Monthly Archives: May 2008

Featured in FUD Watch

Recently I took issue on my About.com Internet / Network Security site with a ’study’ published by a security software vendor which alleged that Microsoft’s Windows Vista operating system has weaker security than Windows 2000. The study, in my opinion, pulled a few magic numbers out of context and tried to use them to build [...]

Comcast Hijackers Expose Flaws in Internet’s DNS

Teen hackers Defiant and EBK apparently used “social engineering” to disrupt Comcast Web sites and redirect user e-mail. Defiant and EBK used the Domain Name System and registrar Network Solutions to reroute and deface Comcast sites. Defiant and EBK took comcast.net down for more than two hours and put obscenities in the WHOIS information.

http://www.data-storage-today.com/story.xhtml?story_id=13200CUXO3OC

See also:  How was Comcast.net hijacked? http://www.newsnow.co.uk/A/278825466?-18613

Hacker Changes Mars Lander’s Web Site, Redirects Traffic

A spokeswoman for the Phoenix Mars Lander mission says a hacker took over the mission’s public Web site during the night and changed its lead news story.

Spokeswoman Sara Hammond says a mission update posted Friday was replaced with a hacker’s signature and a link redirecting visitors to an overseas Web site.
http://www.foxnews.com/story/0,2933,361170,00.html

Alex Wins his Berth to the State Track Meet

Despite a strong wind that seemed to come from all directions at once JOMS-600x200sometimes, Alex met the challenge today and qualified for a trip to the State Track meet at the Jesse Owens Memorial Stadium on the grounds of Ohio State University.


Alex qualified with the exact same time that he qualified for the Regional Finals with — a time of 50.77 seconds in the 400m.  He came in 3rd place, and he's the only Junior (11th grader in High School) to move on to the State tournament (all of the others to qualify were Seniors).


Here's the video of his run (listen to how hard the wind was blowing)…



If you know, or have ever met, Alex, you know that he's a tall, lanky fellow.  So, seeing him in the 3rd place position on the awards blocks was kind of funny.  Even Alex Trent 3rd Place Ohio Regionalthough he's in the 3rd place spot on the block, his head is still on the same level as the 2nd and 1st place finishers.  Notice the 1st place winner, though.  Alex and I both really liked the uniforms this team wore.  The emblem on the chest of the uniform makes them look like superheroes.  How can you *not* be intimidating wearing a superhero costume?  Alex indicated he may try to talk his coach into new uniforms for next year.


Alex's height has always been a plus, because being tall usually means you're generally not fast.  This causes other runners to underestimate his speed.  Today, however, his height was a detriment because he had a much higher profile to the wind, which slowed him down considerably.  So, you can understand a bit what a feat it was to finish even 3rd.  He said that at times he felt he was moving in slow motion.  He felt he was in one of those dreams where you run as fast as you can but don't get anywhere.


Yet, here's our boy, wearing his Regional hardware (bling) proudly:


Alex Trent Regional Winner


He didn't take it off for several hours even after we made it back home today. JOMS-statue And, incidentally, he's still wearing his track uniform.


After the race the local newspaper grabbed him for an interview.  Alex said he gave them the standard sports comments like "I'm pleased to do well today" and "I'm really excited to be moving on".  Funny guy.  So, I should have more to post tomorrow about this when the local paper releases.  What's interesting is that his interview will be in the Sunday paper — the biggest paper of the week.  That should get some additional attention from potential colleges.


So, yeah.  We're off to Ohio State University on Thursday of this week.  Alex's  qualifying run is on Friday, June 6th, at 3:10pm.  If he finishes in the top 4 of his heat on Friday, he'll run again on Saturday, June 7th, at 2:05pm.  We're going to make a fun, family weekend of it.


If you happen to be in the Ohio State area either of those days, drop by and look us up, and sit down to watch our boy run.  We'll be in Building 092 on the Ohio State campus.


athletics


Located on Fred Taylor Drive, north of Lane Avenue, Jesse Owens Memorial Stadium is the newest addition to The Ohio State University Department of Athletics’ aggressive campaign to upgrade and build state-of-the-art facilities for competition.

The 10,000-seat Jesse Owens Memorial Stadium arguably is one of the finest multi-sport facilities in the country, hosting track and field and lacrosse in the spring and soccer in the fall.

 


 


 


Jesse Owens Memorial Stadium JO
Building 092
2450 Fred Taylor Dr
Columbus, OH 43210

Blackberry Refuses To Spy For India

Research In Motion, the company that makes the Blackberry phone, has refused demands by the Indian government to decrypt suspicious text messages.

