Friday, October 29, 2004

Microsoft Virtual Server 2005 Migration Toolkit is Released

The Microsoft Virtual Server 2005 Migration Toolkit has shipped. This tool enables you to convert a physical system into a virtual machine image you can run inside Virtual Server. In order to use VSMT, you must also have Microsoft's Automated Deployment Services installed.

Fiddler - an HTTP traffic logging utility

Fiddler is an HTTP debugging tool. Fiddler acts as a local proxy and then logs HTTP traffic between your computer and your intranet, and the Internet. Fiddler allows you to inspect TTP Traffic, set breakpoints, and in a sense "fiddle" with incoming or outgoing data (hence the name). Fiddler is simpler than Netmon, but it acts only on HTTP traffic. While you see none of the lower layers, the view at the HTTP level is good. Fiddler also looks extensible, with scripting, custom inspectors, and menu extensibility. And: it's free!

MSH has a Wiki: MSHWiki

For those of you wanting to learn more about MSH, there's now an MSHWiki up on Microsoft's Channel9 site. The wiki has a few pages already, including an MSH Quick Start Page, a Sample Scripts Page, and an MSH Power Toys Page. This wiki is still in in its infancy, but it does provide some help and assistance!

Monday, October 25, 2004

Microsoft Partner Pack for Windows XP

Microsoft have launched the Microsoft Partner Pack for Windows XP, with the bold statement that "The Partner Pack is the ultimate application package for your Windows XP PC." You can download the Microsoft Partner Pack for Windows from the Microsoft Web Site. One nice feature of this is a free year's subscription to CA's etrust Anti Virus tool!

One small problem - you can't download if you are using Firefox. However, if you use Firefox's Agent Switcher to lie to the site, the download works fine. Why does Microsoft, or any site, require IE just to enable a download?

Tuesday, October 19, 2004

Slides from the Microsoft Technical Briefing and other MS events

Microsoft UK have posted the slides from the revent Technical Briefing at Wembley to the Microsoft TechNet UK Previous Events page. This also has the slides from other UK TechNet events, including the road show, the evening events and the web casts.

Five million Firefoxes released into the wild

In a story at , entitled Five million Firefoxes released into the wild the news that over 5 million people have downloaded the FireFox preview version. Make that 5 million and 1 - I've downloaded it and am very, very happy with it.

No, Firefox is not perfect, it loads a bit slowly, it has crashed a few times and on some web sites, it's not useable (Microsoft's Office Update site, for example, will not work with Firefox - it requires IE). Despite these issues, I find FireFox superior in a number of ways. I've been keeping a list of all the things I like and when I get a chance, I'll post this list (and my list if things that have gone wrong).

Wednesday, October 13, 2004

Windows Server 2003: Network Access Protection

For almost every organisation, ensuring that netework clients are 'healthy' is a major problem. How do you ensure that clients have up to date virus signatures, up to date patches, etc? And how do you manage clients that are not in compliance? In very small networks, you can do this by wandering around, and manually checking each system - but this does not scale. Microsoft's Network Access Protection (NAP) is a set of technologies tha will provide a ground up solution. Microsoft has a site Windows Server 2003: Network Access Protection that describes this. At present, the plan seems to be that this technology is to ship with R2, the next minor release of Windows Server 2003 (expected in 2005). NAP is a fundamental re-think in how network protection is performed. I look forward to playing with this!

Download details: Microsoft Virtual PC 2004 Service Pack 1

VPC SP1 finally ships See the Microsoft Virtual PC 2004 Service Pack 1 page.

Tuesday, October 12, 2004

Microsoft's Help and Support site updated

Microsoft has launched an update to the Microsoft Help and Support page. It looks like some of the features, particulalry the KB Search feature, have been dropped - or made more difficult to find. And the searching still results in far too much irrelevant material: for example, when searcing for content related to, say, Windows Server 2003, many of the hits related to other, not direclty related, technolgies. I do wish MS would stop making searching for content more difficult.

Tuesday, October 05, 2004


I'm sitting in the MS Technical Briefing today, listening to Fred Baumhardt doing an ISA talk, where he's pointing out that port 80 has become the 'universal firewall bypass protocol'. He then showed the audience the HTTP-Tunnel home page. This page has an interesting application which enables you to bypass yoru firewall. The page says: "Your Internet application sends data to the HTTP-Tunnel Client, which in turn tunnels the data over HTTP (port 80) to the HTTP-Tunnel servers. The servers then send the data to the intended destination and forward the responses back to the HTTP-Tunnel client. This forwarding technique effectively bypasses firewalls, permitting the users to successfully use most Internet applications."

In other words, this application blows a complete hole in your firewall. Scary! But very, very useful.

Worried about Window's GDI+ buffer overflow?

Are you worried about the potential impact of the GDI+ buffer overflow bug? If so download Dynicity's GDIPlus Reporter Utility. This tool shows up issues that the Microsoft provided tool does not. For example, I use Camtasia to record screen demos, and Dynicity's tool found a vulnerable DLL in the camtasia installation folders - one that was not detected by the MS tool.

Friday, October 01, 2004

319740 - MFC Applications Leak GDI Objects on Windows XP

As previously reported, Windows XP SP 2 re-introduces a GDI object leak in MFC applications. This bug was present in XP RTM and was resolved by a hot fix that was rolled into XP SP1.

This bug was re-introduced into SP2. I first reported this to Microoft on or about 29 August. I was finally sent a fix few weeks later, that did appear to resolve my GDI leak. I asked the MS representative dealing with this case if he could ensure that the KB was updated (or a new KB article issued) and I was told that he was not able to do it. It was suggested that I could post a suggestion to MS via the web site. I even offered to write the KB article, but this offer was declined, so I left it at that.

The issue might have just been forgotten, except that there was a little problem. It turns out that the fix, while getting rid of the GDI handle leak, had the side effect of killing the theme service. For me this was not an issue as I had turned the theme service off. But for those who wanted to use the service, and wanted to use long-running MFC applications, the only solution was to remove SP2.

I reported this through every channel I could think of, and thus far, I've had no formal reply, or a formal fix to this problem. The good news is that someone else I know has also reported this and has been sent a working hot fix. Interestingly, when he first called, Microsoft apparently were unable to trace my earlier problem report. But whatever, I now have this and it does indeed solve the issue!

The hot fix comes in a file called WindowsXP-KB319740-x86-enu.exe. You might think that this fix related to the KB article 319740 - MFC Applications Leak GDI Objects on Windows XP and it does. At present, the KB article refers to the original bug and it's original fix (rolled into SP1). There is an updated version of the fix that applies to SP2 - but the KB article has not been amended to reflect the issue. I assume that MS will be updating this KB at some point.

This whole incident leaves me less than delighted. It also raises some questions. First, how could a bug fixed in SP1 be re-introduced, and not be caught? Was this just a source code management issue (and if so, how many more errors are there lurking)? Or was it due to other changes made at SP2 and if so, why did MS not catch it during routine testing? Doesn't MS re-test earlier bug fixes to ensure they are rolled up in later SPs? And finally, what does a customer have to do to ensure that bug fixes actually result in proper documented fixes?