL!!! So - if you are an IT Pro - what at the three things you'd like to know about .NET?

XP SP2 Is Released

I've been away for a few days, taking a spur of the minute break in the north of England. When I got back this afternoon, the first hint that SP2 had shipped was in an article in The Innquirer's entitled How Microsoft will eke out Windows XP SP2. As an MSDN Universal customer, I'm downloading the full ISO image as I compose this entry. The SP2 ISO is coming down at around 60KB/sec - which is not outstanding for Microsoft but given how hard the servers must be being pounded, not bad at all. I hope for Microsoft's sake, they can sustain this level of speed once SP2 hits Windows update and becomes a 'critical update'! Microsoft's home page for Windows XP still says SP2 is "Coming Soon". The Inquirer is probably right about the trickle out effect. Certaily the first thing I'll be doing is to put the ISO onto one of our corporate servers for our IT boys to play with tomorrow morning when they get in! The next month will be interesting. Micrososft has a lot riding on this service pack - and I certainly hope it all goes smoothly as customers start to deploy it. We shall see...

The IE Team is blogging too - with a wiki!

The wave of new blogs at Microsoft continues to amaze me. I discovered the IE Teams IEBlog today. Not only are the team blogging, but there's now a Wiki over on Microsoft's new Channel 9 site where you can edit in your own comments. I've added my .02€ worth on both security zones and printing. It will be interesting to see where both the blog and the wiki site go!

Some Windows XP and Office 2003 Deployment Content

Earlier this year, I re-developed some deployment content for Microsoft, which turned into several Deployment Assistance Workshops, delivered to Enterprise customers. Microsoft has now published this content on the web. You can get the Deployment Assistance Workshops - Windows Desktop material from Microsoft's UK TechNet community website.

More Common Sense Pricing for OneNote

I love OneNote. It's a great tool and I run it more or less constantly on my laptop! Office 2003 SP1 adds some neat new facilites, and I really like the new power toys. Bring on more toys! OneNote is cool - but at $200 is was over priced. But now, according to Product Manager Christ Pratley, Microsoft has re-priced the product. At $100, and at today's $/£ rate of 1.82, this works out at £54.00 (presumably +VAT). At that price, it's towards the high end of what, for me, is the right price - after all today it is essentially just a note taking tool. Having used SP1, and given the shape of the power toys ( and the potential for an object model and scripting to enable me to get stuff both in and out of OneNote) it may not be too expensive.

So Ken Rosen is Blogging Now!

Ken Rosen is the MCT programme manager at Microsoft. He's just started a blog: Out in the Street. Welcome to blogsphere!

A New Security Book - as a Wiki

On two recent blog entries (this earlier one, and this later one), I discussed a cool approach to colaboration - the Wiki. In doing some unrelated research to day, I came across Keith Guide's Security book (The .NET Developer's Guide to WIndows Security) done as a Wiki. Now this is cool - he had folks help him convert it form the raw manual HTML pages, and it looks good (and looks a bit better now ). A nice idea and a good book - worth reading and buying. It's also useful reading material for MCSEs who want to delve a little deeper into security.

It had to happen - the Swiss Army USB Stick

I've had a Swiss Army knife for many, many years. It's an invaluable aid (and I just wish I could carry it onto airplanes - I often wish I had it when I travel). But those amzing folks at Victorinox have come up with the ultimate tool: a Swiss Army knife with a USB Stick. They even have one veersion for airplanes (although the value of Swiss Army knife that does not have a knife is less than clear!).  I sort of hate to ask "what will they come up with next??" 

More about the DotNet Influencers

I blogged the other day about the .NET Influencer site. Since then, I've joined Steele Price and Mike Schinke as a Core Group Member with the aim of getting this site up and running.  I think Steele explains the goals and objectives on this site well in his blog entry. I look forward to working with Mike and Steele on this venture!!

Microsoft Solutions for Small and Medium Business

Over the past few years, Microsoft has made a real shift in terms of focus of much of the Content, from descriptive to prescriptive. By Content, I meant all various documents produced in support of Microsoft software, including Resource Kits, on-line sites, TechEd, MSDN, MS Learning courses, etc. See www.reskit.com for some of the Content! In the early days of Windows 2000, Content was pretty descriptive. The AD design courses, for example, had very curious solution designs, based more on 'we did it this way because we could' than on hard exerience with AD in the real world.  This has changed - with Content such as the Windows Server 2003 Deployment Kit containing  great prescriptive guidance on how to pland and deploy Windows Server 2003. At first, Microsoft concentrated on the Enterprise space, rather than the smaller business. Recently, Microsoft has started focusing on the small business space. They've just released the Microsoft Solutions for Small and Medium Business: Medium IT Solution (Version 0.9) which cointains details of 4 separate IT solutions, including a peer to peer network (with Windows XP) and a Small IT solution (for up to 50 users). I'll try to blog more on this once I've had a chance to digest it!

