Thursday, 31 March 2005

What the heck is going on with MSN search? If I search for my name, I get all this random weird stuff. AAARRRGGGHHH!!!

The weird thing is, if you read it closely, it's so very close to being true... Hmmm...

Web Results
1-8 of 20733 containing Greg Hughes
(0.23 seconds)

  • Citing ridiculous work hours, Hughes's computer calls it quits

    In a case believed to be the first of its kind, Greg Hughes's work computer has gone on strike. "At first the cursor kept dodging around," an angry Hughes said. "Then it started spontaneously dropping into "hibernate" mode. It's just MALINGERING." Technical specialist Evan Chan agreed. "The poor thing sent out a hundred and forty three emails after four am this morning. It's just had it. Give the little guy a mental health day or something. Nobody could keep Hughes's hours without going crazy...

etc etc etc...

    Add/Read: Comments [3]
    Random Stuff
    Thursday, 31 March 2005 21:45:17 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Wednesday, 30 March 2005

    Once You Know, You Newegg Are you a GTA game fan? Into Legos (like someone I know)?

    Then this is for you.

    Check out Grand Theft Auto - Lego City.

    Yeah - it's a Lego-people version of the GTA Vice City trailer...

    Add/Read: Comments [0]
    Geek Out | Humor | Random Stuff
    Wednesday, 30 March 2005 22:10:35 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    Windows Server 2003 SP1 was finalized and released to the world today at 5:20 PM Pacific Standard Time, in English and German language versions. Let the compatibility testing begin!

    In addition, Windows Server 2003 x64 Editions and Windows XP Professional x64 Edition were released to manufacturing (RTM), but they won't be available until sometime in April.

    Add/Read: Comments [1]
    IT Security | Tech
    Wednesday, 30 March 2005 19:37:18 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    In the latest chapter of what is apparently turning out to be an ongoing video saga that somehow has something to do with the upcoming TechEd conference in June, Scott and Rory drink the Microsoft KoolAid.

    Click on over to see the latest video. Funny. Weird. But hey, it's Rory and Scott, whatcha expect?

    Add/Read: Comments [0]
    Humor | Random Stuff
    Wednesday, 30 March 2005 17:28:56 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Tuesday, 29 March 2005

    Ninja_bookA friend introduced me to a book recently, and after reading though it I went right out and got my own copy. Actually I bought three, so I would have two to give as gifts. It's called REAL Ultimate Power - The Official Ninja Book, and it's hilarious.

    Says "author" Robert Hamburger:

    "Hi, this book is all about ninjas, REAL NINJAS. This book is awesome. My name is Robert and I can't stop thinking about ninjas. These guys are cool; and by cool, I mean totally sweet."

    From random ninja fantasies to ninja dreams to term papers written both on and off Ritalin, it's a completely random and funny book to read.

    From the intro to the book:

    Dear Everybody,

    This is my last will and testimony. If you find this book, then you should consider me dead meat. I have left the neighborhood, because I am a true live ninja and I have a destiny - total sweetness. You probably don't understand what that is, because you're an idiot. Everybody I know doesn't understand the complete sweetness of ninjas and it hurts me - you hurt me. But don't get me wrong - I don't want your heads to explode. I forgive you, but I just deserve something cooler.

    You can have all my stuff: my shirt, my beach towel, and that bowl. I don't care. But most importantly, I leave you this book so maybe, just maybe, you can understand the way of the ninja - REAL Ultimate Power.

    Farewell dummies,
    Robert Hamburger

    Highly recommended for those who like to flip out and long for total sweetness. Seriously, it's the best $8.96 I've spent in a long time, just for the laughs. Oh and don't forget the web site.

    (And by the way, there's colorful language in both the book and the site, so don't go there if you don't like that kind of stuff)

    Add/Read: Comments [0]
    Humor | Random Stuff
    Tuesday, 29 March 2005 18:32:19 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Monday, 28 March 2005

    SPAT_CitJourReportAs I was checking out a few of the ways the earthquake that happened earlier today is being covered, I happened upon something I had not noticed before: has a whole section of Citizen Journalism:

    It's not quite completely run by and written by plain-old citizen journalists, but it's still cool. MSNBC employees collect stories and letters sent to and from there they publish the content.

    Cool idea. Interesting reads.

    Add/Read: Comments [0]
    Monday, 28 March 2005 20:33:12 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Sunday, 27 March 2005

    Do you have a living will/advanced medical directive? If something happens to you, who should make decisions for you about medical care? Do those people know what your wishes are? How do they know?

    We have all seen recent news stories that have brought this concept of advanced directives to the forefront of our minds. For my part, I don't have a directive in place yet, but I will before the month is over with.

    Regardless of your wishes or desires, an advanced directive a good thing to do - not just for you, but also for the those who might have to act in your best interest.

    For people living in the United States, PDF forms for Advanced Directives can be downloaded for free at The National Hospice and Palliative Care Organization. Go here to get one for your state. Complete instructions covering how to fill it out and what to do with it are included.

    Add/Read: Comments [0]
    Sunday, 27 March 2005 12:04:35 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Saturday, 26 March 2005

    Eva_androidWow, researchers like David Hansen at UT-Dallas are doing some robotics work that's both amazing and freakin' creepy. The image on the right is not of a human, it is an interactive, expressive android. It's name is Eva and it's - well - go see for yourself in this Quicktime video:

    Video: Eva talks [Quicktime .mov]

    Hmmm, I am not so sure I like the idea of fake people acting like real people. It's fascinating and interesting, but it also looks like one of those things in science that has the potential to eventually get out of control.

    Or maybe I'm just crazy. Crazy like a pirate.

    [vie Engadget and University of Texas-Dallas]

    Add/Read: Comments [3]
    Random Stuff | Tech
    Saturday, 26 March 2005 08:52:14 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Friday, 25 March 2005

    Many in America complain about how much their school systems stink. Yeah, well - it turns out that over in Melbourne, Australia they've got one up on all us Yanks:


    Great name, and such a great opportunity for toilet humor.

    Add/Read: Comments [0]
    Humor | Random Stuff
    Friday, 25 March 2005 20:00:23 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Thursday, 24 March 2005

    WindowsrocksF-Secure has a real knack for creative sarcasm on it's security weblog, and today is no exception in their headline linking to an interesting report. Apparently, a study has been published showing the relative number of vulnerabilities, comparing Windows 2003 Server to a Linux distribution in several configurations.

    Update: In a won't-really-build-confidence-with-the-common-folk move, apparently the researchers did not reveal at the RSA conference that this study was funded (but according to the researchers, not influenced by) Microsoft. They reveal this fact in the published study itself, but did not tell the audience at the conference when they presented the results. Read more here.

    Get the PDF file of the study here. For a document describing the methodology in detail and for more information (including an email address to provide comments), go here.

    F-Secure used the headline, "It's Official - Linux Sucks?" No doubt others will comment that the reality of the situation is that Windows is better for stupid people (meaning people who don't harden their machines). Flames will go forth, but you can't deny the report.

    The end result of the study is that Windows Server 2003 was more secure than the Linux distributions tested.

    Uh, heh... That should make a few people stand up and scream.

    Using out-of-the-box, standard/recommended OS installs, the researchers found that the Windows 2003 server was more secure, with less vulnerabilities counted and a lower average for days of risk, when compared to the Linux distributions tested (Red Hat Enterprise Linux in default and "minimal" recommended configurations):

    "In this report, we have studied both quantitative and qualitative data that affects the vulnerability and thus operational security risk of different web server platforms. In order to produce a meaningful comparison of platforms, systems were tested in their default configurations and then looked at in minimal server role configurations. When the default configuration did not provide for a functional web server, systems were configured according to manufacturer’s directions."

    For a quick Readers' Digest style overview of the result of the study, get the free PDF of the report and flip down to page 35 and look at the charts on that page. I won't post all the images and tables here, that's what the report is for.

    In reality, this is a complex study that is worth reading. The methodologies applied appear to be good ones, and the results are pretty compelling. The real world is never as simple as s lab environment, but if nothing else, this certainly shows how far Windows Server has come over the years (or else it shows how poor Linux distributions have become, or maybe some of both).

    Add/Read: Comments [4]
    IT Security | Tech
    Thursday, 24 March 2005 17:36:18 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    Forgive the headline please, Robert. It's all in good humor. 

    In a completely understandable and laudable move, Robert Scoble has announced he's decided to give up publishing to his linkblog, in order to have more time for more important things in life. You know, important things like family and friends. Good for him!

    All things in moderation - That's a lesson I know I've had to learn from time to time. The truth of the matter is that sometimes the best way to manage over 1000 weblogs a day is - well - to not manage over 1000 weblogs a day. Or at least to manage them less. I know I just cut my own RSS subscriptions back drastically last weekend, so I am back down around 300 feeds now from something like 700 before the surgery. It took a drastic slash across my RSS reader, but it needed to be done.

    Of course, the demise of Robert's link blog is also a bit of a bummer in a way, since for many it's been a regular source of great links and information - or even more often for me, links to links to links...

    Multi-layer clickthroughs from Robert's linkblog have always been valuable to me. More often than not I will read something he posts on the linkblog, and that will entice me to click through to the linked author, and from there I will uncover more interesting things and links to other interesting people.

    But it's completely understandable that when you find you're spending anywhere from 8% to 33% of your day linking to and for others (sleep time included), a selection of robots just might do an effective enough job of what up til now has been a very human endeavor. Maybe. Those services show me what I am looking for based on what I put into them. The difference with the "human aggregator," so to speak, is that I am often pointed to things I would never have looked for. Of course, there are also other services existing and coming that will help people see what others are reading and how popular items are, in order to find things of interest. I hope those don't work out to be the electronic version of the high-school popularity contest, but we'll see.

    So, when Robert points to a few popular search and aggregation services as alternatives to his link blog, I can't help but think of the perfect tongue-in-cheek name for them as a collective replacement for Robert's link blog...

    "Robot Scoble"

    (Yeah, you have to read it carefully. Spelling counts.)

    Says Robert:

    "I've been looking at my link blog, and the requests lately about it, and I've decided just to stop doing it.

    "Why? Well, there are so many other ways for you to find cool new blogs now. Pubsub. Bloglines. Technorati. Feedster. NewsGator (Greg Reinacker reminded me again that NewsGator has a really cool set of online services including a search engine)."

    Robert's right, but again it's worth pointing out that the human factor is part of what makes his linkblog so valuable - I think many people liked it because they appreciate the "Scoble Filter" - you don't get that with automation. Well, not quite yet anyhow.

    At the same time, it had to be painful to maintain, with well over a hundred entries some days, and since Robert says he may still post a little bit there from time to time, hopefully we will still get a few Robert Scoble Human Filter links now and then.

