I've seen about my billionth discussion about the splintering of linux distributions.  The simple fact that choice doesn't make people interested in using something.  If that made people happy, then blank paper would be the internet!  Nothing allows open choices like a blank piece of paper - but you have to do the work.  When you stare at a blank piece of paper, your mind churns with ideas but it takes time to put anything interesting or useful down.  (See writer's block)

 Who wants to write their own daily paper from scratch every day - no one!  We pay to have someone deliver it to our doors.  Who even wants to write their own news?  Eck!  Who wants to compile their own software...or debug their kernel dumps?

Linux has all the choices you could possibly want, but not one variant has all of the features most want/need.  Some call this progress because you get to make a choice, but it isn't.  Its just an overly splintered OS.  Just build one version that does all of this stuff (well of course).  If all these linux developers were forced to work on a single linux version, it would be incredible!  We'd have a featureful, stable OS for most everyones needs.  This could take down Microsoft, nothing less will. 

So its clear by market analysis, psychoanalysis, etc, that the primary key to a software's success is not how free it is, but rather how featureful it is.  Linux is horrible at providing a standard process for configuration modification.  Every config file could be in about a dozen different locations with a dozen different syntaxes...just in the last 6 months.  ;)

I think if the linux community had the kohones they could reverse their years of wallowing in about a year by picking a single variant and closing development on all others.  Within 356 days this OS would be close to useful for everyone.  Within another 365 days it would be robust.  Microsoft stock would plunge as vendor after vendor noticed business after business switch to OneLinux and introduce useful solutions.  I call it the two year plan.  I would also think that goverments would appreciate this consolidation and follow suit by promoting this OS.  Within 5 years, the market would be able to support multiple variants again (but a controlled few) allowing for those special needs.  But the key reason why only one variant of linux is required to make this all work is the developers and the geek community simply can't agree on working for the common good very well and there aren't enough people developing to support more than that (See the list of poor quality and insecure linux distributions here).

So charge as little as you want...I'll download it, but I'll gladly buy something that has what I need and does it well.

I have passed my CompTIA Security+ exam and I'm now Security+ and MCSA:Security 2003 certified!

 

 

 

    I have setup CS 2.1 for my new blog content at http://ydns.no-ip.com/cs/blogs/ydns/default.aspx.  Probably gonna abandon DasBlog as it is infrequently updated and lacks the feature set of Community Server.

Trust is an reliance on the integrity or nature of a entity.  It does not protect you.  Just assures you of its virtue of topic.  So, you can have trust of identity, trust of intent, trust of protecting your credit card number, etc.

Validation is what is used to determine the state of trust.

Website use SSL certificates to provide a level of security for users.  The nature of those certificates is built upon a "chain of trust" that emanates from their root certificate, held by some other entity usually.  So the reason you don't need to fear someone seeing your email on gmail is not that it has been encrypted per say, but that the only entity that can see that traffic is actually Google.  If Google sold their SSL certificates private key, they would risk exposing everyone's email to that buyer.  Hmm...quite a lucrative market there I bet.  :)

 Trust is a odd thing.  If you have to prove it did you have any to begin with?  So why call it trust, why not call it something else like Validated Identity Recognition - "I see that certificate and I have determined it to be proof of your identity so lets talk in private now".  You have essentially validated Google's identity in the example above, not placed trust in them.  Hey, they may not have a clue how to protect their servers or customers.

So why mention this distinction?  Well it seems that there is one current problem with open source - a lack of trust.  I don't play with guns because I don't trust them in the situations I would place them in; Leaving them unsecured for hours a day, etc. Trust isn't the only thing encouraging someone to buy a product though.  There are lots of reasons.  But I suspect companies see things differently.  Users (and companies) don't trust this stuff just because they could take a look at its code.  Most users have no clue how to review code.  They also have no reason to trust something based on its existence.  That's like trusting a bomb because you see it.  Exactly not what you would do.

So the point I'm making here is that somehow it becomes important to increase the amount of trust related to open source projects.  It therefore becomes necessary to give "outsiders" a standard method of accepting (or refuting) the measure of trust of a open source project.

So why not start creating a trust based solution for open source projects.  A way of saying "I've reviewed the project or part of it and I can validate it does what it is supposed to".  Repeated hundreds of times for a project and you can begin to see how "supporters" and developers" begin to assign levels of trust to specific people.  I trust ProjectX so therefore I trust developer John.  Or vice-versa.

Using things like certificates as a identity placeholder, you can associate Trust Points in some public manner that enforces the notion of trust in open source projects.  So as you gain Trust Points in general you may be generally more accepted regarding your input to a project.  This is kind of like the forum policing that moderators (and user) perform, but in reverse.  Don't focus on tearing a person down.  Instead focus on building up trust.  Those that continue to fail in that regard will not achieve much trust.  The same for projects.

I can see modules being implemented similar to blogs posts using Captcha, but signing with a public cert.  Since you can only sign once, re-signing is irrelevant and easily blockable.  Getting around the system becomes difficult and only coersion is a concern.  So could you either convince or force others to sign?  Of course.  That is certainly a risk here, but no more then other repudiation systems.  You could be notified and have the ability to renounce a signing (with limited options) and an impact on your Trust Status.

I think this idea of Project Trust has merit and could even be implemented in companies on a much smaller scale for internal projects.  More or less rated on their quality of work rather than the trust that they aren't putting backdoors in, but both are still relevant.

So validate the code, then trust the code.

