Now I’ve heard everything: this article describes (with a straight face, I’m sure) how to set up a Linux box running VMware to use Postfix as the SMTP front-end and Exchange 5.5 as the mailbox store. Why you’d want to do this is beyond me. For an encore, I hear the author’s going to write an article on how to run Lotus Notes 4.0 on a PlayStation Portable.
Fascinating paper on IE malware attacks and analysis
David Ross of Microsoft has posted a long, and extremely interesting, paper on analyzing browser-based malware. I recommend reading it even if you only have a passing interest in the subject; there’s a lot of good stuff therein.
Comments Off on Fascinating paper on IE malware attacks and analysis
Filed under General Stuff
Brilliant essay on ID “theft”
John Denker has written a superb essay on why ID “theft” shouldn’t be a problem, and how we already have all the tools to prevent it from being one. Excerpt:
it shouldn’t matter if somebody knows who I am. Suppose somebody can describe me — so what? Suppose somebody knows my date of birth, social security number, and great-great-grandmother’s maiden name — so what?
It’s only a problem if somebody uses that identifying information to spoof the authorization for some transaction.
And that is precisely where the problem lies. Any system that lets identifying information serve as authorization is so nonsensical that it is hardly worth discussing. I don’t know whether to laugh or cry.
He goes on to draw the distinction between entity authenticaiton and transaction authentication, and goes on to propose a couple of schemes for breaking these into two separate mechanisms instead of the conflated mess we now have. Well worth a read for anyone interested in security.
Comments Off on Brilliant essay on ID “theft”
Filed under General Stuff, Musings
I’m lovin’ it
Ironically, my last two UPDATE columns have been on mobility topics– and now I’m somewhere with no mobile access!
So here I am in Farmerville, Louisiana. What’s there? Not much (rimshot). Seriously, I’m here with my family visiting the beautiful Lake D’Arbonne State Park for our annual family reunion-style get-together. Whoever the State of Louisiana hired to build this place did a terrific job; the scenery is beautiful, the cabins are clean, spacious, and comfortable, and the wildlife is abundant. One thing’s missing, though: connectivity. Ideally, I wouldn’t have to work this week, but I do, so I’ve been arranging my schedule to work when everyone else is asleep. The problem is getting information to and from the people I work with.
Last year, we stayed in the same place, and I noticed that my Verizon cellphone worked fine. I figured that my aircard would give me data service. Problem #1: Alltel is actually the local network provider, as I found when I noticed the “Extended Roaming” indicator on my Treo. No aircard, and no data service on the Treo. The local public library has a few Internet terminals, but they’re a) unstable b) locked down and c) on a network that won’t allow me to plug in my laptop. Last year, I was able to cadge a few minutes from the nice lady who owns the local Radio Shack franchise, but that clearly wasn’t a scalable solution. I didn’t think she’d welcome seeing me twice a day every day, no matter how many batteries I bought.
The solution came from an unexpected quarter. I asked the lifeguards at the park pool, the folks at the public library, and the staff at the Radio Shack whether there were any public Internet points or cafes nearby. No one had a clue. While racking my brain to think of local businesses from which I could beg bandwidth, I remembered the McDonald’s at the corner of La-2 and Bernice Highway– a mere five miles from the park. A quick call to Devin netted me the information I sought: the local McD’s did in fact have Wayport WiFi. Last night I rolled in, opened the laptop, and downloaded the 400+ messages that accumulated since I got here on Saturday. Today I made a grocery store run and stopped off for a Quarter Pounder and some email; I’ll be heading back later tonight for another delivery.
I guess that means that I have to officially retract all the crap I gave McDonald’s about their food. It’s still not my favorite, but I’m willing to put up with a lot for the ability to keep my customers happy by delivering my work on time. It says a lot about their franchise consistency that even a small town like Farmerville rates WiFi in the store.
Comments Off on I’m lovin’ it
Filed under General Stuff, Musings
Mutiny over the bounty
Ed Brill links to this CRN article that talks about a “bounty” being offered to partners who convert customers from Notes or Oracle. Two brief thoughts (I’d write more but have too many other more pressing things to do). Disclaimer: I don’t have any specific knowledge of this program, or any other one for that matter.
First, if this is like other MS programs, the “bounty” is actually funny money and a non-story. Let’s say the partner moves a 1,000-seat organization and (according to whatever criteria MS has) the bounty is $20/seat. That means that the partner gets up to $20,000 from Microsoft to either spend on MS consulting / design / deployment services (via MCS) or to use for application and data transition. IOW, Microsoft is paying the partner to do work that the customer would otherwise have to pay for themselves. This is hardly what Ed makes it out to be, with his sinister implication that MS is “plucking” “pieces of meat”. Sheesh. It’s the logical equivalent of the car dealer giving you a tank of free gas when you buy the car.
Second note: I’ll bet a nickel that IBM has similar programs for selected competitors. Why? If you want sales people to do something, you have to give them incentives, and the #1 incentive in that world is cold hard cash.
Comments Off on Mutiny over the bounty
Filed under Smackdown!