    Hey, there's always his regular weblog. In fact, chances are his Scobleizer weblog will just become a better place for information - kind of a quality over quantity thing.

    By the way, in the linkblog department - Jeremy Zawodny's linkblog is another I subscribe to and enjoy, but it is quite different than Robert's.

    Add/Read: Comments [0]
    Thursday, 24 March 2005 14:44:06 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    In the random fun, complete waste of time department (you know you want to, come one, go ahead, click already):


    Click click click.

    Your entertainment options?

    (via Scoble)

    Add/Read: Comments [0]
    Humor | Random Stuff
    Thursday, 24 March 2005 07:16:19 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Wednesday, 23 March 2005

    Skype v1.2 has been released. Check out the changes here, read the press release here, and download it here.

    What's skype? It's software that runs on your computer and can let you talk in high quality audio to other skype users or to people with plain-ol' telephone lines. From their web site:

    What we’ve got is a simple bit of software we want to give you. It’ll let you make free calls to your friends all over the world. And we don’t want any money for it. It’s free.

    You could think of us as the big, free Internet telephony company. We prefer to think of ourselves as a big group hug, even a present. Yes… that’s it… we’re a present… but without the ribbon.

    Add/Read: Comments [1]
    Wednesday, 23 March 2005 22:06:53 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    FirefoxAnother update to the Firefox web browser has just been released, and all users are advised to download and install the new version, as it contains a critical security patch.

    The new version includes a number of fixes:

    MFSA 2005-32 Drag and drop loading of privileged XUL
    MFSA 2005-31 Arbitrary code execution from Firefox sidebar panel
    MFSA 2005-30 GIF heap overflow parsing Netscape extension 2

    Download here:

    Add/Read: Comments [0]
    IT Security | Tech
    Wednesday, 23 March 2005 21:25:27 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    Microsoft has announced a large number of security webcasts that are set for April. The list here is quite long, so click to see them all, or check out the Security Webcast Calendar, which is a Word doc calendar with all the upcoming webcasts listed and linked.

    There are lots of very good sessions planned. Anyone with a security responsibility or emphasis in their jobs should take a good look at these upcoming webcasts and consider viewing...

    Upcoming Security Webcasts: April 2005

    Security Webcasts are a convenient way for IT Professionals and Developers to stay technically updated on the latest Microsoft Security Guidance. These webcasts concentrate on security information and are presented by senior executives and other subject matter experts. They feature interactive technical presentations, product demonstrations, and question-and-answer sessions.

    Microsoft Security Webcast Series: Upcoming & On-Demand

    Security Webcast Calendar

    NEW: Now you can register for an on-demand webcast and choose how you would like to view the archive. Downloadable Microsoft Office System PowerPoint and .wmv files are available for most webcasts that took place Dec. 1, 2004 or later. Once you register, you will be directed to the on-demand webcast and also shortly receive a confirmation email with links to the PowerPoint and .wmv downloads.

    Additional Webcast Resources

    Microsoft Security Webcast Series:  Upcoming & On-Demand

    Digital Blackbelt Series: Defend your code from attacks

    Ongoing through May

    How would your code stand up to an attack? If you are not sure, join us for the Digital Blackbelt webcast series as Developer Community Champion Joe Stagner discusses security risks, vulnerabilities, and solutions from the software developer's perspective. We will provide real-life examples and security tips and tricks that can help you gain the knowledge and techniques to become an experienced “blackbelt” in writing secure code.

    Web Development: Increase the security of your applications

    Ongoing through May

    Increasing the security of your software is not the result of a single event. From design through development, to testing and deployment, a multi-disciplinary approach must be taken to deliver a quality software product that minimizes organizational risk. Join Dennis Hurst, Senior Consulting Engineer at SPI Dynamics, and other guest speakers as they detail knowledge that can help developers increase security around the coding of web applications. 


    Third Tuesday of Every Month

    Learn best practices to guide your security strategy during this monthly webcast series. Each webcast focuses on a specific security topic and includes commentary from industry experts outside of Microsoft.

    Security Webcast Calendar

    Security webcasts listed in an easy-to-use calendar format.

    BONUS: Attend any live webcast through June and you could win a Portable Media Center. See official rules for more details.

    Additional Live & On-Demand Webcast Series Available NOW:

    For IT Executives

    Microsoft Executive Circle Webcast: Security360 with Mike Nash: Secure E-mail, It’s More than Filtering (Level 100)

    Tuesday, April 19, 2005 - 9:00 AM - 10:00 AM Pacific Time

    Mike Nash, Corporate Vice President Security Business & Technology Unit, Microsoft

    Reducing the amount of spam clogging e-mail systems is top-of-mind. However, e-mail security is not just about preventing unsolicited messages; it is also about protecting the digital information assets you send through e-mail. On this month's Security360, guest host Amy Roberts, director of product management in Microsoft's Security Business and Technology Unit, will discuss with industry experts the whole spectrum of e-mail security, including filtering technologies, e-mail policies and enforcement, and partner solutions. As with every Security360, this session includes a checklist of recommendations and resources, as well as a live Q&A with industry experts.

    For IT Professionals

    TechNet Webcast: Implementing Exchange Server Security (Part 1 of 2): Securing Services and Messaging Protocols (Level 300)

    Monday, April 04, 2005 - 1:00 PM - 2:00 PM Pacific Time

    Harold Wong, TechNet Presenter, Microsoft

    Securing communication over networks is essential to securing your organization from intrusions, overloads, and interruptions of many types. In this first session of a two-part series on Exchange Server Security, we describe how to deploy a more secure Exchange Server 2003 infrastructure and how to secure its server services and messaging protocols.

    TechNet Webcast: How Microsoft IT Deployed PKI Inside Microsoft (Level 300)

    Tuesday, April 05, 2005 - 9:00 AM - 10:00 AM Pacific Time

    Larry Talbot, Microsoft IT SECURITY TECHNOLOGIST, Microsoft

    This webcast presents a detailed discussion of how Microsoft IT installed a Public Key Infrastructure, built originally with Windows 2000 Server Certificate Services, and later upgraded with Windows Server 2003, to implement a secure communications and remote authentication infrastructure. This enabled the use of S/MIME signatures and encryption, secured Web connections by using SSL or TLS, ensured the confidentiality of stored data by using EFS, ensured the confidentiality and integrity of transmitted date by using IPSec, and enabled strong network user authentication by using Smart Cards. Join this webcast to find out how you can do this - or something similar - too.

    TechNet Webcast: "Ask The IT Security Experts" Series: Building Security Training and Awareness (Level 100)

    Tuesday, April 05, 2005 - 11:00 AM - 12:00 PM Pacific Time

    Ben Smith, Senior Security Strategist, Microsoft

    Experts often talk about the importance and need for security training, but few actually talk about how to do it. Join us for this webcast as we bring together some of the sharpest security-focused Microsoft IT professionals to provide expert answers to your questions about Building Security Training and Awareness. This webcast presents proven, and slightly unconventional, methods of training users and administrators on security. As with all of our "Ask the Experts" webcasts, there will be plenty of Q&A time for the experts to field your questions. Send your security-related questions to our panel of experts ahead of time at:

    TechNet Webcast: Network Isolation Using Group Policy and IPSec (Part 1 of 3): Overview of Internet Protocol Security (Level 300)

    Wednesday, April 06, 2005 - 11:00 AM - 12:30 PM Pacific Time

    John Baker, TechNet Presenter, Microsoft

    Data Isolation: How can it make your IT infrastructure safer, and how do you use Group Policies and IPSec to implement it? This session is the first of a three-part series presenting the information and tasks needed to implement data isolation using Group Policies and IPSec within an organization. This first installation provides an overview of the nature of Internet Protocol Security - the challenges to secure network communication, how IPSec can help, and the various ways IPSec can be implemented to achieve different types of secure communication.

    TechNet Webcast: Windows Server 2003 SP1 Technical Overview (Level 200)

    Thursday, April 07, 2005 - 9:00 AM - 10:30 AM Pacific Time

    Rand Morimoto, Author, President, Convergent Computing

    Windows Server 2003, the latest server operating system from Microsoft, builds upon the security, reliability, and performance improvements implemented in previous versions. Organizations need these continuing improvements as their networks develop and network usage evolves with new technologies. Organizations also need Service Pack 1 to protect themselves from an increasing variety of network and computer. Join this webcast for a technical overview of Windows Server 2003 Service Pack 1, where we will present its features, configuration tools, system security enhancements, network security enhancements, and deployment options.

    TechNet Webcast: SQL Server 2005 Series (Part 4 of 10): Securing your SQL Server (Level 200)

    Monday, April 11, 2005 - 9:00 AM - 10:00 AM Pacific Time

    Bryan Von Axelson, TechNet Presenter, Microsoft

    Parts four and five in our series highlight the security enhancements in SQL Server 2005. Part four of this series focuses on authentication and authorization while crypto support is covered in part five. We begin with authentication, examining the Security model, endpoint-based authentication and the password policy. Then we move on to explore authorization, covering User Schema separation, module execution context, granular permission control and Catalog security.

    TechNet Webcast: Implementing Exchange Server Security (Part 2 of 2): Protecting Against Unwanted E-Mail (Level 300)

    Monday, April 11, 2005 - 1:00 PM - 2:00 PM Pacific Time

    Chris Avis, TechNet Presenter, Microsoft

    This second session of a two-part series on Exchange Server Security describes how to increase the security of e-mail that flows through an organization's Exchange servers. We also introduce you to Exchange Server 2003 features such as Real Time Block List support and Intelligent Message Filtering, tools making it easier to reduce the amount of unwanted e-mail before it spreads through your organization.

    TechNet Webcast: How Microsoft IT Implements Trustworthy Messaging at Microsoft (Level 300)

    Tuesday, April 12, 2005 - 9:00 AM - 10:00 AM Pacific Time

    Grant Hogan, Microsoft IT Service Manager, Microsoft

    Similar to most enterprise organizations, Microsoft shares information among its resources through e-mail and other electronic documentation. At the same time, we have a concern for the security and privacy of this data. With that in mind, Microsoft created the Trustworthy Messaging initiative to provide confidentiality for key business sensitive data sent to and from internal corporate clients without sacrificing their ability to freely share this data. Join us as we review, in detail, Microsoft IT's implementation of Trustworthy Messaging.

    TechNet Webcast: Information about Microsoft's April Security Bulletins (Level 100)

    Wednesday, April 13, 2005 - 11:00 AM - 12:00 PM Pacific Time

    Christopher Budd, CISM, CISSP/Security Program Manager, Microsoft

    Debby Fry Wilson, Director/Security Response Marketing, Microsoft

    On April 12th, Microsoft will release its monthly security bulletins. Join this webcast for a brief overview of the technical details of these April security bulletins.  This webcast will provide you the opportunity to raise your questions and concerns about the security bulletins. A majority of the session will be devoted to addressing your questions and providing answers from our security experts.