OneNote Power Toys

OneNote SP1 shipped yesterday and I've already downloaded and installed in on my personal machines.  In a blog entry yesterday, Chris Pratley suggests that there will be "some awesome power toys out soon".  And today (well today my time), the first two toys are now available for download.

As I write this the OneNote Power Toys page at microsoft.com is not yet up. But the two toys are directly downloadable. These two toys are:

• IE to OneNote Adds a button to IE that lets you send any page or a selection on a page to OneNote.
• Outlook to OneNote Adds a button to Outlook so that you can send any email message (or group of email messages if you multi-select) to OneNote to keep them together with notes and other docs

Office 2003 Service Pack 1 Ships

Microsoft has shipped Office 2003 SP1. You can get the Service pack from the Office 2003 Service Pack 1 download page.  KB 842532 describes the Office 2003 SP1 in a bit more detail. But to find details on the bugs fixed, you also need to drill into another set of articles. One each for Access, Excel, FrontPage, Outlook, Word. The KB does list the bugs fixed in InfoPath, PowerPoint and Publisher. I couldn't find a KB article listing the bugs fixed on One-Note, but MS has posted a list of what's new in SP1.  If you used the OneNote SP1 Preview release, you are going to  have to de-install it, then re-install the full (aka licensed!) version before installing SP1. It's a bit of a pain, but in my cases, the de-installation, re-installation and upgrade was simple and straightforward (and did not require a reboot or access to the CDs!). Things are improving.  

MSN Sandbox - cool toys from Microsoft

Olga Londer just pointed me to a cool site - the MSN Sandbox. As the site says:, it's a "place to play with new MSN technologies, look at prototypes, and peek behind the scenes at some of our new ideas." In addition to Lookout coming here, MS have some other neat tools, including the Newsbot (a comptitor to Google's news service) and Netscan, a tool that searches Usenet news groups.  An interesting site - looks like the comptetion with Google is yeilding some neat products.

dotNetInfluencers Wiki

In Hawaiian, the word wiki means quick or fast. According to Stuart Celarier "as with many languages, Hawai'ian uses doubling for emphasis, so WikiWiki means 'very quick'". Also known as a Wiki, a Wikiwiki is a quick and easy way of building a web site, where everyone can contribute. You just start editing. Wiki's can be a great way to add knowedge back into a community. For more information on Wikis in general, see the FlexWiki site.

One example of a working Wiki is the dotNetInfluencers Wiki. The idea is to have a place where some of the leaders in the .Net Community can document their activities and provide information and reference material for others.

A neat idea! I hope it takes off.

Performance Monitor Wizard

The Performance Monitor Wizard is a free cool tool to simplify the process of gathering performance monitor logs. The wizard creates log files you can analyse 'off line' and you can also use the .blg file it creates to monitor the specific counters in real time.

You can download the Performance Monitor Wizard from the Microsoft download site.

On-line tutorials in HTML, XML, Broswer and Server Scripting

Using Google to search for a term this morning, I came across the W3Schools Online Web Tutorials site. This site has a number of on-line tutorials on:

• HTML
• XML
• Browser Scripting (Javascipt, DHTL,VBScript, HTML DOM and WMLScript)
• Server Scripting (SQL, ASP, PHP)
• .NET

I've been meaning to do some more digging into XML and it looks like some study time is calling!

SharePoint Summit Training Comes to the UK

I'm really pleased to let you all know we've persuaded Bill English and Todd Bleeker to come on over to the UK and teach their SharePoint Summit.  This will be an intense 5-day look at the Share Point technologies from both administrator and developer points of view.

Details of these two summits are at:

• http://www.qaacademy.co.uk/courseList/Sharepointadmin.aspx - for Bill's Administration Track
• http://www.qaacademy.co.uk/courseList/Sharepointdev.aspx - for Todd's Developer Track.

I am quite excited about the ideas we're having around QA Academy.  It's got its own web site, http://www.qaacademy.co.uk/ which continues to evolve. The basic concept is short focused training for mid to upper management, run by the best in the business. The aim is to improving effectiveness both soft and technical skills areas. 

Let me know what you think!

Be careful loading cool software on corporate systems

I got in a bit of hot water for sending some folks inside my firm details about LookOut, a cool add-in for Outlook. I blogged about it yesterday, and sent mail to colleagues who were equally as keen. The internal IT department, however, had not vetted it, and were as ever concerned about the impact of users just downloading new stuff onto the carefully managed desktop. They have a point. Even though LookOut is an amazing product ( and I'm using it with great success), our IT folks IT folks folks hadn't checked it out.  The moral of the tale is that when you read about cool software you can download for free from the Internet, make sure you are allowed to download the onto your system before doing so! 

Free download Lookout V1.2

Now this is cool. Here MS has just bought Lookout and is already offering it up for free! If you are an Outlook user, get this tool!

