Saturday, 28 August 2004

This is not exactly breaking news, since it was officially announced a few weeks ago, but I neglected to point out at the time that Microsoft dropped the retail price of their OneNote 2003 software to $99 early in August, with similar reductions in other currencies worldwide.

See Chris Pratley's weblog announcement for more info. Chris is the Group Program Manager at Microsoft for Office Authoring Services, and as such is a member of the OneNote team. His blog is a terrific resource and insightful read, by the way.

Don't have OneNote yet? Want to buy a copy of OneNote for yourself, your new college student, or someone else? Hey, you just can't beat the price now. If you really want to make someone crazy who desperately deserves it (and have a little fun with a colleague of mine at the same time), call Scott Rommel at Softchoice, at 503-241-6554, and order a copy directly from him on the phone. Tell him Greg said to call and you're looking for the extra-special price, and he'll take care of you. :-)

Oh and no, I won't get anything in return for software orders placed through Scott. All I get out of it is a good laugh at the calls he'll get from you. That's all I really need. DOPS attack! (Denial Of Phone Service, that is).

Add/Read: Comments [0]
Office 2003 | OneNote | Tech
Saturday, 28 August 2004 13:20:45 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Friday, 27 August 2004

Darron Devlin recently published two useful new PowerToys for OneNote 2003 with SP1:

OneNote Image Writer
This PowerToy is a virtual printer that enables the import of document images into Microsoft Office OneNote® 2003 sections. Any program that is capable of printing can send a document to the OneNote Image Writer just as it would when printing to a physical device. The printed document is converted into a document image that can be used as a foreground or background image on a OneNote page.

This PowerToys adds a WebPageToOneNote button to the Standard Buttons toolbar in Microsoft Internet Explorer 6 or later. Click this button to copy an image of the entire current web page (WYSIWYG) to a new page in OneNote. The new page is created in a WebImageCaptures section in your notebook.

Grab the new powertoys to install and use at Darron's web site. As mentioned in the past, you can also download a couple of useful add-on powertoys for OneNote from Microsoft.

Add/Read: Comments [0]
OneNote | Tech
Friday, 27 August 2004 20:42:37 (Pacific Standard Time, UTC-08:00)
#  Trackback

MSDN will be hosting two weeks worth of webcasts October 18th-29th, organized into three skill levels and covering a variety of aspects of web development. This is a great way for people who want to learn new technology or to sharpen their skills with the latest and greatest. Learn about and other web development topics.

From the MSDN Webcasts announcements blog, here are some early details. Look for more information on the Webcasts main page and on the MSDN Webcasts Blog:

Web Development Webcast Weeks, October 18 - 29, 2004

  • Basic/Novice - (level 100) 12 webcasts – Good for hobbyists, beginners, students looking to learn about Microsoft’s web development environment and tools
  • Intermediate- (level 200/300) 18 webcasts – Ideal for experienced developers who have some experience with Visual Basic.NET, C#, ASP.NET, and XML web services.
  • Advanced - (level 400) 10 webcasts – All about the advanced features in ASP.NET 2.0. Must attend sneak preview on ASP.NET 2.0. I attended the internal airlift that Microsoft held for it’s partners and employees and there is some truly wicked features that you need to check out here.

Add/Read: Comments [0]
Friday, 27 August 2004 19:56:20 (Pacific Standard Time, UTC-08:00)
#  Trackback

The other day I wrote an article about how RSS saves me so much time when it comes to work. Interestingly, it's been so heavily traffic'ed I'll have to look at upgrading my account to accommodate the extra bandwidth. But that's just fine, and I have had a few interesting conversations with people the past couple of days as a result. The beauty of the blogging community is that everyone has thoughts, ideas and opinions, and we can share them so effectively.

Matthew Lanham commented on what I wrote, and made an interesting point:

“Sounds great - but here's a question: How many corporate information infrastructures out there already have RSS/Atom aggregation as part of the big picture? My bet is that most of them still don't and the RSS driven employee is still using her own aggregator or a centralized system like Bloglines to read those feeds. So what happens to that information once you've read it? Is it piped into the corporate information system to be spread amongst the rest of the company or does it just "disappear"? From a corporate side there is still a lot to be done to bring both worlds together. And the software vendors like Microsoft and IBM need to integrate that functionality (both aggregating and reading) into their line of products before RSS and Atom become corporate mainstream. But it'll happen.”

He's right - for now there is no real, commercial, out of the box capability for aggregating information found via RSS at the corporate level. That's why we built our own, of sorts.

We run SharePoint Portal Server and Windows SharePoint Services on our Intranet, and one of our talented developers created in-house web parts that both consume and expose information in RSS. Since then, several others have created similar things.

