https://www.microsoft.com/licensing/servicecenter/Registration.aspx

So I'm closing out the year still without access to the MVLS web site and I know from others posting that they are in the same condition.

Granted OEM software distribution sucks (like we've had two Windows 7 consumerish newly purchased computers arrive and neither one had true media and you had to burn in your own), but you do have the software somewhere. 

What this has done for me is question deeply if I want to buy Open Value licenses in the future.  The value of Open Value to many is the upgrade, not the benefits of the platform itself. 

It's getting harder and harder to justify open value based on the time wasted to try and get access and the real (and not perceived) benefits.

So for all those of you that are still banging your head, keep the faith.

Or try to at least.

This 4 page overview provides an easy-to-understand overview of this increasingly popular computing trend.

Kim Komando - Computing in the cloud
http://www.komando.com/tips/index.aspx?id=7907

QUOTE: There is an acronym--SaaS, or software as a service.  Cloud, as used by geeks, refers to the Internet. So, people computing in the cloud are running software on somebody else's computers. They access those computers via the Internet. The computers could be next door or overseas. When they do that, they don't have to install the software. They don't have to update it. They don't have to upgrade whenever a new version appears. They don't need more powerful computers to run new versions.

Websense Security Labs™ ThreatSeeker™ Network has detected that the Fox Sports site has been compromised and injected with malicious code. Fox Sports is a division of the Fox Broadcasting Company. It specializes in the latest sports news and world sports updates. Fox Sports has an Alexa ranking of 330.

Alert Details

I'm continuing the series of blog posts on my Nucleo control suite available at http://www.codeplex.com/nucleo.  This post is on the way that tags can be rendered.  ASP.NET MVC has a TagBuilder class for creating a class to generate markup and render that markup to the brower.  If you have used any of the HTML extensions for rendering controls like Html.TextBox, you have used the TagBuilder class.  Noting that the TagBuilder class was built for MVC and is not available in 2.0 web sites or 3.5 web sites that don't reference the System.web.MVC dll, I created my own tag-building system, which comprises of a TagElement class, and a TagElementBuilder class that creates these custom tag controls.  I like using the tag approach over using the previous approach of writing HTML markup using the HtmlTextWriter.  For instance, compare this:

TagElement tag = TagElementBuilder.Create("INPUT");
CommonTagSettings.SetIdentifiers(tag, this.Component, this.Component.ClientID);

tag.Attributes
 .AppendAttribute("type", "text")
 .AppendAttribute("value", this.Component.Text ?? "")
 .AppendAttribute("class", "DropDownInput")
 .AppendAttribute("disabled", this.Component.Enabled ? "" : "disabled"); 

//To render this tag, use tag.ToHtmlString();

 To the alternative approach:

writer.AddAttribute(HtmlTextWriterAttribute.Id, this.Component.ClientID); //using attributes
writer.AddAttribute("name", this.Component.ClientID); //or using string names
writer.AddAttribute("type", "text");
writer.AddAttribute("value", this.Component.Text ?? "");
writer.AddAttribute("class", "DropDownInput");
writer.AddAttribute("disabled", this.Component.Enabled ? "" : "disabled");
writer.RenderBeginTag("input");
writer.RenderEndTag(); //input

Notice while the two are very similar, the first approach is a little more readable, and the fluent API helps aid the bulk adding of attributes.  While the syntax is a little verbose, I am working on an add-on to making this process a little easier (I'm still considering options).  I could have made this even easier by doing the following:

TagElement tag = TagElementBuilder.Create("INPUT", new { type = "text", value = this.Component.Text ?? "", @class = "DropDownInput", disabled = "disabled" });
CommonTagSettings.SetIdentifiers(tag, this.Component, this.Component.ClientID);

This is a feature that you saw added to the ASP.NET MVC framework, the ability to read anonymous types and use their values for the underlying control.  Now, through this system, it is available in 2.0 - 4.0 web forms as well.  Other properties are available; for instance, TagElement also has a Styles collection that uses the same attribute approach as you see above to create a string of styles for a control.  Styles can be added and the final result is rendered as the styles="" attribute for the HTML tag.

Once you have set all of your attributes, the ToHtmlString() creates a string statement for your HTML tag.  Our above tag would render the following.

<input type="text" value="Some Text" class="DropDownInput" disabled="" ..></input>

This can then be written out in the Render method using the HtmlTextWriter if you like, or you can use Nucleo's rendering approach; there are a couple of different rendering options that I'll post about soon, if you would like to use Nucleo to create custom AJAX controls or extenders.

