July 2006 Archives
I've been spending a lot of time working with various client-side anti-phishing products, including GeoTrust's TrustWatch. Turns out it appears to have a fairly serious bug: if you go to an unverified site (which should show a yellow icon), then visit a verified site, the toolbar icon won't update-- so the known-good site still shows as untrusted! If you click the toolbar icon itself, the detailed site report is correct. However, this problem a) makes it hard for me to have a lot of confidence in TrustWatch's services and b) is certainly misleading, since it makes good sites appear to be bad.
Update: not only is this a bug, it's inconsistent. Sometimes refreshing the page fixes it, but not always. Sometimes moving through the page history fixes it, but not always. There's also a case that looks like a bug but isn't: when page A (which shows up as unverified) redirects to page B (which is verified), the icon will change.
Scalix announced yesterday that they're going to provide open source licenses for major components of their product. This aligns them nicely with Zimbra, which has already done the same thing. Zimbra has a better web interface (IMHO) than Scalix does, and better admin tools to boot; however, Scalix has a mature and proven back-end system. If they really wanted to give IBM and Microsoft headaches, the two of them should team up somehow and combine forces. I can't take credit for the idea; fellow MVP William Lefkovics suggested it to me a few months ago.
From Ed's blog, news that IBM is moving toward a slightly different licensing strategy for its products.
Why does IBM even use per-processor licensing? Customers hate it. Microsoft has been making hay in the database world by showing the license cost differential between SQL Server 2005 and DB2 on equivalent hardware-- it can be up to an order of magnitude difference! That gets CxOs' attention PDQ.
Doesn't it make more sense to price software according to the number of actual clients or users and not the capacity of the machine? As I understand it, if I buy a 2-CPU dual-core Opteron server, I have to buy 4 Domino CPU licenses (or the equivalent number of "processor value units"), no matter how many actual users connect to the box or what else it's used for. Compare this with the pricing model for Exchange, GroupWise, or even OCS: you pay for the number of users you're supporting, not for what your hardware is potentially capable of.
"Processor value units" seem like an IBM attempt to extract money that they wouldn't otherwise be entitled to from customers who are moving to multi-core CPUs. When Ed asks:
...what would you like to see happen as far as sub-capacity or multi-core licensing and pricing for Domino? ..t. If the answer is "we just want to pay less for Domino", that dog doesn't really hunt -- unless you have an idea how that translates into IBM growing and maintaining the Domino business.
one translation of the question might be "customers, we know you think our license model doesn't reflect reality, but we don't care if you want to pay less." The right thing to do for growing the business is to adopt the MS model for virtualization licensing: license per active instance and virtual CPU, not for physical instances of anything.
(and before the flames start: yes, I know MS has per-CPU licenses for some products, like SQL Server. However, AFAIK they don't do per-CPU licenses for their messaging and collab products; I don't know offhand if they're doing per-CPU or CAL for Office SharePoint Server or not.)
Update: yep, customers hate IBM's licensing model, all right.
Devin has a good summary of some of the things you should expect (or may not expect!) in Exchange 2007 beta 2.
The Exchange 2007 preview center has a new white paper on Exchange 2007's unified messaging (UM) implementation. If you're interested in how UM works, check it out.
Short review: it was fantastic! They have a Concorde (see below), a fully restored SR-71 with a drone and a start cart, some really beautifully restored WW II warbirds (including both Corsair variants), and a really nifty air traffic control exhibit. I enjoyed the Barry Ross art show as much as I thought I would, and surprisingly David liked it too.
The panorama below is of the museum's Concorde; I shot with a Nikon Coolpix S6 using its panorama assist mode. I then used a Mac program called DoubleTake to stitch the panorama together. I'm really pleased with how it turned out and will be registering DoubleTake (and taking more panoramas-- sure wished I had thought to take one of the Blackbird while we were there!)
Attention Arlene: Stampin' Up had its annual convention this past week in Salt Lake City. This writeup from the Salt Lake Tribune blames energy and travel costs for lower attendance. Personally, I didn't attend because I don't own any stamps, but that's just me. (See also this article from the Deseret News.)
Steve Riley has a great blog post on mandatory integrity control (MIC) in Windows Vista. MIC is an old concept I fondly remember the old Multics machine that USL had; Multics was one of the first machines to implement MIC in any meaningful way. Anyway, the Vista implementation of MIC is pretty interesting; read Steve's blog to find out more.
Wow! Not sure how I missed this bombshell: CA bought XOsoft. I hope CA has the good sense to leave the XOsoft folks in place and let them do what they do best.