I've been looking at getting a cell phone that can handle all my needs, including calendaring.  Well, the problem is I'd like to sync my personal calendar and my work calendar without publishing my personal calendar to work.

I use Outlook 2003 at work (Exchange 2003) and home.

So there are several Outlook sync apps out there, but they all seem to require the use of Outlook categories.  You then select which categories to sync and in which direction.  This allows granular control.  So in order to separate my personal calendar from my work calendar, I have to at least identify ALL of my personal calendar items with a category.  Not so bad to manually change them once.  But I would have to manually set a category for every calendar event I create!  Ah, but I can just set a default category so I never have to think about it, right?  No, the silly problem is that there is no easy way to have a default category set on your calendar items.  OK, so now you're saying "this guy has no idea what he's talking about."  Go and check...I'll wait here.  OK, now onward.  ;)

How on Earth could Microsoft have been releasing this Outlook product and be considered the premier product without such a seemingly simple setting (Set a default category for appointments and/or contacts)?  Apparently, just by never doing it.

So here is:

How to set a default category for all Outlook appointments :

1. Open Outlook 2003 or higher.
2. Open (select) the default Calendar folder or create a new folder for calendar items.
3. While the correct calendar folder is selected, click "Tools/Forms/Design a form"
4. Select Appointment from the "Standard Forms Library".
5. The Form Designer will open the "Appointment" template.
6. Click on the Category button in the lower right of the Appointment tab.
7. Select (or create) at least one category to use as the default for all items in this calendar and click OK. You can choose multiple categories if you want.
8. Click "Tools/Forms/Publish form as".
9. At the top left, select the "Personal Forms Library", then provide a useful name for your form (such as PersonalAppt or WorkAppt) and click Publish.
10. Click File/Close.  Do NOT save changes.
11. Right click the calendar folder you wish to use this new "default category" on and choose Properties.
12. Change "When posting to this folder" to use the form name you created in step 9.  (You may have to browse by choosing Forms...)  Click OK.
13. Now create a new calendar appointment in this calendar.  Note that it should automatically have the category (ies) that you set in the template.  If not you may have not selected the correct form or saved it on the properties window.

This same process can be performed for any pre-existing form type such as contacts, appointments, notes, etc.  just make sure to change the correct folder to use the new form you created. Enjoy!

So the new is that a whole bunch of information was declassified by the US government at midnight 12/31/2006.  These types of information declassifications always seem to be meaningless when you don't know everything else that may have been learned.  The expected (perceived) value of government information is accountability and truth.  But how do we know that no one twisted the information's focus over time or transcribing generations?

http://politics.slashdot.org/politics/07/01/01/1657224.shtml

I've been pondering this problem and I thought that a public system that tracked the thumbprints of various documents and information (of any digital format) would help to assuage the publics fear of misinformation without releasing any information for use by foreign intelligence.  This being one of the primary concerns of governments secrets.  The system would also be key in assuring the governments people that there government wasn't abusing its knowledge or trying to obfuscate its meaning.

A "secret sharing" system that was certified by appropriate international organizations and reviewed by information security bodies could achieve this goal if well designed.  Similar to a Nuclear materials review, a "shared secrets" review could be performed to assure that the related procedures were being followed.

I can see a digital system managed in part by organizations such as the U.N. and monitored universally by peoples such that more accurate criticism can be leveled at participating governments.

Any form of this system would place personnel at risk since information without witnesses is pointless.  I see a multitiered system of witness lists, references, etc such that the individual personnel who may have obtained the information (field agents) may be protected.  Of course information itself may not be needed to determine its focus.  Sometimes simply a datestamp can be enough evidence to direct foreign intelligence to its content.  This can easily be misdirected (counter-intelligence style) by claiming minutia of information, such as "The sky is cloudy today" and recording these in the system as well.

Now, I certainly understand (being in IT and all) the potential amount of information (and misinformation) being gathered here, which is why these "shared secrets" would cost money to the governments listing them.  In addition a multitude of processes (checks and balances) would need to be formalized and protected in various ways, including technological means.

As an example a field agent discovers an assassination plot against the US President and they document this as a "secret" in a system, either indirectly or directly due to exposure concerns.  Presumably a superior ranking professional will receive this "reported secret" an in turn acknowledge its existence and its origin.  this creates definitively the first "digital secret", with a full record of its contents (video, email etc) with several digital signatures stored in public fields (its Digital Secret Signature or DSS) using approved protocols, etc.  Any forwarding (presumably digital) of this information would result in further (automatic?) acknowledgement of secret sharing and result in a digital trail of evidence which is stored in the "Secret Sharing System" of the US government. This "database" exposes its DSS lists and they are synched with external systems in "real time".  Each acknowledgement of secret reception results in a new entry associated with the original secret (perhaps its DSS only?) and therefore there is a fairly reliable breadcrumb trail.

Now, of course this whole system relies on a lot of process and technological innovation that doesn't exist quite yet.  With technology becoming more pervasive in our daily lives, is it too much to expect that government employees would need to comply with participation in such a system?  This may mean extensive monitoring of the work environment and all communication devices owned, as well as GPS tracking, microchip-under-skin, etc.  Essentially until there is such encompassing auditing of persons, this would merely be a Orwellian future.  Not to mention the petabytes of information to be stored to audit all of this.