Go to the Download page to download a free copy of Lookout V1.2

Visual Studio Beta 1 Arrives in Cookham

COOL Stuff! That nice delivery man just rang the door bell and I now have Beta 1 of VS 2005) aka Whidbey. The package contains several bits and pieces:

• VS 2005 Beta 1 (2 CDs)
• R debugger (CD)
• Visio tools (1 CD)
• MSDN library (3 CDs)
• 64-bit SDK (1 CD)

Additionally, Microsoft has shipped a copy of Amber Point Express, a web services management tool. AmberPoint Express allows you to manage, monitor, analyse, diagnose and test your web services. It's also fully integrated with Visual Studio. Neat! I'll post more once I get it all loaded up!

CRN Interview: Jeff Raikes

I saw Jeff's speech on Monday in Toronto, and it was, as Steve Ballmer later suggested, lots of 'blah blah blah' (admittedly with some fun videos and nice demos!). To some degree, a better summary of what he meant is in the CRN Interview posted on Wednesday.

My key takeaway from the partner conference, and this interview, is that the partner model has totally changed big time. And this means lots of change for the partners. The focus is now on points and competencies where Partners earn points based on doing things as described on the Partner Points Page. Competencies become a key way to earn the points needed for Gold status. As a supplier of training, we look to train both MS customers and MS partners in many of the competency areas.

To some degree, the interview clarified the issue over his call for all partners to sign up for IW competencies. Jeff makes the point that the new partner programme is just getting going. We'll have to see where we are in 6 months. We certainly live in interesting times.

Kereberos Explained

David Tschanz has written a great article for Microsoft Certified Professional Magazine Online, called Taming Kerberos. This article describes how Kerberos works on Windows 2000 and later. It also provides some troubleshooting techniques.

More security paches for Windows

Microsoft has now released the July set of patches. You can view the Microsoft Security Bulletin Summary for July, 2004.

There are 2 critical patches, 4 important patches, and 1 moderate.

Get downloading!

More security training

During the first 6 months of 2004, Microsoft has run a considerable amount of free security training around the world. The program, "Broad Customer Connection", set out to train 500,000 people around the world in the basics of IT security. I ran just about every format of this material in the UK (clinics, summits, one day events, evening events, web casts, etc) and found the material very, very well received.

The BCC (04) programme is now over - but the material lives on. Microsoft have now released this material in e-learning format. If you navigate to the Security Clinics elearining page on http://www.microsoftelearning.com, you can get FREE access to this material.

But to make matters even better - Microsoft have now added security to the individual assessments to their set of assessments. These assessments are at http://www.msmeasureup.com/test/home.asp#1. Great stuff!!

Scripting Active Directory

Most experienced admins know the value of scripting. In KB 246530, titled Scripting Functions Provided by Iadstools.dll Microsoft sets out details of a DLL you can use to write AD scripts. Iasdtools.dll is a dll that is installed with the Windows 2000 support tools, which you can use to get a verity of information into (and out of) the AD.

Ten Tools Every Developer Must Have

Microsoft has published a cool paper, snappily titled Visual Studio Home: .NET Tools: Ten Must-Have Tools Every Developer Should Download Now.

The thing I most like about this page is that none of the tools are MS tools, but external tools. I'm familiar with a couple of these tools, but the rest are new to me - looks like more hours downloading and playing!

QA is Microsoft's 2004 Certified Partner for Learning Solutions, EMEA!

For the third time in four years, (and 2nd year running), QA has been named Microsoft Certified Partner of the Year, Learning Solutions, EMEA! As Chieft Technologist, I have the happy task of collecting the award! This is an outstanding testament to our Microsoft technical expertise and our ability to design, manage and deliver complex, bespoke training projects to large organisations. This accolade reinforces QA's solution capability and quality of offering to our clients. No other training company in the UK can rival this achievement. Our entry for 2004 was based on a migration project with Cr�dit Suisse First Boston (CSFB). As part of the bank's migration of 40,000 desktops from NT4 to XP, two of our outstanding instructors Dave Britt and Brian McDermott designed and delivered a training programme to over 100 IT support staff and in-house trainers in the UK and US. Much of the programme was customised due to the non-standard IT infrastructure at CSFB. Last year QA went on to win the Global title. This year's Global winner will be announced at Microsoft's partner conference in Canada next week. We'll see if we win that award twice in a row too! I'm proud to work at QA!

TechEd Europe: Pre-Conference Sessions - We Did Well

As pointed out in Tim Sneath's blog entry our TechEd pre-conference session came in third. We'll do even better in Copenhagen!

ISA Server 2004 Standard Edition RTMs

Finally - ISA Server 2004 has made it to RTM. I can't get it down from MSDN yet, but it will be there soon. It's an awesome product - I look forward to working more with it.

Novell Linux Resource Kit - Free

Last week, I participated in some Open Source talks at Microsoft TechEd in Amsterdam. In these talks, we discussed the merits, or otherwise of Linux and open source. One thing I came away with was the perception - often far removed from reality. One cure for this is to actually try out Linux, and actually do the numbers. I'm pretty sure that the world will not suddenly move away from Microsoft and Windows, but nevertheless, I think it's a great thing that companies look at their IT infrastructure, at their cost base and at their user community and try to do the best. That means taking a long hard look at your processes and tools and at least looking at alternatives that might improve your productivity or impact TCO.

