Today, Microsoft announced what they're calling Windows Principles. It's rather interesting, although I'm guessing by "commercially reasonable terms" they mean it won't be free for community-developed software to use. The whole saying they won't change the licensing terms to OEMs based on whether they allow non-MS systems will be more interesting on the economic side. I'm curious what it will do to the cost of the low-end PC market.
So I've found some fun things while upgrading from Exchange 2000 to an Exchange 2003 cluster. First is unable to categorize does not mean Journaling. Lots of "Messages Awaiting Directory Lookup", querying all the servers that the servers were using to figure out why they were complaining about it, only finding entries about Journaling and how to fix/disable it. Turns out it's not that it sees the msExchMessageJournalRecipient with bad data, but just it isn't able to access the object to read that attribute. The fix is to enable inherited permissions on the server object in ESM. I suspect the cause of the problem was adding another Exchange domain necessitated additional ACEs for the Exchange groups in the new domain. But the question of why it was broken in the first place is up in the air.
The second piece is I think why. I found after "fixing" the above that the admins couldn't get into any mailboxes. This is default behavior (it sets a Deny ACL on the mailboxes), but apparently was fixed at some point by breaking inheritance and removing the Deny. Proper fix if the server admins should be mailbox admins as well is to add an ACL to the Server object allowing full control for the admin (non-inherited Allow overrides an inherited Deny in DACLs). It'd also likely be possible to fix at the Organization or Administrative group level, but that requires work to make the Security tab visible, and is more likely to break if future versions change those permissions (or add additional ACEs in delegation and one has to figure out how to fix again). Probably better to just do it per server or store.
Third is that Exchange follows MX records for intra-domain routing. This was discovered when changing this to get names set up for externally established DNS names. This is the most pressing argument I've seen for split DNS (if mail should go through a central hub), which is unfortunate since there's not a clean workaround. That is other than a front end server architecture (everything seems to push that way in the end). It'd be nice if they just made an OWA URL that would be used for server referrals.
Thats it for now. Between those problems and replacing a failed drive in another machine, I'm calling it a day.
One of the "Reprints" in the latest Cryto-Gram is Crying Wolf from July 2003. It starts by talking about the problems with FUD and computer security, and then brings in how that's paralleled the government. Not only did people start ignoring the threat level colors, they started openly mocking it. It seems things haven't gotten any better, so I think it's a good article to bring up again.
Vulnerability in DHCP Client Service Could Allow Remote Code Execution. That's a fun one seeing as almost everyone uses DHCP so people don't have to manually reconfigure to switch networks. Now not only can you redirect and capture all of someones traffic by issuing responses, but run code so they're still yours when they leave. At least the same switch protections that prevent rogue DHCP servers should prevent this from working.
A rollerblader hitched a ride from a car at 50mph. They seem to think it's odd that he was able to hold on. Holding on at 50 doesn't seem so amazing, but that must have been hard on the knees... Although they must have amazingly smooth roads if the small wheels on the blades handled that. The wire article seems to indicate he was tailing it, I'm thinking it may be more likely he was actually riding.
This is mostly a note to myself, but it may be useful for others. By default command processing for login scripts can be iffy since UNC paths aren't handled well. To get around this, the pushd command can be used. It changes directory to the specified path, and if it's UNC it maps a temporary drive path (MS KB 317379). To specify the path %~dp0 can be used (% is environment variable, ~ specifies arguments, d is expand drive, p is expand path, 0 is of course the script itself - see How do I parse a file name parameter into its' constituent parts? for details). So pushd %~dp0 maps the script directory to a temp drive and drops in for the rest of the script. I got the hint here.
So apparently the FBI is following through on trying to make the FCC interpretations to CALEA fully legal. I think this was expected given that when upholding the interpretation on a general challenge the court said "an aggrieved party can bring a petition for review at that time." Of course the government is going to try to make sure that when it gets challenged it will stand. They'd try this whether or not the appeal stands.
Besides the privacy (instant remote access is insufficient barrier to improper searching) and cost (network owners have to pay for replacing everything and possibly external bandwidth) reasons, who is going to make sure it's secure so something like this doesn't happen. Especially after things like this.
Power concedes nothing without a demand. It never did and it never will. Find out just what a people will submit to, and you have found out the exact amount of injustice and wrong which will be imposed upon them; and these will continue till they are resisted with either words or blows, or with both. The limits of tyrants are prescribed by the endurance of those whom they oppress.
I saw a subset of that Frederick Douglass quote on Slashdot, and it got me thinking a bit. That's an excerpt from a speech given almost 150 years ago. While that speech was for a completely different subject, and not to belittle that as it's unfortunately still an issue, this portion applies to so many things these days. I'd say something that can be taken and applied to things like that is a good measure of something that can relatively safely be considered a universal truth. While slightly disconcerting as a general summary, it's even more so considering that the context of it appearing was in a person describing a former employer's business philosophy.
The problem isn't really that companies are attempting that model, it's that they're actually able to run with it. It seems that the root cause of a lot of these problems is that people got the crazy idea that the government (speaking of the United States here) is there to keep them safe and protect them from others. People will go off about the First Amendment when someone (even other than the government) tries to prevent them from expressing their views, but then turn around and say they were offended by something someone said or did and think the government should stop it. People expect the government to keep terrorists from causing problems. While that sounds good at first glance and may make people feel good, it's contrary to freedom as it leaves the system wide open for abuse of power. Unfortunately the line between safety and a framework for reasonable fairness is a fine line, and those with power have incentive to encourage the former.
The framework for fairness and keeping control with the people works well across a level playing field, but the power given to corporations has allowed a ridiculous imbalance. Back to the First Amendment issue, with individuals there's a level of equality. If someone does something others with which others in the society strongly disagree, there is a social pressure to either conform or separate. The government is there to mediate and provide a structure for expressing/enforcing the important group values, not to force resolution of minor disputes. Thus the federalist structure and the Tenth Amendment.
Corporations don't feel the same pressure however, and when given the legal status equivalent to a person, aren't effectively kept in agreement with society by it. There is no way to appeal to a corporation's conscience, incarcerate or otherwise punish it. While society has seen fit to give individuals life in prison or the death penalty, punishments for large corporations are all arranged so that is has no major impact. Even the comparison creates an issue in that there's no reasonable equivalent to a corporate imprisonment and the death penalty is controversial. The corporate structure was specifically designed to shield the executives from liability, which is only recently starting to be seen as an issue and adjusted after the major corporate scandals.
The government created monsters called corporations, and is turning itself into one trying to control them. Unfortunately it seems like it's already the other way around, and now it's just creating the perspective that the corporations are being controlled. Everything is based around the economy, money and greed. This whole thing reminds me of Ben Franklin's response of "A republic, if you can keep it." How bad will things get before people start paying attention? How bad will things get before people start actually caring?
JumpDrives recalled for burn hazard. I'm somewhat amazed they managed to make a burn hazard out of a device that by spec doesn't have more than 2.5W delivered to it.
Copyright ©2000-2008 Jeremy Mooney (jeremy-at-qux-dot-net)
So it's a short cut. The question is to where?