There would never be a need to demand release of information.  Anything that was deemed releasable could be.  It would validate that the information released was factually represented in the past and provide accountability for any mistakes.  Now you at least have names tied to information in a formal manner.  If people aren't willing to take the accountability for the information they handle they should not be a government agent.  Prescribe jail time and related sentences to those who fail to abide by the universally accepted law.  Now you have a globally backable justice system brewing...no need for a UN court, just make the various goverments courts abide by international laws when treating related cases and you have provided transparency to government sourced injustice.

But you see what I mean, right?

Had some good riding with some friends.  Probably the last ride of the season.

Ride with Rob stats:

Ride with Rob Vert Profile:

Google Maps track of the ride with Rob.  Google Earth track of the same.

---

Riding with everyone

Ride with everyone stats:

Ride with everyone vert profile:

Google Maps track of the ride with everyone.  And the Google Earth track of the same.

Here are the details:

The track is here .  And here is the Google earth view .

Here is the track from 9-24-2006.  Some great challenges for the beginner I was with.

The Google Maps GPS track (without track splits)

A view from Google Earth.

The elevation profile:

Went out both days this weekend and had a lot of fun riding. 

The overall stats:

 Heres a set of tracks.

Here is the Google Earth view. (save to disk first)

Here is the elevation profile:

 

I have fixed a couple of annoying bugs with this version.  Now it works cleanly.  Download here.

Nice ride with a co-worker.  (its Google Map, so you can zoom in on the track via the control)

Dryer_Road_8-26-2006.htm (106.36 KB)

    The new netsh in Vista is simly updated with a new section for outbound filtering.  I took some time and made a few example rules for those struggling with the syntax.  The rules below are linked here (Vista-Outbound-Firewall-Rules.bat.txt (1.23 KB)).

Pretty nice.  Finding some processes trying to access the internet such as Windows Error Reporting.  More a pain to translate the event log entries generated then anything.


netsh advfirewall firewall add rule name="IE (TCP)" dir=out program="c:\program files\internet explorer\iexplore.exe" protocol=TCP localip=any localport=any remoteip=any remoteport=80,443 action=allow
netsh advfirewall firewall add rule name="IE (UDP)" dir=out program="c:\program files\internet explorer\iexplore.exe" protocol=UDP localip=any localport=any remoteip=any remoteport=80,443 action=allow


netsh advfirewall firewall add rule name="Firefox (TCP)" dir=out program="C:\Program Files\Mozilla Firefox\firefox.exe" protocol=TCP localip=any localport=any remoteip=any remoteport=80,443 action=allow
netsh advfirewall firewall add rule name="Firefox (UDP)" dir=out program="C:\Program Files\Mozilla Firefox\firefox.exe" protocol=UDP localip=any localport=any remoteip=any remoteport=80,443 action=allow


netsh advfirewall firewall add rule name="Windows Messenger (TCP)" dir=out program="c:\program files\msn messenger\msnmsgr.exe" protocol=TCP localip=any localport=any remoteip=any remoteport=80,443,1863 action=allow
netsh advfirewall firewall add rule name="Windows Messenger (UDP)" dir=out program="c:\program files\msn messenger\msnmsgr.exe" protocol=UDP localip=any localport=any remoteip=any remoteport=80,443,1863 action=allow

Yikes, read this post on a Microsoft forum and it has scared me a little bit about Vista's BitLocker feature.

http://windowshelp.microsoft.com/communities/newsgroups/en-us/default.mspx?dg=microsoft.public.windows.vista.security&tid=9550eb1d-edd7-4905-8e8a-fcaa997faa99&lang=en&cr=US&sloc=en-us&p=1

This essentially means that your system "may" have a significant failure because of a single bit error on a drive.  Now I know I'm sounding a little brazen here, but this is a legitimate concern for users, especially corporate users - the ones most likely to implement this feature.

The only workarounds to this problem are:

1. Don't use BitLocker - Less security is safer?
2. Perform regular backups of your system - this may help but a typical user won't be capable of restoring their system without administrative intervention.  So you end up taking a user down for a day to get their system restored or rebuilt from image - great, just great.

I guess we'll just have to wait for a RAID-able solution.  or some type of parity option.

I'm posting from inside Windows Vista, the next OS and I must say its pretty sweet.  I've encrypted my main partition using BitLocker and messed around with a featureful firewall.  Too bad the firewall and its associated parts needs some work.  It says that it will notify me when something is blocked, but I never received a single alert for anything.

For more on Vista --> http://www.microsoft.com/windowsvista/

Rode here a couple times this week.  Almost 8 miles of technical riding.  Click the pic for the interactive Google map.

Here is the profile of that trail (careful! - its huge so you can see the most detail).  The way we rode this trail it goes in a figure 8, starting at the bottom right and going across to the bottom left, then to the upper right, across to the upper left, then down to the bottom right.

Here is a Google Earth version, with altitude data included so you see a wall indicating the trail altitude.  Clearly not great accuracy, but probably somewhat close.

Other then riding at Dryer Road Park, which rocks, there is another place to ride near Rochester.  Royal Coach Parkland, which is public property as far as I know.

Royal Coach Parkland race course

I made this with GPS based on my rides at Dryer Road Park recently..click pic for the full experience.  Click trail names to blink them.  See my updated version.

Like it?  I title it "My Day 5-19-2006".

I easily passed the 70-299 exam today!  :)  That makes me a MCSA.  Next month I'm gonna try the "ISA 2004" exam for my MCSA+Security.

Got my GPS yesterday, but had to wait a whole day to play because I HAD to study for my 070-299 MCSE exam (Windows 2003 Security).

