I canât believe itâs been over thirteen years since I last wrote about NTFS Alternate Data-Streams.
A lot has changed since then, including the fact that Iâve taken down the site where my download for âsdirâ was listed. But thatâs an old tool, and I donât think we need it any more.
What else has changed is that my wife is studying a number of security courses with the SANS Womenâs Academy, which is an excellent initiative to bring more women into the world of information security, where they, along with the rest of humanity (for whom SANS has other programs), are sorely needed. One of the classes she was studying included a piece on NTFS Alternate Data Streams, or ADS.
An Alternate Data Stream, or ADS, is a parallel stream of data, as the name implies, to the default data stream of a particular file. This default data stream is what most users have spent their lives thinking of as âthe fileâ.
The file is more than just the bytes it contains, in this case. You can go a long way without realising this.
Alternate Data Streams were originally created to support Apple Mac Resource Forks, in files copied from Apple to NTFS and back. Iâm not sure Apple even bothers with them any more, now that theyâve moved to something akin to Linux as their OS.
Created as part of the original NTFS in 1993, these Alternate Data Streams shouldnât be confused with:
Not really easily â at the command prompt, you can use âdir /râ to view the files in your current directory along with all their attendant streams â but you canât combine the â/râ and â/bâ options, so you canât get a really succinct list of all the streams in your system. Hereâs an example listing of a download directory:
In PowerShell, you have more control, and you can even call in to .NET, but you donât need to in order to see file streams. Hereâs a simple command to display just the non-default data streams on files in a particular directory:
Get-ChildItem | Get-Item -Stream * | Where-Object Stream -ne ':$DATA' | Format-Table filename,stream,length
The output this produces looks like this:
Left as an exercise for the reader â how you do this recursively through subdirectories to find all the streams.
The most common ADS on your directory is almost certainly the stream named âZone.Identifierâ, as this is created on every file you download from the web using Internet Explorer, Edge, Chrome, Outlook, or any application that cooperates with Microsoftâs idea of marking files that have been downloaded. If you open Explorer and view properties on a file thatâs been downloaded, youâll see thereâs a checkbox allowing you to âUnblockâ this file, along with a note that it came from another computer. Checking the âUnblockâ box and clicking OK or Apply will remove this Zone.Identifier stream.
This stream is known as the âMark Of The Webâ or âMOTWâ in some documentation, so thatâs another term to use if youâre searching for this stream.
Other stream names I find on my hard drive:
uidStream â I found this on some eBooks in my âMy Kindle Booksâ folder, but whether theyâre specific to the Kindle app, or some other e-reader Iâve used, I canât be certain.
SmartScreen â these are on some downloaded .EXE files, so from the name and file type, Iâll assume this is from virus scanning downloaded EXEs. Since the stream contains just the word âAnaheimâ, Iâm not sure how useful this is.
ms-properties â a binary stream on a few of the JPG images I have on my computer, all of which are photos I took on my Surface Pro.
And some very oddly-named streams on some scanned files, because thereâs just as much of a standard for stream names as there are for file names, and itâs completely a Wild West out there, so the best way to make sure youâre not going to be overwritten by someone elseâs stream is to pick a completely weird and off the wall stream name.
Joking aside, the second of those shows that choosing a GUID is actually a good way to name a stream so it doesnât collide with others â itâs random, and you can make it searchable on the web by documenting it.
Sure enough, if we search for that GUID, thereâs some interesting information to be found at https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fscc/4f3837c4-2f96-40d7-b0bf-80dd1d0b0da0, among other places. This particular GUID is used to include some kind of summary information.
Iâve also read in a couple of places that the Windows File Classification Infrastructure uses ADS to carry information.
It doesnât take much thinking to come up with other uses for alternate data streams. Really any time you might want to associate data with a file, or several files, without bothering the application that might want to read the file. Hereâs some suggestions:
Thinking on this, thereâs a couple of ideas I already have â if I can extract ID3 tags from files and put them into an ADS, itâs going to be quicker and easier to find that information than parsing the entire MP4/MP3/M4A file each time I want to look at the data.
Iâve commented on this before, and Iâve read a lot about how âobviouslyâ viruses will use ADS to hide, or that exfiltration will use ADS to avoid detection, and while thereâs some truth to this idea, I think both threats are overblown.
For exfiltration, the problem is essentially the same as that with using EFS to encrypt a file thatâs being exfiltrated â in order for the data to leave the system, it has to pass through the usual file APIs that your DLP solution is hooked into, and unless your DLP solution is being too smart for its britches, the data will be noticed and blocked. Copying a file from NTFS to FAT or exFAT will destroy the associated ADS data as if it was never there, just as it will destroy EFS encryption.
For virus hiding, while itâs not impossible to execute from an ADS, itâs not particularly easy, and the methods used themselves can trigger your antivirus. To load and execute the data in the ADS, you have to use normal means to load and execute code in a default data stream. And those normal means can be detected by the virus scanner just as easily as they detect any other executable content. If your virus scanner hooks normal load/execute APIs, itâll also intercept the loading and execution of the ADS.
This is probably why thereâs only one virus I found significant information on that uses ADS to hide parts of itself – Backdoor:Win32/Rustock.A â which copies itself into streams off the system32 folder. From the technical description of this virus, itâs also clear that the virus has a fail-back facility for when itâs trying to install itself on a system with no ADS support (really, who installs Windows on a FAT partition? Maybe they mean ReFS, which didnât initially support ADS).
The most likely ADS security threat is still the one for which itâs best known â that of accessing the default data stream of a file by appending â:$DATAâ to the requested filename, and getting around restrictions that an application might have in place.
Years and years ago (1998), this was a trick you could use against IIS to fetch the source code of an ASP page â instead of fetching âpagename.aspâ (which gave you the output of executing the code), youâd fetch âpagename.asp:$DATAâ.
Obviously, IIS fixed this years and years ago, and yet the problem comes up over and over again, in other applications which map incoming requests to files through a simple mapping (file name requested â file name fetched), and which arenât aware of this kind of issue. (On Windows, you can open a file âfor information onlyâ and then query the handle for its canonical name, if you need to write code to get around this â see Writing Secure Code 2nd Edition for details)
So, every now and again, if youâre a hacker and you canât get a file, try getting it with â:$DATAâ at the end of its name.
The command prompt has a few ways to handle Alternate Data Streams with files.
Very limited, as you can tell â you canât do âdir /s/r/bâ to get a list of all the streams, because the /b parameter ignores the /r parameter. You canât directly load an executable from a stream, but you can use another EXE to load it for you (there are examples available online of using WMIC and PSEXEC to do this)
If you absolutely have to remove an alternate data stream from an NTFS file with only Explorer or the Command Prompt, moving it to and from a FAT or exFAT formatted drive (such as a USB stick) will do that, but will also kill any other NTFS properties, such as ownerships, permissions, EFS encryption, etc, as well as killing any audit continuity on the file. I donât recommend this, particularly for those files that you really donât want your name associated with the creation of.
The news is supposedly a little better in PowerShell, which is meant to have built-in support for ADS.