Great news! Exchange 2007 beta 2 is being launched today. The press release is here. You can download it or order it on DVD; the download isn't active yet (I expect it any minute, but Microsoft.com is so huge there's often a gap between press release postings and live bits).
In very closely related news, the Exchange 2007-compatible version of Microsoft Forefront (née Antigen) will be available today too.
Microsoft's been making a big deal out of the Messaging and Security Feature Pack, which adds some nifty device and security management features to Windows Mobile 5.0 devices. However, there's a problem with MSFP policies on the device side; ironically, it only shows up on devices of security-conscious users.
Let's say that you set a device timeout on your WM5.0 device of 5 minutes. You then create an MSFP policy that sets the device lock policy time to 15 minutes. When the policy is applied to the device, your 5-minute timeout is overridden with the 15-minute timeout, making the device somewhat less secure.
What can you do about it? Nothing at the moment. The Windows Mobile team is well aware of the issue, and I'm sure they're busy thinking about how they can best fix the problem.
Exchange's Unified Messaging server role controls access to the Outlook Voice Access interface in several ways. Today I want to talk about PIN authentication and how it works.
Every UM-enabled user will have an associated PIN. The PIN is stored as an encrypted string as an attribute of the user account object in Active Directory; the PIN is encrypted along with a salt, so it can't easily be reversed. (Despite this protection it's still a bad idea to choose your ATM PIN or AD password as a UM PIN, but of course you know better).
Administrators can set PIN policies that control the permissible length of the PINs and how long they remain valid. Users can reset their PINs at any time using OWA 2007 or Outlook 2007; when the PIN is reset, the user gets an e-mail containing the new PIN. This helps protect against denial-of-service attacks where user A logs in to user B's voice mailbox and changes the PIN on the phone keypad. These policies are actually part of the UM mailbox policy objects, which you can use to specify some other settings as well- look for more details in a future post.
The UM role performs its own auditing of failed authentication attempts. When you call in to Outlook Voice Access, you get 3 tries to enter the PIN; if you fail, OVA hangs up and logs event ID 1013 to indicate the logon failure. If the failed authentication attempts continue, you'll see event ID 1012, indicating that the user's OVA access is locked. There's also a perfmon counter that you can watch to see the number of failed logon attempts, but I'm in an airport and away from my UM server so I can't post its exact name right now.
Excellent news: Stefan Robichaux, my fellow Cajun Marine, is off the hook for borrowing a picnic table for his marriage proposal.
Today marks a really special event: I'm taking David on a business trip with me, something I haven't done for several years. He's accompanying me to Seattle, so I can meet with some folks at our Redmond office. He doesn't know it yet, but we'll also be stopping at the Museum of Flight-- I've always wanted to see it, and now I have an opportunity. I'm especially excited about the Barry Ross art exhibit. Ross illustrated the "I Learned About Flying From That" column in Flying magazine for many years. If you're not a Flying reader, you may not know that ILAFFT is a monthly reader-submitted column that talks about dangerous experiences that pilots got themselves into, so his illustrations tend to be filled with peril. Should be a good show.
Of course, David being David, he's equally excited about flying, eating airplane snacks, staying in a hotel, and seeing my partners-- we'll have a great trip!
Wow, this is a big surprise: Microsoft just announced that they're buying Winternals, makers of a number of very useful free and commercial tools.
Greenfield's account gives a great deal of credit to some individual scientists, which IMHO is as it should be. He also lambasts the Chinese government for its obstructionist and deceitful response in the first two-thirds of the outbreak, which is also fitting, given how their delays and obfuscations needlessly killed their own citizens.
If I have any quibbles with the book, they're with Greenfield's somewhat breathless narrative style. I sometimes felt like I was reading a several-hundred-page-long magazine article. Greenfield nails the story, though, and his conclusion-- that the human race dodged a bullet-- is right on. Highly recommended. (However, don't read it while traveling unless you want to suffer panic attacks every time someone near you on the airplane coughs or sneezes.)
I thought I should jot down a few things I learned from my recent trips before I forgot them. First, South Africa really does use those whopping big power adapters. Connectors to make a standard Euro or US plug fit them are fairly easy to find, but you could save a few bucks by buying them beforehand. Don't be like me and buy the UK plug thinking that it looks the same-- the South Africa plug has three large cylindrical plugs.
Second, if you want to use a public phone at the Johannesburg airport, forget it. The only phones are at the Telkom kiosk on the upper level, and it closes well before the evening international flight bank. Take your mobile phone or use Skype (if, that is, you can get the airport wireless system to work with your laptop.)