Check out this nice map of my first GPS track, my location is not visible.

http://ydns.no-ip.com/blog/track.html

As I prepare to take my 70-299 MCSE exam, I have started geocaching.  Its a nice way to get outside, or something to do inbetween more intensive outdoor activities.  ;)  As many other newer outdoor activities, its eco-light and unlimited in scope.

I encourage everyone to have a fun activity like this that can be played anywhere on the cheap.  So if you travel for work, you can geocache there.  The only cost is a basic GPS device like the Garmin geko 201 ($~120).  That device can be used for any basic GPS needs, such as fishing, hiking, sailing, etc.

I must admit, it is possible to geocache without a GPS device, albeit harder and slower.  (As I can attest to these past 2 days)

I was a little worried about this one, but I thought I did great on the test.  Not exactly  ;)  Next up 070-299!  This next one will give me my MCSA.  Then I'll step thru certifications until I reach my goal of MCSE: Security.

I just passed my 070-290 exam - "Managing and Maintaining a Microsoft Windows Server 2003 Environment"

I'm looking to schedule 070-291 for later next month but I hope to be able and move it up.

 

When I got Paint.NET (which rocks by the way), I went crazy making stuff.  Here is a wallpaper that I use. Click to download.

I'm halfway through my core exams!  I rocked the XP exam.  I'm gonna start moving quicker on my exams.  I can do one a month.  So I get to brag and put this logo up again.  :)

 

I made this a couple of years ago.  I rather like it for its simplicity.  The topic is evident, but not blatent.

So what about IPSec is hot, other then the fact you can script it?  Well in a enterprise environment you can deploy it in Group Policy.  Now that is a pretty cool way to protect your network.  So you can use IPSec to protect traffic between trusted hosts.  The easiest scenario is to setup IPSec between domain computers.  Once Group Policy refreshes on a client computer they implement whatever IPSec policy is deployed to it.  In a workgroup environment you can still use IPSec for protecting your network, but it is more manual effort.

Not only can you deploy IPSec policies to computers using Group Policy, you can also deploy dynamic IPSec policies to the same computer at the same time.  Now dynamic IPSec policies are the same thing only they don't stick after a reboot or IPSec is restarted.  This makes them handy for testing a setting, you can just reboot (or restart IPSec) to undo it. 

So deploy a baseline IPSec policy to everyone, then use script to deploy dynamic IPSec policies at startup.  That way you can quickly deploy IPSec protection without a way to back out.

The key thing to remember about applying an IPSec policy using Group Policy is that you can only have one policy - the last one that applies.  Similiar to a specific Group Policy setting.  The IPSec Policies don't merge into one big policy as Group Policy is enforced onto a computer.

Microsoft IPSec FAQ

Important things to consider regarding IPSec and tradeoffs.

Microsoft article on how to assign Domain based IPSec policy

Microsoft article providing an outline of reasons to use IPSec.

Example scripts and reasons to use IPSec to protect your systems

Example scripts for protecting against a specific security concern (WINS exploit)

Go read my other article on IPSec (sample scripts and IPSec policy files)

Microsoft needs to provide free builtin 0-day protection to their OS's.

So as many have probably heard, this Microsoft Windows WMF vulnerability was getting massive amounts of security community attention including a well dissected hotfix from a well known developer.  So I myself sent two critical emails to Microsoft trying to encourage them to work with this community effort for a quick hotfix.  They were both essentially dismissed via replies, but I'm sure that my emails along with the hundreds of others they probably received made the points of concern clear.

   This wasn't about profit, "open source" or even "free 0-day protection", but about protecting Microsoft customers.  This is a key part of their Trustworthy Computing initiative.  There were numerous people working to identify the security vulnerability, test it and discuss it.  When everyone complained to Microsoft about the situation, clearly Microsoft noticed that the customer wasn't satisfied by waiting 10 days for a hotfix.  If a non-Microsoft developer could build a "patch" to protect users, get it tested and deployed in 4 days, then Microsoft should be able to do that or better.

As it turned out Microsoft addressed the same exact piece of code that was a concern.  So the "unofficial" patch was correct and protected users.

Now the big point is, why can't Microsoft do something like this quick hotfix?  Well, sounds like Microsoft doesn't think they impacted their customers enough by costing them untold millions in lost productivity and revenue with all of the vulnerabilities over the years.  Apparently Trustworthy Computing means "Trust Microsoft, and only Microsoft".  This is an unacceptable stance in the realm of information security.

Microsoft could easily build a framework to deploy quick hotfixes that merely block vulnerable code.  They don't need to fix the code immediately, just offer something that block access to the bad code.  This is why the unofficial hotfix was so perfect.  It didn't ask users to replace a file provided by Microsoft, just put one in the middle and intercept the vulnerable code.

All in all, I really think that Microsoft is afraid of too many things, not unable to solve the problem. I'm sure there are IP questions about 3rd party hotfixes. I'm sure there are patch availability, reliability and trustworthiness concerns. But I'm also sure Microsoft can do a whole lot more to protect its users than it is doing today.

So, go demand that Microsoft build a 0-day protection framework that protects their customers.

Whats hot...IPSec is hot.  I've been playing around over the past few days on scripts that setup IPSec rules to protect a Windows 2000 or XP system.  Now IPSec has two modes - AH and ESP.  AH provides authentication of packets while ESP provides encryption of packets.  You can use both at once but its a little different then the perfect security option you would think.

IPSec has performance concerns.  It causes an increase in bandwidth and CPU usage.  Not so big on a home network, but in a corporate environment it can be huge.