    TechNet Webcast: Network Isolation Using Group Policy and IPSec (Part 2 of 3): Understanding Network Isolation Using IPSec (Level 300)

    Wednesday, April 13, 2005 - 1:00 PM - 2:00 PM Pacific Time

    John Baker, TechNet Presenter, Microsoft

    This session is the second of a three-part series with the information and tasks you need to implement data isolation using Group Policies and IPSec. This session shows how to use IPSec to create network isolation zones. Topics include the advantages and limitations of network isolation, where network isolation fits into a defense-in-depth scheme, and how to use Group Policies and Active Directory groups to restrict access to specific servers.

    TechNet Webcast: Maximizing Security Features within Microsoft Office Live Communications Server 2005 (Level 300)

    Thursday, April 14, 2005 - 9:00 AM - 10:30 AM Pacific Time

    Sean Olson, Lead Program Manager, Microsoft

    This technical session describes potential security threats and their mitigations for the Microsoft Office Live Communications Server 2005 release. We will focus on the new features and challenges differentiated from Live Communications Server 2003. The ultimate goal of this presentation is to provide you with the information commonly required to satisfy a security audit of a product prior to its commercial deployment. Topics will include authentication, auditing, and security recommendations for the new Live Communications Server 2005.

    TechNet Webcast: Securing the Network Perimeter with ISA Server 2004 (Level 200)

    Friday, April 15, 2005 - 11:00 AM - 12:30 PM Pacific Time

    Keith Combs, TechNet Presenter, Microsoft

    Do you currently have an effective way to secure your network perimeter against risks introduced by the Internet, remote users, and remote network segments? Learn how Microsoft Internet Security and Acceleration (ISA) Server 2004 can help protect against all of these threats and more. This session demonstrates how ISA Server 2004 can enhance security for internal servers as well as external-facing resources such as Microsoft Exchange Server or Microsoft Internet Information Services. We will also show how ISA Server can operate as a virtual private networking server for more secure remote access to the internal network.

    TechNet Webcast: SQL Server 2005 Series (Part 5 of 10): Protecting Sensitive Data (Level 200)

    Monday, April 18, 2005 - 9:00 AM - 10:00 AM Pacific Time

    Bryan Von Axelson, TechNet Presenter, Microsoft

    Parts four and five in our series highlight the security enhancements in SQL Server 2005. Building upon the discussion of authentication and authorization in the previous session, part five of the series covers the crypto support in SQL Server 2005. We begin with an introduction to the concepts of database encryption including encryption support, keys, certificates and key management. We show how SQL 2005 can protect sensitive data using data encryption and module signatures, and introduce sign modules, what these are and how they work.

    TechNet Webcast: Assessing Network Security (Part 1 of 2): Planning and Research (Level 200)

    Monday, April 18, 2005 - 1:00 PM - 2:00 PM Pacific Time

    Kai Axford, Security Specialist, Microsoft

    How do you know whether your network is secure? And how do you know how to find out? This session is the first of a two-part series to help organizations plan and implement processes to identify vulnerabilities to network attacks. This first session shows how to plan your security assessment and how to gather information such that the methods and results fit your organization's needs. In this presentation we'll specifically show how to plan a security assessment and the details and processes for gathering network security information about your organization.

    TechNet Webcast: Threat Mitigation for Windows 98 and Windows NT 4.0 (Level 200)

    Wednesday, April 20, 2005 - 9:00 AM - 10:30 AM Pacific Time

    Harold Wong, Senior Technology Specialist, Microsoft

    While migration to a newer platform is recommended, many customers have key business applications that will only run on legacy operating systems. This session offers prescriptive information and test plans for hardening legacy Windows clients and servers, with the goal of reducing the security risk factors for Windows NT and Windows 98 systems as much as possible. We also provide guidance on how to upgrade securely to newer operating systems.

    TechNet Webcast: Network Isolation Using Group Policy and IPSec (Part 3 of 3): Advanced Network Isolation Scenarios (Level 300)

    Wednesday, April 20, 2005 - 11:00 AM - 12:00 PM Pacific Time

    Matthew Hester, TechNet Presenter, Microsoft

    This session is the final presentation of a three-part series about the information and tasks needed to implement data isolation using Group Policies and IPSec within an organization. The session describes several scenarios where you can use IPSec to enhance network security by using IPSec to create network isolation zones. This scenario-focused view of Group Policies and IPSec is based on Microsoft's prescriptive guidance.

    TechNet Webcast: Assessing Network Security (Part 2 of 2): Penetration Testing (Level 200)

    Monday, April 25, 2005 - 1:00 PM - 2:00 PM Pacific Time

    Kai Axford, Security Specialist, Microsoft

    How do you know whether your network is secure? And how do you know how to find out? This session is the second of a two-part series on assessing network security, to help organizations plan and implement processes to identify vulnerabilities to network attacks. This second session shows how to implement penetration testing for intrusive network attacks, presents checklists that will help identify and remediate common issues, the tools and processes for scanning systems for vulnerabilities, and concludes with a case study where all these factors are put to work at a typical commercial enterprise.

    TechNet Webcast: Security Risk Management (Level 300)

    Wednesday, April 27, 2005 - 9:00 AM - 10:30 AM Pacific Time

    Kai Axford, Security Specialist, Microsoft

    When establishing security for your network, you must take risk assessment, cost-benefit analysis, and implementation of security countermeasures into account. The Security Risk Management Guide, designed by Microsoft, can help your organization establish the ongoing process of security risk management. This 90-minute webcast presents a qualitative approach to risk management, tying in best practices from both the industry as well as the ones learned and formulated by the Microsoft internal IT Group.

    TechNet Webcast: Defense-in-Depth Against Malicious Software (Level 200)

    Friday, April 29, 2005 - 11:00 AM - 12:30 PM Pacific Time

    Michael Murphy, TechNet Presenter, Microsoft

    Malicious software has become increasingly advanced; worms and viruses can propagate more quickly and evade detection more effectively. This session describes how a defense-in-depth approach to antivirus solution design can help protect various components of a computing infrastructure from malicious software attacks, including client computers, servers and networking devices. This webcast also covers implementing an effective outbreak control and recovery plan and identifying, containing and remedying the effects of malicious software.

    For Developers

    MSDN Webcast: Practical Security for Intranet Solutions (Level 200)

    Friday, April 01, 2005 - 9:00 AM - 10:30 AM Pacific Time

    Joe Stagner, Developer Community Champion, Microsoft

    Internal Web and Windows-based applications often require integration with existing applications and systems, access to databases, strong authorization and authentication mechanisms, and identity management. This webcast discusses strategies for incorporating security best practices into intranet solution development. We will provide practical guidance on how to implement security enhancements throughout intranet solutions and introduce future security improvements available to developers through Visual Studio .NET 2005 and ASP.NET 2.0.

    MSDN Webcast: Practical Security for Internet and Extranet Solutions (Level 200)

    Monday, April 04, 2005 - 11:00 AM - 12:30 PM Pacific Time

    Rob Jackson, Developer Community Champion, Microsoft

    This session discusses strategies for incorporating security best practices into intranet solution development. Internal Web and Windows-based applications often require integration with existing applications and systems, access to databases, strong authorization and authentication mechanisms, and identity management. This session provides practical guidance on how to implement security enhancements throughout intranet solutions and introduces future improvements available to developers through Visual Studio .NET 2005 and ASP .NET 2.0.

    MSDN Webcast: Implementing Security for Mobile Device Solutions (Level 200)

    Friday, April 08, 2005 - 9:00 AM - 10:30 AM Pacific Time

    Joe Stagner, Developer Community Champion, Microsoft

    Are you dealing with security issues and concerns with your Microsoft Windows Mobile-based solutions? This webcast will describe the various the security considerations for building mobile software solutions and the tools, technologies and strategies available to the mobile developer. Both traditional applications accessed through mobile devices and solutions designed specifically for mobile use can be affected. You will learn how to use the security features of the Microsoft .NET Compact Framework in conjunction with Windows Mobile-based PocketPC and Smartphone capabilities to provide more secure file storage and data access. During this 90-minute webcast will also cover how to protect mobile device communications with your application servers.

    MSDN Webcast: Digital Blackbelt Series: Defending the Database (Part 1 of 2): The SQL Injection Attack in Detail (Level 300)

    Friday, April 08, 2005 - 11:00 AM - 12:30 PM Pacific Time

    Joe Stagner, Developer Community Champion, Microsoft

    Developers the world over underestimate the seriousness of a SQL Injection Attack. In this session we will dive deep into the topic and do some live hacks to see the huge danger of SQL Injection.  We'll discuss how a Mal-Tech might find and approach your box, discover your schema, table, and field names, steal your data, corrupt your table records, add himself as an administrator, reduce your own admin rights, pollute your network, take over your mail server, shutdown your application (and hide it from your ops people), upload his own wares and OWN YOUR NETWORK. Don't miss this webcast.

    MSDN Webcast: Writing Secure Code (Part 1 of 2): Best Practices (Level 200)

    Monday, April 11, 2005 - 11:00 AM - 12:00 PM Pacific Time

    Rob Jackson, Developer Community Champion, Microsoft

    Do you want to learn more about analyzing, mitigating and modeling threats? This presentation is part one of a two-part series to help experienced developers build their knowledge of secure coding best practices. Join this 60-minute webcast to learn about established threat modeling methodologies and tools and how to apply them with other best practices to minimize vulnerabilities and limit damage from attacks.

    MSDN Webcast: Assessment: Tips and Tricks for Web Application Security Testing (Level 300)

    Tuesday, April 12, 2005 - 11:00 AM - 12:00 PM Pacific Time

    Dennis Hurst, Senior Consulting Engineer, SPI Dynamics

    Caleb Sima, Founder and CTO, SPI Dynamics

    This session will demonstrate the proper technique for testing a Web application to ensure that it is properly secure. In addition, we will discuss the challenges of Web application security throughout the development life cycle, and the available methods and tools used to test the security of Web-based applications. Attend this webcast and learn how to test a Web application using a Web browser and the inherent limitations of this approach. You'll also learn what obstacles must be overcome during application testing to ensure proper security. 

    MSDN Webcast: Developing Applications in Windows XP Service Pack 2 (Level 200)

    Friday, April 15, 2005 - 9:00 AM - 10:30 AM Pacific Time

    Rob Jackson, Developer Community Champion, Microsoft

    Have you installed Microsoft Windows XP Service Pack 2 (SP2) and some of your applications are not working or are not working correctly? The new security features of SP2 may affect how certain types of applications run. Join this webcast to see examples of applications that may be affected and learn how to modify them to work with Windows XP SP2. Also, learn how to configure your development environment to work successfully on Windows XP SP2.