Third, although the Amsterdam airport has lots of public phones, there are only two phones that allow calling card calls-- one near gate D41, and the other near the nexus of terminals C, D, and E. You should expect these two phones to have long lines of folks waiting to use them.
Fourth, if you're going to travel overseas, don't depend on Verizon's alleged world phone service. Their SIMs only work in Verizon-issued phones. Before my next trip, I'll be making other arrangements.
Fifth, when you see people complaining about the battery life of the MacBook Pro, they're not kidding. I averaged about 2:20 on each battery charge, which isn't even close to enough for productive use on long flights. I'll be much more careful about picking aircraft that have in-seat power in the future.
Sixth, don't read books about SARS on airplanes unless you want to be unsettled during the entire trip.
Very cool: Amazon just put up an item on my home page to tell me that there's a new book on Live Communications Server 2005: Professional Live Communications Server
Update: I got the book and have read the first three or four chapters. So far, it's pretty good, though it's light on some key details (e.g. which SRV records do you have to manually add to let auto-configuration work?)
Update: here's my review.
So, I bought a Quantum DLT-V4 tape drive to replace my dead ADIC FastStor robot. I was surprised and pleased to find that the DLT-V4 came with a bundled copy of BackupExec 10d. However, when I followed the instructions to register the BackupExec license code, I got a snippy mail from Symantec telling me that the license code had already been used. Following instructions (mistake #1), I contacted Symantec Customer Care (sic). They weren't open at the time, so I called them again on Monday; this time, I got an automated message telling me to go to their web site. So I did. That netted me a response telling me to call Quantum.
Today, I finally called Quantum, who had me go back to the Symantec site. When my first registration attempt failed, they had me change the license code from QTM-P1-xxxxxxx to QTM-CC-xxxxxxx. That did the trick, and I now have a working BackupExec serial number. Too bad it was so hard to get.
Michael B. Smith posted a cool script on his blog today: it finds all the EDB and STM files on Exchange servers in your organization, then tells you how much disk space they actually take up. If you've ever wondered how much disk space your Exchange data is consuming, now you can find out.
Another verrrrry long day. I got up about 0630 and started packing, then got a call from Louis van Noordyk, the Microsoft speaker who was going to do the event keynote. He wanted to know if I'd mind doing a unified messaging demo during the keynote. "Sure, why not?" I said. I rushed over to the event venue and found that the phone I was going to be using was a cellphone with a headset-- not exactly ideal for a demo, but certainly reflective of how Exchange UM will be used in the real world.
After the keynote, the rest of my sessions went very well, and I got lots of questions. As with the events in Lisbon and Oslo, many of the attendees had been thinking about how to deploy unified messaging, but they were surprised-- and pleased-- with the mobility and calendaring improvements. The max bandwidth available to the home is about 1024Kbps, and even that isn't common, so anything that improves bandwidth efficiency or time usage is of strong interest.
After the events, we took a cab back to the hotel. This seems odd, since it's less than a block's walk. However, both Louis and Isabel (the event planner) strongly cautioned us against walking, since part of that block is an industrial car park that's normally empty at night. Empty apparently means bad, thus the cab. From the hotel, we walked next door to Ocean Basket, a local seafood chain. I had a plate of grilled butterfly prawns, Nile perch (a relative of good ol' Lake Erie perch, with a similar flavor), and calamari. It was quite good, although by that point I was so tired I would have eaten almost anything.
Then it was off to the airport. JNB is a huge airport, but it wasn't at all crowded either time I was there-- I guess midday is their busy time. It's also a "quiet airport": there are no flight or boarding announcements, even at the gates. This really cuts down on the background noise, as does the lack of public phones. I wanted to call Arlene to let her know I'd made it to the airport, but with no phones, I had to resort to Skype and holding my laptop up to my ear.
Once aboard, I settled in and read the local papers until takeoff, then I went to sleep-- and slept until about 45 minutes from Amsterdam! I missed breakfast, dinner, movies, and who knows what else. Now I'm in Amsterdam at the overcrowded KLM lounge, trying to clean up my accumulated inbox junk and getting ready for my flight home.
Summing up: everyone I met in South Africa, from taxi drivers to hotel maids to the event attendees, was friendly and open. I got to try some new foods, including Hertzoggies, melktart, and kingklip (a really sweet, soft-fleshed fish; Glenn kept asking people "what kind of fish is kingklip?" I think he was hoping it would turn out to be catfish in disguise.) Our event was very successful, and though it was a very tiring trip I'd love to go back and see some of the famous sights (like the Kruger wildlife reserve and Cape Town).