In PowerShell, we use Get-ChildItem to navigate through folders, and Get-Item to look at individual files. Remove-Item is what we use to delete files. Each of these commands has a â-Streamâ parameter, so it seems we are set for our alternate data stream handling.
We can delete a stream from a file as easily(!) as this:
Remove-Item <file> -Stream <stream>
It feels a little weird, but it only deletes the stream, not the file itself.
Seems like this should work to list all streams from our current directory going down, right?
Get-ChildItem -Recurse | Get-Item -Stream * | Where-Object Stream -ne ‘:$DATA’ | Format-Table FileName,Stream,Length
Well, it does most of what weâre looking for.
What it specifically misses is the directories.
Yeah, you can put an alternate data stream on a folder. You canât put a default data stream on a directory, but you can put any number of alternate data streams there.
My PowerShell script wonât find that âwhatnot.txtâ stream. Curiously enough, this is documented at https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-item?view=powershell-5.1 even though itâs clearly an oversight. âThis parameter isnât valid on foldersâ â well, it should be.
Can we use the Remove-Item -Stream parameter to delete streams from directory, even if we canât actually find them using PowerShell?
Sure, but itâs even more scary:
Contrary to what the warning says, the directory and all its children were not deleted, just the stream. Everything is safe and well.
So, what needs fixing?
Oh, yeah, and what on earth is with this lack of support for actual, real, file system features in PowerShell?
And yes, Iâm kind of cheating here, but not much!
Oh, and this folder confuses the command promptâs âdir/r/sâ as well. Note that the directory âAUXâ doesnât have a stream, but when listing the contents of that directory, the directory â.â DOES.
The words, the exploration and examples, the concepts and the thinking, are all shared work between Debbie Lester-Jones and myself.
At some point, when sheâs done with her classes, one of you could be lucky enough to employ her. Or any of the other awesome students of the SANS Womenâs Academy.
Whether itâs âNo-shave Novemberâ or âMovemberâ, thereâs a lot of attention given this time of year to menâs health in general, and cancer in particular.
I donât take part in either of these events, partly because I donât like the way a beard / moustache feels, but mostly because I already spend my November extremely aware of menâs cancer issues.
So, let me tell you, on this International Menâs Day, how my right testicle tried to kill me. Warning â rude words ahead, including the dreaded âc-wordâ.
A little over fifteen years ago, I was living a fantastic life.
A wife, a six-year-old son, a house in a nice suburb of Austin, working from home on my own projects, and making enough money with those projects to justify doing so.
As anyone whoâs ever watched any âfunny home videoâ shows on TV will tell you, the purpose of a six year old is to throw things at your crotch, or to swing things at your crotch, or to hit you in your crotch, or to head-butt you in your crotch.
OK, so thatâs maybe not his sole purpose, but that year it seemed like this was happening more often than usual. It wasnât, of course, but it was noticeable that I was âŠ feeling the impact a little more keenly than usual.
I checked, my wife checked, and we concurred â something was definitely not as it had been. I mean, everyone knows that a manâs testicles arenât the same size and shape on each side, and Iâd been blessed with a particularly disparate pair from my teenage years.
But this was something new â swelling that just increased gradually, and a firmness that was inappropriately placed.
It was time to see the doctor.
Even knowing this, and reading about how badly â and how quickly â testicular diseases can impact men, it was extraordinarily difficult to face the task of picking up the phone, calling to speak to a doctorâs [female] receptionist, and tell them exactly why I wanted to come and see the doctor. Nonetheless, I girded my loins as much as I could, swallowed hard, and made the call.
The key is to remind yourself that this is probably the fifth call that receptionist has received this week on the same topic, and that she wouldnât be working in a doctorâs office if she werenât ready to hear medical terms briefly describing anatomical parts. Iâm surprised how quickly I came to this conclusion, given how many decades it took me to learn that when a doctor asks âso, how are you doing today?â, they actually want to hear the details, rather than âoh, fine, thanks, and you?â
The doctorâs visit was quick and clinical, just what youâd hope for. A flashlight applied to the nether regions, in much the same way you might check a henâs egg for occupants, a little uncomfortable palpation, and a quick inspection of nearby things while you have your underpants down.
âYouâve got a hydrocele,â he said, doing that thing with the rubber gloves where you snap them off, startling an already nervous patient. âA short surgery should fix that.â
Relief. Nothing quite as horrifying or scary as I had expected.
âIâll set you up with a urologist, and weâll get that taken care of in the next couple of weeks. Good luck.â
Iâd never had a doctor wish me âgood luckâ before, and it quite chilled me.
I visited the urologist, got set up for surgery, and discussed plans with my wife.
It was always in the back of my head that this could be something more than merely having a little extra fluid to drain.
So we talked about the C-word. I think of it that way, because on all the forms since, this is the one word the medical establishment goes out of its way to avoid writing in full. There are long words, foreign words, culturally taboo words, and all of them are written in full on some or other medical forms. There are abbreviations, but no word more than this one results in hardened medical professionals ceding to decency and refusing to name it in full:
You kind of guessed that was going to be the result, right?
We kind of did, too, and had discussed the idea that if there was any cancerous signs, that quite frankly I preferred being a living eunuch, if that was necessary, to being a dead, but otherwise intact, cancerous corpse. It seems such an obvious decision to make, but itâs still a very hard one to bring to bear.
And my wife did so on her own.
Because the only way to tell if the testicle looked cancerous was while I was under general anaesthetic in the operating room.
And sure enough, the doctor came out mid-surgery, while Iâm away with the fairies, to talk to my wife about the situation at hand. I can only imagine how that conversation went, so I shanât try to replay it here. I can only express how truly grateful I am that my wife gave consent to do what we had already discussed â to remove that cancerous nasty thing and send it to a lab for study.
So I woke up to a woman looking unutterably upset at the prospect that sheâd had to make life-altering medical decisions, for which I have always been truly grateful. There literally isnât a day that goes by that I wish sheâd made any other choice.
And yet even to this day, it still bothers her â thatâs how upsetting it is to be on the outside of this disease.
It wasnât much fun on the inside, either, to be honest, and thatâs my story which I can tell.
This was all in the week before Thanksgiving, 2002, a year when the first movie featuring an all-CGI Incredible Hulk was being advertised on the TV.
Poor Bruce Banner, strapped to a table, unable to move, while gamma rays coursed through his body under the control of a malfunctioning computer, turning him into the hangriest super-anti-hero ever.
After a trip to San Antonio, during which I felt every pothole on the I-35 from Austin, to have Thanksgiving dinner with my inlaws, we returned home and started observational and preventive treatment as follow up for good ole âtesticular Câ.
First, the tattoos. I have five tattoos now, each one a single dot, in the shape of a cross.
I wasnât exactly strapped to a table, but I was unable to move, while gamma rays coursed through my body, laser cross-hairs ensuring that the focused radiation hit only the right parts of my intestines. They call it radiotherapy, and when you go to an oncologist / radiologist to get radiotherapy in Austin in 2002, you sit in a waiting room surrounded by inspirational photos of Lance Armstrong. Whatever you feel about his drug use while winning the Tour de France competing against others who almost certainly used most of the same drugs themselves, he continues to be inspirational to many cancer survivors like myself, simply for having survived enough to be able to ride a bike.