As if they were reading my mind, Novell are offering a nice set FREE DVDs containing SUSE Linux plus goodies. Head over to Novell's Customer Communities - Linux Resource Kit Order Form page and order. The cool thing - it's free, even outside the USA. It's not going to make me a convert, but more skills are clearly a good thing.

Sending Very Large Emails - for free

Now this is a cool idea for getting around the limits that mail administrators sometimes place on users. For example, I recently wanted to get a 150mb file from Belgium to the UK, but found it very difficult. The folks at YouSendIt enables you to "Email large files quickly, securely, and easily!" so it says on the web site (http:www.yousendit.com).

To use this service, you go to the transmission page, and enter the email address to receive notification of the file available for transfer. The recipient then gets an email, containing a URL on YouSendIt's servers. I just transferred a small PPT file and it's available at http://s11.yousendit.com/d.aspx?id=BF2CA0E2E83AC30C57A9E9D731C378E8. It will get deleted within 7 days (i.e. by 10 July!).

The idea is cool, and I can certainly see a use for it. But there are a couple of interesting questions. First, what is the business model for these guys? I mean, what is going to be their return on letting me mail someone 1gb of data at a time for free? While I like free, there really is no such thing as free these days - someone's got to pay for the servers and the bandwidth needed. Does the adware on the site pay for this? The second question is over security of data. While I don't mind sharing a picture or two - and having it out on the internet - but what other use might be made of this information or data? How do I know that it will only go to the people I actually send it to? The site has a nice security policy, and offers transfers via SSL. This latter feature is one that makes me vaguely nervous as it could be a potential attack vector, bypassing perimeter and network defenses.

What ever the answer, this service does seem to work, and as long as it's free, it's a neat way of sending large files to people across the internet.

KB 841551 - Cluster preallocation algorithm in the NTFS file system white paper

Microsoft has issued a KB artilcle, which refers to a white paper, 841551 - The Description of the cluster preallocation algorithm in the NTFS file system which describes how NTFS pre-allocates space during I/O operations on an NTFS file.

TechEd Europe Keynote

The keynote for TechEd was interesting. The conference theme is 'feel the rhythm' - so to underline this, each delegate received a hand made African drum. On stage, and in the hall, were more drumers (with larger drums!). 6000 geeks banging on their drums was a definate wake-up call.

After the drummers, the room went dark, and the next speaker came onstage and started to give his talk. He said he did not care if there were lights on - because he was blind. He first threw away his mouse (what value is a mouse to someone who is blind?)then gave a short demo of a screen reader and braille bar. When you see both MS software and the web, through the 'eyes' of a blind person, it makes you realise just how much visual appeal there is. And how useless it is to the blind. It was a short, but effective reminder that the development community does need to remember all the user community, not just the sighted. The rest of the keynote was interesting and animated, but these two things did rather stand out.

Teched Europe: Open Source Chalk Talks

For those of you interested in open source, and the Microsoft view, check out this chalk talk at TechEd:

CHT038 Microsoft and Open Source

Tue, Jun 29 14:45 - 16:00 Room: S

Thomas Lee , Steven Adler , Bradley Tipp

Many customers have questions about Microsoft�s view of Open Source and its ability to coexist and interoperate in a Microsoft environment. The session aims to answer your questions about Open Source and provide information and guidance on Microsoft�s position on Open Source.

This session will be repeated a total of 4 times during TechEd.

The format of this will be to get the audience to post the questions - what do YOU want to know today - and for Brad and Steven to put forward the Microsoft view of things, with me keeping score, providing a more independant view, and trying to keep the conversation on topic and flowing. If you have any specific questions you'd like to ask, or have asked, then post to me - either by email, or via a comment on this blog.

We've done these sessions in the past (at TechEd Barcelona and at IT Forum) and they were a lot of fun. Hope to see you there!

Check out the TechEd Bloggers site for more info on TechEd Europe

For those of you who will not be heading to Amsterdam next week, stay tuned to the TechEd Bloggers site for details and reactions on the show!

The TechEd Bloggers site publishes Blog posts made by registered bloggers that somehow relate to TechEd. The bloggers first have to register their blog, which is pretty simple, at http://techedbloggers.net/SubmitBlog.aspx and there after any TechEd posts made will get published at the TechEd Blogger's site. Sadly, not all the TechEd related blog posts actually end up on the site. I've had a few of my that never made it, nor any clue why not! Oh well...

The TechEd Blogger team have provided a set of RSS feeds for posts, an OPML directory of all the bloggers, plus links to blog related stuff.

A nice site, with some useful information. For Euro-geeks, probably worth watching over the next few weeks.

TechEd Europe MSF/MOF BOF Session

I'm looking forward to the MSF/MOF sessions at TechEd Europe. This BOF session is titled BOF005 "MSF and MOF - What's In It For Me?". The format will be for someone (me) to set an agenda for the session, and kick off the discussion. I'd planned on discussing what MSF and MOF are - so we're all on the same page. Then, let's see were the discussion takes us.