    MSDN Webcast: Writing Secure Code (Part 2 of 2): Best Practices (Level 200)

    Monday, April 18, 2005 - 11:00 AM - 12:00 PM Pacific Time

    Anand Iyer, Developer Community Champion, Microsoft

    Are you looking for effective strategies to defend against common security threats faced by application developers? In part two of this two-part series for experienced developers, you will continue learning more about established best practices for applying security principles throughout the development process. During the 60-minute webcast we will discuss common security threats faced by application developers, such as buffer overruns, cross-site scripting and denial of service attacks, and how to effectively defend against these threats. 

    MSDN Webcast: Advanced Application Development with Windows XP Service Pack 2 (Level 400)

    Friday, April 22, 2005 - 9:00 AM - 10:30 AM Pacific Time

    Rob Jackson, Developer Community Champion, Microsoft

    With Microsoft Windows XP Service Pack 2 (SP2), Microsoft is introducing a set of security technologies that will help improve Windows XP-based computers' ability to withstand malicious attacks from viruses and worms.  To developers these technologies will have an impact on the applications they create and the tools they use.  SP2 restricts how remote procedure calls are made across a network which may affect the operation of enterprise applications. Join this session as we discuss these interface restrictions and provide you with advanced application development techniques for SP2, including how to reduce RPC-based incompatibilities.

    MSDN Webcast: Digital Blackbelt Series: Defending the Database (Part 2 of 2): Making the Right Design Choices (Level 300)

    Friday, April 22, 2005 - 11:00 AM - 12:00 PM Pacific Time

    Joe Stagner, Developer Community Champion, Microsoft

    After drilling down into the infamous SQL Injection attack in Part 1 of the Defending the Database, we will now address several of the questions and answers developers have concerning the database and security.  This session will cover topics such as, Secure Connections, SQL versus Windows Authentication, user versus role-based authentication, EXPs, Managed Stored Procedures, Alerts and Monitors. 

    MSDN Webcast: Implementing Security in the Development Lifecycle (Level 200)

    Monday, April 25, 2005 - 11:00 AM - 12:30 PM Pacific Time

    Joe Stagner, Developer Community Champion, Microsoft

    Security should be your primary concern throughout the development process. This session discusses how security can be implemented at each stage of the software development life cycle. Microsoft has created the Security Development Life Cycle to describe how to implement security best practices by adding pointed and well-defined checkpoints to the existing development life cycle. This session outlines recommended changes to the design, development, testing, verification and release phases that can reduce the number and severity of security vulnerabilities shipped to customers.

    MSDN Webcast: Remediation: Developing Secure ASP.NET Applications (Level 300)

    Tuesday, April 26, 2005 - 11:00 AM - 12:00 PM Pacific Time

    Dennis Hurst, Senior Consulting Engineer, SPI Dynamics

    Prashant Sridharan , Lead Product Manager - VS, Microsoft

    Are you looking for a way to correctly validate input easily and quickly to ensure it is secure? This webcast will show you real-life examples and demonstrate how you can do this.  Throughout the webcast we will discuss secure state management, how to apply state management across multiple applications, as well as how to setup and develop proper authorization and access control to ensure that privilege escalation defects/vulnerabilities are removed. Attend this webcast to learn advanced Web application protection techniques covering how to code login forms and other form inputs so they are immune to malicious brute force attacks. 

    MSDN Webcast: Practical Security for Intranet Solutions (Level 200)

    Friday, April 29, 2005 - 9:00 AM - 10:30 AM Pacific Time

    Joe Stagner, Developer Community Champion, Microsoft

    Internal Web and Windows-based applications often require integration with existing applications and systems, access to databases, strong authorization and authentication mechanisms, and identity management. This webcast discusses strategies for incorporating security best practices into intranet solution development. We will provide practical guidance on how to implement security enhancements throughout intranet solutions and introduce future security improvements available to developers through Visual Studio .NET 2005 and ASP.NET 2.0.

    Additional Webcast Resources 

    Add/Read: Comments [0]
    IT Security | Tech
    Wednesday, 23 March 2005 16:54:28 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Tuesday, 22 March 2005

    In a series of semi-serious articles called "Managing Programmers for CEOs," management types (like me) and executive types (not me) can learn such valuable things as how to decipher the secret code programmers use in day-to-day conversation. For example, here are a few phrases taken from the first part of the series, "Decompiling Programmer-Speak."

    (The information contained in these articles is valuable, but the humor is there and you can't help but laugh at parts. By the way, I think developers and development managers are great - I only laugh because I find a lot of it humorous in a nice way.)

    “It’ll be done ASAP.”
    Translation: There is no schedule yet.

    “That feature shouldn’t add any time to the schedule.”
    Translation:  There is no schedule yet.

    “It’s fifty percent done.”
    Translation: It hasn’t been started yet.

    Also included in the series are a couple of other good articles, each containing good information and ideas, with some humor thrown in here and there:

    • Part Two - The Meaning of Done, and How You'll Know When You Get There (Good info about schedules, missing them and what that means to everyone)
    • Part Three - Features Kill Projects (How can you be "done" if the meaning of "done" keeps changing?)

    As is often the case, be sure to read the comments on each article page - in the case of these three articles, the comments are well worth the read, as well.

    Add/Read: Comments [0]
    Humor | Random Stuff | Tech
    Tuesday, 22 March 2005 21:34:36 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    Take one old Ruger 10-22 rifle, some electronics gear, a long can antenna, and some time to spare, and you too can be The Bluetooth Sniper...

    Apparently, these guys built a Bluetooth rifle and managed to stand on top of buildings in downtown Los Angeles without getting corralled by the police. In the process, they were able to connect to Bluetooth devices nearly a mile away:

    "As more Bluetooth devices started appearing, John said, "This building is full of Bluetooth! Look we got some Blackberries!" He also explained that, with multiple guns, it would be possible to track a single Bluetooth device as the person walked around. In less than a few minutes, twenty devices were detected—all at distances over a half mile away! We decided to quickly conclude the scan, given police activity in the area earlier in the day from a bomb scare."

    Tom's Networking has the full story, with step-by-step descriptions of the creation and use of the long gun radio:

    Add/Read: Comments [0]
    Geek Out | Tech
    Tuesday, 22 March 2005 00:35:57 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    One of the popular topics of conversation lately (I won't use the fancy-dancy blogger terms, sorry...) has been the reawakening of the browser wars. I don't think it's quite like it was back in the day, but certainly it's gotten a bit more interesting of late...

    Out of curiosity, I went to take gander at the stats to see if there was anything about the browsers being used by viewers of my weblog (web browser stats only below - no RSS numbers taken into account).

    No big surprises, but I think the percentage of people who view my site using Firefox might be slightly higher than the web-wide average? Current traffic on March 22nd, accumulated since March 1st:

    Browser name Page views % of traffic
    MS Internet Explorer 552668 68.7 %
    Firefox 128130 15.9 %
    Unknown 65443 8.1 %
    Netscape 20808 2.5 %
    Safari 11990 1.4 %
    Mozilla 11602 1.4 %
    Opera 8137 1 %
    NetNewsWire 2648 0.3 %
    Konqueror 771 0 %
    Camino 262 0 %
      Others 1083 0.1 %

    Add/Read: Comments [1]
    Tuesday, 22 March 2005 00:18:03 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Monday, 21 March 2005

    If you think about it, people interested in Windows Media Center Edition (MCE) should be the perfect audience for podcasts, so it makes perfect sense that Ian Dixon should fire up The Windows Media Center Show. He also has a weblog where he covers lots of Media Center stuff.

    There's already two episodes online as of the time of this writing, and more to come:

    Nice start, Ian - keep it up!

    Add/Read: Comments [1]
    Tech | Windows Media Technology
    Monday, 21 March 2005 20:55:20 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    Media Center Customizer 2005 is a cool app that lets you customize (wait for it) your Media Center Edition PC the way you want it set up.

    MCE Customizer 2005

    If you want to tweak your MCE 2005 settings and experience, you might want to give it a try. Read the full list of changes and get the download here. Cool stuff.

    Add/Read: Comments [0]
    Tech | Windows Media Technology
    Monday, 21 March 2005 20:41:58 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    Jeremy Wright and Mike Hillyer have just launched a new weblog called "The Wealthy Blogger," with the tagline "Money Management Blogging from two Decidedly Un-Wealthy Bloggers."

    It looks like a great new site where conversations can take place about the pains of credit, debt and money management. It's a topic many people should be interested in, whether they actually are or not.

    Anyhow, after reading a pre-release entry on the subject of credit card companies and the draining of today's college student population, I had some thoughts, which I posted there as a comment and am cross-posting here (slightly edited, but I have had more time to think about it since I originally posted my comments - see below).

    But that's not really the point - go check out the site - I think it will be well worth our collective time as the site grows. I've subscribed.

    Anyhow, here is me quoting myself (weird eh?) talking about my view of the reality of "borrowing" money... (edited and enhanced)

    To get you started, please remember one very important thing. Behind the spin and sales lines, there are only two types of people in the world:

    • People who buy money (often mistakenly called "borrowers")
    • People who sell money (often mistakenly called "lenders")

    That said, here are my comments:

    Looking even beyond just the credit card companies, *no* company that "lends" you money is doing you a favor. That's like saying the car salesman is doing you a favor by letting you buy a car.

    The fact of the matter is that when you get a home loan, a credit card, a personal loan, or charge to an installment account, *you* are the customer.

    People need to realize that: When you take out this kind of loan, you are buying money. You are the customer and the lender is the one who is selling you the money in order to make a profit. No lender does anyone a favor, even if it feels like that's what's happening. Just like with the car salesman, the idea is to make it *feel* like it's a favor. But in reality, the profits are theirs. They do those things necessary to maximize their profits and minimize their losses, just like any other business.

    Would you pay $100 in cash for $20 worth of groceries? If you put it on a card, that's possibly what you're doing, unless you pay your full balances within one or two months.

    It used to be that credit cards were held and used for emergencies. Now people use them like they're free money, without thinking. That's too bad, because unless you happen to have a very astute credit mind and the ability to pay off everything you charge within the grace period, you're borrowing from sharks.

    I know two young guys, about 20 to 22 years old, both of whom got credit cards and immediately ran them up buying fancy new computer equipment. One of them talked to me about it before he did it, and I advised him against it, but he did it anyhow. The other acted on his own without advice. Now they're both listening, after realizing how big a deal it is. I explained to both that it would take 30 years (or more with the high rates their cards had) to pay off a computer that would be outdated in one or two years if they made minimum payments. I told them about the virtues of saving and having cash on hand.