  I've extended this IPSec learning to enable IPSec security (AH+ESP) on my home network for all traffic.  I haven't noticed any performance issues.  I tend to do very little between my computers.

How to use IPSec on Windows XP SP2

1. Download the Windows XP SP Support Tools. (must be the SP2 version)
2. Install the Support Tools.  I choose the "complete" install option, but it may not matter.
3. Review how the ipseccmd.exe command works.  Note - I think the help offered by "/?" is inaccurate as the 1f option works, yet doesn't display at the command line.
4. Either build your own script or choose one of mine.  Only one can work at a time.
   1. Notes: 
      • You must run the same script on all XP computers you want to use that IPSec between.
      • All my scripts allow ICMP unhindered to facilitate troubleshooting.
      • Make sure you edit my script to customize the shared secret used from "PresharedKeyString" to something else.
      • Dynamic scripts will only work until the next reboot or IPSec service restart.  This allows you to make temporary changes to IPSec. Safer for testing out IPSec
      • Static scripts will stay running at all times.  The only way to disable it is to open the IPSec console (via MMC) and disable the policy.  True secure modes of IPSec.
   2. Optional IPSec scripts (don't force IPSec usage, just try to use it)
      1. Dynamic or staticencryption. Related IPSec policy file for static.
      2. Dynamic or staticauthentication.  Related IPSec policy file for static.
   3. Required IPSec scripts (force IPSec usage, drop non-IPSec connections)
      1. Dynamic or staticencryption.  Related IPSec policy file for static.
      2. Dynamic or staticauthentication.  Related IPSec policy file for static.

Recently a vulnerability was uncovered related to WMF files on Windows OS's.  This vulnerability has yet to have a functional workaround or patch from Microsoft.  The security community has taken it upon theeselves to issue a workaround that alleviates the issue.  This is a good sign that the community is willing to spend effort to protect Microsoft's customers at no value to themselves except credibility.

Various credible companies and groups have supported this code development level workaround.  This is better then Microsoft's response which has included a workaround which breaks functionality and a couple of useless blog postings. 

It seems that Microsoft has taken the CYA (cover your a--) path - contacting law enforcement and publishing a bulletin, but not actually protecting their users.  WTF?  Isn't that out of order in the list of priorities?

I have submitted a plea to Microsoft to work with the security community to provide and approve such workarounds.  Clearly they don't have the manpower or time to devote to this problem as lots of people are being attacked due to this vulnerability.  So the next best thing for Microsoft to do is accept the community based efforts and support them.

This clearly isn't about open source or providing free protection services, its all about protecting the customers.  Microsoft consistently has placed its company above the customer during these security issues.  It is a disgusting trend that has had impact on lots of their customers.  I hope their customers vote with their wallets.

That voice of the computer from Wargames...ahh brings back memories of 1984.  As for the actual reason I mentioned it, the lovely voices of the Microsoft Agent program.  I've been messing around ALL DAY with Microsoft Agent and scripting.  Its been somewhat fun, but fairly frustrating.  I've just built a script that acts as a simple helper running on your desktop.  Not really too helpful.

http://ydns.no-ip.com/msAgentHelper.vbs.txt

This script will expect you to setup a few things:

• Microsoft Agent (http://www.microsoft.com/msagent/default.asp)
• An agent for Microsoft Agent (the filename without extension)
• your email program path
• and your home page to open in IE.

1. right click this file (http://ydns.no-ip.com/msAgentHelper.vbs.txt ) and do a "Save target as"
2. Rename the file to remove the ".txt" extension.
3. Choose a location to save the file that you can remember.  Click Save.
4. Open the folder where the file was saved.
5. Edit the file by right-clicking and choosing Edit.
6. Modify the top few entries to match your needs.
7. Save and close the file.
8. Right click the ".vbs" file, choose Properties and go to the Script tab.
9. uncheck "Display logo..."
10. Click OK.  Now you will have a file by the same name except a WSH extension in the same location as the vbs file. 
11. Double click the "wsh" file.  When you run it, it should play sound if Microsoft Agent is properly installed.

This was fun to write but has little value as it is.  Trying to think of ways to make it more useful.  Perhaps some type of table of things it can do for me.

I've been given the word at work that I'll need to switch to a cell phone, essentially removing my FREE pager that I receive from them to perform oncall duties, etc.

I don't really have a problem with a cell phone except that work is pushing me to get one, which means I BUY one and spend MY money.  Then they may reimburse me for some of my costs.  That is frustrating in and of itself.  Not to mention all the complications of getting into cell phones.

I can't believe how complicated it is to determine if a cell phone supports my needs or not.  I want a cell phone that replaces my current uses and also provides cell phone usage.  So for me that means a phone that can sync my work calendar and provide the related alerts.  Thats the minimum I need.

Since I'm gonna be paying for it though, I want all the features I demand.  So that means also providing the ability to sync my home calendar onto my cell phone/PDA.  So essentially I'm looking for a cell phone that can sync my personal Outlook 2003 and my work Outlook 2003 onto my cell phone/PDA so I can be alerted for both.  I don't want them to sync 2-way, just collect both onto my cell phone so i have one portable scheduler that keeps personal and work entries separate. 

That really doesn't sound too complicated to me.

Lets not go into the need to keep work and personal stuff separate nowadays.  Its ridiculous how companies demand that they own anything on their servers/computers.  Even when its personal in nature.

But apparently, you'd think I'd of asked for the Messiah to come down and grant 3 wishes.  Frikin unreal.

