Site Sections
Posts
254
Comments
120
Trackbacks
120
February 2007 Entries
Microsoft DST Guidance: How they did it

Once again, I've updated my DST rollup post to include the hot-off-the-presses Exchange Time Zone Update Tool: Guidance from Microsoft IT whitepaper. It's now available from Microsoft Downloads as a PDF.

posted @ Wednesday, February 14, 2007 4:16 PM | Feedback (0)
"DST blues" revisited

Hello, everyone! Just a quick interruption to let you know I've updated my previous post on DST blues to include Windows Mobile resources.

Okay, back to the chocolate and flowers.

posted @ Wednesday, February 14, 2007 2:32 PM | Feedback (0)
The SAFETY Act rears its ugly head again

Thanks to Rep. Lamar Smith (R-TX), aided by co-sponsors Rep. Steve Chabot (R-OH), Rep. Tom Feeney (R-FL), Rep. J. Randy Forbes (R-VA), Rep. Trent Franks (R-AZ), Rep. Elton Gallegly (R-CA), Rep. Dan Lungren (R-CA), and Rep. Mike Pence (R-IN), the House Judiciary Committee is now considering the Stopping Adults Facilitating the Exploitation of Today's Youth (SAFETY) Act.

Here's one of the main problems with this bill:

SEC. 6. RECORD RETENTION REQUIREMENTS FOR INTERNET SERVICE PROVIDERS.

  (a) Regulations- Not later than 90 days after the date of the enactment of this section, the Attorney General shall issue regulations governing the retention of records by Internet Service Providers. Such regulations shall, at a minimum, require retention of records, such as the name and address of the subscriber or registered user to whom an Internet Protocol address, user identification or telephone number was assigned, in order to permit compliance with court orders that may require production of such information.

  (b) Failure To Comply- Whoever knowingly fails to retain any record required under this section shall be fined under title 18, United States Code, and imprisoned for not more than one year, or both.

As others have pointed out, this measure places an onerous burden on ISPs and network operators. Note that although the section quoted above only directly mentions retention of records that pertain to subscriber information (who purchased what account/services), it specifies those records as a minimum. It leaves discretion to the Attorney General to define the specific retention regulations, and there is more than ample reason to believe that the current law enforcement climate would stop there. (I'll point out that any competently run business retains that information already for tax reasons.) In fact, this wording gives leave to the Attorney General to require ISPs (or any organization that puts up a web or email server!) to retain all sorts of records on your Internet usage: who you get email from, who you send it to, contents of those messages, websites you visit, etc. -- and these records would need to be retained all the time, for every user, whether or not that user was suspected of wrongdoing.

In short, this bill would give authority to the Attorney General to require all ISPs and companies with an Internet Presence to keep complete records on all Internet activity. Once this data is there, do you want to take bets as to whether or not law enforcement wouldn't start finding reasons to do more and more browsing (not just focused on stopping online child exploitation)? In Europe, where they already have some mandatory level of records keeping, the entertainment industry is already agitating to get access to those records to investigate piracy -- not to help prosecute people they've already identified, but to troll for people to prosecute.

Call your Congressmen today. Protest this bill now, while you can.

posted @ Monday, February 12, 2007 4:42 PM | Feedback (1)
DST blues got you down?

Dealing with the Daylight Savings Time issue can be pretty confusing, especially since the tools and updates you need have been being made available over a period of time. Start with the Daylight Saving Time Help and Support Center. It gives you a centralized set of Microsoft's DST resources, including links to the updates for various products. From there, check out the following KB articles and updates especially pertinent for the Exchange admin:

Unfortunately, the U.S. Congress really didn't do any favors for IT pros with the expanded DST timeframe. There's no magic bullet fix; you have a lot of updates to coordinate, a choice of tools to run, and a lot of opportunities to have appointments messed up even if you do everything right. Oh, and you don't have much time to figure it out. It doesn't help much to know that everyone is feeling your pain, but right now, that's the best I can offer you. That, and keep an eye out on the regular Exchange news sources and blogs; a lot of smart people are taking the plunge to figure out where the pain points are, and they're busily writing about it.

Hang in there.

Updated Feb 14 1430: I've added the Windows Mobile links to the list. Additionally, apparently many people with resource accounts (conference rooms, etc.) that are steadily booked are running into problems using the rebasing tools, because those accounts don't own the events and can't move them authoritatively. I'm aware of one potential workaround in the works for this and will point you to it as soon as I can.

Updated Feb 14 1610: Updated again with the link to the Exchange Time Zone Update Tool: Guidance from Microsoft IT paper.

posted @ Sunday, February 11, 2007 12:29 AM | Feedback (4)
Skype antics and DRM

Last year when I was traveling in Europe, I used Skype -- and their SkypeOut feature -- to keep in touch with home. At the time, SkypeOut was free when used to place calls to North America, so it was a perfect fit. Other than that one experiment, though, I tend to stick to my cell phone; I'm normally calling a set list of people, and my cell plan gives me more than enough minutes to handle the calls I need to make. I think maybe I'm glad, now.