    Credit cards are evil for most things, but they can be a blessing for a few things: Purchase protection for big-ticket items is nice to have, and rental car coverage is a good benefit if you travel. But some of the check cards with a logo of the major companies on it will give you similar benefits.

    Which brings me to my final point: If you like using credit cards just because they are convenient and because you can use them to buy things online, you're probably using the wrong kind of card. Shop around for a ATM/Debit/Check/Visa-or-MasterCard type of card, and make sure you get one from a bank that offers the features you want.

    Finally - a reminder: Whether it's a credit-card loan or another kind, the APR of the loan is what determines how much you are paying on an annual basis (compounded - which means you pay interest on the accumulated interest, too, and not just the dollar amount you originally borrowed) for the money you are buying from the lender. Yes - I said *you are buying* money from a lender, and how much you'll pay depends on how long it takes you to pay it off. It's as simple as that. Credit cards are a big-money business for lenders and are a big-loss pig of a deal for borrowers.

    If you have to borrow, like for a car or home purchase, you should always shop for money the same way (or more diligently than) you shop for gas, cars, clothes, airline tickets, electronics, homes and whatnot. No lender is ever doing you a favor - they are selling you money, and they are doing so at a profit. Don't ever forget that.

    See that? I did learn something, after all.

    Add/Read: Comments [0]
    Blogging | Random Stuff
    Monday, 21 March 2005 08:54:50 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Sunday, 20 March 2005

    Speaking of, Eric pointed out to me that he and the others over there have been busy:

    [9:59:12 PM] Eric Rice says: added some crazy mad new features to audioblog
    [9:59:18 PM] Eric Rice says: podcasting without needing a blog
    [9:59:18 PM] Greg Hughes says: yeah?
    [9:59:25 PM] Eric Rice says: and recording to MP3 right over the web

    Come to think of it, I read that on Friday, but I have not had a chance to check it out yet.

    Eric made a QT movie that shows how to make podcast RSS feeds with, and how to record your podcasts straight to MP3 online, with nothing but your web browser pointed to your account.

    Upload an audio file, record it online with the browser, or call it in... All three ways will let you create your podcasts anyplace, anytime. You don't even need a text weblog to do this, just and it's enclosure feeds - cool stuff!

    By the way, there's video enclosures on the system, too... Videoblogging feeds - hmmm!

    Add/Read: Comments [0]
    AudioBlogging | Tech
    Sunday, 20 March 2005 22:24:09 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    A friend of mine from the online world (and big shot from, Eric Rice, has taken over the Engadget "airwaves" and is now hosting the Engadget podcast.

    Eric's a cool guy, and it's great to have an Engadget podcast back online. It's a tough room to play to, but Eric will do well with it.

    Check it out here. The Podcast feed is here.

    Add/Read: Comments [0]
    AudioBlogging | Geek Out | Tech
    Sunday, 20 March 2005 22:05:32 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    A different kind of game...

    My friend Broc works at his family business. They have this great big lot and facility in an industrial area of Portland, with a few warehouses and huge shop buildings. Two of the buildings are vacant, and the lot lends itself to hiding, sneaking around and - well, a different kind of organized (and safety-conscious) fun.

    I didn't take the pics, I just lent my camera to another person who ran around trying not to get shot at, while I took an MP5 and defended the base.

    By the way - and before anyone freaks out: While this looks hard-core, realistic and (if it was real) dangerous, it's actually a game/sport called Airsoft, and the people who play are quite safety-conscious and wear proper protective gear. The guns shoot lightweight, tiny plastic balls the size of a BB. Yes, they can hurt if shot too close, but a red welt is about the worst one can expect when wearing the proper protective gear - namely good eye protection. Safety is important, and it's what makes the game fun. You'll hear people calling "safety kill!" if they are too close to shoot safely, for example. Obviously, point-blank shots with plastic BB's will hurt, so everyone's quite careful and adheres to certain rules. Never play games like this without the proper safety gear - anyone who doesn't practice safe play is an idiot, and you should not include them. Trust me, having fun is good, but being cool and safe with others is much more important.

    Ok, anyhow - here's some pictures of what we did last night:


    Don't have any train cars available in your local industrial complex, a la Counter-Strike? That's okay, semi trucks are a good stand-in, and besides they have real horns and lights and other things that can throw people off. Plus, the trains are just over on the other side of the fence, so the crashing train sounds are there, even if the cars are not.


    Flash photography makes these guys a little more visible than they actually are when you're playing. Imagine nighttime alley lighting and shop lights indoors being turned on and off by whoever happens to have control of the light switches at the time. You never really know when it will be dark or light.



    Hard Core Dave. Camper, heh. 'Nuf said.


    Cory checks the warehouse floor from behind cover. See the light switches? Cory's the master of lighting tactics.


    The attacking team posed for a photo. All us defenders should have done the same. Doh! There was 12 or more of them and 8 of us on the defending team.


    Three posers of us from the defending team: Dave, me and Cory. Dave and Cory were a little more effective than me - I got safety-killed around a doorway corner right at the beginning of the first game, and got one "kill" in the second game before I got exposed when the lights came on and I was in the clear. Dave got several, and Cory got a couple too.

    That was fun. I discovered I definitely need to go and buy glasses (or contacts maybe) again (I broke my last pair and have not had them replaced because I am lazy that way). Gun sights just aren't as easy to see as they used to be!

    Add/Read: Comments [2]
    Random Stuff
    Sunday, 20 March 2005 14:52:25 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    It's windy and a bit chilly today. But the flowers are cool. Spring's sprung.


    Add/Read: Comments [0]
    Photography | Random Stuff
    Sunday, 20 March 2005 14:09:32 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    Microsoft has published their Security Development Lifecycle whitepaper, where they describe the process that Microsoft has adopted for the development of software that needs to withstand malicious attack.

    It's a good read for people responsible for writing software, as well as those responsible for ensuring software development processes properly addresses security as a requirement.

    The basic principles of the Security Development Lifecycle are described in the paper:

    • Secure by Design: the software should be architected, designed, and implemented so as to protect itself and the information it processes, and to resist attacks.
    • Secure by Default: in the real world, software will not achieve perfect security, so designers should assume that security flaws would be present. To minimize the harm that occurs when attackers target these remaining flaws, software's default state should promote security. For example, software should run with the least necessary privilege, and services and features that are not widely needed should be disabled by default or accessible only to a small population of users.
    • Secure in Deployment: Tools and guidance should accompany software to help end users and/or administrators use it securely. Additionally, updates should be easy to deploy.
    • Communications: software developers should be prepared for the discovery of product vulnerabilities and should communicate openly and responsibly with end users and/or administrators to help them take protective action (such as patching or deploying workarounds).

    Also discussed are the phases of the lifecycle in application, and Microsoft's experience in putting the DSL into use at that company, as well as the results of the initiative. If the small amount of information quoted above is of interest, take the time to read the paper.

    Dana Epp comments and has insights into the changes that have happened at Microsoft over the past few years. It is pretty darned amazing to have watched (and participated in, as part of my roles as partner and customer) the changes Microsoft has made with regard to security. I can say from my own experience that security is at the front of MSFT developers' minds every day, and while it's not perfect (and never will be, regardless of the software or authors), it definitely shows.

    (via Dana Epp's weblog)

    Add/Read: Comments [0]
    IT Security | Tech
    Sunday, 20 March 2005 13:04:05 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Wednesday, 16 March 2005

    Videosplash2Out of the toilet and into the conference room, the video saga of Rory and Scott's lead-up to TechEd continues.

    Rory and Scott - Two really high speed programmers...

    Thank God for WS-PPT


    Add/Read: Comments [0]
    Humor | Random Stuff | Tech
    Wednesday, 16 March 2005 16:06:03 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    I clicked through a few blog posts and comment author links (since their comments were interesting to me) and ended up on Dave McClure's weblog (again). There at the top, I saw his latest entry - that has just been launched.

    So, I clicked on over. It's fast, easy, nifty and cool. Within a few seconds I did a search for keywords in my area and found current job listings from Monster, America's Job Bank, Career Center, USA Jobs, HotJobs and more.

    Search for a phrase by putting it in quotes. You can see the age of the listing under each item, as well as where it's from. When you click on a link, you go to the original listing.

    Fast, simple and it works. Not bad. They even have a blog.

    And I like the "no results" response:

    "Dang. We didn't find anything for you.

    "You're probably a good speller, but check the description or location terms you entered. You can also try using some other keywords, or enter fewer words to expand your search

    "It's also possible we made an error somewhere. Sometimes computers are human too. Sorry."

    Add/Read: Comments [2]
    Random Stuff | Tech
    Wednesday, 16 March 2005 07:32:21 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    Chris has just announced that Gnomedex 5.0 registration has opened up. There are 300 spaces open, so sign up soon! If you've been to a previous Gnomedex, there's no need to explain the why's an how's, but for those who have not, here's a little info:

    • It's in downtown Seattle, Washington at the Bell Harbor International Conference Center  - a GREAT city and with easy access via air, car, train, or whatever.
    • It Begins Thursday June 23rd at 5:00 pm and ends Saturday June 25th at 6:00 pm.
    • Gnomedex is a great place to actually meet and talk to a variety of high-profile techies, geeks and other smart people. It's also a great place to form relationships and get cool ideas.
    • The Gnomedex blog is right here (clicky-clicky).
    • I met a good number of people face-to-face at Gnomedex last year that I am in regular contact with ever since.
    • Register here.

    I'm already registered, now I just have to rework my crazy schedule!

    Add/Read: Comments [0]
    Geek Out | GnomeDex | Tech
    Wednesday, 16 March 2005 07:05:53 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Tuesday, 15 March 2005

    Jeffrey McManus puts it so well, I won't even try this time. I've commented on sales calls before.

    For me the past two weeks have been a complete mess of cold calls and "followups" from salespeople that seem to think their products will save my life or something. I can't get anything done. It's been awfully tempting to just kill my outside extension...

    McManus: "So many sales droids keep making the same mistakes, I thought I'd put together a handy primer on how not to sell crap to me."

    Jeffrey's right on. Make your calls worth our while. Please. Read it here.

    (found via Scoble's link blog)

    Add/Read: Comments [0]
    Random Stuff
    Tuesday, 15 March 2005 22:08:05 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    There's a excerpt from a yet-to-be released book by Jesper Johansson and Steve Riley available to read online. The article, entitled "Security Myths," it takes a look at some of the security shortcomings typical to use of security guides and reliance upon following a predefined set of steps without looking at the whole picture. It's a great lesson in how to look at things, rather than how to follow prescriptive

    This section is somewhat (OK, very) cynical. Take it with a grain of salt and laugh at some of the examples we give. Do not lose sight, however, of the message we are trying to get across: These are myths. If you are careful to avoid falling into the trap of believing them, you will be able to focus your efforts on the things that make a real difference instead of being lured like so many others into staring at a single tree and failing to see the security forest.