No where that I look can I find ANY clear indication that this is supported.  And since I can't really test any related software unless I buy a phone I'm really screwed!

So I don't care if I get a cheap phone running Windows Mobile 5 or an expensive one running Palm OS.  As long as it fits my needs.  Which apparently are of such an absurd nature that I'd be better off asking for a flight to Mars.

This is so funny you can't laugh.  There is new talk of a Russian-built space shuttle for the European Space Agency.  Story here.

http://www.popsci.com/popsci/aviationspace/347575a5d99e7010vgnvcm1000004eecbccdrcrd.html

Now this awesome looking shuttle looks similar to the current US space shuttle, right?  But I think it looks a lot more like this movie prop from Marooned (IMDB link):

 

For more on Marooned see here.

If you want more experimental planes (some for space) see here.

I easily passed the Microsoft exam 70-294 - Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.  And I barely studied for it.  I guess I'll go for the whole shebang now.

I've just had my VNF4 Ultra based computer die a second time on me.  I get a BIOS post code 50 when I try to boot the box.  I bought this computer at the beginning of the year and a few months later, this problem cropped up and I had to RMA my mobo.  I got a replacement and it just happened again!

I think the issue is a heat issue, not a USB issue as they would have you believe.  I don't live in a very hot area and the mobo has averaged 110F.

Its absolutely ridiculous that this new computer can't handle staying on 24/7.  I am likely going to demand my money back.  I cannot handle this crap any more.

I've been happy to try out this app since it first came out the beginning of the year.  Its just ridiculous that the app no longer downloads updates because of a bug.

Here is the "permanent fix" found by a user, not Microsoft.  :)

http://communities.microsoft.com/newsgroups/previewFrame.asp?ICP=spyware&sLCID=US&sgroupURL=microsoft.private.security.spyware.announcements&sMessageID=%253CuPXTRaNhFHA.1388@TK2MSFTNGSA01.privatenews.microsoft.com%253E

 

Here is the old workaround I built:

How to force Microsoft Antispyware to download updates

1. Decide which File Downloader app you want to use.  The files are in a zip file and need to be extracted. The batch files are very simple, just downloading the 3 files that are needed for anti-spyware updates.
   1. Either download my FileDownload.Net version (which hasn't been tested very much) which will have its source code published shortly. This requires the .Net Framework 1.1 from Microsoft.  Its in Windows Update.
   2. Or use the File Downloader version built on the File Downloader from this site.  It is used by many programs and I have to say its seems trustworthy, but its source code isn't published.
2. Extract both files into your Microsoft Antispyware folder (ie, C:\Program Files\Microsoft AntiSpyware).
3. Rename the "forceMSASUpdate.bat.txt"  file to "forceMSASUpdate.bat" so that it will run as a batch file when double-clicked.
   • If you installed Microsoft Antispyware somewhere other than "C:\Program Files\Microsoft AntiSpyware", you need to edit the file before using it.  Simply replace this patch with your own.
4. Create a Scheduled Task for the bat file that runs as some fairly unprivileged user account on your computer. 
   • Create an account if you don't have one for tasks.  Mine is named tasks and is only a member of Users.
5. Modify the permissions for the Microsoft Antispyware folder to grant this "scheduled task user" full rights (Full Control) to this folder and all files.
6. Grant the "scheduled task user" the privilege to "Log on as a batch job" in the "Administrative Tools\Local Security Settings".
   • 
7. Run the scheduled task and then manually verify that the Microsoft Antispyware updater is updated.
   • 
8. Finally, go to bed knowing you have the latest anispyware updates.  :)

Well, I'm finally done moving. It was a short move, but still it takes time to box everything up and move it over.  And then unpack it all.  Since my new apartment is larger I'm sure it'll all fit, but I haven't figured out where I want everything.  So the "office" room is a mess.

Yesterday I had to get cable and broadband hooked up.  You know how they give you the incredibly helpful window of "12 PM to 4PM", naturally my tech didn't show up until 3:45!  At least he was pleasant and appreciative that I had run my own cables.  I sat around all afternoon wondering when the guy is coming and I end up being the last for the day.  Like they can't pass on info like that to the customer.  "A tech will be out between 12 PM and 4PM, and you're the 8th location in line."  Well that would actually be helpful.  Of course I'd realize the guy wouldn't be there for at least an hour or two.  I did have to run out a few times to take care of stuff.  By the time the guy left, I had to race around buying "stove drip trays" for my old apartment and put them in before I handed the keys back over.  I made two trips to the store since I bought the wrong type the first time. (%^$#!)

 I managed to setup my stereo yesterday and watch some TV (once he hooked it up).  I watch Indiana Jones and The Temple of Doom last night to test out the stereo (and the neighbors).

I will finish unpacking over the next day or so, but I plan to enjoy the Fourth of July with a beer and some AC.

Happy Fourth!

No, it's not a Bible reference...its my race time from my first bike race.  I'll get back to the Bible reference in a minute.  I have to say I'm drained from the effort, but it was my lungs that did me in.  3 laps of 2.5m mountain biking hell (for a beginner) and I never thought I'd make it.  I finished 5th (of ~15) in the beginner class.  A coworker who races finished first, but he's raced before.

