June 2007 Archives

I really wanted to like this book. Silver had a great idea: write a thriller set around the idea of a previously-undiscovered Ian Fleming manuscript. The manuscript turns out to reveal the existence of a Nazi traitor in the British royal family, and it becomes the property of an American professor whose father was Fleming's friend during World War II. As a literary device, this framing works well. Unfortunately, neither of the stories is particularly compelling. The professor is neither heroine nor anti-heroine, and her encounters with the people who are trying to reclaim and conceal the manuscript are unconvincing. The story told in the Fleming manuscript itself is slow-moving and turgid, full of anecdotes that will probably enthrall people with a good background knowledge of the British royals but which lack interest for the rest of us. A good first effort, but not particularly recommended.

The headline says it all. Semper Fi.

So last week I went to TechEd 2007, primarily to present a session on how Forefront Security for Exchange Server (FFSE) works. I arrived Monday night after an uneventful flight (the kind I prefer), got to the hotel, and went to bed. The next morning, I had breakfast with Anne Grubb and Amy Eisenberg of Windows IT Pro. It's hard to believe that I've been writing for them for nearly ten years! I spent the rest of the day on Tuesday attending a series of MVP deep-dive technical briefings put on by the Exchange and OCS development teams. There's some really exciting stuff happening with both of those products; you'll be seeing the fruits sooner than you expect.

Wednesday I had breakfast with an old friend, Ed Woodrick of Dell, then I went to prep for my session. As usual, the room I was in was waaaay too big; it probably seated close to 1200 people, and I had 252 in attendance. No, I didn't count them; Microsoft uses an RFID-based system to track session attendance. This year John wasn't presenting so I didn't have a chance to beat him; that's too bad, because my session scored 7.81, a personal best.

The bad news is that I was in the security track, which ended up taking the top overall score. Of the 10 sessions rated most highly by attendees, security sessions took 5 of the top 6, so clearly I've got some room to improve (although let's get real; I have no realistic hope of outscoring someone like Steve Riley or Mark Russinovich unless I start passing out $20 bills during my sessions!)

Finally. The FDA is getting more aggressive about regulating companies that harvest useful tissue from cadavers. I still recommend reading Body Brokers if you want to know more about the industry (provided you have a strong stomach!)

At long last, the secret is out: Microsoft now has a solution toolkit to help companies make sure that their sensitive data is properly protected on mobile PCs. Last week at TechEd, they formally announced the Data Encryption Toolkit for Mobile PCs, which combines a thorough analysis of the BitLocker and Encrypting File System features of Windows with a set of prescriptive instructions on how to use BitLocker and/or EFS to protect your company's data. There's also a nifty tool, the EFS Assistant, that you can deploy to automatically scan for files that should be protected, then encrypt them with EFS.

3Sharp was responsible for the entire document set; I worked with David Mowers on the security analysis and wrote the planning and implementation guide, and Paul Flynn wrote the bulk of the EFS Assistant administrator's guide. It's great to have this toolkit out in the world, because I really believe it will help people avoid mishaps like what happened to TJX (so far, they've spent $20 million in 1Q 07 alone, with more to come!)

I'm in phone-shopping mode again. I was thinking about getting in line for an iPhone, but I think this new phone suits me to an R a T.

From my friend and fellow Exchange MVP Andy David, a handy field guide to spotting attendees at TechEd (and Exchange Connections), plus a few additions from Andy Webb, Tony Murray, and Melissa Travers:

1. The Clothes Horse: Puts on the official Teched T-Shirt as soon as he registers. Wears a different vendor shirt every day, even at the attendee party.
2. The Vendor Whore: Visits every booth and allows his badge to be swiped. Flashes and glows all week. Thinks the booth babes like him.
3. The Wanderer: Moves from session to session., never staying for more than 20 minutes. Rates each presenter poorly.
4. The Yes Man: Concurs with everything the presenter says, nodding his head in agreement, shaking his head "No" when told that is something you shouldn't do. Raises his hand whenever asked.
5. The Continental: Wears male Capri pants every day.
6. The Nodder: Dozes through each session.
7. The Tapper: Breaks out his laptop at the beginning of each session and reads email, IMs and browses the web. Never looks up and leaves 5 minutes before the session ends.
8. The Carpet Hugger. Similar behavior to The Tapper, except this species heads directly for the floor against the wall and the nearest power outlet to power up his laptop to do his work.
9. The Shutter Bug: Takes pictures of every session, every vendor, every booth babe and then posts to a blog that no one ever visits.
10. The IT Guy: Wears vendor shirts from previous Techeds to every session and events, including the elusive "IT Hero" Hawaiian shirt. Takes the first bus back to his hotel once the free beer runs out.
11. The Inquisitor: Makes his move to the microphone half-way through a session. Looks annoyed when asked to wait till the end. Asks a question without an answer.
12. The Attendee: Usually only seen at the attendee party. Typically female, they look like they would rather be anywhere else but there.
13. The Tropical Breeze - The Hawaiian shirt wearing, flip flop sporting retrosexual male who makes the rounds to every party (invited or not) until the free beer and the free food run out. And occasionally attends a late afternoon session.
14. The Gadget Kid. More holsters than Dirty Harry. No visible social skills and hasn't actually spoken since the age of 12, but has well developed thumbs.
15. The Assassin hunts daily for that one choice piece of product information, contact, meetup, product team intro that couldn't be found any other place or time. Is satisfied if the week produces at least 4 hits.
16. The Sycophant won't ask a question at the microphone, but will badger a speaker for 20min after a session and follow them down the hall until stopped by security at the speaker lounge.

Technorati Tags: ExchConn

Great news: Microsoft is changing the Exchange 2007 licensing model so that you can use managed default folders (part of the "messaging records management" feature set) with the standard client access license (CAL). Originally, to use managed folders you had to pony up for the Enterprise CAL, which also includes Forefront, Exchange Hosted Filtering, unified messaging, and premium journaling. You also still need the Enterprise CAL if you want to use managed custom folders. Still, this is a welcome change. I still think the Exchange licensing model is complex and confusing to customers, but now it's a bit better.

Technorati Tags: Exchange 2007

Yesterday Apple released a beta version of Safari for Windows. Later the same day, David Maynor released information on six bugs (4 denials of service and 2 remote code execution bugs) that he'd found. What a nice way to welcome a new browser to the Windows platform :)

More to the point, this highlights how much things have changed in the Windows security world. It's hard to write a secure browser. Microsoft has put an enormous amount of energy and effort into securing IE 7 and the components that use it. Are there still security flaws in it? Probably (in fact, almost certainly). However, IE7 is still, literally, years ahead of Safari in that respect. There are no shortcuts to building secure applications, as Apple is now learning.

I'll be at TechEd 2007 in Orlando from today until Wednesday. I'm presenting Wednesday afternoon (2pm, SEC323, about how Microsoft Forefront Security for Exchange works). I also have a ton of things to see and people to meet; my first stop will probably be the TLC to see the Tanjay, Catalina, and RoundTable devices that MS will be showing off. See you there!

Technorati Tags: Exchange 2007