    So what are the myths? Well, for the details go read the article, but at a high level...

    • Myth 1: Security Guides Make Your System Secure
    • Myth 2: If We Hide It the Bad Guys Won’t Find It
    • Myth 3: The More Tweaks the Better
    • Myth 4: Tweaks Are Necessary

    Add/Read: Comments [0]
    IT Security | Tech
    Tuesday, 15 March 2005 17:54:10 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Monday, 14 March 2005

    bookthisblog.comA guy named Matt has an idea. He reads blogs, and realized that sometimes he'd like to have an analog version - like one on paper with a cover and bound on the left.

    And so, he come up with

    That's a cool idea, I think. There are a few blogs I'd really like to read on paper, one's that I'd hang onto for sure, such as:

    I'm sure I'll think of others. Plus, I'd like to be able to "burn" my own blog as a book now and then, maybe once a year, just for keepsake purposes. My family would probably like it, too. And there are megabloggers who I am sure would find a use.

    There *is* a lot to be said for something you can hold in your hands, something of physical substance. Cool idea, Matt - Make it happen!

    Add/Read: Comments [2]
    Blogging | Random Stuff
    Monday, 14 March 2005 20:43:31 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Saturday, 12 March 2005

    TPSfilmOk, more and more funny. Take one part Superfriends and one part Office Space, and you end up with the hilarious TPS (This Place Sucks). Very, verry funny to watch. I love the use of the Superfriends sound effects, that's great.

    If you're a fan of Superfriends, or Office Space, or both - this is for you.

    It comes from idiotwork - check them out as well. More funny content can be found there.

    Add/Read: Comments [0]
    Saturday, 12 March 2005 10:38:47 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    Found via UtterlyBoring: The Church Sign Generator

    That explains a lot.

    Add/Read: Comments [2]
    Humor | Random Stuff
    Saturday, 12 March 2005 08:37:47 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    Got a PowerPoint presentation that just doesn't fulfill its "Power" requirements?

    Cliff Atkinson, author of the book "Beyond Bullet Points," has written a post seeking volunteers who want to take their PowerPoint presentations from typical and run-of-the-mill variety to something truly effective and powerful:

    "Are you ready to transform one of your presentations Beyond Bullet Points? If you have an existing PowerPoint file and you want to liberate the great story buried deep beneath all those lines of text, drop me a note and tell me about it.

    "I'll review the applications and select a few presentations that represent a range of professions and purposes. If your presentation is selected, all you need is a copy of my book to guide you through the details of the process, along with your critical thinking and creative skills. The other resources we'll use are free, and we'll find graphics from free or low-cost sources, or we'll make them ourselves.

    "The one condition is that you are fine with making all of your presentation materials freely available for other people to see through the course of the public makeover - we'll even ask blog readers for their comments and suggestions."

    Cool idea! If you're interested, contact Cliff though his weblog - the post is here.

    Add/Read: Comments [0]
    Office 2003 | Random Stuff | Tech
    Saturday, 12 March 2005 08:15:07 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Friday, 11 March 2005

    This is a test of a photo attachment weblog post sent to dasBlog via email from a Treo 650 smartphone. The Treo is kind of cool, but Cleo (the cat) is cooler. :)

    Note: Unfortunately, due to a bug of some kind I had to intervene on the mail server and manually delete the email post for this entry, because it kept reposting to the blog every few minutes. Oh well - at least I know the posting from the treo works!


    Add/Read: Comments [1]
    Friday, 11 March 2005 22:48:00 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    Skype is now allowing its users to sign up for SkypeIn, a new service that allows you to get a phone number assigned to you your Skype account. So, for people who want to reach you by phone, they call that number from their plain-old telephone service line just like any other phone, and it rings your Skype on your computer. Numbers are available in France, Hong Kong S.A.R., China, the United Kingdom and the United States. I checked the US listings to see what area codes are available, and there are none in Oregon yet, but hopefully that will change soon.

    For a while now Skype has offered SkypeOut, a service that lets Skype users make calls to the regular phone network using Skype on their computers.

    This is really very cool. One of the beautiful things about skype is its ultimate portability. Put Skype on your laptop and take it with you wherever you go. Windows, Linux or Mac OS/X. Run Skype on a PocketPC with Windows Mobile and an Internet data connection, add SkypeIn and SkypeOut, and in theory you're making and receiving calls on the mobile network, but without using the mobile minutes. Hmmmm.

    Of course, don't forget the high quality voice audio you get with Skype. And the ability to have your "phone" rind with one number in multiple places.

    This whole VoIP, Skype, digital communication thing is getting more and more interesting...

    Add/Read: Comments [0]
    Friday, 11 March 2005 20:35:07 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    Videosplash1Okay, this has to be one of the funniest damn things I have seen in a while on a weblog. Geek humor in the toilet. Literally.

    Rory and Scott are in a video, a sort of a pre-TechEd thing. And it's freakin' great. Expect more in the future, too.

    You have to go watch it.

    Like, go watch it right now.

    Add/Read: Comments [0]
    Humor | Random Stuff | Tech
    Friday, 11 March 2005 19:40:03 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Thursday, 10 March 2005

    WifiMicrosoft has released a new prescriptive paper describing in step-by-step fashion how to deploy a secure wireless LAN using Protected Extensible Authentication Protocol (PEAP) and passwords:

    The Securing Wireless LANs with PEAP and Passwords solution guide is designed to help small- and medium-sized organizations protect their wireless local access network (LANs). This prescriptive guidance will assist you in planning, deploying, testing, and managing a wireless LAN security infrastructure using Microsoft Windows XP, Windows Server 2003, and Pocket PC 2003. The guide is a companion to the earlier solution guide Securing Wireless LANs – a Certificate Services Solution. However, this updated guide uses passwords to authenticate users and computers to the LAN instead of digital certificates.

    The solution uses industry standards such as 802.1X to ensure broad interoperability. Windows XP Wireless Auto Configuration and the Microsoft Active Directory directory service help to minimize the complexity of installing and managing the solution—many of the more complex operations are automated in scripts that are provided with the guide. You can also install the solution entirely on existing servers in your environment to keep costs low.

    Also useful in the context of these articles:

    Add/Read: Comments [0]
    IT Security | Tech
    Thursday, 10 March 2005 21:34:19 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    CG has sure come a long way since 1977. The new movie trailer for Star Wars - Revenge of the Sith just played for the fist time at the end of The OC on television. Looks interesting.

    I can't say it got my blood pumping or made me jump up and down and cheer, but the saga concludes with this one, so it better be good!

    Next on the agenda, CSI is coming on right now, and although I don't normally watch it, Wil Wheaton's got a role on the show. Just saw his name on the screen in the opening credits. Coolio - Gotta go watch.

    Update: Hey Wil - you play crazy and homeless pretty darn well!! Well-done, congrats!

    Add/Read: Comments [0]
    Movies | Random Stuff
    Thursday, 10 March 2005 21:09:51 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    Google released their desktop search tool out of beta this week - so it's the full mean deal now. They've added support to search even more content (including Thunderbird email yay!) and for people who want even more, there are plugins available that will let the application index even more kinds of content so you can search almost anything you like. And if there's not a plugin available, well then write one!

    Google Desktop Search: Get it here.

    If you're a person who gets confused when looking at search results because the results from your desktop (local computer) search are listed on the page with your Google web search results (or if you just want to separate them), here you go:

    The default behavior for Google's Desktop Search is: "Show Desktop Search results on Google Web Search result pages." But you can disable that if its confusing. Just right click on Google Desktop Search icon in the system notification area, then choose "More" then choose "Preferences." It's on that page, just scroll down and find the option and uncheck the box.

    Add/Read: Comments [0]
    Thursday, 10 March 2005 19:35:58 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    Microsoft has posted "What to do if you've responded to a phishing scam," a set of four steps (with some details about each) you should take if you think you may have mistakenly provided personal financial or identification information in response to a fraudulent email. They've also updated and posted a set of related articles dealing with phishing and email fraud (listed and linked below).

    The steps they list in the article are:

    • Step 1: Report the incident
    • Step 2: Change the passwords on all your accounts
    • Step 3: Routinely review your credit card and bank statements
    • Step 4: Use up-to-date antivirus and anti-spyware software

    And they have posted more articles with information about phishing and email fraud:

    But remember: Being prepared and on the watch before the fraud ever happens is the best way to not become a victim. The links above and other resources on the 'net can help you educate yourself and people you know about the things people should do to keep from becoming victims.

    Add/Read: Comments [0]
    IT Security
    Thursday, 10 March 2005 17:18:36 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    The Game Developer's Conference is always an interesting even with lots of cool news for game geeks to get all anticipatory over.

    Microsoft's released some screen caps showing off the user interface for the next-generation XBOX Guide - an entertainment gateway for users. The also describe the future XBOX experience: "games, friends, music, and more."

    Screenshot 1Screenshot 2Screenshot 3Screenshot 4

    The sample images and more info are available here.

    You can also listen to the keynote address by Microsoft's J Allard, in which he speaks about the next-gen XBOX:

    (found via Engadget)

    Add/Read: Comments [0]
    Geek Out | Random Stuff
    Thursday, 10 March 2005 07:22:47 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Wednesday, 09 March 2005

    Note: I am posting this entry because readers of this weblog might be interested in the job openings mentioned here. This post is my own, and is not a communication by or for my employer. I am just trying to make people aware of some opportunities that I happen to know about.

    Any talented software developers out there?

    The company I work for, Corillian, is hiring right now. Among the jobs being recruited at the time of this posting are two for which I have some sort of responsibility: A software development engineer with ASP.NET experience in the Security department; and a developer with experience working with and programming on SharePoint 2003 to work in the corporate IT department.

    Corillian's a cool company to work at, and both positions are good opportunities (I think) for people interested in either of these work areas.

    So, if you know anyone who might fit the bill (talented SharePoint programmers or experienced development engineers wanting to work on building some really cool Internet security products), drop me a line right quick and I will make sure resumes and letters get routed appropriately. See the "Contact" section in the sidebar to reach me, or apply through the web site. Details about each position are available on the Corillian web site, as well.

    By the way - There are even more cool jobs open at the company right now for QA people, sales execs, project managers, system administrators and technical account managers - So if you're in the Portland area and any of those catch your eye, you might want to check them out.