Mayo Communications: good PR firm or sleazy opportunists?
I got a “press release” from a company called Mayo Communications. Here’s an excerpt so that you can decide whether they’re a good firm trying to rep their client, or a despicable bunch of ambulance chasers who are using a tragedy to drum up PR. I’ve redacted the client’s name to avoid giving the publicity they so avidly sought.
“Be More Alert And Report Suspicious Acts Says
Nation’s Top Counterterrorism Expert XXX
***
“Suspicious people covertly photographing metro railway and trains have been observed and reported in major cities across the nation – from Los Angeles to New York,,” said XXX, CEO, YYYY.
Los Angeles, CA (July 7, 2005) — “The typical terrorist attack is planned months to years in advance,” said XXX, CEO & Founder XXXXX, ZZZZ, reacting to four explosions that rocked the London subway and tore open a packed double-decker bus during the morning rush hour Thursday. The deadly explosive terrorists’ attacks injured more than 700 people left more than four dozen people dead.
So, these folks used the occasion of a terrorist bombing to hype their client (the “nation’s top counterterrorim expert”). Here’s what I wrote back to them:
It is difficult for me to express my distaste for your use of the London bombings as a vehicle to pimp the “expertise” of your client, the alleged “Nation’s Top Counterterrorism Expert”. Your mail makes your firm out to be sleazy opportunists of the worst sort. (As a side note, you really should run your press releases through a proofreading pass; it contains a number of grammatical and typographical errors).
I would rather eat an old shoe than use any of my publication venues to give your client free publicity– but you can bet that I will tell my readers and listeners that, within hours of the London bombings, I was contacted by a PR firm seeking commercial advantage for their client on the bodies of London’s dead.
It’s popular for people to claim that corporate bloggers like Microsoft’s Robert Scoble threaten the conventional PR industry. I can only hope that there’s some truth to that claim.
Update: I got an (unsigned) response from Mayo. It seems pretty clear that one of us doesn’t get it, and I don’t think it’s me:
Everyone has an opinion, unfortunately not everyone agrees with you! but I will remove you from our list since you biggest challenge is deleting emails.
FYI. Time Magazine along with other more important trades are running the story in Monday’s issue. hope you sugar coated your shoes, too.
Nothing like compounding an initial error by being arrogant and antagonizing the people to whom you’re evangelizing your customer. Is this representative of what other PR firms are doing for their customers? I sure hope not.
Filed under Smackdown!
Music Shuffle
I blame this on Ed Bott; he posted on the “music shuffle” craze sweeping the Internets. You’re supposed to fire up your MP3 player and list the first 20 songs it plays. So, here’s my list: song title, band, and (album)
- “Little WIng”, Stevie Ray Vaughan (The Essential Stevie Ray Vaughn)
- “Digital Man”, Rush (Signals)
- “The Weekend”, Michael Gray (Ultra iDance 03)
- “God Made Me”, Chantal Kreviazuk (Under These Rocks and Stones)
- “Concerto #5”, Bach (Brandenburg Concerto #5)
- “Back in Black”, AC/DC (Back in Black)
- “We Belong”, Pat Benatar (Best Shots)
- “Eye on You”, Billy Squier (Best of…)
- “Too Weak to Fight”, Clarence Carter (The Golden Age of Black Music, 1960-1970)
- “The Slam”, TobyMac (Welcome to Diverse City)
- “Fibber Island”, They Might Be Giants (No!)
- “Call to Love”, Crooked FIngers (Dignity and Shame)
- “Haunted”, Evanescence (Fallen)
- “Andante”, Bach, (Brandenburg Concerto #1)
- “Sweet”, 311 (311)
- “Free WIll”, Rush (Permanent Waves)
- “Hillbillies”, Hot Apple Pie (Hillbillies)
- “For an Angel (PVD Angel in Heaven Radio Mix)”, Paul van Dyk (Machine Soul)
- “Personal Jesus”, Johnny Cash (American IV: The Man Comes Around)
- “Red Tide”, Rush (Presto”
- “The Unforgiven”, Metallica (Metallica)
- “Miss Elaine”, Run-DMC (Tougher Than Leather)
Comments Off on Music Shuffle
Filed under Musings
Happy 4th of July
On this day, I’m reminded of the title of Sam the Eagle’s portion of Muppet-Vision 3D: “A Salute To All Nations, But Mostly America.”
I’m thankful for this country. It has its flaws (or, more precisely, we Americans have our flaws), but there is no place I would rather live. I am grateful for those who have sacrificed to build it over the last 229 years: not just for those who fought in our wars, but also for those who built something for future generations. I appreciate the fact that I can worship how I please, without fear of government interference or persecution, and that all citizens are guaranteed a basic set of rights that are still the envy of the rest of the world.
Are there some areas that need fixin’? Yes (starting with: Mr. President, don’t you dare try to appoint Torture Boy Gonzalez to the Supreme Court!). Nonetheless, I still love this country and what it stands for. Happy Fourth of July!
