Rob Hensing on Passphrases

All I can say about Rob is that he’s



I had the privilege of meeting Rob on his recent trip to Australia, it was good to put a face to the name. He’s been on the front lines of our efforts to help customers with security-related problems.


It’s good to see him blogging – both my regular readers will know I’m not a frequent linkblogger, but the post above is certainly worth reading, and hopefully a blog worth following.


Anecdote Corner
As my colleague Craig put it: “Since the first time I saw Hensing’s No Passwords talk, I’ve discovered a whole new dimension of passwords involving the spacebar, and it’s amazing.”


It seems like he’s happier since making this discovery – my theory is that he’s typing the abuse he’d usually be hurling at me as his password… Every time I make a witty comment, he stops to take a breath, lock his workstation, then slowly – and loudly – hammers his passphrase in, before smiling a secret smile and relaxing*. Nah, it’s probably nothing.

Proposal: Namespace Operator Pronunciation – :: = “blup blup”

So – does the Namespace operator (and IPV6 address separator) have a specific phonetic pronunciation? Something onomatopeic? “Colon colon” suffers from having too many syllables.

If there’s no generally accepted practice, I submit that whenever “::” needs to be vocalized, it should be pronounced “blup blup”, (and correspondingly, that the colon be pronounced “blup”). Enunciation is frowned upon, so the two sounds should run together.

(Yes, I’m one of those people who uses “Bang” for an exclamation mark (depending on context), “Wack” for a backslash (and sometimes the forwardslash), and pronounces M$ “Em ta-ching.”)

XmlHttp, WinHttp, Cookie-based Auth and Too Much Coffee

I had a couple of cups of coffee with dinner last night, and ended up perched in front of my PC, unable to sleep, and unable to solve a problem involving XMLHTTP and (as it turns out) cookies.


As a long-time Bigpond Cable user at home, I was interested in Darryn’s scripts for BPA Usage monitoring with MRTG. The version that was there last night used Lynx to download a blob of XML


“Surely this is what that XMLHttp thing I’ve heard of is for?”, I thought, while quietly shivering in the cold (or was it just the coffee?).


About an hour and three quarters after receiving my first “Access Denied” message when trying to connect to an HTTPS site (Basic auth) using XMLHttp, I worked out that there were probably cookies involved for authentication (or at least, the authentication led to the client being sent a cookie rather than being an end in itself) as well as the Basic credentials – I set up a quick local test site that was fine. Web searching proved fruitless, but I wasn’t ready to give up.


I even tried a Webclient-based .Net application to see if it fared any better (even though the point was to try to use scriptable features and avoid an external exe) – but it had much the same issue.


The answer – which took about three minutes to implement – was to use the WinHTTP object instead, which handily resembles a client browser enough that it accepts and re-sends cookies on what I assume is a per-instance basis, whereas XMLHttp is less browser-like, and more about the methods and invocations (I found references to being able to look at the headers returned from the invocation by XmlHttp, but building a cookie engine just seemed like more work than was necessary – again, this is purely supposition and conjecture!).


So, the VBS code returning “Access Denied” looked like this:


site = “https://usage/theusagepage”
set xmlhttp = CreateObject(“Microsoft.XMLHttp”)
xmlhttp.Open “GET”, site, False, Username, Password
xmlhttp.Send
‘ then do stuff with the response


And the solution turned out to be something like this instead, which sailed through without a problem:


site = “https://usage/theusagepage”
set winhttp = CreateObject(“WinHttp.WinHttpRequest.5”)
winhttp.Open “GET”, site, False
winhttp.SetCredentials Username, Password, 0 ‘ for web server, not proxy
winhttp.Send
set xmlDoc = CreateObject(“Microsoft.XMLDOM”)
xmlDoc.loadXML(winhttp.ResponseText)


Thought I’d share it to hopefully save someone some time – most of the KB articles on the subject were fairly specific errors that didn’t quite match up.

I’d Really Like Better Messenger Integration with IE

I’ve officially declared Friday to be Browser Fiddling day.


Overnight, I tried out Slim Browser and Maxthon (MyIE2) – thanks to Brad C’s comments, they both:



  • allow middle-click-open-in-new-window-in-background
  • have tabs that can be closed by double-clicking
  • have their “search from the address bar when a hostname is typed” option disabled
  • have a cool-looking default skin that isn’t too cluttered

And I’m becoming progressively more impressed with Maxthon.


As the title of this blog mentions, one thing I’d really like to see is better integration with MSN Messenger from the browser.


The usage scenario is pretty straightforward: I’m looking at a page, and want to send the link to someone on MSN IM.


At the moment, I have to copy the url, switch to the Contacts window, double-click the contact to start the conversation, paste the link, then send the message.


