Wow. This is different. [QuickTime MOV]

Ever wonder what your purpose in life is? Apparently, so does that little lawn bomb your dog left in the yard:

"Once upon a time, a little doggy poo lived on the side of a road. He felt all alone in the world. He believed that nobody needed him for anything, and that he had no purpose in life. If only Doggy Poo had a reason for being, then he wouldn't give up on his dream to be useful to the world.

"One day, Doggy Poo meets a lovely dandelion sprout. Will she explain his purpose in life? Will she help make his dream come true?"

You ever get the feeling maybe someone is stretching the premise just a little too thin? Well, anyhow if you're into this kind of shi... uhh I mean stuff, go buy the DVD or book or soundtrack. Enjoy.

Larry Osterman points out what should be obvious, but is largely overlooked or ignored since it makes tasty "news." Recent reports that there is a security "hole" in Windows XP SP2 miss the big picture, he says.

The gist of the reported complaint is this: The new Security Center in SP2 uses WMI to control what information is displayed to the end user regarding what software is in place and it's status. Malicious code can, therefore, potentially use WMI to modify the information displayed by the Security Center, thereby convincing the user of the system that their firewall is on and AV software is running when in fact it's not.

PC Magazine and others ran articles about how they were able to spoof the new Windows XP SP2 Security Center, causing it to display false information about the status of the system. Microsoft later responded and PC Magazine followed up on the response, where they changed their tone somewhat.

From PC Magazine's original article:

"Based on an anonymous tip, we looked into the WMI and the Windows Security Center's use of it, and found that it may not only be a security hole, but a crater in the wrong hands. Due to the nature of WMI, the WSC could potentially allow attackers to spoof the state of security on a user's system while accessing data, infecting the system, or turning the PC into a zombie for spam or other purposes."

While this is technically possible, what is missed is the fact that in order to use WMI to make those changes, a program would have to be downloaded and installed on the machine with "system" level permissions. Any unwelcome code that is allowed/able to get that level of access has already won the race and is able to do much more harm than simply changing the information displayed in the Security Center. Even if the security center was not a part of your system, as soon as you ran the malicious code you'd be equally screwed, and the malware could make changes to pretty much any other apps running on your system. It would not need the Security Center to do its dirty work.

Read Larry's post for more, but remember one thing: The fact that someone claims something is a security hole - or in this case, a "crater" - does not mean they're right. It is, of course, always best to check things out and play the role of the skeptic, but accuracy in reporting is of primary importance, even if it is not as exciting. I'm glad PC Week followed up with their second story.

Their conclusion?

"We see the WMI and WSC as an indirect security risk, or hole, or whatever you want to call it. Maybe we're giving hackers and malware writers too much credit. WMI allows a program to get the security status of a user's system, as well as spoof it to give the user a false sense of security. Maybe it is too subtle. However, it is another tool in the hacker's toolbox. To have easy public access to the security status of a user's machine is like sending a password in plain text to a web site. It may not be used, but then again it might..."

"Do we think that end users should upgrade? Yes, Windows XP Service Pack 2 is a must do, especially for end users. However, we would recommend users not take the WSC as gospel, If you use an antivirus, or 3rd party firewall, look at their status panels as a sanity check. Keep your Antivirus, windows, firewall updates current, and most of all, be very careful of what you run on your system."

I do think the articles serve an important and valid purpose, though: They call to light the importance of securing systems by default and continuing to improve in that area. It's fair to say that in the real world, people will do exactly what you hope they would not do, and that the default configuration of the operating system, which is certainly greatly improved with the new service pack, is still a real concern. They point out that there is still work to be done, and that while things are better, they;re not perfect.  In that sense, I think they're right on.

Crater? No. Worth mentioning and asking about? Absolutely.

Microsoft will ship the CD to you free of charge. This CD includes the same Service Pack 2 software that is available for download from Windows Update. You'll wait 4-5 weeks for delivery, according to the site. You can also download the complete service pack here.

Note that Microsoft started the electronic delivery of SP2 to Windows XP Home Edition users last week, and to XP Professional Edition today via the Automatic-Updates distribution route.

Microsoft's latest version of MOM has been released to manufacturing, with retail availability slated for October 1. MOM, or Microsoft Operations Manager, is a console for administering Windows servers and applications, with tools for monitoring and analyzing performance. MOM 2005 includes an easier setup, new user interface and improved built-in security.

MOM 2005 takes the product to a whole new level. Pricing and licensing has also changed.

