Since I am plugging security-related stuff today:

“Join Mike Nash, Microsoft's senior executive in charge of security, for his monthly security update. This month, learn more about Authentication, Authorization and Access Management. Mike's guests will talk about the Microsoft Identity and Access Management Series and Public Key Infrastructure and how each can be used in corporate environments to enhance security and reduce costs. In addition, Mike will report on the latest details of what Microsoft is doing across the company to improve security through guidance, tools, training and technology.”

Signup: Register Online
Date: Tuesday, May 18, 2004
Time: 8:30AM-9:30AM Pacific Time (GMT-8, US & Canada)

Microsoft's new TechNet Radio audio show is an informative way to learn about IT. Their first bradcast is called “IT Security at Microsoft,” and it covers a lot of ground. Worth the listen!

• Windows Media Stream version
• Download the .wma and listen on your audio device
• Show transcript

Learning about how other companies deal with network and information security, especially big ones like Microsoft, is a valuable exercise in developing your own IT security strategy. Microsoft has over 300,000 network devices, and more than 50,000 employees. They are pretty free-form in terms of allowing their employees to install software as needed, run beta and “dogfood” software in production, and have some interesting ways of dealing with the environment. Microsoft's similar to where I work in terms of culture and whatnot. I've had the opportunity to visit Redmend and to talk with people there on a regualr basis, but even so this broadcast was useful and made me think.

Well, ok, I don't actually hate them... Heck I live in a town called “Deer Island,” so I guess I can't really hate them... But the one last year that jumped in front of me, the one I drove around just barely, the one where I was on a motorcycle, and it was dark, and the ditch I drove into in order to avoid the deer, well, it had a big fallen tree branch in it, and I never knew you could total a motocycle just from the cost of the broken plastic...

Yeah, well anyhow deer are ok with me unless they're in the middle of the freakin' road in the woods at night. Then they just suck.

But anyhow, none of this matters, especially since I got right back on that horse again this year (or more specifically I got back on all 203.5 of them).

My real point is, I laughed out loud while reading a pretty funny blog entry. And I thought I'd share the laughter. The link was gleaned from several other blogs I read. Enjoy.

Not like anyone actually wants or cares to hear about my pain, but not much else happening right now, and this is (after all) my blog.

So, this would be the one where I talk about my subsiding back pain and start to think about blogging with audio: You know, I was really excited about getting the audioblog.com stuff set up (and I still am excited), but I find myself getting a little self-conscious about posting my voice on my blog for some reason. Have been thinking about how to use this capability - have a few ideas, but will probably think of more....

"Never again," cried the man, "never again will we wake up in the morning and think Who am I? What is my purpose in life? Does it really, cosmically speaking, matter if I don't get up and go to work? For today we will finally learn once and for all the plain and simple answer to all these nagging little problems of Life, the Universe and Everything!"

The Ultimate Question of Life, the Universe and Everything is coming soon to a theater near you! Heck yeah!

“Exactly!”   - Deep Thought

Thanks to Travis for the link :)

For now let's call it a pound of “ouch” with an ounce of “anticipation-of-relief...”

This was a first time for me, seeing as how I've never had any kind of surgery or anything similar to what you might call a surgical procedure. This was minor, though: Today I had epidural injections of a corticosteroid and a nerve blocker put into my lower back. I've had pain for years now, constantly, that ranges from annoying at times to completely unbearable at others. Having done nothing up to this point to try to fix the problem other than taking anti-inflamatories, I decided at the doc's recommendation to try these shots and see what happens. If they don't work, he and I will see what's next. I just know I can't live comfortably with the pain any more, it's just become worse as time goes on.

So, anyhow, went to the hospital, they gave me some stuff that made me slightly loopy, and I was awake the whole time. Lots of needles in the back, stuff injected into the epidural space in my spine, kinda hurts, and now I am fluctuating between feeling pretty okay and having shooting pain, especially as the blocker wears off and the numbness subsides.

I am told by the doc that the pain may get somewhat worse before I start to feel better, and so far, he's right. But hey, this is I guy I am highly confident in as far as his medical abilities, and since this is what he said would likely happen, I guess I am not really surprised. I'll ride it out and see how it goes over the next day or two.

Anyhow, there are people out there who have been asking about this, and although it's completely non-tech, I thought I'd just post an update. I'm okay, the pain is there, expect it to get better.

I've suggested a new team building event idea to the boss. Now we just have to work out the budget. I hope that happens soon, since I'm holding my breath here and all... ;)

Give Us ‘The Green Light’ And We Will Push Your Physical, Mental and Cultural Limits To The Ultimate Edge In Your Own Adrenalin-Pumping And Off-the-Rails... "9 ½ Day Adventure of a Lifetime"

Woah dude - sweet.

Thanks to Rory for the heads-up post that led me there.

Microsoft is making it possible for people to get their hands on Windows Server 2003 and learn more about it, without having to install the OS or dedicate one or more computers to the task. They provide it to you and allow you to connect with a remote terminal session.

From the site: “Ever wanted to test Microsoft's newest software in a totally secure sandbox environment? Wouldn't it be great to be able to test new servers immediately, without formatting hard drives or dedicating one or more computers to the project? Now you can, with the TechNet Virtual Lab.