It seems that recently Skype was caught using a Windows DRM framework that attempted to directly access the BIOS of the Windows machine it was running on -- and they were caught because the 64-bit versions of Windows don't allow this functionality.

Since that time, Skype's Chief Security Officer has posted a wishy-washy explanation of why they'd included the DRM framework in Skype, and tried to downplay the privacy violation angle.

Now, I'm not one of these folks who thinks that DRM as a concept is inherently evil. There's a time and a place for it, such as helping to protect confidential or sensitive data (think patient information in healthcare, or other data that falls under legally manadated protection regimes). There's a place for DRM products such as the Windows Rights Management Server. I do, however, think that in many cases, the people who design and inmplement DRM schemes are guilty of poor thinking. No DRM scheme is going to be fool-proof; people are just too damn clever at finding ways around restrictions if they really want to.

The key for a DRM system, then, is to make a reasonable enough effort to protect the data so that it takes deliberate intent to circumvent the protection. It's yet another application of the 90/10 rule -- you'll spend 90% of your work to address 10% of the threat. Someone who is sufficiently determined will break any DRM/copy-protection scheme, so at some point you need to draw a line and say, "This is sufficient to keep accidental exposures from happening." It's the equivalent of locks on a car door; you're helping keep honest people honest. Any determined thief will simply break the window and jack your ride. Well, in any DRM scheme, there's a way to break the window and jack the ride. The trick is to make it so that you can show that the person had to take sufficient steps to do so that you can demonstrate an intent to violate the DRM.

Tying this back to Skype, I think their mistake was in tying the DRM into the framework of the application, rather than embedding it in the specific plug-ins that require it. From what I've seen, the most effective DRM implementations are those that tie the protection to the data being protected. Put the protection in the wrong place, and you get into the hot water Skype is finding themselves in. All it takes is one moment to destroy your users' trust, and in this industry, that's often a killer blow. I know I'm far less likely to use Skype in the near future.

posted @ Friday, February 09, 2007 12:31 PM | Feedback (0)
A funny thing about being a technical writer

To some extent, a writer is a writer is a writer, regardless of what kind of work they produce. There are certain realities that every writer must grapple with (if you don't write, you don't make money; if you aren't in front of the keyboard/typewriter/pad of paper, you can't write; books/papers/copy/articles are written one word at a time) and certain techniques that every writer can benefit from to greater or lesser degree (outlining; how to break writer's block; producing a complete draft before going back to revise).

Then there are the things that make each type of writing different. For example, if I were a published fiction author (not yet, but I'm working on remedying that), I'd be reasonably confident that if a publisher wanted to reprint my work in a new format or collection, I'd be getting notified about it before it happened. Maybe not always, but most of the time -- especially if I owned the copyright to the work and hadn't signed away the relevant rights. As a technical writer, though, I rarely retain copyright on the works I produce; most of the time, they're either "to spec" or the contract with the client otherwise stipulates the work is "for-hire." On the other hand, the book advances and per-word/page payment rates are generally much more generous in technical writing than they are in the fiction world, so you're well-compensated for giving away your darlings. Not, I hasten to add, that technical writing is a way to get rich. If you are a good steady writer, are flexible in the kind of work you do, and are willing to put in the scramble to constantly line up new business, you can make a decent living as a freelance tech writer[1].

All of this is a roundabout way of saying that back last fall, I got a quick email from an editor at Windows IT Pro Magazine; she was excerpting a portion of the DCAR ebook that I did for them and wanted to know if her condensation was accurate. This excerpt was being put together as an article for the Exchange & Outlook Administrator newsletter. Other than that one email, I didn't really have any input; I may have written the material, but they own all rights to it and can re-use it however pleases them. I didn't even know they'd published it as a web exclusive article back in December until just now, thanks to a forwarded email that linked to the article down in the conversation thread.

That's pretty cool, when you think about it.

[1] Before you ask, I don't have any advice to offer. I work for 3Sharp as a full-time employee, so my other writing gigs are on the side and take up evenings and weekends. I don't know how to survive as a full-time freelancer because I don't want to know; I like my corporate overlords just fine, thank you.

posted @ Thursday, February 08, 2007 4:32 PM | Feedback (2)
More Exchange 2007 documentation

Now that Exchange 2007 is formally launched, the documentation train keeps on rolling. Fresh off the presses, Microsoft gives us the following goodies:

I have to admit, I'm finding the redesign of the Microsoft Exchange Server TechCenter to be a lot less helpful than the previous Microsoft Exchange Technical Library (now defunct). This design is great if you want to get into the actual hyperlinked documentation that comes with the product (in the form of a Help file). It's not so great at allowing me to quickly determine if new whitepapers or guides have been released and figure out whether they are online or downloadable. The Technical Library format, on the other hand, gave a nice listing of the various guidance that was out there. With the wealth of information that came out for Exchange 2003 over the years, I'm sure that list got somewhat cramped and ugly to manage (especially where many papers were listed in multiple categories), but it still gave us the ability to see what guidance was available.