There are other features that I am still perfecting, like the ability to create a TagElementGroup and supply bulk settings at once.  This makes it easier to create and work with a bulk range of objects.  It's not finished, but I do have some of it's features implemented.  There are two ways to create a group, supply the names of the tags, or to supply the name of a single tag, the number of items to create, and common attributes shared across all.

var tagList = TagElementBuilder.CreateGroup(new string[] { "A", "STRONG", "SPAN", "DIV" });
var tagList = TagElementBuilder.CreateGroup("A", 5,
 new { Href = "http://www.yahoo.com", Target = "_blank" });

In this way, it makes working with a lot of elements easier.   I'm trying to create a way to apply additional attributes in a bulk way, considering ways to apply settings to alternating elements and such.

Event Details:
http://www.calcpa.org/Public/Catalog/CourseDetails.aspx?courseID=098092127A

REGISTRATION STATUS: OPEN

This FREE for CalCPA members webcast is being sponsored by the CalCPA State Technology Committee

As data systems become more complex, they become more valuable. CPAs, in particular, need to stay ahead of the curve if they want to keep their clients' data safe. This two part webcast is designed to provide you with the tools you need.

Part 1: Why keeping your clients' data private and secure matters 12:00 - 1:00 pm

Join Susan Bradley, CPA, GSEC, CITP, CFF and Dana Epp, Microsoft Enterprise Security MVP and CEO of ScorpionSoft as they traverse the legal and regulatory minefield of privacy regulations, laws, and "best practices". We'll cover what specific laws and regulation currently impact the handling of client data as well as warn you about the impact of upcoming laws and regulations. We'll provide you with guidance to identify and track personal identity information in your office and provide you with the guidance to set up your own security policy to protect that data.

Part 2: Implementing privacy and security of your clients' data 1:00 - 2:00 p.m.

Susan and Dana will guide you through the specific solutions to deploy to protect data at rest and in transit in your organization. We'll discuss software, hardware and the reasons to choose a solution and how to implement it within your organization.

I have had at least six comments to blog postings stating

“msmvps.com rocks! I found a lot of new information on msmvps.com and I liked it a lot. Good job! I will be back.” x 2,

“Good Afternoon!!! msmvps.com is one of the most excellent resourceful websites of its kind. I take advantage of reading it every day. All the best.”

“Good Morning!!! msmvps.com is one of the most outstanding resourceful websites of its kind. I enjoy reading it every day. All the best.”

“Good Afternoon!!! msmvps.com is one of the best informational websites of its kind. I enjoy reading it every day. Keep it that way.”

“Hi!!! msmvps.com is one of the best innovative websites of its kind. I take advantage of reading it every day. All the best.”

Sounds real nice don’t they.  Makes a person feel real good about their blog postings.    Hmmm, those are rather generic comments aren’t they.   What’s in the Website field?  Ahhh, www.paydaytown.com.   Which in turn leads to Focus Financial Corporation.

Therefore I repeat my subject.  paydaytown.com and Focus Financial Corporation of Vancouver are scum

Edit

(Added “of Vancouver” to title and to above)

I apologize to Focus Financial Corporation of Virginia.  I should’ve done a quick search to see if Focus Financial Corporation was a duplicate name.  I will also add that as of this edit they have not contacted me to complain.  <smile>

A distributed denial-of-service (DDoS) attack on a major DNS service provider caused a brief hiccup in online shopping last week at some of the Web's biggest online destinations.

UltraDNS, which counts such giants as Amazon and Wal-Mart among its customers, was DDoS'd after business hours on Dec. 23, according to Amazon Web Services and other reports from victims and news outlets.

Story continues at darkreading.com

Hace dos años ya, estuve explorando Microsoft Robotics, y su librería CCR (Concurrency and Coordination). Esta tiene la implementación una port: podemos enviar un objeto por el port, y recibirlo y procesarlo en otra pieza de código, que puede ejecutarse en otro hilo de ejecución. También tiene la capacidad de ejecutar ambas partes en diferentes máquinas, una forma de conectar aplicaciones distribuidas. Yo escribí sobre el tema en:

Distributed Agents using DSS/VPL
Agentes Distribuidos usando DSS/VPL
Agentes Distribuidos y Fractales usando DSS/VPL
Genetic Algorithms with AjAgents and Concurrency and Coordination Runtime (CCR)
Algoritmos Genéticos con AjAgents y Concurrency and Coordination Runtime (CCR)
CCR posts (English)
Posts sobre CCR en español

Todo esto, me llevó a encontrarme con el concepto de canal: Channel programming (Wikipedia) y este año, leí sobre el nuevo lenguaje de Google, el lenguaje Go: http://golang.org. Pueden leer sobre Go y sus capacidades de manejo de concurrencia (go routines, channels) en: http://golang.org/doc/go_tutorial.html#tmp_346

También comencé a leer sobre proyecto Axum de Microsoft: http://en.wikipedia.org/wiki/Axum_%28programming_language%29

