Introduction to spyware

Microsoft has just published an Introduction to spyware. A most useful intro to the subject - I recommend passing on the link!

OneNote 2003 Service Pack 1 Preview

Microsoft have released a beta of OneNote 2003 Service Pack 1. This is a preview to what is, in effect OneNote V2 - as I understand it, the OneNote team is doing a full rev of OneNote to be shipped with Office 2003 SP1, sometimes later this year.

So go get the beta and play - I've found it very stable and I like the new features!

How to convert your Windows Server 2003... to a Workstation!

I run Windows Sever 2003 on my laptop. While to many this seems crazy, you have to understand that I do a lot of work on server - I write about it, I lecture on it, I play with it. And as I'm on the road so often, running the server edition just seems to make sense. But it's NOT Windows XP.

In general, I totally agree with the decisions to make server 'different' - remove games, etc, etc. If anything, I was highly vocal in the beta forums to make it so!! But having said that, I still run Server on my laptop and really would like to get some of the workstation functionality. I've worked out most of the tricks to make Server behave sensibly (eg play sound, burn CDs, etc), then I stumbled over the site: How to convert your Windows Server 2003... to a Workstation!

This is pretty much the definitive source on how to get your server OS to run like a workstation. If you are a geek like me, this is a great site. But remember: this stuff is NOT supported!!! It is, however, cool!

MSH Just Gets Cooler!

I've written about Microsoft's new command shell, MSH, in the past, but as it evolves, it just gets cooler!

MSH is an all new approach (from Microsoft!) to a command shell. MSH (Monad Command Shell) combines the very best of the key command shell concepts from Unix (e.g. the pipeline, proper control structures, variables, etc.) with .NET (objects with meta-data and evidence). Microsoft demonstrated this at PDC last October, and provided a first look. Google for the impressions - I know I was excited!

Since then, a lot of good thinking, and development, has been done and MS have released an updated version of MSH to testers. I've been playing with it bit and I'm blown away. It needed an update to the .NET Framework. But most surprisingly, I was able to remove the earlier PDC version of the .NET framework, and deploy the updated version flawlessly - and without a reboot.

The first think I noticed is that the syntax has changed in one big way. In the PDC version, cmdlets and verbs were separated by the "\" character. It's been changed to the "-" character. At first sight, this looks strange. I guess I've always seen the "\" as a separator while "-" is not - in my COBOL days, variables like process-get would have been just fine. I guess I'll have to get used to that!

I continue to be impressed at the very clean and slick architecture of both the cmdlet and the cmdlet provider. Cmdlets, the heart of MSH, are little programs that do useful things. They take input, and create output - via the MSH pipeline (or stdin/stdout). Cmdlets provide both a great development environment and to provide consistent user experience.

The Cmdlet provider architecture take this one step further. Cmdlet Providers expose a set of base classes to the MSH Provider architecture. This architecture includes standard cmdlets that act on the classed exposed via a provider. Each cmdlet provider offers a consistent name space that can be navigated by a huge number of standard cmdlets.

If this sounds Greek, think in terms of there key cmdlet providers: the registry, the file system and the active directory. With these cmdlet providers you can obtain information about the components of these data stores in a consistent way. For example, you can type 'DIR' in the context of any of these providers and get a list of their children (OUs in AD, keys in the registry, and files/folders in the file system providers).

So what you ask? Well, with the registry provider, you could write a script to open an OU in the AD, get all the children (e.g. computers, users, etc.) and use the properties of those objects to perform some administrative function. You could do a bulk password reset, for example.

Cmdlets take as input .NET Objects and produce objects. Thus a cmdlet can use the .NET Framework to access the objects consumed and produced. The cmdlet can obtain all the necessary meta-data about the object, which sure beats the prayer-based parsing you used to have to do.