This will be fun!

TechEd Europe here I come!

Just one week left before TechEd Europe! I can't wait. This year will be a lot of fun!!

On mondy, 3 of my QA colleagues Olga Londer, Dave Wheler and Andy Thomson and I will give a pre-conference session entiitled .NET for IT Professionals .

During the week, I'll be working with Steven Adler and Bradley Tipp to discuss Microsoft and Open Source. We're giving this sessin 4 times during the conference, so please come along!

Finally, I'm going to be leading two Birds of a Feather sessions, one late on Wednesday and the other early Thursday morning. These sessions are titled "MSF and MOF - What's In It For Me?" and should be lively.

More about MSH (and Longhorn)

One of the features of Microsoft's upcoming Longhorn OS is a new command shell, known as Monad, or MSH. I've written about it a few times in the past on this blog. I find it utterly cool,and really hope MS consider releaseing it earlier! Anyway...

In the final edition of The .NET Show: Longhorn Fundamentals the archtect of MSH talks about it and what it can do. Jeffry Snover and Jim (bad hair) Truher are my heros!

If you want to see a cool product, and a mega-cool demo, watch this session! I want this product.

Deployment Assistance Workshops - Windows Desktop - CONTENT

This is sort of cool. It's some work I did for Microsoft earlier this year. Titled the Deployment Assistance Workshops - Windows Desktop, the full PPTs can be downloaded.

I was sort of surprised by Microsoft putting this material onto the web, but am very pleased that they have done so! The UK TechNet site is getting increasingly useful to UK IT pros (and of course to all IT Pros around the world with Internet access!).

TechNet Security Talks

Over the past few months, I've been doing a number of security talks for Microsoft, which include a number of TechNet briefings: TechNet RoadShows,the 1-day, the 2-day, and evening events as well as the web casts. This week I did an evening event at Thames Valley Park, and am doing another one in London tonight.

I regularly get asked for the slides, so I've put them up on my website. A small note - these presentations are BIG, even though they are already zipped up. I'm working on compressing them a bit more but they will still be big!

Enjoy - the'll be up there until I get a bandwidth cap!

What's in a Product Update Package

I came across another interesting article in the Microsoft KB. KB Article 824994 - describes the contents of a Windows Server 2003 Product Update Package. The article is a little hard to read (the first two sentences are 55 words long each, and the overall sentence length is 29.2!). But it has some interesting information as to the contents of update packages.

The article also explains why an update package may have more then one copy of a given file. Each update will have a copy of the relevant file for each "cardinal point" in the file's lifecycle. The cardinal point, a new term to me, are the main releases of the file (ie RTM and for each Service Pack). So copies of a file will exist for RTM, SP1, SP2 (when it exists) as well as for a given hotfix.

An interesting read!

Too many passwords?

Like a lot of IT professionals, I have a lot of accounts and passwords for alarge number of web sites. These sites are around the world, and have varying password requirements. The fact is, I just can't remember all of them.

I found a neat tool at http://www.pluralsight.com/keith/security/sample_pwm.txt" which should help. This is clearly better than c:\passwords.txt!

Microsoft Online Seminars - in case you missed TechEd

While the content is not bang up to date or as deep technically as the Teched 400 level sessions, the Microsoft Online Seminar site has a large number of streaming media seminars.

There is an impressive amount of content for doiwhnload. For those of us who are not living right on the bleeding edge, this is really useful information, and I'll probalby end up spending time watching some of these .

The majority of these seminars appear to be at the 200 level (technical overview) bur there are some deeper talks at the 300 level.

Thanks to my MVP buddy Oli Restorick for pointing this out!.

Windows Application Compatibility Toolkit 3.0

Application Compatibility can be a big problem for companies upgrading to any later software platform. Microsoft have produces the Windows Application Compatibility Toolkit which is available for free download. You can also order the toolkit on CD - it's free, but you have to pay "postage and handling."

A new version of this tool kit is meant to be coming out with Windows XP SP2, but I've seen no signs yet of a beta copy.

Setting up DNS

I get a lot of queries about DNS. One question I get often, especially from small to medium enterprises relates to the need for a secondary. Many of these smaller business want to offer services, web sites, etc to the Internet, and therefore require public DNS servers. For some, hosting a secondary would requrie an additional box. Hosting two DNS servers on a small site does not really provide much redunandcy.

There are several ways around this problem. Some firms 'peer' - firm A hosts the records for firm B, and firm B hosts the records for firm A. There are also third party (i.e. for fee, not for free!) companies which provide this service. I'm currently using DNS Made Easy. DNS Made Easy provides you with primary and secondary domains, and can provide mail services for your domains. The price per year is quite modest. Worth a look of you want to set up your company's web site and don't want to host DNS as well (or if you just want a reliable secondary).

Inside Update.exe - The Package Installer for Windows and Windows Components

As part of the improvements to the overall patch management process, Microsoft is making changes to numerous components. the article Inside Update.exe - The Package Installer for Windows and Windows Components provides a really good look at how this part of patch management works.