Con toda esta base, el último sábado agregué soporte de canales y goroutines en mi intérprete AjSharp (otros posts AjSharp interpreter). Pueden bajar y ver la versión actual desde http://code.google.com/p/ajcodekatas en trunk/AjLanguage

Primero, agregué un tipo nativo .NET Channel (a mejorar: agregar soporte para que el canal pueda soportar varios send y receive desde más de un thread):

public class Channel
{
    private AutoResetEvent sethandle = new AutoResetEvent(false);
    private AutoResetEvent gethandle = new AutoResetEvent(false);
    private object value;
    public void Send(object value)
    {
        this.gethandle.WaitOne();
        this.value = value;
        this.sethandle.Set();
    }
    public object Receive()
    {
        this.gethandle.Set();
        this.sethandle.WaitOne();
        object result = this.value;
        return result;
    }
}

Cuando se envía un objeto a un canal, el thread que lo envía se bloquea hasta que otro thread lea el canal (pienso agregar un QueueChannel, donde se puedan enviar varios objetos, a guardar en una cola, sin para los threads; supongo que la cola tendrá un tamaño limitado, para ir auto-coordinando los productores y consumidores de objetos del canal).

Siguiendo las ideas de goroutines en el lenguaje Go, agregué un nuevo comando en AjSharp: go <command> (ok, no mucha creatividad aquí… ;-)… igual hay que aclarar que los goruotines en Go tienen muchas más características que las que implemento acá). Esta nueva palabra lanza el comando en un thread separado, que comparte las variables del original, como en este ejemplo (recordemos que AjSharp tiene acceso a los objetos y clases nativas de .NET):

handle = new System.Threading.AutoResetEvent(false);
one = 0;
go { one = 1; handle.Set(); }
handle.WaitOne();
result = one;

Todo esto se agregó a la máquina de ejecución de AjSharp (por ejemplo, Channel es un tipo ya declarado dentro de la máquina, sin necesidad de usar el namespace completo), podemos usar entonces:

channel = new Channel();
go channel.Send(10);
result = channel.Receive();

Luego de tener esto andando, modifiqué algo más. Fue simple agregar “syntax sugar” al parser de AjSharp para que

<- channel

sea igual a

channel.Receive()

y que

channel <- value;

sea una forma de escribir:

channel.Send(value);

Entonces, el ejemplo anterior se puede escribir como:

channel = new Channel();
go channel <- 10;
result = <- channel;

En otro post, describiré algunos usos de estas características, con algún detalle de implementación. Ver el código actual en:

http://code.google.com/p/ajcodekatas/source/browse/#svn/trunk/AjLanguage
Nos leemos!

Angel “Java” Lopez
http://www.ajlopez.com
http://twitter.com/ajlopez

All of the following domains list XINNET as the Registrar:

worldofwaracrft.com (created 15 November 2009)
IP: 98.126.210.19 - Krypt Technologies

worldofwaruraft.com (created 24 December 2009)
IP: 174.139.248.82 - Krypt Technologies
Sharing IP with worldofwancraft.com (created 17 December 2009)

worldofwrracraft.com (created 27 December 2009)
IP: 98.126.122.67 - Krypt Technologies

worldofwarcraft-account-instructions.com (created 27 December 2009)
IP: 74.63.200.104 - Limestone Networks

worldofwurcraft.com (created 24 December 2009)
IP: 174.139.248.82 - Krypt Technologies

worldofwarcraft-account-management.com (created 21 December 2009)
IP: 205.209.136.189 - Managed Solutions Group Inc

worldofwarcracrft.com (created 15 November 2009)
IP: 98.126.210.19 - Krypt Technologies

worldofwarcraft-wowaccountadmin.com (created 19 December 2009)
IP: 205.209.161.30 - Managed Solutions Group Inc

worldofwarcraft-account-notification.com (created 24 December 2009)
IP: 205.209.161.30 - Managed Solutions Group Inc

Go to https://twitter.com/signup, right click the page, and then select “View Page Source” (FF/Google Chrome) or “View Source” (IE).  There, in all its glory, you will find Twitter’s list of forbidden passwords (all credit to Sophos who pointed out that the list was available for all to see).

For what its worth, I have long since stopped advising that people use “strong passwords”.  Rather, I encourage the use of “pass phrases”.  Unfortunately, pass phrases don’t work with web sites that limit the number of characters that you can use, or do not allow non standard characters such as spaces (sadly, there are still too many web sites that do that) but for the rest, pass phrases such as “I may move slow but I look good!” are very easy to remember, and extremely difficult to crack.