“As part of the TechNet Virtual Lab, you will have full access to Windows Server 2003 through five modules: Active Directory - New User Interface, Active Directory - New Functionality, Group Policy Management Console, IIS 6.0, and Security. You get a downloadable manual and a 75-minute block of time for each module. You can sign up for additional 75-minute blocks anytime.”

And better yet, it's free. So sign up here and start learning.

Finally, someone has the right answer to how to clean a compromised system. So, you didn’t patch the system and it got hacked. What to do?

Click here to find out.

Is it the one correct answer - If you have already been compromised? Three cheers for Jesper M. Johansson, Ph.D., CISSP, MCSE, MCP+I, Security Program Manager at Microsoft for pointing this out. Maybe.

However, it should be noted (as was done to me by a security professional whom I respect greatly) that there are many options other than and in addition to patching available to prevent system compromise. Here's what my colleague said in email:

“I can't believe they actually published that!  While instilling fear and hopelessness it has no redeeming value and makes MS look bad (by implying a 'justification' for the pain of the patch process).  There are other alternatives to cleaning systems and validating what has been altered besides reformatting.  Things like Tripwire, regular audits, etc. etc. etc.  The real decision is what is it worth to not have to reformat?  Also you don't need any of the MS patches to prevent a system from being compromised.”

All valid points. I agree on one level or another with everyone here: Prevention and planning are worth a ton of cure. But when you have been compromised at the system level (i.e. did not plan and prevent), you're assuming a fairly large risk if you continue to use the compromised system.

Office 2003, SharePoint, etc. Things you never knew or might not otherwise find:

MSFT tool to remove hidden history and collab data from Office documents - A couple of months ago Microsoft released a nifty tool that will permanently remove hidden and collaboration data, such as change tracking and comments, from Word 2003/XP, Excel 2003/XP, and PowerPoint 2003/XP files. When you distribute an Office document electronically, the document might contain information that you do not want to share publicly, such as information you’ve designated as “hidden” or information that allows you to collaborate on writing and editing the document with others. Before you email that doc to your customer or partner, or post it to a web site, run this tool and clean things up.

A couple of quick ways to stay up-to-date on SharePoint resources and information - Check out these resources if you're interested in SharePoint Portal or WSS 2003 - good stuff to be found:

• sharepointblogs.com - Aggregated set of blogs by individual SharePoint developers and implementers [RSS here]
• blo.gs results for posts matching “sharepoint” - Lists recent posts for blogs tracked at blo.gs related to SharePoint
• Another feed list for SharePoint posts from feedster.com [Links on that page for RSS/ATOM/OPML feeds]

I'll post a more complete OPML file sometime soon.

Earlier I posted my first audio blog entry. This is just a quick note about how to set up audioblog.com to post directly to dasBlog...

It's really pretty simple: I used the Blogger-API capability of dasBlog (you'll need to turn it on in your config) and directed audioblog.com to publish my blog entries use the Movable Type option. You could specify XML-RPC, but if you do you won't get the headlines properly translated into dasBlog, so Movable Type is the one that works best. Very cool that dasBlog allows you to post this way, and even more cool that audioblog.com appears to properly emulate Movable Type when posting. When I tried to use another audio blogging service (AudBlog), it didn't play well with the Blogger API - But audioblog.com works like a charm.

Teaching is tough. Making things like the speed of light tangible is not easy. Making it interesting is even harder.

Robert H. Stauffer understands how to teach high school students.

Three cheers for audioblog.com - I signed up to test their new service last night, and today I got an email with my new account info. Within 5 minutes I'd posted my first test audio blog entry. Their service is smooth, it works (other services out there are glitchy at best in my recent experience), and it's very well designed. Quite cool. Just imagine what you can do with this kind of service. From any computer or phone you can post audio blog messages in real time. You can record up to an hour at a shot, and if you want to go longer than that, you can chain multiple recordings together into a play-list. Wow - this is great!

Update: Looks like they went live today! $4.95 a month for unlimited recording and up to 1GB of audio data transfer a month - very nice. See their Service Features page for more info.

Also check out the interview with the creator of audioblog.com, Eric Rice at ITConversations.

UPDATED: Apparently, somone one mis-spoke, and Microsoft has corrected earlier reports - see eWeek's coverage of the change in the story.

Sorry guys, all you software thieves out there will not be able to install SP2 after all (unless this all changes again). From a business and antipiracy perspective, I agree with not allowing it to install. From a security perspective, I was looking forward to seeing what impact (if any) the loosening of the reins might have.

But I don't hink Microsoft has a responsibility to provide anything to people who steal software.

It's a change of direction for Microsoft, but apparently they will allow SP2 for Windows XP to be installed on pirated copies of the OS when the service pack is released later this year. This was not the case with SP1, which has protections in it that keep people with pirated copies of Windows XP from installing it successfully.

"It was a tough choice, but we finally decided that even if someone has pirated copy of Windows, it is more important to keep him safe than it is to be concerned about the revenue issue," he added. He admitted, however, that it is more than altruism that helped Microsoft come to this decision. "Having these unsecured users means bigger worm and virus outbreaks - which also impacts the Internet and consequently, our legitimate users as well."

 - Microsoft group product manager Barry Goffe

Considering the potential positive impact of SP2 on the computing world, this is probably a good idea. After all, keeping users from spreading viruses and becoming launching platforms for hackers is an important part of securing the Internet and - in a broad sense - the Windows OS.