One very neat aspect of the latest version of MSH is the win32-to-ShellObject.msh script. This cmdlet takes 2 arguments: a command and a hash table consisting of a regex production rule to find objects and a set of regex produce rules to find the properties of those objects. This enbles the cmdlet how to parse the output of the command. For example, this is a sample script shipped by Microsoft to handle the ipconfig command:

#
/********************************************************************++
# Copyright (C) Microsoft Corporation, 2003
# Project: Monad Shell
# File: get-ipconfig.msh
# Contents: Convert the output of ipconfig.exe to MshObject
# History: 20-March-2004 kumarp Created
#
--********************************************************************/
# the template for ipconfig output that covers both the no-arg case and /all case
#
$rxIpAddress = '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+';

$ipconfigTemplate =
@{ 'ObjectHeader' => '^([^ \t][^:]+):$';
'Fields' => ( @{ 'Pattern' => "^ Subnet Mask (`. )+: (?$rxIpAddress)" },

@{ 'Pattern' => "^ (Autoconfiguration )?IP Address(`. )+: (?$rxIpAddress)" },
@{ 'Pattern' => "^ DNS Servers (`. )+: ?(?($rxIpAddress)?)";
'Type' => 'string';
'Array' => 1;
'MultiLine' => 1;
'Name' => 'DNSServers';
'MLPatterns' => ( "^[ ]+(?$rxIpAddress)" );
},
@{ 'Pattern' => "^ Default Gateway (`. )+: ?(?($rxIpAddress)?)" },
@{ 'Pattern' => "^ DHCP Server (`. )+: ?(?($rxIpAddress)?)" },
@{ 'Pattern' => "^ Primary WINS Server (`. )+: ?(?($rxIpAddress)?)" },
@{ 'Pattern' => "^ Secondary WINS Server (`. )+: ?(?($rxIpAddress)?)" },
@{ 'Pattern' => '^ Connection-specific DNS Suffix (`. )+: ?(?([a-z\.]+)?)' },
@{ 'Pattern' => '^ Description (`. )+: ?(?[^\n]+)' },
@{ 'Pattern' => '^ Physical Address(`. )+: ?(?[^\n]+)' },
@{ 'Pattern' => '^ DHCP Enabled(`. )+: ?(?[^\n]+)' },
@{ 'Pattern' => '^ Autoconfiguration Enabled (`. )+: ?(?[^\n]+)' },
@{ 'Pattern' => '^ NetBIOS over Tcpip(`. )+: ?(?[^\n]+)' },
@{ 'Pattern' => '^ Lease Obtained(`. )+: ?(?[^\n]+)' },
@{ 'Pattern' => '^ Lease Expires (`. )+: ?(?[^\n]+) }' }
);
};

call-command win32-to-ShellObject.msh 'ipconfig.exe /all' $ipconfigTemplate;

The regular expression, stored in $ipconfigTemplate, tells the cmdlet how to parse the output of ipconfig /all, and how to package that into an object for later in the pipeline.

COOL

MSH seems to me to combine the very best from the Unix world, with the rigour of .NET. Microsoft really, really, really should consider delivering this before Longhorn ships! I can see three reasons for shipping early:

1. It helps in the battle against Linux/Unix. It's just one less argument against Windows - we now have the most powerful shell approach in the world, based on .NET. If you get the inside techies excited about .NET the rest will follow.

2. It really helps in the migration. Yes, SFU is cool, but it needs to be rolled out, and requires (yet another) another service to run. I'd like to see migration to an all-Windows environment as quickly as possible.

3. It provides a consistent way of doing all administration. Consistency is something that most administrators like, love, and sometimes find missing.

MSH is cool...

Telegraph newspaper online RSS feeds

RSS (Really Simple Syndication) is a method of creating and distributing content, from publisher to reader. RSS is based on XML. An RSS feed offers a set of articles, each of which contain a headline, links, and an article summary. The publisher creates articles which are added to feeds dynamically. For example, when I post this web log entry, both the Blogger website and the RSS feed will be updated. RSS content can include web logs, community sites (e.g. Slashdot), news sites - basically any site that regularly updated content and wants to distribute those updates as discreete units. The reader can use an RSS reader program to obtain and display RSS feeds from publishers across the Internet (and intranet for that matter). I've been using using the FeedDemon as my RSS reader. If you are interested in a large set of feeds, take a look at Syndic8.com for a directory of over 10,000 publicly available RSS feeds.