What I’d like to be able to do is hit a droplist button “Send Link By IM”, and be able to pick the IM contact from the IM contact picker. Ideally, an MRU list would also be created as I send to a recipient (some recipients I’m not going to send links to, so I don’t need the whole list all the time), so I can just Send Link By IM -> Barry rather than have to use the contact picker every time. If I can accomplish the whole thing without switching applications, I’m happy.


I have no idea how hard this would be to implement in a toolbar, but it’d save me clicks and an application context switch, which has to be a positive step forwards!

More on How I Work (and Lookout’s now available!)

[Updated 23/07/04 with public Lookout download]

A couple of people internally and externally asked about a couple of aspects of the array of software I use to do my job, so I thought I’d expand on it.

 

As a Support Professional, my key tasks involve information retrieval, evaluation and dissemination. I have an array of software configured to help me work more effectively, and I thought I’d share that here.

 

Outlook 2003
I live and breathe email. I have a reasonably straightforward but large ruleset to help me manage the email away into categorized PST files and folders.

The email that’s most important to me gets flagged for follow-up and moved to my Case Email folder, with accompanying loud sound effects.

 

 + an Outlook-based RSS Aggregator
I like reading information in Outlook, and find that Outlook-based aggregators are best for reading blogs, as I’m not constantly app-switching.
I use one I wrote to get the hang of Outlook add-in programming and XML (I never did really get the hang of it, but it’s just good enough that I can live with it. Just.) Others use Newsgator.

I use Outlook 2003’s Search Folders feature with a list of keywords (“Microsoft”, “Windows”, “Intel”, “AMD”, “C#”, “Doom”, “exploit” and so on) to keep track of interesting things that come in via RSS feeds  (which are dumped into subfolders of News and Blogs folders, making it easier to target the Search Folders), and the “RSS Interesting Topics” Search Folder is in my Outlook Favourite Mail Folders area at the top of the mail pane.

I also have an RSS Unread Topics Search Folder that allows me to skim for any new posts that don’t fit the predefined category.

Autoarchive is configured to clear out all the RSS-driven folders every 6 months.

 

 + an Insta-Search Mod (Lookout)
Lookout (MSN Sandbox/free 1.2 beta linked). Being able to search all my email instantly makes me more likely to search it (and to hoard it), which means that I can find things I’ve already seen but only have a vague memory of, much faster, or even pseudo-ignore them: I know I can find them later if I need to.
(a long-time colleague uses a slightly different technique – he won’t read an email unless there’s a discussion about it first, which seems to be a highly effective filtering technique).
If you don’t already have some type of instantaneous search for Outlook, I highly recommend this.

 

Internet Explorer
(Of course.) I’ve played around with Avant Browser on and off, but since a recent update seems to have effectively broken intranet use (type in an address with no dots in it and it tries to search for it), I’ve been toying with Firefox a bit – tabbed browsing appeals to me, and they have some other cool features too
(if anyone has a suggestion for an alternative tabbed browser that uses the IE engine, I’m interested). [Update] I’m currently playing with Maxthon.

 

OneNote
I talked about this last time – this is now my secondary holding area for just about any information I think might be useful at some point, and scratch notes, etc.

 

LOB Apps
From my perspective, almost universally terrible, so I won’t go into them.

The Death Of Favourites (an Ode to OneNote)

Finally, one of the banes of my existence is going away.

 

No, “Favorites” aren’t disappearing from Internet Explorer (er, not that I know of, anyway), but I just noticed that my browsing experience had been greatly streamlined. By using Favourites. Which is surprising to me, because normally, I’m flat-out scared to open the list.

 

Confessional time…

 

For years, I’ve been a browsing packrat. I add bookmarks as if my life depends on it. If something might even be vaguely useful to me at some point in the future, I’ll add it. If I don’t have time to read more than the first paragraph but really want to come back to something, I’ll add it. If there’s something I’m mid-way through reading and then have to concentrate on something else, I’ll add it.

 

The occasional attempt at categorization left me frustrated, with the added bonus that I’d then have a folder structure three levels deep that I knew I wouldn’t be revisiting. Pity.

 

Then, something changed.

 

At first, I put it down to my increase acceptance of and reliance on Google (and more recently MSN’s Search Preview), and I think that’s a part of it. Also, having an Outlook-based RSS Aggregator and a reasonably good Outlook-indexing search app helps.

 

But I think I’ve worked out the main reason that I don’t need the bookmarks any more: It’s OneNote.

 

Yep, OneNote has cured me of my bookmarkitis.

 

I’ve been using OneNote more and more (I had a very slow start with it, just using the “side notes” featurette, but I spent a little time experimenting with it a bit more recently), and it’s gradually taking over the role of “information dumping ground” that Favourites used to occupy. And I’m quite happy about that. Plus, as I’m usually pasting the key paragraph I want into the note, I find I have less need to actually visit the site again, unless I actually need more information than I’ve pasted.