Testicular cancer doesnât travel across, it goes up â so the process is, remove the testicle, fry the intestines lightly, and monitor the chest with ongoing X-rays just to make sure. Removing the testicle is called an âorchiectomyâ â true story, the orchid plant is named after testicles, because thatâs what the plantâs bulbs allegedly look like. This is why testicular cancer awareness pins are orchid-coloured.
One of the side effects you think of with any cancer treatment is serious nausea, and this is definitely the case with radiotherapy. It makes you feel uncomfortably unwell. American medical care being run by insurance companies, I was given leave to have fifteen anti-nausea pills. For 25 days of treatment. During which Iâd need multiple pills per day.
The only thing to do â snack on saltine crackers, and where possible actually cook some meals at least for my son. Bland food was really pretty much all I could manage. To this day, he quite rightly refuses to eat chicken and rice.
Because my wife had to return to work, and was travelling as a result, I drove myself to appointments, and thatâs probably my biggest mistake in all of this â the American Cancer Society offers free rides to patients attending hospital and doctor appointments, and has many other services besides. Take advantage of them, I donate to them specifically for you to use their services.
After that, every six months to a year, Iâd get a CT scan of my abdomen, and a blood test every month. CT scans are not the most comfortable of procedures, particularly with the iodine contrast dyes.
Once in a while, the person administering the blood test would question whether the test was really for me. On my doctorâs advice, I would ask them to re-check the form. It turns out that I was basically being given a monthly pregnancy test, to ensure the cancer wasnât coming back.
Still more surgeries were in my future over the next year â apparently, skin likes to stick to skin in unusual situations and in uncomfortable ways.
The insurance company raised our rates â presumably in line with regular price rises, but to the point where it was difficult to afford. After all, even back before the ACA, it wasnât right to raise insurance rates just because someone got sick. However, what WAS legal back then was the ability of other insurance providers to call the cancer a pre-existing condition, and to use that as reason to either refuse to sell me a policy, or to jack up the rates. Personal insurance policies are expensive to begin with, but when you canât shop around (or threaten to do so), youâre really out of luck.
And thatâs why I took the Microsoft job, and jacked in my personal business for the most part. Because American health insurance kills the American dream more often than it deserves to.
So, the final lesson â and there always is one â is that if you are a man, aged between twenty and thirty-five, or you know someone who fits, or will fit, that description, know that itâs important to check your health â actually touch and feel your body, particularly your âman partsâ â on a regular basis. When things change in a way that isnât expected, itâs really important to give your doctor a call. That week. Perhaps even that day that you notice it. The person who takes your call has heard it all before â and if you arenât comfortable talking to them, you can actually ask to speak to a nurse, a physicianâs assistant, and even specifically to a man, if thatâs what you need to feel comfortable to cover this.
Your doctor will tell you if itâs important, or something not to worry about. Theyâll give you advice on what to watch for in future, and wish you good luck if you need it.
Above all, donât literally die of embarrassment.
I hate when people ask me this question, because I inevitably respond with a half-dozen questions of my own, which makes me seem like a bit of an arse.
To reduce that feeling, because the questions donât seem to be going away any time soon, I thought Iâd write some thoughts out.
Passwords are important objects â and because people naturally share IDs and passwords across multiple services, your holding on to a customerâs / userâs password means you are a necessary part of that userâs web of credential storage.
It will be a monumental news story when your password database gets disclosed or leaked, and even more of a story if youâve chosen a bad way of protecting that data. You will lose customers and you will lose business; you may even lose your whole business.
Take a long hard look at what youâre doing, and whether you actually need to be in charge of that kind of risk.
If you are going to verify a user, you donât need encrypted passwords, you need hashed passwords. And those hashes must be salted. And the salt must be large and random. Iâll explain why some other time, but you should be able to find much documentation on this topic on the Internet. Specifically, you donât need to be able to decrypt the password from storage, you need to be able to recognise it when you are given it again. Better still, use an acknowledged good password hashing mechanism like PBKDF2. (Note, from the â2â that it may be necessary to update this if my advice is more than a few months old)
Now, do not read the rest of this section â skip to the next question.
Seriously, what are you doing reading this bit? Go to the heading with the next question. You donât need to read the next bit.
OK, if you are determined that you will have to impersonate a user (or a service account), you might actually need to store the password in a decryptable form.
First make sure you absolutely need to do this, because there are many other ways to impersonate an incoming user using delegation, etc, which donât require you storing the password.
Explore delegation first.
Finally, if you really have to store the password in an encrypted form, you have to do it incredibly securely. Make sure the key is stored separately from the encrypted passwords, and donât let your encryption be brute-forcible. A BAD way to encrypt would be to simply encrypt the password using your public key â sure, this means only you can decrypt it, but it means anyone can brute-force an encryption and compare it against the ciphertext.
A GOOD way to encrypt the password is to add some entropy and padding to it (so I canât tell how long the password was, and I canât tell if two users have the same password), and then encrypt it.
Password storage mechanisms such as keychains or password vaults will do this for you.
If you donât have keychains or password vaults, you can encrypt using a function like Windowsâ CryptProtectData, or its .NET equivalent, System.Security.Cryptography.ProtectedData.
[Caveat: CryptProtectData and ProtectedData use DPAPI, which requires careful management if you want it to work across multiple hosts. Read the API and test before deploying.]
[Keychains and password vaults often have the same sort of issue with moving the encrypted password from one machine to another.]
For .NET documentation on password vaults in Windows 8 and beyond, see: Windows.Security.Credentials.PasswordVault
For non-.NET on Windows from XP and later, see: CredWrite
For Apple, see documentation on Keychains
If youâre protecting data in a business, you can probably tell users how strong their passwords must be. Look for measures that correlate strongly with entropy â how long is the password, does it use characters from a wide range (or is it just the letter âaâ repeated over and over?), is it similar to any of the most common passwords, does it contain information that is obvious, such as the userâs ID, or the name of this site?
Maybe you can reward customers for longer passwords â even something as simple as a âstrong account awardâ sticker on their profile page can induce good behaviour.
Length is mathematically more important to password entropy than the range of characters. An eight character password chosen from 64 characters (less than three hundred trillion combinations â a number with 4 commas) is weaker than a 64 character password chosen from eight characters (a number of combinations with 19 commas in it).
An 8-character password taken from 64 possible characters is actually as strong as a password only twice as long and chosen from 8 characters â this means something like a complex password at 8 characters in length is as strong as the names of the notes in a couple of bars of your favourite tune.
Allowing users to use password safes of their own makes it easier for them to use longer and more complex passwords. This means allowing copy and paste into password fields, and where possible, integrating with any OS-standard password management schemes
Everything seems to default to sending a password reset email. This means your usersâ email address is equivalent to their credential. Is that strength of association truly warranted?
In the process to change my email address, you should ask me for my password first, or similarly strongly identify me.
What happens when I stop paying my ISP, and they give my email address to a new user? Will they have my account on your site now, too?
Every so often, maybe you should renew the relationship between account and email address â baselining â to ensure that the address still exists and still belongs to the right user.
