The details are in the bulletin MS04-025.
All I can say about Rob is that he’s
- in the PSS Security team
- got a lot of security-related troubleshooting experience
- got some crazy theories about passwords
- an engaging and sincere speaker
I had the privilege of meeting Rob on his recent trip to Australia, it was good to put a face to the name. He’s been on the front lines of our efforts to help customers with security-related problems.
It’s good to see him blogging – both my regular readers will know I’m not a frequent linkblogger, but the post above is certainly worth reading, and hopefully a blog worth following.
As my colleague Craig put it: “Since the first time I saw Hensing’s No Passwords talk, I’ve discovered a whole new dimension of passwords involving the spacebar, and it’s amazing.”
It seems like he’s happier since making this discovery – my theory is that he’s typing the abuse he’d usually be hurling at me as his password… Every time I make a witty comment, he stops to take a breath, lock his workstation, then slowly – and loudly – hammers his passphrase in, before smiling a secret smile and relaxing*. Nah, it’s probably nothing.
So – does the Namespace operator (and IPV6 address separator) have a specific phonetic pronunciation? Something onomatopeic? “Colon colon” suffers from having too many syllables.
If there’s no generally accepted practice, I submit that whenever “::” needs to be vocalized, it should be pronounced “blup blup”, (and correspondingly, that the colon be pronounced “blup”). Enunciation is frowned upon, so the two sounds should run together.
(Yes, I’m one of those people who uses “Bang” for an exclamation mark (depending on context), “Wack” for a backslash (and sometimes the forwardslash), and pronounces M$ “Em ta-ching.”)
I had a couple of cups of coffee with dinner last night, and ended up perched in front of my PC, unable to sleep, and unable to solve a problem involving XMLHTTP and (as it turns out) cookies.
“Surely this is what that XMLHttp thing I’ve heard of is for?”, I thought, while quietly shivering in the cold (or was it just the coffee?).
About an hour and three quarters after receiving my first “Access Denied” message when trying to connect to an HTTPS site (Basic auth) using XMLHttp, I worked out that there were probably cookies involved for authentication (or at least, the authentication led to the client being sent a cookie rather than being an end in itself) as well as the Basic credentials – I set up a quick local test site that was fine. Web searching proved fruitless, but I wasn’t ready to give up.
I even tried a Webclient-based .Net application to see if it fared any better (even though the point was to try to use scriptable features and avoid an external exe) – but it had much the same issue.
The answer – which took about three minutes to implement – was to use the WinHTTP object instead, which handily resembles a client browser enough that it accepts and re-sends cookies on what I assume is a per-instance basis, whereas XMLHttp is less browser-like, and more about the methods and invocations (I found references to being able to look at the headers returned from the invocation by XmlHttp, but building a cookie engine just seemed like more work than was necessary – again, this is purely supposition and conjecture!).
So, the VBS code returning “Access Denied” looked like this:
site = “https://usage/theusagepage”
set xmlhttp = CreateObject(“Microsoft.XMLHttp”)
xmlhttp.Open “GET”, site, False, Username, Password
‘ then do stuff with the response
And the solution turned out to be something like this instead, which sailed through without a problem:
site = “https://usage/theusagepage”
set winhttp = CreateObject(“WinHttp.WinHttpRequest.5”)
winhttp.Open “GET”, site, False
winhttp.SetCredentials Username, Password, 0 ‘ for web server, not proxy
set xmlDoc = CreateObject(“Microsoft.XMLDOM”)
Thought I’d share it to hopefully save someone some time – most of the KB articles on the subject were fairly specific errors that didn’t quite match up.
I’ve officially declared Friday to be Browser Fiddling day.
Overnight, I tried out Slim Browser and Maxthon (MyIE2) – thanks to Brad C’s comments, they both:
- allow middle-click-open-in-new-window-in-background
- have tabs that can be closed by double-clicking
- have their “search from the address bar when a hostname is typed” option disabled
- have a cool-looking default skin that isn’t too cluttered
And I’m becoming progressively more impressed with Maxthon.
As the title of this blog mentions, one thing I’d really like to see is better integration with MSN Messenger from the browser.
The usage scenario is pretty straightforward: I’m looking at a page, and want to send the link to someone on MSN IM.
At the moment, I have to copy the url, switch to the Contacts window, double-click the contact to start the conversation, paste the link, then send the message.
What I’d like to be able to do is hit a droplist button “Send Link By IM”, and be able to pick the IM contact from the IM contact picker. Ideally, an MRU list would also be created as I send to a recipient (some recipients I’m not going to send links to, so I don’t need the whole list all the time), so I can just Send Link By IM -> Barry rather than have to use the contact picker every time. If I can accomplish the whole thing without switching applications, I’m happy.
I have no idea how hard this would be to implement in a toolbar, but it’d save me clicks and an application context switch, which has to be a positive step forwards!
I live and breathe email. I have a reasonably straightforward but large ruleset to help me manage the email away into categorized PST files and folders.
I like reading information in Outlook, and find that Outlook-based aggregators are best for reading blogs, as I’m not constantly app-switching.
I use one I wrote to get the hang of Outlook add-in programming and XML (I never did really get the hang of it, but it’s just good enough that I can live with it. Just.) Others use Newsgator.
Lookout (MSN Sandbox/free 1.2 beta linked). Being able to search all my email instantly makes me more likely to search it (and to hoard it), which means that I can find things I’ve already seen but only have a vague memory of, much faster, or even pseudo-ignore them: I know I can find them later if I need to.
(a long-time colleague uses a slightly different technique – he won’t read an email unless there’s a discussion about it first, which seems to be a highly effective filtering technique).
If you don’t already have some type of instantaneous search for Outlook, I highly recommend this.
(Of course.) I’ve played around with Avant Browser on and off, but since a recent update seems to have effectively broken intranet use (type in an address with no dots in it and it tries to search for it), I’ve been toying with Firefox a bit – tabbed browsing appeals to me, and they have some other cool features too
(if anyone has a suggestion for an alternative tabbed browser that uses the IE engine, I’m interested). [Update] I’m currently playing with Maxthon.
I talked about this last time – this is now my secondary holding area for just about any information I think might be useful at some point, and scratch notes, etc.
From my perspective, almost universally terrible, so I won’t go into them.
Pasted from <http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx>
Pasted from <http://www.microsoft.com/office/onenote/prodinfo/sp1/default.mspx>
A word of warning – it’s different enough from ISA 2000 that you’ll probably want to skim the documentation and have a play with it before leaping in: you can block/allow traffic in any direction, NAT networks, route networks, set up internal and external listeners on networks, filter secureNAT web publishing requests… (the list goes on).