There are only around 115,000 Blackberry users in India, but they’re causing the government a problem. It seems that the country’s security services and department of technology haven’t been able to unencrypt text messages sent on the Blackberry, and they’ve asked Research In Motion (RIM), the Canadian company that makes the device, for the master key, worrying that criminals and terrorists might take to the device.

http://news.digitaltrends.com/news-article/16814/blackberry-refuses-to-spy-for-india

Blended Threat from Combined Attack Using Apple’s Safari on the Windows Platform

Microsoft Security Advisory (953818)
Microsoft is investigating new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari for Windows has been installed. Safari is not installed with Windows XP or Windows Vista by default; it must be installed independently or through the Apple Software Update application. Customers running Safari on Windows should review this advisory.

At the present time, Microsoft is unaware of any attacks attempting to exploit this blended threat. Upon completion of this investigation, Microsoft will take the appropriate measures to protect our customers. This may include providing a solution through a service pack, the monthly update process, or an out-of-cycle security update, depending on customers needs.

Mitigating Factors:

•    Customers who have changed the default location where Safari downloads content to the local drive are not affected by this blended threat.

http://www.microsoft.com/technet/security/advisory/953818.mspx

Broadcast Flag Follow-up

I’ve been attempting to learn about the Broadcast Flag over the past few days, and instead of focusing on what it can/can’t do I decided to look at a few other things.



First of all, I want to say that I believe the issue early this month with NBC was a total fluke.  I think a lot of people are getting bent out of shape considering this has been and continues to be a onetime bug not reproducible by anyone at Microsoft, NBC, EFF, etc.  This is compounded with the lack of understanding between different technologies, mainly Copy Generation Management System – Analog (CGMS-A) and the Broadcast Flag.  The Broadcast Flag only applies to Over the Air (ATSC) broadcasts.  It doesn’t and can’t apply to NTSC, CableCARD, etc.  It is understandable that people are upset when something like this happens (especially with the longstanding CGMS-A issues, and CableCARD issues that mostly appear to be software conflicts), but everything needs to be kept in check.



With all of that said, this whole situation doesn’t match up.  On Microsoft’s side first, they said “Microsoft included technologies in Windows based on rules set forth by the (Federal Communications Commission).”  CNET published the story under the title “Microsoft confirms Windows adheres to broadcast flag” despite the fact nothing they published from Microsoft said “Broadcast Flag.”  It is also worth noting that the FCC doesn’t have any rules on the Broadcast Flag.  Ten days later CNET published a follow-up story refuting parts of their previous story quoting Microsoft as saying “Please note that Windows Media Center does not support Broadcast Flag.” 



Cut to NBC’s side of things, CNET reported that NBC “made an inadvertent mistake” and “incorrectly flagged” the shows in question and they later reported that “It was a CGMS-A flag, not a broadcast flag.”



Where does this leave us?  With a seemingly rare occurrence that can’t be reproduced.  Microsoft says the Broadcast Flag isn’t supported, NBC says they didn’t put the Broadcast Flag on and instead they magically enabled CGMS-A(nalog) on a pure digital ATSC broadcast.  These two bits of information are where things actually get interesting.



NBC first, they are saying they enabled CGMS-A, an analog (NTSC) copy protection technology on a non-analog (ATSC) broadcast.   In NTSC, the CGMS-A bits are broadcast in Vertical Blanking Interval (VBI) which also carries closed captions, V-chip data, and other digital data.  However, best I can find there is no standard for CGMS-A in ATSC broadcasts.  There is a VBI extension for ATSC, but based on the specs it doesn’t support CGMS-A.  Can CGMS-A even be put on ATSC?  Based on what I’ve seen the answer would be no.  If this is the case, it leaves NBC with no idea what really happened on the broadcast end.  If it was somehow CGMS-A on ATSC it would also seem to be a onetime occurrence that has ever been reported before.



On Microsoft’s side, the question is does Windows support the Broadcast Flag?  Microsoft says “Windows Media Center does not support Broadcast Flag,” but there is more to the story then that.  Who knows what the software truly supports, but Microsoft has developed for the Broadcast Flag in the past.  Most notability while developing for Vista which would be prior to the time it was officially stuck down.



Microsoft’s position on the Broadcast Flag is simple and is even semi-outlined in a 2003 document.  Basically it boils down to we will support the Broadcast Flag if it is created with us in mind.  This is exactly how I would expect Microsoft to deal with it in a world of digital video on the Internet and Microsoft wanting to push their Windows Media technologies.  It is no secret, Microsoft supported CGMS-A in Windows Media Center way back in 2002 and now they are the only PC-based platform with CableCARD and pending DIRECTV support.  It is a game that Microsoft knows how to play, and it pays in the end (it also helps grow their digital download aspirations, Microsoft TV division, etc).



