MSMVPS.COM

Seminario Internacional de Inteligencia Artificial

ffagas — Thu, 15 May 2008 20:39:02 GMT

Microsoft Netherlands Community DevCast

Maurice — Thu, 15 May 2008 20:05:48 GMT

The Dutch Microsoft office has posted the first of the Community DevCast we recorded. The host is Alex Thissen who actually does most of the work as he also edits the screencasts so don't forget to thank him next week when you run into him at the Dutch DevDays.

I am happy to say that amongst the first 6 screencasts released are no less that 4 I did with Alex about Workflow Foundation. And there are more to come so stay tuned.

The other two are about C# and done by Dennis Vroegop again with Alex as the host.

You can find the Community DevCast here. Keep in mind they are for a Dutch audience so they where recorded in Dutch!

Enjoy!

www.TheProblemSolver.nl
http://wiki.WindowsWorkflowFoundation.eu

IDT and Vista

bradley — Thu, 15 May 2008 19:22:00 GMT

http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=3319795&SiteID=17

Last week we updated KB948343 to reflect some changes we’ve made to the IDT/SigmaTel filters that block Windows Vista SP1 from being available to folks running some versions of IDT/SigmaTel drivers we’ve flagged as problematic:

IDT/SigmaTel

· For x86-based computers: Sthda.cat - published 12/17/07 or earlier

· For x64-based computers: Sthda64.cat - published 12/17/07 or earlier

IDT/SigmaTel

· For x86-based computers: Stwrt.cat - published 12/17/07 or earlier

· For x64-based computers: Stwrt64.cat - published 12/17/07 or earlier

Exceptions for IDT/SigmaTel drivers were made on certain models of Dell, HP, and Sony computers because these drivers were updated to address this issue before the 12/17/07 publish date.

If the Sthda*.cat or Stwrt*.cat files exist on your PC AND have a modified date of 12/17/07 – the Windows Vista SP1 block filter is not applied and Windows Vista SP1 should be offered to you via Windows Update.

If no *.cat files exist we look at specific versions (mainly on OEM PCs such as Dell, HP, and Sony) that have the fix that was made prior to 12/17/07. If the driver does not have that fix, Windows Update will not offer Windows Vista SP1 to you.

At the end of this week, Windows Update will begin providing updated drivers for some OEM PCs running IDT/SigmaTel drivers. Those who receive these updated drivers will no longer be blocked by Windows Update from seeing and installing Windows Vista SP1.

Those who do not receive these updated drivers on Windows Update and remain blocked from installing Windows Vista SP1 need not to worry – we continue to work with OEMs in providing updated IDT/SigmaTel drivers to Windows Update.

Please reply to this post if you have any questions.

Sincerely,

-Tony Mann

Project Closure -- Ten Things that should be done

harry — Thu, 15 May 2008 18:44:00 GMT

This is EXCELLENT advice, as this process is often neglicated due to the need to start the next project right away.

Article: 10 things you should do near the end of a project
http://blogs.techrepublic.com.com/10things/?p=351

QUOTE: In either case, you probably go through the typical inception, elaboration, and construction phases of a project. But when it comes to the end of a project, many project managers come up just short of the finish line. Failure to handle the final steps can add confusion to an initiative and may lead to customer dissatisfaction, unhappy staff, and a project dragging on longer than necessary.

#1: Finalize testing
#2: Finalize training
#3: Validate deliverables
#4: Get project signoff
#5: Release the team
#6: Analyze actual vs. planned
#7: Archive documentation
#8: Ensure contract closure
#9: Conduct a postmortem meeting
#10: Perform a self assessment

VB o el otro lenguaje... :-)

oscar — Thu, 15 May 2008 18:36:06 GMT

Jeje. Disculpen, pero mi cerebro no procesa bien las cosas que llevan ";".

En una de esos finales de días agitados, navegando por quien sabe que página me tope con el blog del gran Jorge Serrano. Para quien no conoce a Jorge, les comento que fue el creador de PortalVB (al menos eso creo yo :-p). Un portal dedicado a VB tan bueno como el del mítico Guille.

Pués bien, allí en su blog de Geeks.ms encontre muchos artículos interesantes pero hubo uno que me llamo poderosamente la atención. Su título: C# o VB, VB o C#,... la envidia me corroe.

Ja. Que puede opinar un "visualbasiquero nato" que no sea que VB es mejor que el otro lenguaje... sorpresa, no defendio a ultranza a VB. Más bien analiza imparcialmente aspectos que muchos radicales dejan de ver.

A continuación, el post de Jorge. Repito es un post de Jorge Serrano, si quieren leerlo directamente desde su blog, hagan clic aqui, si no... leanlo a continuación.

Sus comentarios son bienvenidos:

"Durante el pasado MVP Summit 2008 ha salido a colación una vez más en algunos círculos de debate en pasillos o en salas de reunión una discusión que se está convirtiendo en un clásico... ¿C# o VB?, ¿VB o C#?.

A veces la gente que usa esta tecnología tiende a discutir en exceso qué lenguaje de programación es mejor dentro de .NET.