Dilana Robichaux is apparently a contestant on some kind of reality TV knockoff of American Idol. Good luck, cuz!
Today (by which I really mean "the preceding 24 hours") was a pretty interesting day. After arriving last night, I met up with Glenn in the luggage area and cleared customs. South Africa allows you to import firearms, as long as you have a permit. Unfortunately, I left mine all at home. The airport is cavernous and was almost deserted when we arrived; most of the international flights arrive early in the morning. While waiting for luggage, I'd tested my Verizon "world phone" SIM. Of course, it didn't work. I then stopped off at the Vodacom booth to check the SIM. Nope, it didn't work in their phone either. Sensing a pattern, I borrowed Glenn's phone to let Arlene know I'd made it, then resolved to contact Verizon later.
We got to our hotel, the Mercure Midrand, about 40 minutes later. Unfortunately, it was dark, so we didn't see any of the city (except billboards-- which are no more exotic here than anywhere else). Midrand is a city of about 240,000 people nestled between Johannesburg and Pretoria. The hotel was about what I expected; it used to be a Best Western, so the small but comfortable room was no surprise. What did surprise me was the fact that the hotel is ringed with a 7' fence with an electric fence on top of that. Security-conscious bunch! That's to be expected given that the area of Midrand where the hotel is is primarily a commercial and industrial area. There are lots of folks about at night, and not all of them have good intentions. Surprisingly, some 200,000 of Midrand's residents live in two black townships comprising 7% of the incorporated land area.
Glenn and I struggled with the lobby's alleged wireless Internet before giving up. I wangled the desk clerk into letting me use his computer in the hotel office; with a little plug magic, I soon had my laptop open, called Verizon, and asked why my SIM wouldn't work.To abbreviate the discussion, the answer is "it only works if you have a Verizon global phone". Oops. Skype works fine, luckily, so I was able to call them in the first place.
I got up this morning about 0730, had a delicious hotel breakfast, and hooked up with the newly-arrived Jim McBee. Our first order of business was to get the right kind of power adapters-- turns out that the "type M" style that I'd bought were the wrong kind. We had a nice walk up the street to The Boulders, a shopping center whose chief claim to fame seems to be a very large collection of boulders on the lower level. On either side of the street, there were little stalls selling fruit, candy,various kinds of counterfeit goods, and other things that we weren't actually looking for. No one was unfriendly, but we did get some semi-hostile glares. At The Boulders, we found an electronics shop (no luck), a sort of WalMart-like discounter (no luck), and a car stereo store (bingo!) I bought some food for the kids (including some Simba potato chips and some assorted unusual candies).
The wireless Internet still wasn't working, so I rebooted the access point-- and voilà! that fixed it! For the rest of the afternoon, I worked, punctuated only by a visit from the local ward's bishop, Mike Perry. He was an absolutely fascinating guy-- he runs African Reptiles and Venom, a sort of one-stop snake superstore. Mike breeds and sells several varieties of reptiles, collects venom for use in antivenom sera, puts on corporate events and kiddie shows, and so on. We really enjoyed speaking to him, and I promised to look him up if I ever come back. In fact, I'd like to hire him; one of the team-building events he does is called "Fear Factor". The victim, errr, contestant gets to put their head into a glass tank full of (non-venomous) snakes, then retrieve a piece of fruit from the tank using their teeth. What a way to build esprit de corps: "start acting like a team or I'll bring Mike Perry back here again!"
For lunch, we went next door to Steers, a local fast-food chain, then it was back to the hotel for more work. We ended the day with a visit to the conference venue, which is huge! Jim has room for about 700 people in the room where he'll be presenting; I haven't seen my room yet, but it probably won't be that big. More tomorrow; now I'm off to bed.
Note to self: next time you get ready to go on a big trip, make sure you have your passport before you leave home. Yes, that's right: I woke up at about 3am this morning with the bolt-out-of-the-blue realization that a) I had forgotten my passport and b) I was approximately 980nm away from it. After puzzling over it for a while, I sent Tim a text message begging for help; he stopped by the house on his way to work and grabbed it, then met me at the Detroit airport. Fortunately, for this trip I'd booked MLU-MEM-DTW-AMS-JNB instead of my original MLU-ATL-CDG-JNB plan, or my goose would have been cooked. Now I have my passport, most of my stuff (missing one electrical adapter, which is survivable), and am headed to AMS to change planes!