Password hints push you dangerously into the realm of actually storing passwords. Those password hints must be encrypted as well as if they were the password themselves. This is because people use hints such as âThe password is âOompaloompahââ â so, if storing password hints, you must encrypt them as strongly as if you were encrypting the password itself. Because, much of the time, you are. And see the previous rule, which says you want to avoid doing that if at all possible.
How do you enforce occasional password changes, and why?
What happens when a user changes their password?
What happens when your password database is leaked?
What happens when you need to change hash algorithm?
I often thought I’d like to have a career in 3D animation, solely so I could send out invoices with the title of this blog post as their content.
It seems a little late for me to choose that career, so I’ll have to use that title for a blog posting about my Surface, now that I am three weeks in to using it.
There’s no secret (or if there is, it’s poorly hidden) to the fact that MVPs visiting Redmond for the MVP Summit this year received a pretty sweet deal on a 32GB Surface 2 and Touch Cover. Along with hundreds of my brethren, I lined up at the Microsoft Store in Bellevue yelling “shut up and take my money!”
As an actual purchase, rather than a complete giveaway, I did have to pass the purchasing decision through my boss. Fortunately, she agreed that it was a good buy, as long as I treated it as a purchase of a toy for me, and stopped trying to persuade her it was a bona fide business investment for the company. Canny woman, my wife, and skilled at reducing arguments to their simplest and most incisive points.
So, a toy it was pitched as, a replacement for my iPad, which I also got for very little money â I won it in a hacking competition. As a toy, I couldn’t expect to get the Surface Pro, which is convenient, because one wasn’t offered.
Does it have the Angry Birds,then? Space and Star Wars versions, yes â Rovio hasn’t been paid to get around to porting the others to Windows 8 yet.
It’s also got Minesweeper and Solitaire, with the added thrill of daily challenges, and an Adventure Mode for Minesweeper that looks a little ripped off from Repton. Mahjong, Jetpack Joyride, Cut the Rope, there’s enough games that while you might find a few individual names here and there that are missing, you’ll be able to replace them with something in the same genre.
The front and back camera make for good Skype use, whether you’re having a face-to-face chat, or showing someone the view out the window.
I can read comics, whether through the dozen or so manga readers, or through the Comics app from Comixology. Books come, of course, courtesy of the Kindle app, and of course there’s a native Amazon app as well, although as usual, it’s hard to get a better shopping experience in an app than Amazon has built into the web version.
That’s right, you actually have a version of Internet Explorer 11 built specially for the touch-screen “Modern UI”, which Microsoft used to call Metro, and which thoroughly needs a new name. This version of Internet Explorer is fairly basic, but fully functional for what most people are going to want it for. For most of what I do on the web, it’s certainly sufficient.
Social media makes its presence felt nicely in the People hub, like on my Windows Phone, where in one place I can keep up with my Twitter, Facebook and LinkedIn friends/followers/minions. I can also post there, although I miss my phone’s ability to post to multiple outlets at once.
If you’ve been paying attention to my gripes about podcast support on my Windows Phone, I have to say that, out of the box, I have the same â or worse âissues with the Surface 2. The native audio player does allow you to create playlists, but infallibly returns you to the start of an MP3 file almost every time you play it anew, apparently whether you played another MP3 file, skipped to a different app, or received a notification. I await the development of a good podcast / audiobook application with support for local MP3s.
On the video front, things are somewhat improved, with the Xbox Video app being the natively supported method to play my MP4s. Sadly, there’s still no subtitle support, as is the case across every single one of Microsoft’s video playing tools â if the file isn’t streaming across the web, with the closed captions in a separate stream, there’s no way to get captions to display. This is a shame, as there is good support for standard subtitles in MP4s on the Apple competition, whether it’s iPad, iPod or iPhone. Microsoft, this can’t be that hard â support accessibility on all your video players, please! [I’m not deaf, but the bus can get a little loud]
The Touch Cover is barely usable as a keyboard â but I’ve added a Bluetooth keyboard to my Christmas wishlist, for the serious typing moments, and the Touch Cover is certainly sufficient for those occasional bon mots on the bus or airplane.
Sadly, Live Writer isn’t available for Windows RT, so I’m not likely to use this for many blogs â although to keep myself honest, I am typing this on the Surface using the Touch Cover keyboard.
To write the blog entry, I’m actually using Word with its blogging template.
Why yes, yes I did â but since the presence of Office 2013 on the Surface was advertised (at least, Excel, PowerPoint, OneNote, Word and Outlook), this was hardly a surprise to me â but it seems like a surprise to many of my Apple-owning friends who are just starting to get excited that Apple have deigned to let them have iWorks on their iPads now.
But the inclusion of Office isn’t the only thing that makes this device veer further into the territory of a non-toy.
I wasn’t really expecting that Windows RT would have a desktop mode. I pretty much thought it would be Modern UI apps and nothing else. That seemed like it would suck, because I can’t then copy files across the network for playing MP3s and MP4s on the bus to and from work.
So a friend of mine set my fears at rest before I bought the Surface, and let me know that there was indeed a desktop, and a Windows Explorer. That was the tipping point to realizing I could get along with my Surface.
Then came the surprises.
There’s a Desktop version of Internet Explorer â and this one is fully functional! It even has “View Source” and the F12 Developer Tools, Microsoft’s best-kept secret in IE for some time now. [On your Touch Cover, you get F12 by holding down the “Fn” key as you press “PgDn”] This means I can carry on my Cross-Site Scripting endeavours on my Surface â which I couldn’t do from my iPad at all.
Also not on the iPad, but present on the Surface, a full version of the Command Prompt â I can run all my old batch scripts. Notepad, too (but no WordPad, sadly). Even, and I can’t imagine using the power of this too much, PowerShell!
Flash Player, as well, which isn’t available on the iPad. Remote Assistance and Remote Desktop, so I can connect to a real computer, something that wasn’t a good experience on the iPad.
Woah, BitLocker? Wow, my hard drive is already encrypted. So too could be the 64GB MicroSD card I’ve attached for extra video and audio storage, again something I can’t do on my iPad.
PerfMon, ResMon, Event Viewer, RegEdit, Windows Scripting Host, all sorts of serious tooling works in the desktop environment. Not Visual Studio, yet, but let’s rememberâŠ this is a toy, not a real laptop.
I use my Surface 2 far more than I ever used my iPad.
Despite a few niggling sharp corners that need to be addressed, it irritates me far less than any Apple device I’ve ever owned. This just cements in my mind that, while there are many people who love their Apples, I’m just not their target consumer. I’m not sure that I’m exactly the target consumer of the Surface, but it’s inspired me and continues to grow on me. I’m even starting to write code for it. We’ll see if that becomes anything in due course.
Java not yet available for Surface – one more advantage.
Looking at my recent posts, Iâve noticed a few things â not only have I been posting very sporadically and randomly, but also Iâve been avoiding talking about a number of aspects of myself that are key to why I maintain this blog.
In an effort to improve on that, Iâm going to start with a quick recap of my biography â not a chronological approach, but a few details to let newcomers know who I am, and old-timers remember my motivations.
This always comes first. I work to support my family. Iâve been married nearly twenty years to a fantastically understanding wife, and with her I have a wonderful seventeen-year-old son who is fast becoming the sort of adult whom Iâd want to be friends with, if we werenât already related.