Other interesting bits are the ASF specs which reference and start to define how to deal with the “Broadcast Flag” (I’m assuming that’s proper Broadcast Flag and not general flag in a broadcast).  And then there are the PBDA PowerPoint’s from Vista, which show a nice block diagram of 8VSB demodulation (which is ATSC)  with the Broadcast Flag clearly being detected with dealt with.

image


Since Microsoft really never published any of the in-depth specs for PBDA type stuff we don’t know for sure if Windows does “support” it, or rather if Broadcast Flag support is in the live implementation.  I’m not trying to scare anyone or suggest Microsoft wants to kill access to all of your media (they want the opposite), but I think it is important for everyone to understand what can be done.



While I haven’t had the time to do in-depth research on the Broadcast Flag in general, I do see that the issue between NBC and Microsoft from a few weeks ago is appearing to be nothing but a fluke.  I’m interested to see if anything like this (copy protection on ATSC) happens again, but truthfully the situation is looking more like a single rare occurrence to me than an issue with the Broadcast Flag.

OpsMgr 2007 : Des extensions pour Cross Plateform

Pour Rappel, Cross Plateform monitoring est une future fonction d’Operations Manager 2007 permettant d’intĂ©grer nativement la supervision de serveurs Linux et Unix. Ă  ce jour, 4 plateformes sont supportĂ©es (HP-UX, Red Hat Enterprise Linux, Sun Solaris et SUSE Linux Enterprise Server).


Alors que ce produit très prometteur n’en est qu’Ă  sa version bĂ©ta, l’Ă©diteur Xandros a dĂ©jĂ  annoncĂ© des extensions Ă  l’offre Cross Plateform permettant la prise en charge de MySql, Apache, Tomcat, …


J’attend tout cela avec impatience [:D]

Useful SharePoint Designer custom activities

I was searching projects in codeplex.com and found an interesting project called Useful SharePoint Designer Custom Workflow Activities where you can find:

  • Send Email with HTTP File attachment – Allows sending emails with attachments retrieved using a web request
  • Send Email with List Item attachments – Allows sending list item attachments as files attached to an email
  • Start Another Workflow – Starts another workflow associated with a list item
  • Grant Permission on Item – Allows granting of specified permission level on a spicified item
  • Delete List Item Permission Assigment – Allows deleting of specified permission level assigment for a given user
  • Reset List Permissions Inheritance – removes any unique permissions assigned to an item by inheriting list permissions
  • Is User a member of a SharePoint group – Checks if a given user is part of given sharepoint group
  • Is Role assigned to User – Checks if a user role is already assigned on the current list item
  • Lookup user info – allows to lookup properties in site’s user information list for a given login
  • NEW! Copy List Item Extended Activity – Allows copying/moving list items and files cross site.
  • NEW! Send Email Extended – Enhaced version of the OOTB activity. Allows you to specify the sender. Also does not break links in body.

And also there are a few activities related to working with InfoPath. Not so long ago I was writing code to read and write values inside InfoPath forms on current Workflows. So, these activities are very useful.

  • Get InfoPath field inner text
  • Get InfoPath field inner xml
  • Set InfoPath field inner text
  • Set InfoPath field inner xml

Kudos to Paul Kotlyar’s

OpsMgr 2007 : Présentation Disaster Recovery

Voici un webcast de Satya Vel et Starr Parker qui montre les mĂ©thodes de rĂ©cupĂ©ration d’une infrastructure Operations Manager.


Un très bon webcast à ne pas manquer.


Téléchargement ICI.

Alex is going to State!

Alex pulled it off, even though we have 40 mph winds here today. Sunny, just windy.

He placed 3rd which gives him a berth at state.

I’ll post photos and video later, along with the whole story.

How many files ??

Windows Defender told me it scanned 12,843,673 objects !!!

scan statistics

Admittedly that included another drive with Win 2008 on it, but that’s still a lot of files.  I noticed that the objects includes the contents of help files including MSDN. Even still, I figure it would take me half  year to look at each of them for just one second !!

So this got me curious as to how many files there are on my Vista drive. It has Visual Studio, Office and some other stuff. 

At root level, there’s over one hundred and forty thousand files (140,000) and nearly twenty thousand folders !!  Twenty thousand folders I thought, nah couldn’t be… that’s crazy.  So I looked around a little more..

The windows directory tree contains over 70,000 files and about 14,400 folders !   14,400 folders… you’ve got to be kidding me ….

The windowswinsxs directory tree has 41,400 files and 10,560 folders !  All this sxs compatibility sure does take up a lot of space and folders.  But there’s still 3,800 or so folders elsewhere in the windows tree…

There’s almost a thousand folders inside the WindowsSystem32 tree, but turns out the main source in there is almost 700 that are in the DriversStore, (again a compatibility thing).  Of the remaining 2,800 folders or so in the windows tree, Microsoft.Net was 100,  the Inf tree was 220 or so,the installer tree about 100 or so, etc. The remaining big one was the Assembly path (aka the GAC) which had almost 1,700 folders !!