A neat set of feeds are now available from the Daily Telegraph. This is cool in that I can get the key headlines into my RSS reader - and pretty much do away with hard copy news papers.

Today, this feed is free - but I can't help wondering if there isn't a way that the Daily Telegraph might be able to charge for some of this? Personally, I'd be happy to pay a small fee per article, say 1-2p.

I won $20 from Steve Ballmer

I've been at the MVP summit in Seattle this week. Today was the Executive day - we had talks from Lori Moore, Eric Rudder, Rich Kaplan, and Steve Ballmer. After each talk, questions were taken from the floor. After Steve's ROUSING talk, I got to ask a question. I was enquiring about the progress of patch management.

At TechEd last year, Scott Charney said "By the end of the year, instead of eight installer technologies we will have two, one for operating systems and one for applications." I was asking Steve for his views on this.

At last year's summit Robert Scoble won $1 from Steve, and had it signed, for asking a good question. So somewhat cheekily, I asked if the question was worth a buck? He said sure, reached into his pocket, fished around, and then said: "This might be your lucky day" - handing me over a $20. Thinking quickly, I got him to sign it too. When I get back to England I'll post the photo of the bill. I'm not sure how to get him his $19 in change - all suggestions welcome.

You gotta love this company.

Stockholm Security Slides

I was in Stockholm this week giving two talks on IPSec and Perimeter Security. As promised, I've uploaded the slides. The IPSec talk is at www.reskit.net/stockholm/ipsec.zip while the Perimeter Securiy talk is at www.reskit.net/stockholm/perimeter.zip

I'll post more details on the sessions later!

Sawmill log analysis program

Sawmil is a neat log analysis program. I use it to analyse the hits to this blog.

Sawmill runs as a web server (on a local port) and can read my web log hit logs and gives me a great view of the traffic. What I find most interesting is where I'm getting hits from - I can see other blogs that refer to mine, etc.

Sawmill is a neat product!

Chris_Pratley's WebLog - an interesting read

I came across Chris_Pratley's WebLog the other day - it's a good read. Chris is Group Program Manager for Office Authoring tools, which includes OneNote. one of the guys who runs the OneNote product. His blog contains some great insights into the how and why's of OneNote.

OneNote is an incredibly cool tool - it reminds me a bit of some of the outlining tools I used in the mid-80s. I use OneNote today fairly heavily to organise my thoughts. I suspect that if I ever get a tablet, I'd use OneNote a lot more!

Ten Technical Communication Myths

I came across this article, Ten Technical Communication Myths, on a technical writer's web site. Very well written, it looks at some of the common myths surrounding technical writing.

I particularly love Myth 2: Sans Serif Fonts are Always More Legible Online. It turns out that there are other factors to consider, including the legibility of the page design, line spacing and width, word/character spacing, type size, plus whether tricks like ant-aliasing is being used. So sure, type font is important, but so are the other factors. When we forget this, our communication suffers.

Speaking about Security

It turns out, I am speaking on security this coming Thursday night in London. Come along - it should be a fun evening.

FeedDemon Ships

For a lot of personal reasons, I've been absent from blogspace for the past couple of months. Not that anyone noticed . In trying to get caught up, I came across an interesting product release!. It may be be old hat to some of you - but I only noticed yesterday that Nick Bradbury's most excellent Bradbury FeedDemon - an RSS newsfeed Reader for Windows has finally been released.

You can download a trial copy. If you like it, you can purchase the license and upgrade your trial copy to a full version. This product was so good in beta, that as soon as I noticed it, I bought it over the web and am now a very satisfied customer.