What makes me prime MVP material, as well as informs the rest of my work, is that I am fascinated with all aspects of technology, from nanotech to 3d printing, quantum computing, cryptography, physics, mathematics â even if itâs unrelated to my own work, or requires tools I canât afford to use, Iâm fascinated by, and try to remain informed about, as much technology as possible.
Sadly, the human brain and attention span can only gather so much information, so thereâs always topics I want to know more about. I think this is the eternal frustration of the technologically inclined.
Iâm also a software developer â practically my first job out of college was to develop for Unix platforms, initially, maintaining and porting Fortran code to that platform. Moved from there to Windows, largely out of cussidness (trying to prove to the world that Windows could run a reliable server), and languages like C++, C#, and a few other languages as time and interest allowed.
Over time, though, it became clear that my code was getting hacked. So was everyone elseâs, but I was unusual in noticing it and wanting to do something about it.
So I became an expert in security. Mostly I did this by reading other peopleâs books, blogs and articles, and then answering other peopleâs security questions, to demonstrate that I understood and could explain.
Then, because I didnât have a career background in security, I had to build one to match my expertise. So I worked my way up âthrough the ranksâ, albeit a little quicker than was expected. Hopefully, that didnât result in too much missed instruction.
As a result, Iâm now a Senior Security Engineer at a large online site. I wonât name them, not because theyâre not proud of me, or Iâm not proud of them, but because theyâve made it very clear that my blogging is not a part of my job, and my job is not to be a part of my blog.
That means, of course, that nothing I say here is to be construed as an indication of my employerâs position (unless I specifically say it is), and that the stories here and on my twitter feed are pulled from general experience, conversations with others in my field, and general places I have worked, rather than my current employer. I have worked at enough places to tell that developers are, on average, the same no matter where you go. So the stories are the same.
The main area Iâm interested in is that of Application Security â how you can build applications that offer functionality while remaining resilient under attack. But Iâm still also interested in network security, social engineering (for good and fighting its use for ill), spam fighting, and a number of other topics. I occasionally tell people their web sites are broken.
At various times Iâve also been self-employed, and created Texas Imperial Software as the outlet for my frustrated software development side. Usually, itâs because Iâve seen a need (or had that need myself!) that isnât being fulfilled by existing software.
âHow hard can that be?â is usually the phrase that gets me into trouble.
So I find out how hard it can be. In this manner, Iâve produced:
WFTPD Server / WFTPD Server Pro â FTP servers for Windows. These have been selling for twenty years now, less solidly lately than in the past, when WFTPD was my full time job. But the income is enough to keep up the absolutely minimal support expenditure this software takes.
2ndAuth â an auditing solution for shared accounts in Windows client and server systems. When you try to log on to a Windows system using an account marked as âsharedâ, you are prompted in addition for your real username and password. In turn, your verified username is logged in the Windows Event Log as a user of this shared account. Sure, shared accounts are against policy, but there are some times they canât be avoided. In those times, 2ndAuth is a compensating control that allows you to finally answer the question âI know SQLAdmin brought down the server â so which operator do I kick / re-train / fire?â
iFetch â I love BBC Radio and TV, and wrote an app that fetches radio (or TV, if youâre in the UK) shows from the iPlayer, so that you can sync them to your mobile devices that arenât supported by iPlayer apps.
This is a pretty amazing achievement, thinking back on it â but I feel like all the work was done by other people â my wife, who made important surgical decisions while I was under general anaesthesis, and has been a great strength ever since, my surgeon and the doctors who handled the follow-up work, and my son who suffered through many nights of chicken and rice which was all I had the stomach for after radiotherapy. All I did was live through it.
This is why I cringe whenever I hear people talking about âbraveâ cancer patients. What I did was not brave, it was survival. Running from a bear that youâve just noticed is eating you is not brave. Itâs normal, itâs natural â itâs hard, for sure, but it isnât brave. Brave is running towards the bear to beat him off.
Oh, and the type of cancer was testicular. The outside world considers that a bad word â and while conversations about breast cancer are plenty, you wonât find a testicular cancer awareness month. [The medical profession, by comparison, thinks cancer is a bad word, and listed my condition everywhere as âtesticular C.â]
Men between the ages of 15 and 35 are most likely to be hit by testicular cancer â and thereâs good news, and bad news. The good news is, itâs the most easily treated form of cancer (partly because itâs mostly outside the body already). The bad news â itâs fast acting, so delaying seeking treatment leads to many men literally dying because of embarrassment.
This is an award that Iâm constantly proud to have received, and which I think is thoroughly worth having. Iâll be sadder when I finally lose my MVP status (hopefully many years away still) than I was when I lost my CISSP. The network of other smart people is wonderful â and being in a category that has no closely-defined product means that I can continue to give more generally-appropriate advice, rather than specific instruction on an individual product. [It also means we donât get the exciting swag, but hey, thatâs not what Iâm in the program for]
Thereâs an MVP Summit starting on November 17, itâs kind of a Microsoft-centric conference (think TechEd), but at a faster pace, greater depth, and with some material that isnât public yet. Weâve each signed an NDA, and there are things I know are coming that are really exciting to me, but that I canât talk about â yet.
And occasionally I will draw on my hobbies of juggling and unicycling. This is how I get my exercise, some of the time, passing clubs with my son or riding unicycles around the school gym. Iâm not very good, but then I donât have to be.
Iâve done an amount of training developers recently, and it seems like there are a number of different kinds of responses to my security message.
[You can safely assume that thereâs also something thatâs wrong with the message and the messenger, but I want to learn about the thing I likely canât control or change â the supply of developers]
Here are some unfairly broad descriptions of stereotypes Iâve encountered along the way. The truth, as ever, is more nuanced, but I think if I can reach each of these target personas, I should have just about everyone covered.
Is there anyone Iâve missed?
Iâm always happy to have one or more of these people in the room â the sort of developer who has some experience, and has been on a project that was attacked successfully at some point or another.
This kind of developer has likely quickly learned the lesson that even his own code is subject to attack, vulnerable and weak to the persistent probes of attackers. Perhaps his experience has also included examples of his own failures in more ordinary ways â mere bugs, with no particular security implications.
Usually, this will be an older developer, because experience is required â and his tales of terror, unrehearsed and true, can sometimes provide the âscared straightâ lesson I try to deliver to my students.
This guy is usually a smart, younger individual. He may have had some previous nefarious activity, or simply researched security issues by attacking systems he owns.
But for my purposes, this guy can be too clever, because he distracts from my talk of âleast privilegeâ and âdefence in depthâ with questions about race conditions, side-channel attacks, sub-millisecond time deltas across multi-second latency routes, and the like. IF those were the worst problems we see in this industry, Iâd focus on them â but sadly, sites are still vulnerable to simple attacks, like my favourite â Reflected XSS in the Search field. [Simple exercise â watch a commercial break, and see how many of the sites advertised there have this vulnerability in them.]
But I like this guy for other reasons â heâs a possible future hire for my team, and a probable future assistant in finding, reporting and addressing vulnerabilities. Keeping this guy interested and engaged is key to making sure that he tells me about his findings, rather than sharing them with friends on the outside, or exploiting them himself.