With the TechNet format, I still haven't been able to find links to some of the recently released documents; I just now found that most (but not all) of the documents I linked to above can be found by clicking the browse all Exchange Server 2007 documentation link, then navigating to the TechNet Library, Microsoft Exchange Server, Exchange Server Technical Articles, Connecting with Exchange Server 2007 node in the tree in the right-hand navigation pane. Not exactly intuitive. And where are the four deployment guide I linked to last time, or the two whitepapers in the links above? It's going to cause real pain if the best answer turns out to be "go browse through Microsoft Downloads for Exchange 2007 downloads" because they, in turn, don't give me an option to control the paging size and minimize page reloads. Some of us out here aren't afraid of scrolling.

If anyone from the Exchange team (or TechNet) is reading, please find some reasonable way to give us centralized, direct links to all of guides and papers.

On the other hand, one thing that I would really like to praise TechNet for: shorter URLs for the articles! This is a huge deal for those of us who write about Exchange, whether in blogs, whitepapers, books, or other formats. Thanks!

 

posted @ Thursday, February 08, 2007 3:47 PM | Feedback (0)
Catch the Daylight Savings Time Webcast again for the very first time!

Last Friday (Feb 02 2007) Microsoft help a scheduled webcast that talked about the impending DST changes and how they affect appointments and calendars in Outlook and Exchange. Unfortunately, the demand for this webcast far exceeded the capacity and it was quickly full. If you, like me, weren't able to get into the webcast, you can now view it online.

They've thoughtfully provided both streaming and offline options -- I'm downloading the presentation right now, and it's not that large (3.42MB). You can also get audio-only streams in both .WMA and .MP3 formats, and the PowerPoint presentation deck as well.

posted @ Thursday, February 08, 2007 3:12 PM | Feedback (0)
Data Protection Manager version 2: a whole lot more compelling

When I last visited the topic of Microsoft's Data Protection Manager, it was during the beta period for version 1. Although I really liked the concept DPMv1 wasn't really a useful product, especially for me. File server protection is important for some people, but not so much for my work, and the complete lack of built-in integration with tape management meant that I was just delaying the tape problem, not removing it.

Well, now DPM v2 beta 1 is out -- and wow, has this product suddenly become a LOT more compelling:

  • Support for protecting and restoring Exchange 2003 and Exchange 2007 storage groups. Since only the modified ESE database pages are synchronized, you no longer need a backup window on your production mail servers. Exchange admins can pull recovered storage group, database, or mailbox data back into their organization.
  • Support for protecting and restoring SQL Server 2000 and SQL Server 2005. Again, since only the modified database pages are synchronized, DBAs stop having to worry about backup and restore. And they can recover database snapshots alongside the live database, as DPM gives the option of recovery with a rename -- all in one simple step!
  • Support for protecting and restoring SharePoint Server 2.0 and 3.0. I'm not exactly sure how this works yet, but I'll be finding out.
  • Support for protecting clustered SQL Server and Exchange configurations.
  • Support for long-term tape protection within DPM. DPM now natively handles tape operations as part of a comprehensive storage policy for your protected data, meaning that it will automatically take replicas and snapshots from short-term disk storage and move them to tape when specified. When you recover protected data, you can usually recover it directly to tape if you desire.

The Exchange integration particularly intrigues me. I've got several questions on how it integrates with Exchange 2007, particularly with CCR and LCR; what are the advantages of using DPM + CCR/LCR instead of one or the other? And how does DPM integrate with the Recovery Storage Group? Are there any other goodies or gotchas lurking? As I find out, I'll let you know.

posted @ Wednesday, February 07, 2007 2:53 PM | Feedback (1)
Exchange 2007 .documentation

The first four Word-format Exchange 2007 guides are now available from Microsoft Downloads. Don't bother looking at the Exchange 2007 site for them yet; they're not linked there (but I'm sure the website will be updated within the next few days). These guides are aimed at helping you deploy Exchange 2007 into organizations of varying size:

I've not had a chance to look these over yet -- I'm busy with another project -- but I really like the fact that they're starting to give focused guidance depending on the size/type of organization you're intending to deploy. There's a lot of FUD floating around out there that Exchange 2007 is no longer aimed at the SMB market, a lot of it predicated on the licensing changes, renewed emphasis on Hosted Exchange services, and the continuing angst over the 64-bit hardware issue. This kind of guidance, easily packaged for printing out, might help combat that FUD.

posted @ Tuesday, February 06, 2007 8:27 PM | Feedback (2)
News

Devin has moved on
to new adventures.
This blog is preserved
for historical purposes.

Please follow his
personal blog at:
Devin on Earth

Virtual Devin
Article Categories
Archives
Post Categories
Data Protection
DCAR
Exchange
Other
Security
Unified Communications
Windows