To enhance and extend MOM 2005 even more, there are five MOM Solution Accelerators available to streamline the way MOM works, integrates and deploys. Solution accelerators at Microsoft are generally chunks of code, tools and prescriptive info you can use to design your own custom extensions and to make their products fit more tightly into your environment:

• Notification Workflow Solution Accelerator is a Microsoft SQL Server–based Notification Services application that can be used to extend notification functionalities of MOM 2005.
• Autoticketing Solution Accelerator provides guidance for automated ticket generation, enabling the automated posting of a request (or ticket) into the Trouble Ticketing (TT) system used for incident management.
• Alert Tuning Solution Accelerator helps reduce the volume of alerts when deploying MOM 2005 management packs.
• Service Continuity Solution Accelerator helps maintain the availability of MOM 2005 service.
• Multiple Management Group Rollup Solution Accelerator allows a business to propagate data from multiple management groups into one data warehouse to create consolidated and aggregated reports.

Check out the animated demo presentation, here, for a high-level explanation of how MOM works. You can also use the MOM 2005 Online Virtual Lab to learn more about the product and how to use it to solve problems in your environment. Looking for more information? Check out the blog published by the Microsoft.com Operations Management team, which did the dog-food work with the product before it was released.

Small businesses with 10 or fewer servers to monitor should check out MOM 2005 Workgroup edition, which is priced appropriately - one flat fee of $499. Nice to see Microsoft taking the needs of the smaller business into account. My company has many more servers than that license would allow, but I know a number of people who will be able to take advantage of it.

[via betanews.com]

Corey Gouker is a Media Center MVP, and he has posted a detailed description of his experiences with a new Creative Portable Media Center Device. Included at the bottom of the article are a couple of Windows Media videos and a gallery of images showing the device in action.

For anyone who has been wondering what these are all about and what you'll really get, check this out - with the videos and his description, it's a view that you've likely not had til now, unless you have been lucky enough to get your grubby hands on one.

Also: Sean Alexander post more links to details about the devices.

[via Scobleizer]

Yesterday, the Application Compatibility Testing and Mitigation Guide for Windows XP Service Pack 2 was published.

This guide considers potential application compatibility issues that may arise after a Service Pack 2 deployment. The guide provides mitigation procedures that can be followed to overcome compatibility issues. Since the mitigation procedures relax the default security configuration, the guide in no way recommends that they should be followed, but if there is no other way of overcoming compatibility issues, they can be applied in the short term.

The Guide also includes a download of example scripts. The scripts demonstrate how to reconfigure a Service Pack 2 computer to overcome compatibility issues. The scripts are designed as functional samples and will require modification for use in a production environment.

I've only flicked though it, but I am very impressed with the level of detail of what I've seen to date.

Robert posts about having to use more than one MSN Messenger account due to limits placed on the service as far as number of contacts you can have on one Messenger passport account. He has to use two computers in order to work with two instances of messenger.

I have the same problem (multiple personalities, that is, but for different reasons than Scoble ), and I am not personally interested in Trillion or other IM interfaces for this purpose, and I Already use Windows messenger for SIP service at work, so I don't want to go there.

It turns out it is possible to run two copies of MSN messenger with different accounts on the same computer at the same time. It used to be that you had to alter the messenger code to do so with a third-party program, which is not allowed under the software license. But more recently there is a program available that starts messenger and acts as a sort of proxy, so you're not (AFAIK - I will promptly remove this if I am wrong, of course...) in violation of the MSN Messenger software agreement, which specifically says you can't modify the MSFT binaries.

It also starts up in "appear off-line" state by default, which for some people is helpful. It's not a perfect program, but it works pretty darned well.

JnrzLoader 6.2.0137 is the program name, and it is available to download from http://www.mess.be (along with a lot of other nifty stuff).

Of course this advice is totally without warranty, your mileage may vary, scan your files, yada yada. But it works for me. :)

This was hot stuff in '89... In 1986 I has an IBM Model 5150 that I ran two BBS'es on, and 1200 baud was huge. 

The one about how using RSS opens up information to me in a way that is so reliable I could only do it this way manually if there were two of me...

Okay, so maybe it's a little exaggerated. But seriously, I read an incredible amount of information these days. So much more than I ever did, and a lot of it on the Internet. Not only that, but I get the information I need (or want) so fast now that I can practically always act faster than most people when news breaks. Research that used to take hours and hours of searching and browsing now takes just minutes. I'm consuming much, much more information and doing so in much, much less time. What I can accomplish today in the information gathering department would have taken two of me just a year or so ago, before I found the real beauty of RSS.