MS announces changes to support life of software

At TechEd today, Andy Lees announced a change to the life of supported software. Going forward (i.e. excluding NT4!), there will not be a 10 year product support life cycle. It seems pretty clear that MS is NOT going to relent on providing future support for NT4. But the life of MS Operating Systems has just got a little longer.

New Level for MCT Programme

I'm in San Diego, at the Microsoft Certfified Trainer day, as part of the US TechEd. It's been an interesting day so far - Microsoft are announcing the changes to the MCT programme for next year. The big change is a new level of certification: the Microsoft Certfifed Learning Consultant (MCLC). This builds on the MCP foundation, requries a case study and will have other requirements. At last, a level of MCT certification that recognises the more senior trainers. Sadly, there are some additional requirements, but MS have not yet worked them out!

Group Policy Management Console Service Pack 1

Group Policy Management Console (GPMC) is a must-have addon for Windows Server 2003. As it's name suggests, you use it to manage Group Poicy. SP1 for GPMC is something I must have missed - sadly! I've got a copy of GPMC I carry around, but it is the RTM version. You can get the updated version from the microsoft.com.

GPMC SP1 fixes bugs found in GPMC sample scripts, GPO reporting, and in the Migration Table Editor (MTE). Interestingly, Microsoft have also addressed bugs found from Dr. Watson crash data. There's also a fix to the GPMC RSoP wizard to work when Internet Connection Firewall (ICF) is enabled on the computer running GPMC.

GPMC rocks! Oh - and here's something a lot of people seem not to know: you can use GPMC to manage a Windows 2000 AD. You can't run GPMC on a Win2k box, instead, run it on a WIndows XP box attached to the domain.

Blogger now has comments

Cool. Comments from blogger!

Microsoft Windows Media - Fast Streaming with Windows Media 9

This is cool, both in theory and in practice! The web page at Microsoft Windows Media site explains the benefits of Windows Media 9 Series. The idea of fast streaming is simple - to deliver instant-on/always on experience. In other words, taking some of the unreliability inherent in the Internet out of the experience. And it really works!

As many of you know, I'm a fan of the Grateful Dead and it's many offshoots. I've just been listening to some really cool tracks from an upcoming Jerry Garcia release. The studio has released a number of the tracks on streaming audio and the sound quality is pretty good. The on demand steam comes from a Windows 2003 server with Direct 9.

Well - it's Sunday morning and I'm listening to this stream, and looking at the patch status of my boxes. Turns out I have to reboot the ISA server. Just as I hit the reboot button, I realised I'd loose the Jerry Garcia stream. I thought it would be interesting to see just how good the buffering was. My ISA server runs on a little Dell Dimension 4600, and took 46 seconds to reboot (according to uptime.exe). During the reboot, the player did not miss a beat! I was amazed - this is cool!!

Introduction to spyware

Microsoft has just published an Introduction to spyware. A most useful intro to the subject - I recommend passing on the link!

OneNote 2003 Service Pack 1 Preview

Microsoft have released a beta of OneNote 2003 Service Pack 1. This is a preview to what is, in effect OneNote V2 - as I understand it, the OneNote team is doing a full rev of OneNote to be shipped with Office 2003 SP1, sometimes later this year.

So go get the beta and play - I've found it very stable and I like the new features!

How to convert your Windows Server 2003... to a Workstation!

I run Windows Sever 2003 on my laptop. While to many this seems crazy, you have to understand that I do a lot of work on server - I write about it, I lecture on it, I play with it. And as I'm on the road so often, running the server edition just seems to make sense. But it's NOT Windows XP.

In general, I totally agree with the decisions to make server 'different' - remove games, etc, etc. If anything, I was highly vocal in the beta forums to make it so!! But having said that, I still run Server on my laptop and really would like to get some of the workstation functionality. I've worked out most of the tricks to make Server behave sensibly (eg play sound, burn CDs, etc), then I stumbled over the site: How to convert your Windows Server 2003... to a Workstation!

This is pretty much the definitive source on how to get your server OS to run like a workstation. If you are a geek like me, this is a great site. But remember: this stuff is NOT supported!!! It is, however, cool!

MSH Just Gets Cooler!

I've written about Microsoft's new command shell, MSH, in the past, but as it evolves, it just gets cooler!

MSH is an all new approach (from Microsoft!) to a command shell. MSH (Monad Command Shell) combines the very best of the key command shell concepts from Unix (e.g. the pipeline, proper control structures, variables, etc.) with .NET (objects with meta-data and evidence). Microsoft demonstrated this at PDC last October, and provided a first look. Google for the impressions - I know I was excited!

Since then, a lot of good thinking, and development, has been done and MS have released an updated version of MSH to testers. I've been playing with it bit and I'm blown away. It needed an update to the .NET Framework. But most surprisingly, I was able to remove the earlier PDC version of the .NET framework, and deploy the updated version flawlessly - and without a reboot.