Unbelievably to me, there are people who âdone a project on itâ, and therefore know all they want to about security. If what I was about to tell them was important, theyâd have been told it by their professor at college, because their professor knew everything of any importance.
I personally wonder if this is going to be the kind of SDE who will join us for a short while, and not progress â because the impression they give to me is that theyâve finished learning right before their last final exam.
Related to the previous category is the developer who only does what it takes to get paid and to receive a good performance review.
I think this is the developer I should work the hardest to try and reach, because this attitude lies at the heart of every developer on their worst days at their desk. When the passion wanes, or the task is uninteresting, the desire to keep your job, continue to get paid, and progress through your career while satisfying your boss is the grinding cog that keeps you moving forward like a wind-up toy.
This is why it is important to keep searching to find ways of measuring code quality, and rewarding people who exhibit it â larger rewards for consistent prolonged improvement, smaller but more frequent rewards to keep the attention of the developer who makes a quick improvement to even a small piece of code.
Sadly, this guy is in my class because his boss told him he ought to attend. So I tell him at the end of my class that he needs to report back to his boss the security lesson that he learned â that all of his development-related goals should have the adverb âsecurelyâ appended to them. So âdevelop feature Xâ becomes âdevelop feature X securelyâ. If that is the one change I can make to this developerâs goals, I believe it will make a difference.
Iâve been doing this for long enough that I see the same faces in the crowd over and over again. I know I used to be a fanboy myself, and so Iâm aware that sometimes this is because these folks learn something new each time. Thatâs why I like to deliver a different talk each time, even if itâs on the same subject as a previous lesson.
Or maybe they just didnât get it all last time, and need to hear it again to get a deeper understanding. Either way, repeat visitors are definitely welcome â but I wonât get anywhere if thatâs all I get in my audience.
Some developers do the development thing because they canât NOT write code. If they were independently wealthy and could do whatever they want, theyâd be behind a screen coding up some fun little app.
I like the ones with a calling to this job, because I believe I can give them enough passion in security to make it a part of their calling as well. [Yes, I feel I have a calling to do security â I want to save the world from bad code, and would do it if I was independently wealthy.]
Sadly, the hardest person to reach â harder even than the Salaryman â is the developer who matches the stereotypical perception of the developer mindset.
Convinced of his own superiority and cleverness, even if he doesnât express it directly in such conceited terms, this person will see every suggested approach as beneath him, and every example of poor code as yet more proof of his own superiority.
âSure, youâve had problems with other developers making stupid security mistakes,â heâll think to himself, âBut Iâm not that dumb. Iâve never written code that bad.â
I certainly hope you wonât ever write code as bad as the examples I give in my classes â those are errant samples of code written in haste, and which I wouldnât include in my class if they didnât clearly illustrate my point. But my point is that your colleagues â everyone around you â are going to write this bad a piece of code one day, and it is your job to find it. It is also their job to find it in the code you write, so either you had better be truly as good as you think you are, or you had better apply good security practices so they donât find you at your worst coding moment.
No, not really â although I will say it was interesting to be around so many Windows Phone 8 users at the Microsoft MVP Summit last week.
But the HTC HD7 I originally bought, which spent a half-hour in a hot-tub (syncing), then a week in a bucket of Damp-Rid, then a year (working) in the hands of my teenaged son, finally bit the dust in the middle of the MVP Summit.
Says the storage card is corrupted.
So, I canât afford the time to take it apart, mess with the drive and possibly even discover that it is truly dead.
I have to take advantage of the âupgradeâ pricing that comes with committing to another year of service from T-Mobile, and upgrade him to a Windows Phone 8 system.
Then my wife gets interested in the phone, and before you know it, weâre all getting new phones.
Yes and no.
Itâs always good to get a new phone, sure, and to enjoy the fun of new features. But youâve got to reinstall, and in some cases, re-buy (my wife went from a Blackberry to an HTC 8X) all your apps. And the data is all gone. High-scores, messages, settings, thereâs no good path to take data from a WP7 to a WP8, let alone from a Blackberry to a WP8.
Some apps, of course, save their data to the cloud â all my OneNote files came with me.
Itâs not so bad in the future, because thereâs apparently a better upgrade path from WP8 to other WP8 phones. Messages get backed up, as well as your app list and settings.
The interface to reinstall has improved over the years, from the first version, in which I only found the ability to restore apps installed directly from the Zune software; to a later version, which required a bunch of different click-through pages for each app you want to reinstall. Now, the reinstall interface is so much easier. Just go to the Windows Phone "Purchase Historyâ page, scroll down the list of apps and click âReinstallâ on each app you want to go onto your new phone. No clicking through, no re-checking boxes about allowing location, etc.
Despite the name âPurchase Historyâ, this page lists even those apps which I downloaded for free, whether as Trial software, or because the software was free in the first place.
Thatâs the good part, and thatâs how I got some of my apps back. But the bad part is that this list doesnât contain all of my free apps, just a limited, and somewhat random, selection. For instance, although it lists Amazon Fresh, the Purchase History page is missing Amazon Kindle, and Amazon Mobile, as well as the majority of my other free apps. This is not good customer experience, and if I was the author of any of the apps that arenât easily reinstallable, Iâd probably raise a big stink.
So now, I have to go one by one through my old phoneâs list of apps, finding out which arenât on my new phone, searching for them in the store, finding them in the search results, clicking on them, then clicking âReinstallâ (the store knows I have already installed them before). This makes me more likely to not reinstall these apps, and since the majority of these are ad-funded apps, whose authors wonât make a dime unless I run them, I think that app developers have a strong incentive to ask Microsoft to fix this behaviour.
Oh, you knew that Iâd have something to say about that. Well, this postâs long enough already, so Iâll leave that until next time. For now, I have to say I do like my new phone, but Iâm really tired of this whole update process already.
OK, so thatâs a horrible stretching of a song to cover a point, but itâs kind of the way I feel right now â torn between a rock and a hard place.
Some time ago now, I let you readers know that Iâd won an iPad at the Black Hat security conference, and that Iâd be trying it out to let you know what I thought.
First, letâs consider my usage case, and what I am comparing it against.
The iPad is, to my mind, a potential killer device for a few things I like to do:
In common with many people, I have a lengthy commute â at least 40 minutes each way of which is on a bus, so I can happily watch videos. My comparison device in this use case is my Windows Phone â an HTC HD7 (Iâd link to it, but apparently itâs not being sold any more).
The iPad is bulkier, for certain, and I can hold my phone in one hand comfortably for some time. However, making up for this is the fact that the iPad is a larger display and therefore easier to see at a comfortable distance. But watching on the phone isnât bad either.
Syncing to the iPad is accomplished through Appleâs piss-poor iTunes software (of which, more later), which seems to require that my videos be already in a suitable format for the iPad. Syncing to the HD7 requires the Zune software, which is configured by default to convert video and audio in the background without any further assistance from me.
Note that â Zune converts the videos to the right format automatically when necessary, the iTunes software simply shrugs its shoulders like a Frenchman and refuses to cope.