    Add/Read: Comments [2]
    Random Stuff | Tech
    Wednesday, 09 March 2005 20:49:14 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Tuesday, 08 March 2005

    Looks like BitTorrent v4 has been released. New clients for Windows, Mac and Linux.

    From the release notes:

    2005-03-07: 4.0.0 is now available.
    Changes since the last stable release:

    • All new queue-based user interface
    • Many options are now modifiable from the interface, including upload rate
    • Lots of other interface improvements
    • Extra stats are visible, for those who like it
    • Remembers what it was doing across restarts
    • New .torrent maker "btmaketorrentgui" replaces "btcompletedir"
    • Better performance, as always
    • License has changed to the BitTorrent Open Source License
    • Torrent fields are correctly created and interpreted as utf8
    • Too many little things to list

    A few technical notes, for those interested:

    • Single port: launchmany can seed and client can download many files from a single port and thread
    • Interface now uses GTK instead of wxWidgets
    • BitTorrent packets are marked as bulk data to make traffic shaping easier

    Add/Read: Comments [0]
    Tuesday, 08 March 2005 22:02:59 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    I was driving home from work today, crossed over Cornelius Pass Road and onto Highway 30. As I drove down the road I caught a glimpse of Mt. St. Helens, with what looked to be a standard-fare steam plume, typical of what one sees popping over the crater these days, coming out of it. The mountain dropped out of view behind some trees as I drove, and when I rounded a corner and saw it again a few minutes later, I noticed the plume was growing. Within a couple of minutes the plume was thousands of feet in the air. Huge. Pretty amazing really.

    Anyhow, for what it's worth, here is my not-so-scientific observation...

    First of all, the white cloud looked to be mostly a whole lot of steam. Some darker material appeared to be dropping over to the east of the mountain from the cloud, but honestly it's hard to tell shadows from falling material. The National Weather Service issued an ash-fall warning for that area.

    Helens_blows200x160  050308usgs_helens

    (Photos from KGW and USGS)

    It looked like a bomb hit for a while, a big bulb of a cloud rising straight up from the crater. Then the wind started to push it to the east, and eventually it dropped and started to dissipate.

    In my super-geek analysis, I can tell you that this was probably the new dome area involved, rather than the old dome. No surprise there. Why do I say that? Easy. It's a complete guesstimate...

    Here is the new dome's seismograph, going offline first (click for large image):


    ...and here is the old dome's seismograph, knocked offline later than the new dome equipment:


    Pretty amazing sight this evening. Unfortunately, I didn't have my good camera with me, but others have done plenty to photograph it.

    UPDATE: USGS web site details and images on March 8 eruption.

    Add/Read: Comments [1]
    Mt. St. Helens
    Tuesday, 08 March 2005 19:05:53 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    Via HineSight: On Nightline this evening, the subject matter will be blogs and bloggers and blogging.

    Is it just a fad? Is it simply a medium? Is it a revolution? Is it nothing, really? It all depends who you ask. It will be interesting to see what Nightline's take is...

    Tonight's piece is a fascinating one. Turns out that as John and producer Elissa Rubin were conducting interviews with bloggers, they were being blogged. The bloggers had some interesting opinions, to say the least. And as this program airs (and this e-mail is read by viewers), there's no doubt that bloggers will blog about it...

    Umm, yeah. Heh.

    So what are blogs? Turns out that although 8 million have created blogs, 62 percent of Americans who use the Internet don't know what a blog is. That's according to the Pew Internet & American Life Project. And in an age where blogs are fundamentally changing the nature of news, we thought we'd tell you the story about the beast of blogging...

    Check your local ABC affiliate's listings, but it's probably right after your late news.

    Add/Read: Comments [0]
    Tuesday, 08 March 2005 12:39:57 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Monday, 07 March 2005

    I'm always up for a good laugh, and today a coworker showed me a fun web site called Atom Smasher's Error Message Generator, where you can generate visual renditions of your own twisted Windows error messages.

    Get a little creative with this stuff and you'll quickly find yourself participating in email threads with friends, trying to best each other in the geek-humor department.

    Add/Read: Comments [0]
    Geek Out | Humor | Random Stuff
    Monday, 07 March 2005 23:29:37 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    Microsoft Knowledge Base Email AlertzIf you've ever used Microsoft's online support knowledge base, you know how much information is available there, and how hard it can be to find information you're looking for. On top of that, how are you to know when new articles are added about the technologies that you care about?

    For a few years now, I have used a free online service called KBAlertz to keep track of KB articles that are released about the Microsoft servers and apps I deal with every day. I get email notifications whenever new KB information is published in areas like Office, Exchange, SharePoint, SQL, LCS, Windows Server, Windows XP - you name it. Whatever topics you choose, you can stay informed.

    There are three primary ways to get the info you want and need from KBAlertz: Browsing/searching, email and RSS feeds.

    Personally, I subscribe to the site's email alerts and get them on a regular basis whenever new items that match my criteria are discovered. The digest-formatted HTML emails contain all the new articles since the last check, and are nicely formatted and easy to use.

    For a few key technologies I also subscribe to feeds in my RSS reader, FeedDemon, where I can easily catalog and search through them.

    For example, let's say I am interested (as I am) in keeping on top of all the latest knowledge base info about IIS 6. This web page lists the latest articles, and this Subscribe to the RSS feed button, which you find at the top of each technology's page, let's me subscribe to the IIS 6 RSS feed for new updates.

    Signing up for the email alertz is easy and it's free - just quickly create an account and start checking the boxes next to the topics you are interested in. You can choose from the whole gamut of Microsoft technologies.

    The Microsoft Knowledge base is cool, and it's a great source of info. KBAlertz just makes it better.

    Add/Read: Comments [0]
    Monday, 07 March 2005 18:38:20 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Sunday, 06 March 2005

    Update on my back surgery stuff for the four or five of you who are following and care...

    Well, since my back surgery procedure things in December, I have had some relief from the pain I was experiencing. I even had a couple of days where I felt better than I can ever remember feeling.

    But overall, while things are certainly better in many ways, overall it's not been better enough, if you will, to call it resolved. I have been doing physical therapy for two full months and the pain has increased and decreased somewhat a number of times. But overall, it's still a problem - weakness in both legs, pain reaching from my back into my legs and feet, and enough pain to keep me up at night and severely limit my ability to do the regular day-to-day things I need (and want) to do in life.

    The procedure that was done in December was a minimally-invasive procedure, in which the doc went inside the L5/S1 disc and removed some of the material there, which was to allow some of the bulging material that is impinging on my spine to be reduced, relieving pressure on the spinal nerves, and therefore relieving pain. Unfortunately, while it's better at times than it was, it's still a pretty serious problem.

    So, the doc ordered a new MRI a couple weeks ago. We saw the films the other day. And it looks like its time to see another surgeon. At least this surgeon says so.

    Unfortunately, the images are not all that good. The disc appears to have extruded more material at some point, so the problem and pain are in the same general location (same joint), and it feels and acts very much like what I was experiencing before the procedure, except that the pain moves from one leg to another somewhat regularly. I guess after 12 or so years of wear and tear, this is just not going to be a simple process.

    So, off to a few more docs I go. The minimally invasive route was, I think, worth it for a first step, but now it's time to see what - if anything - can be done to better solve the problem. My current doc has his recommendations (microsurgical discectomy to cut out and remove the herniation), and we'll see what other docs think is the best thing to do.

    I just finished a 6-day pack or methylprednisolone, which is a super-anti-inflammatory thing. For a couple of days, when the daily dose was high, I felt fairly okay. Now that it's all gone and all I am taking is the regular anti-inflammatory stuff, it's back to being pretty darned uncomfortable and at times pretty painful.

    I don't expect to be made completely better - not at all. But it would be nice to be able to lean over the sink when I wash my hands and brush my teeth, or to be able to bend over to put on my socks and whatnot. Not to mention the fact that things like pulling weeds in the garden can't last for more than 5 or 10 minutes on a good day, and if I actually decide to pull the weeds, I'll pay for it for days.

    Again, I am glad I went with the minimally invasive route first. It has helped me overall, and generally speaking I am in somewhat less pain, which is a good thing. I'll just have to move on from here and see what's the next best thing to do.

    Add/Read: Comments [1]
    Kineflex Artificial Disc Surgery | Personal Stories
    Sunday, 06 March 2005 15:49:46 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    People reading this weblog in HTML format can see the banner ad above for a Mac Mini, which is linked to my affiliate registration page on Gratis Network's web site. There they present an offer to sign up for a referral account, the end result of which is to get a free Mac Mini. In other words, spread the word and get some people to sign up and you get a free machine. Each participant has to complete a marketing offer of their choice.

    I know this is such a shameful, terrible thing for me to do, placing an ad on my web site and hoping people will actually click on it, that some of those will sign up for the program and choose one marketing offer from the several presented, and that ten people will actually complete one of the offers (and then do the same thing if they choose, so they can get a free Mac mini, too).

    But hey, it's as much an experiment as it is a desire to get the computer. And besides, a few of the offers interested me even without the carrot of a free computer.

    And I am doing this passively - I blogged about it when I first set it up, and since then it's just been an ad up there on the web page. Anyhow, being a bit of a sceptic, I thought it would be interesting to watch, and I figured I'd catalog some of my experience thus far here.

    First of all, my weblog is definitely not geared toward Macs or Apple. I just don't write much about them. Not that I have anything against the Apple products - quite the contrary, in fact. I have been considering a Powerbook or Mac purchase for some time now. I won't ever switch from the PC, but adding it to my lineup of computers would not be a bad thing. At any rate, the people who visit this site are not coming here looking for Mac info or computers, for the most part.

    That said, a number of people have signed up for the offer, many have not completed the whole marketing thing, and six of you out there are logged as having signed up, completed an offer, and it's showing credit for doing so. I know of at least one person who has done all that and does not show up as receiving credit for his activity, which is too bad. It's been a few weeks, too. It should work better than that, but glitches do happen - and there is a way to let the service kbow if you don't get your credit.

    So, with six people having completed the process in the past month or so, that means four more will need to complete one of the marketing offers before I will receive the computer.

    I have some thoughts about the whole process, and the offers presented. Here they are in no particular order:

    • People tend to be leery of "free" offers and marketing madness (myself included), but since I actually know a couple people who received free iPods and flat-screen computer monitors by participating in Gratis' programs, I have some confidence. Plus, TechTV lends some credibility (wow that's oxymoronic, but you get the point) in this video segment.
    • The survey thing when you first sign up is a little annoying because they don't make it clear it's not part of the core offer (they ask you a bunch of questions marked "optional" and you can skip them if you want, or just wait for the email to show up that gives you a confirmation link that bypasses the survey stuff - it only takes a minute or so). I get the reasons for it (this is, after all 100% marketing), and it looks like they have made some improvements, but still... You can skip it and click your email link to continue.
    • There are some cool offers on there, but the ones that enticed me the most were available earlier on in the campaign. I signed up for Blockbuster Online, and I am really enjoying that, but I don't see it available there anymore. I think eFax is a great service for people who need to send and receive FAXes and don't have or don't want to deal with the paper machine - it's all electronic and portable. There's a 30-day free trial of on there now, and I am tempted to sign up for that one myself, it's a cool service that I could actually use.
    • I have not actually heard of anyone receiving a free Mac Mini yet - anyone gotten that far along yet?