The first think I noticed is that the syntax has changed in one big way. In the PDC version, cmdlets and verbs were separated by the "\" character. It's been changed to the "-" character. At first sight, this looks strange. I guess I've always seen the "\" as a separator while "-" is not - in my COBOL days, variables like process-get would have been just fine. I guess I'll have to get used to that!

I continue to be impressed at the very clean and slick architecture of both the cmdlet and the cmdlet provider. Cmdlets, the heart of MSH, are little programs that do useful things. They take input, and create output - via the MSH pipeline (or stdin/stdout). Cmdlets provide both a great development environment and to provide consistent user experience.

The Cmdlet provider architecture take this one step further. Cmdlet Providers expose a set of base classes to the MSH Provider architecture. This architecture includes standard cmdlets that act on the classed exposed via a provider. Each cmdlet provider offers a consistent name space that can be navigated by a huge number of standard cmdlets.

If this sounds Greek, think in terms of there key cmdlet providers: the registry, the file system and the active directory. With these cmdlet providers you can obtain information about the components of these data stores in a consistent way. For example, you can type 'DIR' in the context of any of these providers and get a list of their children (OUs in AD, keys in the registry, and files/folders in the file system providers).

So what you ask? Well, with the registry provider, you could write a script to open an OU in the AD, get all the children (e.g. computers, users, etc.) and use the properties of those objects to perform some administrative function. You could do a bulk password reset, for example.

Cmdlets take as input .NET Objects and produce objects. Thus a cmdlet can use the .NET Framework to access the objects consumed and produced. The cmdlet can obtain all the necessary meta-data about the object, which sure beats the prayer-based parsing you used to have to do.

One very neat aspect of the latest version of MSH is the win32-to-ShellObject.msh script. This cmdlet takes 2 arguments: a command and a hash table consisting of a regex production rule to find objects and a set of regex produce rules to find the properties of those objects. This enbles the cmdlet how to parse the output of the command. For example, this is a sample script shipped by Microsoft to handle the ipconfig command:

#
/********************************************************************++
# Copyright (C) Microsoft Corporation, 2003
# Project: Monad Shell
# File: get-ipconfig.msh
# Contents: Convert the output of ipconfig.exe to MshObject
# History: 20-March-2004 kumarp Created
#
--********************************************************************/
# the template for ipconfig output that covers both the no-arg case and /all case
#
$rxIpAddress = '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+';

$ipconfigTemplate =
@{ 'ObjectHeader' => '^([^ \t][^:]+):$';
'Fields' => ( @{ 'Pattern' => "^ Subnet Mask (`. )+: (?$rxIpAddress)" },

@{ 'Pattern' => "^ (Autoconfiguration )?IP Address(`. )+: (?$rxIpAddress)" },
@{ 'Pattern' => "^ DNS Servers (`. )+: ?(?($rxIpAddress)?)";
'Type' => 'string';
'Array' => 1;
'MultiLine' => 1;
'Name' => 'DNSServers';
'MLPatterns' => ( "^[ ]+(?$rxIpAddress)" );
},
@{ 'Pattern' => "^ Default Gateway (`. )+: ?(?($rxIpAddress)?)" },
@{ 'Pattern' => "^ DHCP Server (`. )+: ?(?($rxIpAddress)?)" },
@{ 'Pattern' => "^ Primary WINS Server (`. )+: ?(?($rxIpAddress)?)" },
@{ 'Pattern' => "^ Secondary WINS Server (`. )+: ?(?($rxIpAddress)?)" },
@{ 'Pattern' => '^ Connection-specific DNS Suffix (`. )+: ?(?([a-z\.]+)?)' },
@{ 'Pattern' => '^ Description (`. )+: ?(?[^\n]+)' },
@{ 'Pattern' => '^ Physical Address(`. )+: ?(?[^\n]+)' },
@{ 'Pattern' => '^ DHCP Enabled(`. )+: ?(?[^\n]+)' },
@{ 'Pattern' => '^ Autoconfiguration Enabled (`. )+: ?(?[^\n]+)' },
@{ 'Pattern' => '^ NetBIOS over Tcpip(`. )+: ?(?[^\n]+)' },
@{ 'Pattern' => '^ Lease Obtained(`. )+: ?(?[^\n]+)' },
@{ 'Pattern' => '^ Lease Expires (`. )+: ?(?[^\n]+) }' }
);
};

call-command win32-to-ShellObject.msh 'ipconfig.exe /all' $ipconfigTemplate;

The regular expression, stored in $ipconfigTemplate, tells the cmdlet how to parse the output of ipconfig /all, and how to package that into an object for later in the pipeline.

COOL

MSH seems to me to combine the very best from the Unix world, with the rigour of .NET. Microsoft really, really, really should consider delivering this before Longhorn ships! I can see three reasons for shipping early:

1. It helps in the battle against Linux/Unix. It's just one less argument against Windows - we now have the most powerful shell approach in the world, based on .NET. If you get the inside techies excited about .NET the rest will follow.