Because of this, I can sync to the HD7 from more sources, and more easily and automatically than to the iPad.
However, the winning step that the iPad has for me comes from a combination of its viewing size, and the fact that it can play the audio from my videos to my Bluetooth headset, something that the HD7 currently does not. I have to use a Bluetooth dongle on the HD7 to hear my videos â and thatâs not right, when I already paid for a phone with Bluetooth support.
Itâs worth noting, however, that because the iPad seems to pretend to be a phone, I canât have the appropriate level of Bluetooth support, allowing incoming phone calls to pause my video and let me answer the phone.
So, a narrow win for the iPad there. But keep reading. [Add Bluetooth support for video watching, and the Windows Phone will easily surpass the iPad]
Killer app, no doubt â the size and colours make the iPad superior for reading comics. For other books, you canât really beat a Kindle, because itâs the size and shape of a book. The iPad does seem to suffer in daylight as well, not that we get much of that around Seattle â but we clearly get enough for this to be a noticeable problem for me.
The Kindle Fire is a more subtle device than the iPad in this use as well, since it doesnât take up as much space. The battery life, as well as the use of standard charging cables (read: I already have dozens of the things, as opposed to having to look for the one wonky, too short cable that came with the iPad) makes the convenience factor that much greater.
However, Iâve even read my comics on the Windows Phone. Itâs not that bad a format, because the display is so high a resolution.
Winner: Kindle Fire. Of course, I would say that. But since the Fire has no Bluetooth audio, I canât use it on the bus as comfortably for my videos.
The iPad is certainly convenient for this, with free Twitter and Facebook apps, as well as a web browser to use the online versions. The iPadâs desire to keep pushing text further and further to the right of the screen, in ever-decreasing strips of window, make it incredibly difficult to read some items.
In comparison, while the Windows Phone does have a free Twitter and Facebook app, and access to the web, it doesnât actually need any of these, because there are the âMeâ and âPeopleâ tiles, through which you can read notices from all your social media sources (Twitter, Facebook, Linked-In, MSN Messenger in my case). This gives a more natural, integrated feel to the communication, and it feels more like Iâm sharing with my friends than Iâm using this or that app.
Winner: Windows Phone, hands down. [But it would be nice to have Bluetooth keyboard support]
OK, the iPad wins hands-down on this one. Thereâs a Skype app in beta for the Windows Phone, but my HD7 has only a rear-facing camera, and the Fire of course doesnât have one.
Winner: iPad (but only because I have a 1st-gen Windows Phone)
The iPad has no Flash support â but then nor does the Windows Phone.
The iPad uses a webkit-based browser, which comes with a fresh batch of security flaws once a month (as does iTunes). The Windows Phone comes with Internet Explorer â but without the same set of flaws that get patched in your regular Windows update. I strongly believe that the Windows Phone gives me the most secure browsing of any device that I have. But it is a little hard to read.
I got the iPad for free, so I have to bear in mind that for most people, they pay $500 to have it. Itâs not that much better than the Windows Phone. I got the Windows Phone for practically free â one cent on Amazon Wireless, with a two year commitment. But then I was going to get a phone anyway, and the two year commitment is common for phones.
As with every Apple product I have ever used, it seems like they skimped a little on the âfit and finishâ of the software. This leads to small â but constant â irritations. There have been many times Iâve been tempted to throw it to the floor and stomp on it. So far, the iPad has survived largely because I know that if I want to get rid of it, there are numerous people who would happily take it from me. And then I settle down.
So, what are my irritations?
There are some areas where itâs clear that the Apple design philosophy hasnât been communicated well â even to writers of the native apps.
A clear example â how do you delete an item? In iBooks, you swipe to the right, which causes a delete button to appear. You press this button, and the item goes away. In Videos, you hold your finger on an item until a little âxâ appears. You press the âxâ, and are asked if you really want to delete the video. I guess videos are more important than books, that you have to be prompted.
I should say that this is how videos are supposed to be deleted. What actually happens is that you hold your finger on a video for a while. The âxâ fails to appear, because you wiggled your finger a little (really common on a bus). So you let your finger up, and the video opens up. So you close it down again, and hold your finger on the video again. Now the âxâ appears â albeit sometimes in a different place than you expect. So you press it. Damn, missed, because the bus must have hit a bump, so the âxâ goes away. Bring it back! Bring it back! Okay, here it is again, so I can press it finally. And then I get asked if Iâm sure. Am I sure? Am I sure? Iâve only spent the last ten minutes trying to get the damn âxâ up on screen and hit it â of course Iâm sure! And I remind myself not to throw the iPad to the floor and stomp on it.
Yes, I know about the âEditâ button, and that shortcuts one part of the process, but makes it more likely that youâll accidentally delete the wrong video, because it puts an âxâ above each one.
[A short note â the âxâ appears in one of two places â either immediately on the top left corner, or a good half-inch above that. I can see no logic in why it does this.]
In the Videos app, there are three kinds of video. âMoviesâ, âTV Showsâ, and âiTunes Uâ. The âTV Showsâ and âiTunes Uâ items all come from iTunes, so all the videos I put on my system end up in âMoviesâ, no matter what metadata I put on the file. Whereas I never metadata I didnât like, iTunes clearly never metadata. For the iTunes U and TV Shows tabs, each item is listed with details â length, a title, and a description. This is great, although it would also be nice to see which ones Iâm part-way through watching.
For the Movies tabs, however, thereâs only two things showing â a thumbnail, which is the first frame of the movie (oh, and so often, that means it is plain black), and the curtailed title of the video. So, âHave I Got News for You: Series 42, Episode 5â is displayed as âHave I Got News for You:âŠâ â as is every episode of every series of that show. Same thing for âThe Sarah Jane AdventuresâŠâ, or âWho Do You Think You AreâŠâ Yeah, the BBC could choose shorter titles, but the iPad could pay attention to the Subtitle field in the metadata for the episode information. Oh, yeah, thatâs right, metadata is to be ignored.
And thereâs no details on the video â no duration, no description, no indication of whether or not Iâve been watching this video file at all. Iâd like to say âhey, this component of my bus ride is going to take another twenty-five minutes, so Iâd like to watch something that length or shorterâ.
When watching a video, you can âscrubâ through it by dragging a little slider at the top of the screen. Except when the slider is near the middle of the top of the screen, because then youâre going to actually be pulling down the notifications window. If anyone writing this software actually used an iPad, theyâd be experiencing this frustration, and it would have been fixed by now.
To go backward in the user interface of an app, you click the button in the top left. Except that sometimes, the button in the top left takes you somewhere else, like the iTunes store.
You can delete videos all you like, bus joggling allowing, and when youâre done, your storage usage hasnât gone down at all. There is no room for more videos. This one confused me for some time, until I remembered that you never actually close apps when you switch between them. The storage is released, not when you delete the movie, but when you close the app.
That would make sense, if you could actually undelete the movie while the videos app runs, but no. That doesnât happen.
I could carry on, but I just get angrier and angrier. The difference between editing the list of apps you can run, versus editing the list of apps currently running, for instance. One is dismissed by a tap, the other requires that you hit the home button, and I canât remember which one.