Sure does seem a lot……..

a snake ?


 


Nah, a blue tongue lizard. But when you first see them and only see their head or part of their body it’s hard to tell.  I saw this guy while I was cleaning up in one of the windbreaks. Being the start of winter he was pretty slow, so I could grab my camera and take a few pictures. He hissed a couple of times, but wasn’t into showing off so I couldn’t get any photos of why they get their name ;)


 




 


The are well camouflaged in the leaf litter, just are many of our snakes. More often that not it’s the tell tale rustle of the leaves that gives them away:


Playing with Office ribbons

The new Microsoft Office ribbons are an interesting feature, yet they take up additional
screen real estate. A small,yet nifty trick will allow you to hide the ribbons and un-hide
them when needed: Simply double click the label of a ribbon.

Once you do so, the document you are working on receives the additional screen real estate
and the ribbon can be brought back into view by clicking the label of the ribbon you need.

Once the option that you want to use has been clicked and you return to your document the
ribbon disappears. To bring the ribbon back simply double click the label again.

image

Works with Tool for Windows 2008

 

The “Works with” tool is a time and cost-saving resource for developers and IT Pros to determine application readiness on Windows Server 2008. Within two to four hours the tool compares an application with Microsoft’s application compatibility criteria and provides a detailed summary. The “Works with” tool can be applied to both commercial and custom in-house developed applications and helps provide IT Professionals increased confidence to deploy applications on Windows Server 2008.

Download

Sysinternals tools Live!

Sysinternals was a company (that got bought by Microsoft) that has created a huge
number of troubleshooting applications for Windows. It is very likely that if you have ever
been engaged in troubleshooting a Windows system you have used one of their tools to
find the problem affecting the system.

The major issue I had with these tools that you actually needed to have them around with you
when you needed them – which in time of need you never had. Now, Microsoft and Sysinternals
have made these tools available to be started from the Internet (no more file hunting) at:

http://live.sysinternals.com

The first file in the directory is a text file that explains what they are trying to achieve through this
site:

What is this?

This is a file share allowing access to all Sysinternals utilities. We have developed this to test an alternate distribution mechanism for our utilities.

This will allow you to run these tools from any computer connected to the Internet without having to navigate to a webpage, download and extract the zip file.

If you are unfamiliar with Microsoft Windows Sysinternals, it is highly recommended that you visit the website at http://technet.microsoft.com/sysinternals before using these tools.

If you have any questions or comments on this file share, please email syssite@microsoft.com

Regards,

The Microsoft Windows Sysinternals Team

 


If you want to run one of their tools, instead of having to download the tool from the homepage,
you can use the following syntax at a RUN command:


\live.sysinternals.comtools<toolname>


 


An additional interesting option is to add this location is a Network Location in Vista. This
way you will always have a folder available to you under the Computer icon with the latest versions
of the tool:


  1. Double click the Computer icon
  2. Right click an empty space and choose: ‘Add a Network Location’,press Next
  3. Select ‘Choose a custom network location’ and press next
  4. In the text box enter:\live.sysinternals.comtools and press Next
  5. Choose a name for the location and press Next
  6. Press Finish

image

Iomega Super Ego 1TB hard drive

You can never get enough storage…Iomega released a 1TB external hard drive
encased in a sleek looking box in three different colors,apparently all out of stock:

image

Windows 7 multi-touch

The rumor of Windows 7 making an appearance at D6 has actually tuned into
reality. The major discovery, except the slightly enlarged taskbar that we are not
allowed to talk about, is that multi-touch features will be natively built into the OS.

Multi-Touch in Windows 7
Multi-Touch in Windows 7

Considering this and keeping in mind that iPhone and Surface already use this technology
I think that we might actually be looking at a small revolution in the field of interaction with
computers.

Touch screens have been around for quite a while, yet with multi-touch (after having the
pleasure to experience the Surface for the first time this week) you will be able to achieve
tasks faster in comparison to “older” interface tools such as keyboards and mice.

Details on the SDK will be released at the PDC (October).

HTC Touch Diamond

Wouldn’t mind playing around with one of these:

image
http://www.htc.com/www/product.aspx?id=46278

Free Acceleration Missions!

While work is still in the early stages for the next installment of MS FS, the designer gurus Paul Lange and (my good personal friend) Brandon Seltz have published a set of free race missions to complement the missions found in the Acceleration expansion package! Inside you’ll find a mission for the T-6 and Sport classes at Reno, each utilizing different pylons than those used for the Unlimited class. You’ll find the 3rd mission a bit of a different type of racing – sailplane racing through hoops over scenic Austria.

So be sure to thank these guys for being good stewards to the community the next time you’re in the FSX forums at AVSIM. They’re watching – trust me.

Recent Comments

Archives