The best part about the race was the number I was assigned - 666.  I looked down at it when it was handed to me and knew I was in trouble.  Fortunately, Satan is better than some mortals.  <deep evil voice>I shall point and they shall fall...haw, haw, haw, haw!</deep evil voice>

It was fun to test my skill level.  I had tried out the course a couple times so I knew the terain in general, BUT THEY REVERSED THE COURSE FOR THE RACE! <deep evil voice>Satan can not be tricked.  I will defeat thy pitiful humans!</deep evil voice>

So I was racing and getting passed by the Pro group members thinking "These guys are just crazy riders."<exicited deep evil voice>Hah, even though you pass me I will still finish before you! You have more laps to do!  I'll get to go home before you!  Haw, haw, haw, haw!</excited deep evil voice>

<inquisitive deep evil voice>I never did ask how God was doing, although I bet he was in the Pro group.</inquisitive deep evil voice><deep evil voice>While he raced on, I took over the world. Muwahahaha,muwahahaha!</inquisitive deep evil voice>      >:->

I just got my motherboard back for my new system.  I sent it in for repair two weeks ago.  Talk about breaking out in a cold sweat  ;)  I went to reboot my computer one day and it refused to get past the BIOS.  It was giving "status code 50".  So I contacted support for the motherboard and they thought it was likely a fried USB controller, so I had to send it in for repair/replacement.

Well I just wasn't ready to part with it.  I hadn't made recent remote backups of my data and I could read from the hard drives on another system since they were all new SATA drives.  I was going to have to without access to my Outlook, my favorites and all my important data.

I managed to gimp along without this stuff, but I will stress again that you should make an effort to setup remote backups of your data.

To assist in this manner, here is a script that I use to perform copies of "NTBackup" backups that I have been making.  It will only copy the files if the dates are different by more than 24 hours, to make sure that you don't waste time overwriting the same file.

Here is a text file with the script contents.  Save the file below to your computer. Rename the file below to remove the "txt" extention. So its named "RemoteBackupCopy.vbs" somewhere on your computer.

RemoteBackupCopy.vbs.txt (5.3 KB)

How to use:

1. Modify the script contents in the marked location.
2. Open a command prompt. In XP, type "cmd" in the Start/Run box.
3. This opens a command prompt window.
4. In this window type "cscript " (with a space at the end)
5. Locate and "drag and drop" your backup script onto the open command prompt window. If its hidden, hover the mouse over the task bar entry for it at the bottom of the screen.  This will make it pop up.
6. Once the "drag and drop" is finished, you see the path to the VBscript in the window.
7. Press Enter.
8. Review the output for details on the success.  Be patient if the files are large, it could take hours to copy, depending on your network.
9. After the script completes, look at the remote file to make sure it has the same properties as the local one.  The date may be different, not sure.

   I finally got to ride a decent trail with my new bike.  It isn't all that, but it is certainly a good trail for me.  I have a bike with full suspension and I'm sure it helped.  It was exilarating taking blind curves on the trail at a pace that could easily cause harm.  OK, I wasn't tearing it up, but I was going a little fast for my experience.  I did slam my shoulder into a tree on a tight turn.  The hills were killer.  This trail has been used as a race course this month.  I really doubt I could do a single lap without stopping.

There is one last race on Wednesday that I'm planning on giving a shot.  I watched last weeks race and the beginners class had a lot of kids, but something tells me I couldn't do it any better then them. I was dead after half a lap.  I've been slacking on my workouts recently, but I'm hoping I can manage the race.  I can at least say I gave it a shot.

So, get a bike and hit a trail, no matter your skill level.  You'll enjoy the outdoors and it'll provide a good chance to avoid work.

So, they read the verdicts for the Michael Jackson trial. I was in my car, stuck on the highway mere feet from my on-ramp.  Who cares?  I think its a great waste of time to sit there and watch this poor soul get publicly flogged over the possibility of crime.  Don't get me wrong, I'm no fan.  I just think it was a whole bunch of ASSuming going on.

So the right-wing moral nuts will use this as a example of how little control we have over preventing crimes like pedophilia.  They'll push for stronger laws that invade privacy even more and soon, you need authorization to take your pants off.  Ahh, the wonderful world of RFID... (note: right-wing moral nuts will take this very seriously)

And the Democrats will simply drag out union leaders and activists sasying how dangerous this is.  In the end it'll pass.  Invest in RFID...

Naturally after I got through the first traffic jam, I passed an alternate exit for me by mere feet and hit another traffic jam.  That was frustrating.

First movie, Star Wars Episode 3: Revenge of the Sith.  The movie was a lot of hype.  Alls it has to offer is closure and while some will pay for that, many won't (there was nothing to be closed for them).  Not sure where I fall in this regard.  I really wasn't blown away by any aspect of the story or visual effects.

   I was actually extremely picky on the special effects.  I noticed lots (I mean lots) of funky animation for the humans (clonetroopers, wookies, etc) that simply annoyed me.  This movie should have nailed down the motion of characers so they didn't seem to be floating or animatronic, but Lucas failed in my eyes.

I saw this on a digital screen, the only thing I liked about the movie.  It was not enough to save this one though.  It was neat to see a flawless image, but during much of the movie, you wouldn't be able to tell anyway.  I actually noticed that the speakers were vibrating the screen I think in the beginning, blurring the image.  That annoyed me.

Sometimes a lot of the screen contents were blurry when the camera was panning.  Not like in the normal "background" fashion, but more digitally stuttered.  It hurt my eyes.  I think they were trying to drive your eyes to the primary action, but I want to investigate the environments.  This blurring destroyed this, taking what little fun I was getting from the movie.  I felt like it was copyright protection - "Don't look at my movie that way, just the way I want you to."  If this was a problem with trying to present all the content in a panning image, then take it back to the drawing board (ironic comment) until you can handle it.