BTW, the password “password1234” is accepted by Twitter (and is assessed by the Twitter sign-up page as “strong”), as is “1password” and “!@#$%^&*()” and “twitter123” (assessed as “good”)… I’m not sure what security Twitter thinks they are achieving…

If you've built your own custom MS ASP.NET AJAX controls or extenders, you are familiar with the description process, where a control specifies the values that it wants to send at the creation of the client-side AJAX component (consider these values as default values).  ASP.NET AJAX gives you the ability to specify what you would like to pass to the client, and makes available a serializing component (JavaScriptSerializer) to perform a serialization/deserialization process to/from object and string.  As an object gets converted to a string, it's then passed to the client- component's client-side property, and from there you have a responsibility to take a serialized serialized and convert it to a deserialized object (JS's equivalency to your server-side component).

In reality, you do not need to use the JavaScriptSerializer class.  For instance, you can pass this to the client-side component:

descriptor.AddProperty("a", "{ id: '1', name: '2', dothis: function() { return 'this'; } }");

This is essentially what gets passed to the client when using the JavaScriptSerializer, except for we have the added capability of adding in methods to pass to the client.

get_a: function() { },

set_a: function(val) {
    var o = Sys.Serialization.JavaScriptSerializer.deserialize(val);
    alert(o.dothis());
}

Wayne Small, the owner of sbsfaq.com called me today and asked me to look into a malvertizing incident that he experienced while at tweetmeme.com.  You can see his report here.

I have not been able to reproduce the behavior that Wayne saw thus far, but do note that tweetmeme seems to be using openx. 

There is a vulnerability in older versions of openx that may allow a remote attacker to gain administrator access to the adserver. It is strongly recommended that all users upgrade their systems to 2.8.3 which, apparently, fixes the problem. The download is available at http://www.openx.org/ad-server/download.  Information about the openx hack can be found here. 

A news report about an openx hack incident can be found here.

I cannot say that an openx vulnerability is definitely the cause of the problem that Wayne saw at tweetmeme, but it seems to be a likely candidate.  The only ads that I am seeing at tweetmeme at this point in time are Google/Doubleclick advertisements.  Google/Doubleclick are, more often than not, clean (although they have had problems in the past).  I am not seeing any evidence of content being hosted on suspicious domains.

I've done this twice now and it annoys me every time I do it.

I set up a server in a SBS 2008 domain.  I join it to the domain.  It initially goes into the SBScomputers OU that has a prebuilt group policy to allow for remote desktop and firewall exclusions for remote desktop.  I change the server from the SBSComputers OU to the SBSServers OU and if I don't remember to then manually go back in to the system/remote tab and edit the ability to remote into the server I've locked myself out.

So I built a group policy rule so I won't do that anymore.

First build a WMI filter:

Launch the group policy management console.  Go in the WMI Filter section, right mouse click and click new.  Title up the policy, put in a description, click add.

Leave the root\CIMv2 namespace as is and in the Query section copy and paste in:

Select * from WIN32_OperatingSystem where ProductType=3

You will note that in the Windows SBS Client the query value is like this:

select * from Win32_OperatingSystem Where ProductType!=2

The "!" stands for "does not equal" so that one reads "filter on everything BUT the Domain controller.  The one I'm building is specifically targeting Server OS's.

http://www.eventlogblog.com/blog/2009/10/useful-wmi-queries-to-filter-g.html

Workstation
Select * from WIN32_OperatingSystem where ProductType=1
Domain Controller
Select * from WIN32_OperatingSystem where ProductType=2
Server
Select * from WIN32_OperatingSystem where ProductType=3

Now we go into the SBSServer OU, right mouse click and click on "Create a GPO in this domain and Link it here"

 Call the group policy something descriptive.  Now go down to Computer Configuration, then to Policies, then to Administrative templates, then to Windows components, then to Terminal Services, then to Terminal Server, then to Connections,  and ensure that "Allow users to connect remotely using Terminal Services" is enabled. 

Next go to  Computer Configuration, then to Policies, then to Windows Settings, then to Security settings then to Windows Firewall with Advanced Network Security and go to inbound rules.

Right mouse click and click on "New Rules".  Choose predefined rules and choose Remote Desktop (TCP-IN), then Distributed Transaction Coordinator, then Windows Management Instrumentation.  You can thin these down if you like, but for me those three core ones allow me to manage the box remotely better.

So the resulting firewall will look like this:

So there you go, a specific group polcy for member servers.

Word of advice when setting up servers that later will be installed in an office or remote location.  Stick logmein free on there until you get the server stable and policies working just so.  You can accidentally log yourself out of RDP, but chances are the logmein beacon will still work just fine so you can figure out what you did and undo it.

Just a reminder when setting up a new server don't forget to flip the box.  When you go to scan for updates click on that little "Find out more" and flip it over to Microsoft update.  This ensures that you will get updates for all of the products on the box not just the operating system.