One interesting thing - I ordered the product for over the web download and activation, with a US$ credit card, but with a UK address. The site charged me VAT (at the correct rate of 17.5%). But when I entered my VAT number (I'm still VAT registered) and the VAT disappeared. This makes it easy - no VAT to pay or recover. But I like FeedDemon enough that I'd have paid the VAT inclusive price.

The joys of trans-national e-purchasing!

Witty Worm Targets Black Ice users

This is another new twist with the a Netcraft: Witty Worm targeting Black Ice users. What's nasty about this particlar attack is that it also can disable a machine. The way it does it means you can be infected and sugger damage long before you really become aware you have an issue.

Just more proof, as if it's needed, that users need to keep bang up to date and that defense in depth is a useful strategy. I suspect a lot of home users will get stung by this, and won't even know how it happened.

ISO Recorder Power Toy for XP

The ISO Recorder Power Toy is a cool tool written by MVP Alex Feinman. It allows you to read and write ISO images to/from CDs. Thus, you can grab an ISO image of a CD, store it on a disk, and later burn the ISO image. A simple tool - but most useful.

Sadly, this tool does not work on Windows Server 2003, which has updated the CD burning facility. The tool only works on Windows XP.

InfoWorld says Microsoft is to delay SQL Server, Visual Studio upgrades

In an on-line article, InfoWorld are reporting that Microsoft is to delay the launch of SQL Server Yukon and Visual Studio Whidbey. The delay, according to Infoworld will be till the first half of 2005, a delay of as much as 6 months. It looks like there will be an additional beta cycle for Yukon, which accounts for this delay. It remains to be seen what impact this delay will have on other products that are depending on Whidbey (for ASP 2.0) and on Yukon (e.g. SPS, CMS, CS).

Virtual PC 2004 vs. VMWare 4.0 Performance

I'm a real fan of VMware and VPC - I love what you can do with these tools. I've always felt VPC was slower, but this performance review demostrates it.

MyDoom.b - even smart people do dumb things

I've just had some email regarding the latest internet worm. One was from someone I know telling me his brother had just become infected and the other was from Microsoft getting the word out about this wom. I'd have ignored the second mail, had I not got the first one.

Basically, what is clear by this virus/worm is that even smart people can do dumb things at times. With that in mind, I have no hesitation in passing on the advice I got from MS. If it helps just one person, its worth.

So why not take a quick peek at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/alerts/mydoom.asp.

MBSA 1.2

MS has today announced a new version of Microsoft Baseline Security Analyzer (MBSA).

This new version provides better language (ie non-American!) support, plus support for Exchange 2003, MS Office, Microsft Java Virtual Machine, B iztalk, Commerced Server, Contene Management Ser ver and Host Integration Server, MSXML, MDAC. MBSA solves a number of other problems too!

A useful upgrade, but where's SUS 2, MSI 3, etc??

Using Adminpak.msi to Install a Specific Server Administration Tool

In Windows 2000 (and 2003!) you can install the MMC snapins on your computer by runing adminpak.msi. One question that I've seen, but never managed to work out was a simple way of adding one, but not ALL the snapins. It turns out that it's not all that difficult, according to KB article 314978 - How To Use Adminpak.msi to Install a Specific Server Administration Tool in Windows 2000.

The format is not overly friendly. For example, to install the DNS console, you'd type:

msiexec /i adminpak.msi ADDLOCAL=FeDNSConsole /qb

Cool .NET Linking Tool

Now this little tool: Remotesoft's Salamander .NET Linker is pretty cool. It allows you to link .NET assemblies, including system files, into a single file. Once linked, you can deploy your applu without installling the whole .NET Framework.

The tool links MSIL code on demand putting together only the required classes and methods. The tool then builds a minimum set of the Microsoft .NET runtime to ship with your application. This usually results in installation size substantically smaller and faster then traditional .NET apps.

And by linking them this way, it's easier to obfuscate the code. A neat tool!