The effects were too overwhelming at times.  I was totally incapable of keeping track of what was going on in any of the battle scenes.  Some of the starship explosions were cool, but they only appeared on screen for mere instants.  Lucas has completely fallen for MTV editing and it ruined the experience.

The acting...yeah, nothing needs to be said.  Ok, maybe something. It simply sucked, but we expected that.

The general story -  this is the spoiler section (DONT READ ME if you haven't seen this movie!).  So no real surprises, I expected this was what would happen in this movie. The fight scene with ObiWan and Anakin was so bad I wanted to puke.  He would've killed him, not left him there.  The decision to join the dark side was done in an instant, no real contemplation.  Not buying that.  The scene when Vader get mad about Padme was simply laughable.  I think there was already a Cheetos commercial mocking it.  That will be mocked till the end of time.

Simply put, Lucas has managed to kill the Force.  It is no more.  Drained from our minds, we are left with vapid commercialization of a treasured memory.

 

Second movie - Constantine.  Really not that bad, but only worth going to the dollar theatre.  Hokey religious nonsense that we are just supposed to accept.  Ain't no match for a blaster at your side.  Good effects, 1 good scare that almost had me choke on my Buncha Crunch.  Nice ending, but perhaps too inline with the standard hollywood ending.  He should have died, maybe go to heaven.  "Redemption is not easily bought" being the lesson, but something that we strive to emulate even when we cannot achieve it.  The fact it ended the way it did was a touch disappointing.

How to view all process running on an Windows 2000/XP system as a regular user

Normally only accounts setup in the Administrators security group can view all running processes in Task Manager.  You can now bypass the "security" feature by performing the following change in your accounts registry.

Note :  Changing the registry is dangerous, don't do it unless you have a clue, etc.

1. Run regedit from "Start/Run..."
2. Browse to the following registry location:
   • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\TaskManager
3. Double click the value on the right named "Preferences".
4. You should get a window similar to the flollowing that pops up.
   • 
5. On the bottom line change the text so that it has a 1 in it.  You will have to click in the blank column near the left edge on the bottom line.  Press Delete and type in "01" (not just "1")
6. You should now see the following text on the bottom line.
   • 
7. Click OK.
8. Now re-open Task Manager and have fun seeing what everyone else is doing!

Arrgh, yet another night spent fixing wierd problems.  The first, a problem viewing my newest blog that only happened as a user account (my main one).  It turns out that you need full access to your own profile (how demanding!) in order to use certain code pieces on the site.

Then I turned my attention to an annoying bug on my Start Menu where the "Explore" and "Explore All Users" context-menu options wouldn't work.  Tracked it down to a buggy context-menu dll.  I have now uninstalled it as I had no need for it.

While most of my problems are from my own tweaking, I just wish I could have a stable computer that never gave me problems.  At least I've addressed my backup concerns with nightly "System State" backups and weekly fulls.  Borrowing the great idea from work.  :)

Now I have to figure out how to get my CD burner at work to understand cd-rw's, humorously (almost) it doesn't right now.

<sigh>

I haven't mentioned my newest toy - a Giant Trance 4 mountain bike that I bought recently.  I'd been thinking about buying a mountain bike since 1 and 1/2 years ago, but never bit on one.  Well, I finally took the plunge and grabbed this bike.

Here's a pic:

I had to get a full suspension bike.  Having give on the front and rear tires makes for a much more comfortable ride.

I've been out a couple times with it so far.  Not much around me in the way of mountain biking, but there are general trails and some nice places to ride.  This is kinda a problem for me, since there is no bike rack that fits my car.  Doh.  That means I have to break my bike down and stuff it in the car to transport it. Oy, vey.

I'm hoping to solve this problem somehow, so I can take it on trips.

Get a bike and go find a trail.

In case you haven't learned your lesson yet --  BACKUP YOUR DATA!  I had a recent scare (failed sound card install) that cost me 2 nights of agony.  I did manage to "repair" the system, but I was literally on the verge of reinstalling XP; thus agreeing to flush lots of my data.  Yes, that means my EFS cert, my encrypted files and lots of app configs that weren't backed up in the past 4 months!

(I think my repaired system is almost 100%; Likely only small sound issues remain due to the failed sound card install)

My ideal goal was to get an automated backup solution that would work in case I had to totally rebuild the system.  XP provides NTBackup.  There is even a nice feature called an ASR backup.  Along with a floppy you can rebuild your system.  The problem is you can't automate an ASR backup.  So I had to settle on regular backups of the System State and weekly C drive backups.

I've finally learned how to deal with DCOM permissions.  With SP1/SP2 they've apparently changed enough to cause lots of trouble with Scheduled Tasks on XP.

I've always had issues running Backups via Scheduled Tasks.  The latest issue was that my "Backup Operator" account could manually run (by right clicking) a NTBackup scheduled task (via Control Panel), but the scheduled task would not execute (properly) when run by anyone else with "permisisons" to run the scheduled task.

I received errors like the following.  Note the CLSID mentioned in each.

Event Type: Error
Event Source: DCOM
Event ID: 10016
User:  COMPUTERNAME\backupuser
Computer: COMPUTERNAME
Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{0022DFD7-0469-49FF-BDD4-192CB402F5C6}
 to the user COMPUTERNAME\backupuser SID (ENTER YOUR SID HERE).  This security permission can be modified using the Component Services administrative tool.

AND

Event Type: Error
Event Source: DCOM
Event ID: 10016