 

It does the horizontal-and-vertical categorization thing, it’s free-form enough that I feel unencumbered using it, yet has just enough enforced organization that I feel I’m being made more productive, and – this is really cool – it pastes in the hyperlink of the text I copy in from my browser (check this out, it was automatic – I just copied and pasted the top line of the page):

 


 

And suddenly, I’m finding my Favourites are reclaimed for tasks I actually enjoy doing in my browser – blog-related stuff, frequently-used utilities, and others. The list’s down to less than 10 things, plus a couple of folders. I’m able to keep it short. I feel relaxed and happy using the Favourites menu again. And one simple “Archive” folder in OneNote takes care of all the notes I don’t actively need, but might at some point want to search out!

 

If you haven’t yet tried OneNote, there’s a (free) preview version of OneNote 2003 SP1 linked from here – if you’ve ever had a tendency to information-hoard and are as scared of opening your three-screens-worth of Favourites as I was, it’s a worthwhile download.

 

Download the OneNote 2003 Service Pack 1 (SP1) Preview
Pasted from <http://www.microsoft.com/office/onenote/prodinfo/sp1/default.mspx>

 

(Sorry, I just had to paste something in again!)

ISA 2004: RTM Now On Microsoft.com!

Yep, Internet Security and Acceleration Server 2004 information is now becoming available on Microsoft.com.

 

ISA 2004 incorporates much of the feedback that the ISA community had about ISA 2000, and – so far for me at least – is just as reliable and ten times more configurable. What’s new? Lots.


A word of warning – it’s different enough from ISA 2000 that you’ll probably want to skim the documentation and have a play with it before leaping in: you can block/allow traffic in any direction, NAT networks, route networks, set up internal and external listeners on networks, filter secureNAT web publishing requests… (the list goes on). 

 

The default configuration is quite heavily locked down. If you’re planning on experimenting with ISA on a Domain Controller (or any other production server that clients access, for that matter) keep in mind that you’ll need to create access rules between the internal network and ISA Server (unlike ISA 2000 where the internal network was trusted). To allow certain infrastructure protocols (DNS, DHCP) to ISA, you can edit the System Policy, and create additional access rules.

 

Other resources:

Technet information (mostly geared towards planning, because we’re at that point in the lifecycle) : http://www.microsoft.com/technet/prodtechnol/isa/default.mspx

 

RTM version is also available through MSDN Subscriber Downloads.


 

Community links:

ISA Server Community on Microsoft.com

http://www.isaserver.org/ Tom Shinder’s excellent ISA resource.

 

Got ISA 2004? Got Comments?

ISA 2000: Filter Proxy Logs with FIND

I’m often faced with the somewhat daunting task of wading through a 500MB log file to try to identify a problem with one user of a proxy server.

 

I find the simplest way to even the odds a bit – using out-of-the-box tools – is to use the humble FIND command to filter the logs down to just the parts I think I’m interested in.

 

First, copy the log file you think contains the event you’re interested in to your workstation from the ISA box – trying to do this remotely is just going to end in tears. ISA logs are kept in the Program Files\Microsoft ISA Server\ISALogs folder, called WEBext, FWSext and IPPext (with date numbers) for Web Proxy, Firewall and SecureNAT, and Packet Filtering logs respectively.

 

Once the log file’s copied, I kick off with a fairly general filter; usually the client IP address is a good place to start, so the command looks like this:

 

FIND “192.168.0.1” WEBEXTnnnn.log > BarrysIP.txt

 

This will sort through the web proxy log, and anytime the string specified appears on a line, the whole line will be dumped into the new BarrysIP.txt file.

 

If you still have too much to look through, you can then filter BarrysIP down to, say, a particular site he’s having a problem with:

 

FIND /I “barrysdomain.dom” BarrysIP.txt > barrysdom.txt

 

This time, we’re specifying a case-insensitive search with /I, and we’re redirecting the output to what’s hopefully a much smaller file, which can be pulled into Excel or Notepad and analyzed to your heart’s content…

Communities Blog Portal Now Open! With Keyword RSS Feeds!


 

Coolest feature: the ability to fashion a keyword/category query into an RSS feed across all Microsoft blogs. If you’re only interested in certain things (and personalities be damned!), you can sign up for the keyword feed. (And if you’re really serious about losing personality, try running it through a text-to-speech program afterwards, or removing all the adjectives).

 

Bit that looks like it needs work, but might not actually need work: The categorization gets pretty coarse (for someone that plays in the Windows space, having “Windows” as a category is a little on the “too general” side of the happy fence), and in some cases blogs aren’t (yet) categorized appropriately (I’m sure we’ll work on that) – but you can easily overcome that by throwing in a keyword or two when picking a category. Heck, my category titles look like blog titles to the categorizer(TM), so I’m going to have to edit them a bit now!

 

Tim’s one of the people behind the project, and he’s interested in your feedback, so drop him a comment!