Update: two bonus links: the 4th of July is the deadliest traffic day of the year, and how to snip a 5-pointed star with only a single cut.
Filed under Musings
MBSA 2.0 released
Microsoft today released version 2.0 of the Microsoft Baseline Security Analyzer. Among its many other new features, it can scan for Office security updates (among other products), it works with WSUS, and it presents more data on potential vulnerabilities. Go get it now.
Filed under General Stuff, Musings
Citizen Vince (Waller)
It’s hard to imagine a less likely subject for a novel: Vince Camden is an ex-con in the Federal Witness Protection Program, With just 8 days before the 1980 presidential election, he’s trying to decide how he should vote– meanwhile, a hired killer is stalking him, his hooker girlfriend is trying to become a real estate agent, and his job making donuts is periodically interrupted by a hot blonde who’s also stumping for a state legislature race.
Jess Waller has written one book that combines these plot threads (plus some others); it’s simultaneously a mystery novel, a character study, an exploration of the political atmosphere in 1980, and a love story. It’s impossible for me to characterize it, except to say that it’s simultaneously hilarious, moving, thought-provoking, and sad. The dialogue is outstanding, both for its snap and its reality. Mafia dons don’t talk like Oxford dons, and Waller knows that. The pacing and plotting is top-notch. Highly recommended, and now I’m going to go read Waller’s other books– there are only a few.
Comments Off on Citizen Vince (Waller)
Filed under Reviews
MS to pay IBM $beaucoup
From this morning’s Wall Street Journal: Microsoft settles their antitrust dispute with IBM by paying them $775 million; in addition, MS is giving IBM “credit” of $75 million towards deployment of MS software at IBM. This essentially resolves all of IBM’s claims of harm to OS/2 and the SmartSuite products, but it still leaves open potential claims by IBM for harm to their server software. It does set the clock for claiming damages forward, though, to June 30, 2002. Interesting…
Filed under General Stuff, Musings
BackupExec flaw being exploited in the wild
Last week, Veritas released a set of advisories for security flaws in various versions of BackupExec. This flaw, a buffer overflow in the BackupExec remote agent, is apparently being attacked in the wild. InformationWeek reported yesterday that the vuln is already being actively attacked by a W32.Toxbot variant. If you’re running BackupExec, make sure you get the patch, and don’t allow remote traffic to TCP port 10000 (not that you should normally be doing that anyway, but still…)
Filed under Security
Let’s eat!
From this morning’s Al’s Morning Meeting:
150 million: Number of hot dogs (all varieties) expected to be consumed by Americans on the Fourth. (That’s one frankfurter for every two people.) There’s about a 1-in-4 chance that the hot dogs made of pork originated in Iowa, as the Hawkeye State had a total inventory of 16.2 million hogs and pigs on March 1, 2005. This represents more than one-fourth of the nation’s total. (Data on hot dog consumption courtesy of the National Hot Dog and Sausage Council.) Data on hogs and pigs at http://www.usda.gov/nass/.6: Number of states in which the revenue from chicken broilers was $1 billion or greater in 2004. There is a good chance that one of these states – Georgia, Arkansas, Alabama, North Carolina, Mississippi, Texas — is the source of your barbecued chicken. http://www.usda.gov/nass/.
Better than 50-50: The odds that the beans in your side dish of baked beans came from North Dakota, Michigan or Nebraska, which produced 58 percent of the nation’s dry, edible beans in 2004. Another popular July 4 side dish is corn on the cob. California and Florida together accounted for about 45 percent of the value of sweet corn produced nationally in 2004. http://www.usda.gov/nass/.
One-half: Amount of the nation’s spuds produced in Idaho or Washington in 2004. Potato salad and potato chips are also popular food items at July 4 barbecues. http://www.usda.gov/nass/.
Nearly 69 million: Number of Americans who said they have taken part in a barbecue during the previous year. It’s probably safe to assume a lot of these events took place on Independence Day. See Table 1238, 2004-2005 edition.
Comments Off on Let’s eat!
Filed under Musings
New podcast: “Free-Range IT”
I’ve decided to take the plunge into podcasting with a new series of podcasts for Windows IT Pro. The idea was hatched more or less out of the blue while I was sitting at TechEd with Karen Forster and Amy Eisenberg, so I offered to do a trial run of podcasts to see what kind of reader, er, listener reaction we got. I’m trying to do one ‘cast a week on average from now until September, at which point we’ll see what kind of listener numbers I can post. (In a transparent attempt to raise those numbers, I registered my podcast feed at Apple’s new podcast directory; maybe that’ll help).
Filed under General Stuff, Musings
Sweet deal: Verizon Treo 650 for $175
Buy.com is selling the Verizon version of the Treo 650 for $175 to new customers; it’s really $399, then you get $225 back via mail-in rebates. Still, that’s a good deal for the Treo. Notably, palmOne hasn’t released a firmware update for the VZW model, although there are updates for both the Sprint and unlocked-GSM versions that they sell.
Filed under General Stuff, Musings
Paul's Down-Home Page 