    So, if you're interested in doing the same thing, or if you're in the market for an eFax or account and want to use their trial offers, or if you're just curious, click the banner and help a guy out.

    I'll post more if/when I actually get the computer.

    Add/Read: Comments [0]
    Random Stuff
    Sunday, 06 March 2005 11:49:07 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    Ok, let's face it - the native discussion list capabilities in SharePoint 2003 are - well - they're just "okay." They do work, but are just a little too frustrating in their implementation to use in the real world.

    But Serge van den Oever has posted an announcement and a link to the SourceForge site where they have put together a release of the "Macaw Discussion Board," a list template that builds on top of the SharePoint native discussion lists and improves on the native functionality big-time.

    It is great that SharePoint supports discussion lists, its a pity that their implementation is "suboptimal".

    The two biggest problems that I have with the discussion lists are:

    • When you reply on a discussion item, you don’t see the text you are replying on
    • Discussion items are displayed in the wrong order: oldest items first!

    Changing this behavior is not as easy as providing a new view. Some more work is required.

    We worked around these limitations more than a year ago, but I never found the time to make these modifications available to the community. Until now…

    They have also provided a discussion thread view in their list template.

    So, before you run off to find a third party forum/discussion program to adapt to SharePoint because the default capabilities are too frustrating, you might want to see what you can do with Macaw's Discussion Board. You can check our Serge's announcement and documentation post and download the list template.

    Add/Read: Comments [0]
    SharePoint | Tech
    Sunday, 06 March 2005 09:39:56 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    Ep3Yesterday I mentioned the HHGTTG trailer. But there's another trailer out (it may have been out for a while, not sure?) for a film that just a few people are anticipating, as well.

    Update - Rick fills us in on a new trailer about to come out: "That's a pretty old trailer. A new one comes out online 03-14, but you can see it in the theater before Robots starting 03-11, or during the OC on 03-10."

    Star Wars Episode III - Revenge of the Sith opens in theaters on May 19th. A trailer is available online. Looks like it might be cool, but history has proven it's a little hard to tell with Star Wars movies. I hope it is. And I hope they don't spend too much time showing Darth Vader slowly "rising," rotating mechanically to an upright position on some metal contraption. Freakin' pull that awesome Vader-virtual-choke-hold thing on someone or cut someone's arm off or something! Armies of Wookies... Better than Jar Jar for sure... Hmmmm, this one might be cool.

    When the first Star Wars movie came out back in 1977, I had just turned 10 years old. It showed for more than a year off and on (more on than off) as a matinee film in my home town. I saw it dozens of times with my friends. We were young upcoming geeks and nerds, living in the ultimate little incubator of geeks and nerds. So, it doesn't actually matter to me whether the movie is good or not, it represents coming full circle on a long journey of sorts. Well, metaphorically anyhow.

    Did you know??? The original script name for the original Star Wars film (Episode IV) was "Adventures of the Starkiller: Episode 1 - The Star Wars." Sure am glad they changed that.

    Anyhow, check out the Episode III online trailer, and enjoy. But if you're into this stuff and don't mind getting sucked in for a few hours, there's also a bunch of cool videos about the making of Episode III available here, and some concept art used in the making of the film can be seen here.

    Add/Read: Comments [2]
    Sunday, 06 March 2005 08:45:34 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Saturday, 05 March 2005

    Gaping Void has some pretty darn funny (and yes, somewhat racy at times) cartoons. Business card cartoons. Funny. You. Click. Read.

    Add/Read: Comments [0]
    Saturday, 05 March 2005 12:43:54 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    HhggtrailerOne of the best books ever is about to be released as a movie. It opens in theaters on April 29th.

    Attention businesses of Earth: We hereby call for all businesses to close their doors for one day to allow all workers to see the film on opening day. Thank you in advance for your cooperation.

    Trailer: The Hitchhiker's Guide to the Galaxy 
    (note: huge smooth QuickTime file -see below for options)

    The official film web site (with more trailers in different formats and other cool stuff) is here.

    This is going to be AWESOME.

    Add/Read: Comments [0]
    Saturday, 05 March 2005 07:22:09 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Friday, 04 March 2005

    Many have linked to the videos, but I am going to link to Steve, who summarizes the goodness about what exciting and interesting things Microsoft is doing with IIS in v7.

    Read Steve's comments and check out the two videos (nearly an hour of interviews with Scott Guthrie of Microsoft talking about the future - IIS7 and ASP.NET.

    From Steve's comments:

    • The continued focus on making IIS a great platform upon which people can build additional infrastructure richness and of course great applications. This is achieved by modularising the platform and documenting the APIs of the standard modules and allowing new modules to be easily created.
    • The second is that with IIS a raft of the most common open source applications are going to be provided, and integrated,  from forums to blogs, another really great move.

    Good stuff.

    Add/Read: Comments [0]
    Friday, 04 March 2005 06:45:13 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    Buried deep in a press release that mentions several announcements about various SQL Server releases and enhancements are details about an item many may find useful. Later this month Microsoft is releasing new reporting packs for SQL 2000 Reporting Services aimed at Great Plains and Internet Information Server (IIS).

    The IIS one in particular catches my eye:

    The Microsoft SQL Server Report Pack for IIS Logs is a set of 12 predefined report definition files that work with a sample database of information extracted from Microsoft IIS log files. The SQL Server Report Pack for IIS Logs allows users to monitor Web site statistics including visitors, page views and bandwidth for various time periods and geographic regions, to get more insight into their Web site usage. Users also can leverage the 12 sample reports as templates for designing new reports, and the database can be populated with individual data using the Log Parser included with the IIS 6.0 Resource Kit.

    Cool. Not so sure about using the log parser (which, by the way, was recently updated), but I can think of a few things I would like to try to do with this one. Looking forward to the release. Links when they're available.

    Add/Read: Comments [0]
    Friday, 04 March 2005 06:34:04 (Pacific Standard Time, UTC-08:00)
    #  Trackback

    From Microsoft, news announcing SQL Reporting Services SP2, which will include two web parts for SharePoint 2003 that can be used for displaying reports in the SharePoint portal or site:

    Along with security and product enhancements, SQL Server 2000 Reporting Services SP2 will include two SharePoint® Web Parts, which enable users to explore and view reports located on a report server through Windows® SharePoint Services or SharePoint Portal Server. The Web Parts will make it easy for customers to build business intelligence (BI) portals with SharePoint that include Reporting Services reports. This, in turn, will give their end users access to their enterprise information from one seamless interface. SP2 also will support a rich client-side report printing experience directly from Microsoft Internet Explorer, so customers can quickly print their reports by clicking on a single button.

    Good move. One of SharePoint's strongest points is that it can act as a "one-stop-shop" for finding, aggregating, viewing and using information across a company or organization, usable by both individuals and groups. The more web parts are made available to do this kind of thing out of the box, the better. It should be a requirement for any Microsoft business product, I think, and other companies should follow suit.a

    Add/Read: Comments [0]
    Office 2003 | SharePoint | Tech
    Friday, 04 March 2005 06:25:38 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Wednesday, 02 March 2005

    Deskjet5850I bought a HP DeskJet 5850 from a week or so ago (if you're not familiar with, check it out, but I warn you now - it's an addition).

    The printer arrived and was waiting on my doorstep last night. It's a decent photo printer, on par with the 7760 model I have used in the past, but it has one thing the 7760 lacks - built-in networking support.

    And the DJ5850 not only has ethernet support, it has wireless networking hardware built right in.

    All printers should work like this. I just pulled the printer out of the box, powered it up, stuck the cartridges in, set up the software and drivers on my laptop, and within a couple of minutes the printer was live on my wireless network, and I was printing borderless 8.5x11 photos that look just like they came from a photo lab.

    Now I can stick this printer anywhere in the house I desire and print to it over the network from any computer I want.


    Add/Read: Comments [0]
    Wednesday, 02 March 2005 23:38:48 (Pacific Standard Time, UTC-08:00)
    #  Trackback
     Tuesday, 01 March 2005

    Jeremy Wright has posed a weblog entry discussing ethics and blogging. It's an interesting start to what should be (and needs to be) an ongoing conversation.

    Jeremy starts with a discussion of the premise that bloggers are not ethical.

    My take? It's very simple in my little world and point of view: Honesty, authenticity, objectivity and credibility are qualities that all people should strive for, regardless of their profession or avocation. It's not so much about the blogger vs. the journalist - these qualities apply across the board. It's about doing the right thing, and doing it the right way. It's about responsibility.

    I've been both a journalist (several years ago) and a blogger. Ethics has been central to every job I have ever worked in: Journalist, police officer, security professional.

    I get Jeremy's points, and agree with what he says in large part. There are, however, certain minor points with which I disagree (surprise, surprise, heh). I don't believe ethics was born of capitalistic need (early ethics was a Greek endeavor, and only a couple of ethical views like Marxism and social ecology are actually tied to economic or financial systems), and I tend to disagree with the idea that applying journalistic standards to blogging doesn't work. Rather, I think it can work - but that there's more to both sides of the equation than just journalistic standards, and that trying to oversimplify the discussion or pigeon-hole any aspect of it is a mistake. It's always tempting to try to divvy up different behavior characteristics and assign each of them to their own neat little groups, but it's never that simple.

    Jeremy offers his own opinions and positions, and they are certainly worth reading and will hopefully start readers thinking about what ethics means to them in terms of blogging and publishing information in general:

    "At the end of the day, the only thing we as creators of the written word have is that which our audience gives us - their eyes, their ears and their minds. And to violate that trust is the cardinal sin of everyone who values the written word. Be they blogger, journalist, poet or playwright.

    "So protect your words, protect your readers and honor the trust you have been given. By doing so you will be the best journalist or blogger you can be."

    Jeremy's article can be found here. Read. Comment. Write. Converse.

    EDIT: Blog Resource has more comments here, as does Fifteen Seconds. And more yet - A Blogger's Code of Ethics, over ay Cyber Journalist.

    Add/Read: Comments [0]
    Blogging | Random Stuff
    Tuesday, 01 March 2005 23:06:05 (Pacific Standard Time, UTC-08:00)
    #  Trackback