When writing code, any code, you have always have to wary of the enemy. Sometimes the enemy is bugs in your code. And we all know what havoc that can cause, but they are usually benign. Usually.

When the code in question is running a website, your enemy is the legions of crackers (they are commonly misidentified as hackers) that are trying to deface popular sites, or high ranking business sites. Over the past few weeks, Russian crackers have been trying to deface the site of my best client. At least they appear to be Russian. They have attacked literally every single piece of code that accepts variables. Every one of them. So far, we are winning. Even to the tune that their last attempt happened a week ago.

I have no false feelings of joy and success that we won this round. They will be back. Back with better tactics, new exploits to search for, new ways of bringing pain. For the wild legions of crackers have moved on to easier prey. The last few years have told me only one thing is certain. That they will be back sooner, rather than later.

Like any General watching his attackers retreat in defeat, my feelings are how can we improve our defenses for the next attack. An attack that will be stronger, faster, more cunning, aiming to not be noticed as soon, how to beat us. While we plan for the next encounter, I am setting my alarms to be notified earlier. They had hammered us with 1 million unsuccessful attempts before it hit our radar. That is 20 times too much for failed attempts. Too low and we get false positives, but 1 million makes me nervous. We will react faster next time. And we are reviewing 100% of the code base to hopefully ensure we have all the gates shut.

I ordered Mobylo!’s Empower HTML Mail Viewer (not deserving of a link thus far) after reading some good comments of it. So after reviewing their site, I ordered it. Well my order is on hold for who knows how long. The site said 15 minutes, but now, hours later, still no Empower. I also ordered Sun Tzu - The Art of War as well. Wonder what he would say about this situation.

More to follow!

One of our companies has a hugely distributed staff. One of their biggest problems has been collaborating with each other to get things done. Email had been the biggest workhorse in the battle, but that adds a ton of complexity to the situation. There were so many multiple versions of documents it took a lot of time to sort out the changes. Read the complete article »

I’ve been so busy playing around with some new toys, ah, I mean learning my new business devices; I’ve been slacking on the blog lately.

I know some people love blogging, even doing it from mass transit systems. Dude on the bus to Gwinnett the other day was blogging about his day while I was playing with C#.

I love playing with C# and other languages more than blogging, I must be strange! Not really, I am in the minority though. I’ve read often that most people either love or hate blogging. I’m sort of in the middle. Neither loving it nor hating it, but I consider it somewhat of a tool. Not something to die for! J

What I’m reading: Some government messaging stuff…BORING!

I just upgraded my BlackBerry to an 8800. This thing is Awesome, notice the capital A! It has the “pearl” (bka a trackball) and I was a little nervous about getting it. That pearl caught my eye immediately as I’ve never been much of a fan of the side wheel. Not only because of the pearl, but also because it was AT&T. I’d had bad experiences with them in the past and I was reluctant on returning. The allure of a new device is intoxicating! The 8700 had served me well so I took a leap of faith and upgraded. Read the complete article »

I was outfitting some new systems at a client lately when I saw something odd. The secretary was busy filling out a directory for the boss. A directory created in Word. When I asked why it was done this way, I received that age old “it’s always…..”.

When I asked were these folks in the Global Address List (GAL) the answer was of course. Then I asked why retype all that info in another directory? They are already in one. Blank stares greeted me all around. I knew I had risen above the UCL and into outer space for them. Read the complete article »

I had an interesting conversation with a fellow commuter yesterday. They were discussing how to integrate applications with Active Directory and how “hard” it was finding null values. I thought that was interesting so I piped in that the value isn’t really null, the attribute just doesn’t exist. The looks I got back told me volumes about what these guys didn’t know, and how they felt about what I thought I knew.

After the end of the ride, I still hadn’t convinced them that I was right. That Active Directory isn’t like a database where both the rows and columns have data or they don’t. If an object doesn’t have a value for the attribute, it just doesn’t exist. The number of times I’ve had this discussion over the years has decreased, but still some folks working with AD are unaware of it. Read the complete article »

I’ve resisted the plunge to Office 2007 for months now. I couldn’t see the need of the thing when Office 2003 was still kicking butt for me. I use Project, Outlook, Visio, and Excel daily and Word at least half the week. I also am a fan of open source. Therefore, I’ve been using OpenOffice more and more. I like it and it’s getting better all the time. Plus, it runs on Linux, which I use about half the time whereas Office is stuck on Windows and Macs.

So, you can see that resistant is perhaps too light a word for my case. As I was flipping through the TechNet disk library, it hit me that I need to at least test drive the thing. This gave me the opportunity to do a dual test drive, Office 2007 running on XP running on Virtual PC 2007 (VPC). Read the complete article »

I’ve commented in the past about my suspicions about eBay buying up payment operator PayPal. I was wary about PayPal in the past but now using them to buy at eBay seemed like it would be a monumental bad move. My suspicions have been proved correct.

Where once you felt protected by the double edged sword, that thing has been dulled into a single edge one, and coverage is spotty at best. At worst, you are left to swing your own sword through the mists of the Internet to get at the scum that is trying to swindle you.

Here is a case to prove the point. I was out researching and came across an article here. Travis is really peeved at PayPal when he should be peeved at eBay as well. As eBay is the parent and the auction was ran on their site, I believe that they owe Travis a full refund if he has proof of all the mess.

Read the complete article »

I’ve been AFK (away from keyboard) from the blog for a few months now. I’ve been the senior Exchange engineer on a massive migration project and it is in the clean up phase. I love the work, but I’m ready to spend more time with the family, more time at the lake, and more time enjoying nature! I also will have more time to blog about the things in IT and the world that I like to keep track of!

A caught a colleague doing the unthinkable the other day, moving mailboxes by searching for them with DSA (better known as Active Directory Users and Computers.) I was flabbergasted. Hundreds of boxes needed moving and this is not the way to do it. As I introduced them to some of the finer points of ESM (Exchange System Manager) and its ability to move tons of boxes very rapidly, their eyes widen with glee. On the trek home, I wondered how many other Exchange administrators are completely unaware of this feature. Its also available with DSA, you just have to selected multiple accounts there too.

One of the greatest features is the scheduler. This feature allows you to schedule the movement task anytime. I prefer at night after replication and backups have finished. You can make as many schedules as you like. The only caveat is that the move wizard dialog box must stay open or the task will not complete.

My preference to move all the mailboxes off a server is to have one task per mailstore. Each task is multi-threaded and processes 4 boxes at a time. With reasonable size mailboxes, it can be finished quite rapidly.

My only grip with the mailbox move process in general is that although it may report a move is complete for a particular box, sometimes it really isn’t. This MAPI move process is supposed to be complete when the move is and the flags removed (to prevent new mail, and users doing anything) so that it can be accessed. In reality, I’ve seen it take as long 6 hours after the completion dialog before it really is. It still beats anything that you can do manually hands down!

For more information on the move process, check out this entry at the Exchange team blog on the very subject.