I use RSS feeds for practically everything now. Rarely do I browse to a web site these days as my first method of gathering my daily doses of information. The data comes to me, based on my subscriptions. I know what I need, and I use the tools to get it. I find information sources just once, and then let the tools take care of the rest. I update my information world in real time, using tools like FeedDemon to do the dirty work for me. I focus on consuming, and the rest is practically magic.

RSS has made me a more productive, and therefore (in theory ) more valuable employee where I work. A huge part of my job is staying up to date with the latest technology, trends and issues. I subscribe to a couple hundred feeds that I review several times daily, some of which are aggregated feeds or feeds that are the result of a search of thousands of blogs and other sources for certain keywords or subjects. Then there's the couple hundred others that I review periodically, both work-related and otherwise.

When news breaks, when someone writes a new article that I might care about, when new security patches or alerts are released, when Woot! posts their latest great deal for cheap geeks on the web, it all comes straight to me.

In a nutshell, RSS has enabled me to work (and play) on the 'net in a way that would not be practical (or even possible) without the technology.

By way of Jonathan Hardwick, a list of webcasts scheduled covering the upcoming release of Microsoft Operations Manager 2005:

"The MOM 2005 release date is fast approaching, and they're setting up a series of webcasts for customers to learn more about it."

• Microsoft Operations Manager 2005 - Sept 2^nd, 9:30am-11:00am.
  Exploring Microsoft's new event and performance management tool for Windows Server System and beyond.
• Managing Exchange Server with Microsoft Operations Manager 2005 - Sept 7^th, 10:00am-11:30am.
  Increasing service availability and reducing email outages with MOM 2005.
• Managing SQL Server with Microsoft Operations Manager 2005 - Sept 14^th, 8:00am-9:30am.
  Increasing SQL availability and reliability with specialized knowledge and tools in MOM's SQL Management Pack.
• Monitoring your E-Business Solutions with Microsoft Operations Manager 2005 - Sept 16^th, 12:30pm-2pm.
  Using built-in knowledge in MOM 2005 to reduce downtime.
• Using Microsoft Operations Manager 2005 at Microsoft IT - Sept 21^st, 10:00am-11:30am.
  How to manage 6,000 servers across 225 worldwide sites for maximum performance and availability.
• Installing Microsoft Operations Manager 2005 from Start to Finish - Oct 5^th, 8:00am-9:30am.
  Your guide to setting up and testing MOM 2005.
• Monitoring Solutions to Extend Microsoft Operations Manager 2005 Capabilities - Oct 14^th, 9:30am-11:00am.
  Service Monitoring Solution Accelerator.
• Real Stories of Microsoft Operations Manager 2005 - Oct 19^th, 10:00am-11:30am.
  Lessons learned from our MOM 2005 early adopters.
• Monitoring Active Directory with Microsoft Operations Manager 2005 - Nov 4^th, 12:30pm-2pm.
  Using MOM 2005 to improve availability of one of your most critical services.
• Microsoft Operations Manager 2005 at MSN - Dec 1^st, 10:00am-11:30am.
  Using MOM 2005 to monitor one of the largest web portals in the world.

I hope you can forgive one politics-related post - This one is worth it I think.

Supposedly (and as far as I can tell thus far) non-partisan, FactCheck.org is a decent online resource for doing a reality check when new ads and other communications come out in the political campaigns. Certainly we've seen a recent wave of ads that have caused quite a stir of controversy. FactCheck.org examines the known facts as they are available and simply compares and contrast those facts to the hype.

The site is run by the Annenberg Public Policy Center of the University of Pennsylvania (with offices in Washington DC), and I recommend it for anyone trying to get past the noise and down to brass tacks. That's coming from an admittedly somewhat-conservative person, but several of my friends who range politically anywhere from middle-of-the-road to ultra-liberal agree it's a fair and welcome look at reality. It should not be your sole resource for information, of course, but it's one that's worth using, IMHO.

I just wish they had a RSS feed - can't find one though. UPDATE: Oops, wait, spoke too soon, sort of - MyRSS.com (there's a whole other blog entry to write, heheh) has factcheck.org feeds already available!

From the APPC/factcheck.org mission statement:

We are a nonpartisan, nonprofit, "consumer advocate" for voters that aims to reduce the level of deception and confusion in U.S. politics. We monitor the factual accuracy of what is said by major U.S. political players in the form of TV ads, debates, speeches, interviews, and news releases. Our goal is to apply the best practices of both journalism and scholarship, and to increase public knowledge and understanding.