The RSS display web parts allow me to create areas on the Intranet where users can see the latest information about any given topic, and the web part is available for any site creator to use, so they can aggregate internal and/or external information/feeds on their Intranet sites, too. The other components allow us to expose any list of information on a SharePoint site as an RSS feed.

It's only a first step, and Matthew's point is well-taken. We can create it now, each of us putting the work in individually to create something custom, or the big boys can do it for us. The beauty of a company like Microsoft or IBM building it and packaging it (there is a standard to follow, after all) is that they can make a single investment that the rest of us can leverage. That is a value-add proposition, and what I expect from the companies whose software I buy.

Add/Read: Comments [1]
RSS Stuff | SharePoint | Tech
Friday, 27 August 2004 18:23:39 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Thursday, 26 August 2004

Wow. This is different[QuickTime MOV]

Ever wonder what your purpose in life is? Apparently, so does that little lawn bomb your dog left in the yard:

"Once upon a time, a little doggy poo lived on the side of a road. He felt all alone in the world. He believed that nobody needed him for anything, and that he had no purpose in life. If only Doggy Poo had a reason for being, then he wouldn't give up on his dream to be useful to the world.

"One day, Doggy Poo meets a lovely dandelion sprout. Will she explain his purpose in life? Will she help make his dream come true?"

You ever get the feeling maybe someone is stretching the premise just a little too thin? Well, anyhow if you're into this kind of shi... uhh I mean stuff, go buy the DVD or book or soundtrack. Enjoy.

Add/Read: Comments [1]
Humor | Random Stuff
Thursday, 26 August 2004 21:06:50 (Pacific Standard Time, UTC-08:00)
#  Trackback

Larry Osterman points out what should be obvious, but is largely overlooked or ignored since it makes tasty "news." Recent reports that there is a security "hole" in Windows XP SP2 miss the big picture, he says.

The gist of the reported complaint is this: The new Security Center in SP2 uses WMI to control what information is displayed to the end user regarding what software is in place and it's status. Malicious code can, therefore, potentially use WMI to modify the information displayed by the Security Center, thereby convincing the user of the system that their firewall is on and AV software is running when in fact it's not.

PC Magazine and others ran articles about how they were able to spoof the new Windows XP SP2 Security Center, causing it to display false information about the status of the system. Microsoft later responded and PC Magazine followed up on the response, where they changed their tone somewhat.

From PC Magazine's original article:

"Based on an anonymous tip, we looked into the WMI and the Windows Security Center's use of it, and found that it may not only be a security hole, but a crater in the wrong hands. Due to the nature of WMI, the WSC could potentially allow attackers to spoof the state of security on a user's system while accessing data, infecting the system, or turning the PC into a zombie for spam or other purposes."

While this is technically possible, what is missed is the fact that in order to use WMI to make those changes, a program would have to be downloaded and installed on the machine with "system" level permissions. Any unwelcome code that is allowed/able to get that level of access has already won the race and is able to do much more harm than simply changing the information displayed in the Security Center. Even if the security center was not a part of your system, as soon as you ran the malicious code you'd be equally screwed, and the malware could make changes to pretty much any other apps running on your system. It would not need the Security Center to do its dirty work.

Read Larry's post for more, but remember one thing: The fact that someone claims something is a security hole - or in this case, a "crater" - does not mean they're right. It is, of course, always best to check things out and play the role of the skeptic, but accuracy in reporting is of primary importance, even if it is not as exciting. I'm glad PC Week followed up with their second story.

Their conclusion?

"We see the WMI and WSC as an indirect security risk, or hole, or whatever you want to call it. Maybe we're giving hackers and malware writers too much credit. WMI allows a program to get the security status of a user's system, as well as spoof it to give the user a false sense of security. Maybe it is too subtle. However, it is another tool in the hacker's toolbox. To have easy public access to the security status of a user's machine is like sending a password in plain text to a web site. It may not be used, but then again it might..."

"Do we think that end users should upgrade? Yes, Windows XP Service Pack 2 is a must do, especially for end users. However, we would recommend users not take the WSC as gospel, If you use an antivirus, or 3rd party firewall, look at their status panels as a sanity check. Keep your Antivirus, windows, firewall updates current, and most of all, be very careful of what you run on your system."

I do think the articles serve an important and valid purpose, though: They call to light the importance of securing systems by default and continuing to improve in that area. It's fair to say that in the real world, people will do exactly what you hope they would not do, and that the default configuration of the operating system, which is certainly greatly improved with the new service pack, is still a real concern. They point out that there is still work to be done, and that while things are better, they;re not perfect.  In that sense, I think they're right on.

Crater? No. Worth mentioning and asking about? Absolutely.

Add/Read: Comments [1]
IT Security
Thursday, 26 August 2004 18:59:50 (Pacific Standard Time, UTC-08:00)
#  Trackback