So, the first complaint I have about iTunes is the one I have made from the beginning â it includes way too much, and it screws up my system way too badly. What do you get when you install iTunes?
Well, first you get a file called âiTunes64Setup.exeâ. This installs iTunes into âC:\Program Files (x86)â â uh, yeah, that means the â64 bitâ version of iTunes is actually all 32-bit. Then it tells you:
What does iTunes have to do with Outlook? Thatâs crazy.
And then, what does it install? Only another four applications.
When syncing videos to the iPad with the Windows version of iTunes, they are synced with at least one default setting not correctly set.
Thatâd be fine if it was an unimportant setting, but no. The setting is âresume from where I left offâ. That means that every time I switch videos, or close the video application (see previous discussion of why I need to do this to recover storage), the video I want to watch starts again from scratch.
There is a simple fix to this â for every video I upload to the iPad, I have to go into iTunes, select the video, right-click it, select âGet Infoâ, open the âOptionsâ tab, uncheck the box that says âRemember Playback Positionâ (or if I selected multiple videos, set to âNoâ the drop-down arrow labeled âRemember Positionâ), hit âOKâ (there is no âApplyâ), wait for this action to sync to the iPad, then right-click the video(s) again, select âGet Infoâ, open the âOptionsâ tab, and then recheck the box (or set the drop-down box to âYesâ), hit âOKâ and sync once again.
For weeks Iâve been complaining that every USB device on my system has been unreliable â I have to plug and unplug simple USB flash drives a half dozen times before they finally get recognised in Explorer.
Then it finally dawned on me.
One device has been steadfastly reliable, always becoming active and ready to use within seconds of plugging it in. Yes, itâs the iPad.
Acting on this hunch, I removed iTunes, Apple Mobile Device Support, Apple Application Support, Apple Software Update, Bonjour, and even QuickTime (not sure how that got on there). Suddenly all my USB devices connect first time, every time. With the exception of the iPad, of course, which sulks if it doesnât have iTunes (though the same charge can be leveled against my Windows Phone requiring Zune â although that hasnât yet caused all my other USB devices to become unavailable).
Adding iTunes back in to the mix, strangely, has yet to reproduce the same unreliable behaviour. I strongly distrust software acting randomly.
If I could just drag my videos into a folder using Explorer without installing iTunes (since iTunes doesnât actually properly do any of the other things that an intermediate program should do, such as converting video formats, extracting and using metadata, or setting the âresume from where you left offâ option), Iâd be happy without iTunes on my PC at all.
There are other reasons not to like the iPad â itâs too trendy, for one; and itâs not really a $500 product. There are, as I point out above, too many areas where itâs clear that the developers have not finished the job.
I use the iPad simply because itâs free, and has a large display.
Iâd far rather use a tablet that works in a more predictable and controlled manner, where the applications on the device and to sync the device have the flavour of being finished.
But I didnât get one of those for free.
I got an iPad.
And Iâm grateful.
Even if, once in a while, I want to dash it to the floor and stomp it into pieces.
This year is a special one for anniversaries â my 45th birthday, 20 years since I arrived in the USA, 10 years since beating cancer â seems like the perfect time for ISOC to honour me by switching everyone to IPv6.
Itâs been quite some time since I wrote about changing passwords on a Windows service, and then provided a simple tool written in Visual Basic to propagate a password among several systems sharing the same account.
I hinted at the time that this was a relatively naĂŻve approach, and that the requirement to bring all the services down at the same time is perhaps not what you want to do.
So now itâs finally time for me to provide a couple of notes about how this operation could be done better.
One complaint I have heard at numerous organisations is this one, or words to this effect:
âWe canât afford to cycle the service on a password rotation once every quarter, because the service has to be up twenty-four hours a day, every day.â
Thatâs the sort of thing that makes novice service owners feel really important, because their service is, of course, the most valuable thing in their world, and sure enough, they may lose a little in the way of business while the service is down.
So how do you update the service when the software or OS needs patching? How do you fix bugs in your service? What happens when you have to take it down because the password has escaped your grasp? [See my previous post on rotating passwords as a kind of âBusiness Continuity Drillâ, so that you know you can rotate the password in an emergency]
All of these activities require stopping and cycling the service.
Modern computer engineering practices have taken this into consideration, and the simplest solution is to have a âfailoverâ service â when the primary instance of the service is taken offline, the secondary instance starts up and takes over providing service. Then when the primary comes back online, the secondary can go back into slumber.
This is often extended to the idea of having a âpoolâ of services, all running all the time, and only taking out one instance at a time as you need to make changes, bringing the instance back into operation when the change is complete.
Woah â heady stuff, Mr Jones!
Sure, but in the world of enterprise computing, this is basic scaling, and if your systems of applications canât be managed this way, you will have problems as you reach large scale.
So, a single instance of a service that you canât afford to go offline â is a failure from the start, and an indication that you didnât think the design through.
OK, so that sounds like heresy â if youâve changed the password on an account, it shouldnât be possible for the old password to work any more, should it?
Well, yes and no.
Again, in an enterprise world, you have to consider scale.
Changing the password on an account isnât an instantaneous operation. That password change has to be distributed among the authentication servers you use (in the Windows world, this means domain controllers replicating new password information).
To account for this, and the prospect that you may have a process running that didnât yet have a chance to pick up the new password, most authentication schemes allow tokens and/or passwords to be valid for some period after a password change.
By default, NTLM tokens are valid for an hour, and Kerberos tickets are valid for ten hours.
This means that if you have a pool or fleet of services whose passwords need to change, you can generally take the simple process of iteratively stopping them, propagating the new password to them, and then re-starting them, without the prospect of killing the overall service that youâre providing (sure, youâll kill any connections that are specifically tied to that one service instance, but there are other ways to handle that).
Interesting, but I canât afford the risk that I change the password just before my token / ticket is going to expire.
Very precious of you, Iâm sure.
OK, you might have a valid concern that the service startup might not be as robust as you hoped, and that you want to ensure you test the new startup of the service before allowing it to proceed and provide live service.
Thatâs very âenterprise scaleâ, too. Thereâs nothing worse than taking down a dozen servers only to find that they wonât start up again, because the startup code requires that they talk to a remote service which is currently down.
You wouldnât believe how many systems Iâve seen where the running service is working fine, but no more can be started up because startup conditions for the service cannot be replicated any longer.
So, to allow for the prospect that you may fail on restarting your services, hereâs what I want you to do:
As you can probably imagine, when you next do this process, you donât need to create the second user account for the server, because the first account is already there, but disabled. You can use this as the account to switch to.
This way, with the two accounts, every time a password change is required, you can just follow the steps above, and not worry.
You should be able to merge this process into your standard patching process, because the two follow similar routines â bring a service down, make a change, bring it up, check it for continued function, go to the next service, continue until all services are done.
So, with those techniques under your belt â and the necessary design and deployment practices to put them into place â you should be able to handle all requests to rotate passwords, as well as to handle patching of your service while it is live.
Sorry that this doesnât come with a script to execute this behaviour, but there are some things Iâm hoping youâll be able to do for yourselves here, and the bulk of the process is specific to your environment â since itâs mostly about testing to ensure that the service is correctly functioning.