An old friend emailed me over the weekend and asked for some help reducing the size of a MP3 file so he could load it on his wireless phone. Seems he wanted the ringer to sound like a sheep when one certain person called (don't ask), but the MP3 he found was too big for the phone to accept.

I did a little research and found a cool little utility called FreeRIP over at msgshareware.com that will convert between .WAV, .MP3 and .OGG formats with ease. You can also convert a MP3 file to the same format, but with a different bit-rate, which allowed my friend to reduce the file size as needed, and duly embarrass his friend in public.

Mission accomplished.

As a professional geek, I am often tasked with explaining RSS (which these days stands for Really Simple Syndication) to people who are either not familiar with the technology or are non-technical by nature. Typically the explanation includes some form of answer to some common questions, such as "What is it and how does it work?" combined with "What is XML?" and "Why do people use it, and why should I care?"

It's always nice to explain RSS in person (and it's much easier), but that's not always possible. For example, trying to explain RSS in an instant messenger session(which I did the other evening) can be pretty difficult. So, there are times when it's nice to have an online resource to point people to.

So, with no further delay, here is a very good, clear and simple explanation of What RSS is, what it does, how it works and pretty much anything else someone might want to know in terms of consuming RSS feeds, all explained in plain English for the common-folk:

• What is RSS? A basic tutorial introduction to RSS feeds and aggregators for non-technical people from Software Garden, Inc.

Using RSS feeds is so simple that literally anyone can do it, with just a little knowledge. If you want to consume my RSS feed, just look for the XML button marked RSS in the "Syndication" section of the side-bar () and click on it - you'll then see the raw XML RSS feed in your browser window. Don't be scared by the gobbledy-gook: The URL (web browser address) is all your RSS reader program will need to be able to use the feed from this web site.

If you have not yet found the world of RSS, download a RSS reader (to start try RSS Bandit for a free one, or FeedDemon for an inexpensive but very nice commercial RSS client), sign up for my feed () to see what it looks like, and then start looking for the RSS buttons on your favorite blogs and web sites. You will quickly find that you have been missing out on a revolutionary capability and information source, and that it's much easier than you think.

And if all else fails, send me an email and I'll be glad to explain -  

PhotoStamps lets you create postage stamps with any image you want (assuming it's not pornographic or copyrighted by someone else). This is very, very cool. You'll pay extra for the novelty, but hey, regular postage stamps will run you $16.99 for a sheet of 20, and $17 is not too bad for a unique gift or to do something nice for someone.

They also offer other types of stamps, in addition to your regular first-class envelope, ranging from postcard postage to 1-pound priority mail versions.

You won't want to buy ail your stamps this way, most likely, but its so easy and fun, it's worth it for special occasions.

Living in the middle of nowhere has its decided advantages, but it also complicates things when it comes to technology, especially for a technology-addicted geek like myself.

For example, wireless technologies:

My Internet connectivity is a wireless broadband service from Cascade Networks, across the river and state line in Longview, Washington. Good people over there. It's the only way I can get any kind of Internet connectivity faster than dialup on poor telephone lines. The wireless service is 2.4GHz radio connectivity (WiFi) using a roof-mounted commercial antenna pointed over at Green Mountain, where the provider has a tower with its radio gear. On my end and attached to the antenna is a Cisco network radio transceiver.

Then there's the Wireless LAN I have set up here. Again, 2.4GHz WiFi, using a Linksys WRT54G with (very) custom firmware. Since no one else is anywhere close to me from a wireless network standpoint, I have also boosted the signal from 25mw to 84mw. The special firmware also lets my Universal Plug and Play devices operate the way they're supposed to, and cleans up the signal a little to reduce the clutter in the radio spectrum.

And then there's my crappy cordless phone, yet again a 2.4GHz model, DSS and all that. It's alike 4 years old though, and it plugs into a VOIP network device that connects, of course, to the Internet - over the wireless broadband device.

You can probably see where this is going. What it comes right down to is that I can't reliably make a clean phone call on the cordless phone without interfering with the wireless LAN and/or wireless broadband service. The end result is occasionally choppy phone calls (regardless of my Linksys transmit power settings, by the way) unless I am using a wired phone plugged into the VOIP device.

So, looks like it's time to pick up a new phone, and I guess I should try a 5.8GHz model, if I can find one that doesn't have an answering machine and all that extra junk I don't need or want built in, but is still a decent model.