2. It really helps in the migration. Yes, SFU is cool, but it needs to be rolled out, and requires (yet another) another service to run. I'd like to see migration to an all-Windows environment as quickly as possible.

3. It provides a consistent way of doing all administration. Consistency is something that most administrators like, love, and sometimes find missing.

MSH is cool...

Telegraph newspaper online RSS feeds

RSS (Really Simple Syndication) is a method of creating and distributing content, from publisher to reader. RSS is based on XML. An RSS feed offers a set of articles, each of which contain a headline, links, and an article summary. The publisher creates articles which are added to feeds dynamically. For example, when I post this web log entry, both the Blogger website and the RSS feed will be updated. RSS content can include web logs, community sites (e.g. Slashdot), news sites - basically any site that regularly updated content and wants to distribute those updates as discreete units. The reader can use an RSS reader program to obtain and display RSS feeds from publishers across the Internet (and intranet for that matter). I've been using using the FeedDemon as my RSS reader. If you are interested in a large set of feeds, take a look at Syndic8.com for a directory of over 10,000 publicly available RSS feeds.

A neat set of feeds are now available from the Daily Telegraph. This is cool in that I can get the key headlines into my RSS reader - and pretty much do away with hard copy news papers.

Today, this feed is free - but I can't help wondering if there isn't a way that the Daily Telegraph might be able to charge for some of this? Personally, I'd be happy to pay a small fee per article, say 1-2p.

I won $20 from Steve Ballmer

I've been at the MVP summit in Seattle this week. Today was the Executive day - we had talks from Lori Moore, Eric Rudder, Rich Kaplan, and Steve Ballmer. After each talk, questions were taken from the floor. After Steve's ROUSING talk, I got to ask a question. I was enquiring about the progress of patch management.

At TechEd last year, Scott Charney said "By the end of the year, instead of eight installer technologies we will have two, one for operating systems and one for applications." I was asking Steve for his views on this.

At last year's summit Robert Scoble won $1 from Steve, and had it signed, for asking a good question. So somewhat cheekily, I asked if the question was worth a buck? He said sure, reached into his pocket, fished around, and then said: "This might be your lucky day" - handing me over a $20. Thinking quickly, I got him to sign it too. When I get back to England I'll post the photo of the bill. I'm not sure how to get him his $19 in change - all suggestions welcome.

You gotta love this company.

Stockholm Security Slides

I was in Stockholm this week giving two talks on IPSec and Perimeter Security. As promised, I've uploaded the slides. The IPSec talk is at www.reskit.net/stockholm/ipsec.zip while the Perimeter Securiy talk is at www.reskit.net/stockholm/perimeter.zip

I'll post more details on the sessions later!

Sawmill log analysis program

Sawmil is a neat log analysis program. I use it to analyse the hits to this blog.

Sawmill runs as a web server (on a local port) and can read my web log hit logs and gives me a great view of the traffic. What I find most interesting is where I'm getting hits from - I can see other blogs that refer to mine, etc.

Sawmill is a neat product!

Chris_Pratley's WebLog - an interesting read

I came across Chris_Pratley's WebLog the other day - it's a good read. Chris is Group Program Manager for Office Authoring tools, which includes OneNote. one of the guys who runs the OneNote product. His blog contains some great insights into the how and why's of OneNote.

OneNote is an incredibly cool tool - it reminds me a bit of some of the outlining tools I used in the mid-80s. I use OneNote today fairly heavily to organise my thoughts. I suspect that if I ever get a tablet, I'd use OneNote a lot more!

Ten Technical Communication Myths

I came across this article, Ten Technical Communication Myths, on a technical writer's web site. Very well written, it looks at some of the common myths surrounding technical writing.

I particularly love Myth 2: Sans Serif Fonts are Always More Legible Online. It turns out that there are other factors to consider, including the legibility of the page design, line spacing and width, word/character spacing, type size, plus whether tricks like ant-aliasing is being used. So sure, type font is important, but so are the other factors. When we forget this, our communication suffers.

Speaking about Security

It turns out, I am speaking on security this coming Thursday night in London. Come along - it should be a fun evening.

FeedDemon Ships

For a lot of personal reasons, I've been absent from blogspace for the past couple of months. Not that anyone noticed . In trying to get caught up, I came across an interesting product release!. It may be be old hat to some of you - but I only noticed yesterday that Nick Bradbury's most excellent Bradbury FeedDemon - an RSS newsfeed Reader for Windows has finally been released.

You can download a trial copy. If you like it, you can purchase the license and upgrade your trial copy to a full version. This product was so good in beta, that as soon as I noticed it, I bought it over the web and am now a very satisfied customer.

One interesting thing - I ordered the product for over the web download and activation, with a US$ credit card, but with a UK address. The site charged me VAT (at the correct rate of 17.5%). But when I entered my VAT number (I'm still VAT registered) and the VAT disappeared. This makes it easy - no VAT to pay or recover. But I like FeedDemon enough that I'd have paid the VAT inclusive price.

The joys of trans-national e-purchasing!