En otras ocasiones se habla de si un lenguaje de programación tiene ciertas características o funcionalidades que no tiene el otro o si hay más usuarios en el mundo que utilicen un lenguaje de programación u otro.

Las discuciones llegan hasta el extremo de mirar con lupa que lenguaje tiene más ejemplos de código fuente para .NET en la red, o que los ejemplos que aparecen salen antes en un lenguaje que en otro, ¿C# o VB?.

Vamos... aspectos que en mi opinión no llevan a ninguna parte.

Pero las discusiones son mucho más ácidas cuando se trata el tema de las características que cubren cada lenguaje... ¿qué lenguaje de programación tiene más características novedosas que el otro no tiene o cual implementa antes las novedades que el otro?.

Todo esto se resume muy bien con una palabra,... la envidia. Las personas afines a un lenguaje sacan pecho delante de las otras e incluso a veces llegan a pavonearse un poco. En fin... que no lo entiendo.

Los equipos de VB y de C# de Microsoft comentan que entre ellos existen sinergias, comunicación fluida y para nada como intentan hacer ver algunas personas una guerra interna de ver quien saca más características al lenguaje antes que el otro. Los programadores somos por lo tanto según los equipos de trabajo de VB y C#, los que vemos fantasmas donde no los hay o los que nos empeñamos en que existan.

Durante este pasado MVP Summit 2008 tuve la oportunidad de conversar durante unos minutos en el autobus que me llevaba al hotel con uno de los responsables de Microsoft de la ayuda del IDE de Visual Studio. Sí sí, jefes o responsables de Microsoft que no tenían problemas en meterse en un autobús repleto de fogosos MVPs y entablar conversaciones sinceras muy enriquecedoras (esto me recuerda a la otra entrada que he agregado en mi blog).

Me resultaron muy curiosas las preguntas que me hizo esta persona acerca de mi opinión con respecto a las diferentes tecnologías emergentes que Microsoft tiene en marcha, de los problemas económicos en el mundo actual y su relación directa con las tecnologías, así como alguna cosa más que me encantó discutir con esta persona, pero después de eso, surgieron las típicas preguntas del lenguaje motivo de esta entrada. ¿Cuál es para mí y en mi opinión el mejor lenguaje de .NET o el que yo considero idóneo para desarrollar aplicaciones Software?.

De mi cuello colgaba la acreditación del evento, estaba claro que era MVP de Visual Basic, por lo que él mismo podía pensar que la pregunta ya tenía una respuesta clara, rápida y concisa, pero aún y así me hizo la pregunta esperando creo yo una respuesta sincera por mi parte y alejada del forofismo, algo que hice y que comparto ahora con vosotros.

Honesta y humildemente creo que le sorprendió gratamente mi respuesta por las cosas que me comentó posteriormente y que lamentablemente no puedo comentar (hay aspectos del NDA que no me lo permiten, no es que quiera dar importancia alguna a esto).

Ante esa pregunta, le contesté que no entendía muy bien las discusiones de la gente acerca de la elección de un determinado lenguaje o de qué lenguaje es mejor que otro, y que desde que salió la primera versión de .NET Framework siempre he matenido una misma opinión al respecto y de la que nunca me he movido.

Para mí, un lenguaje de programación en la plataforma .NET no es otra cosa que un skin, una piel que recubre a la tecnología. Una piel que recubre a Microsoft .NET Framework, a sus productos y a los productos de terceras compañías.

A esa piel la podemos llamar C#, VB o de otra forma, pero lo realmente importante es la tecnología, es decir, Microsoft .NET Framework y lo que alrededor de ella hay.

También le comenté que dependiendo del tipo proyecto, de la gente del proyecto (de las personas y de sus conocimientos) y de muchos más factores, a veces es óptimo utilizar un lenguaje de programación en lugar de otro pese a que tengas especial simpatía por uno de ellos.

De esa forma, le comentaba que la experiencia anterior de la gente, marca para un responsable de proyecto en muchas oasiones, el uso o la toma de decisión del que podría ser el lenguaje de programación idóneo para un determinado proyecto. Por ejemplo, para un programador que ha programado siempre en Java, yo vería con mejores ojos que su tendencia inicial fuera C# en lugar de VB. Para un programador que viene de VB 6 programando sin orden ni concierto (reglas de programación, mentalidad de orientación a objetos, nomenclatura de código, etc), vería más adecuado para él el paso a C# que a VB en un primer momento. Poco después quizás podría pasarse a VB sin problemas, pero inicialmente y para obligarse a cumplir ciertas normas y formas de trabajar, C# podría ser un buen comienzo. Para un programador VB 6 que ha sido metódico en su codificación y que tiene claros aspectos relativos a la orientación a objetos, nomenclaturas, etc., su paso natural sería VB... y así podríamos enumerar una y mil situaciones diferentes pasando incluso por FoxPro del que también hablamos.

Es decir, no existe una elección clara y cristalina que indique qué lenguaje es el idóneo o el adecuado. Dependiendo de las situaciones, puede ser en unas ocasiones uno de ellos y en otras ocasiones otro diferente. Incluso podríamos llegar al extremos de hacer que un mismo proyecto pudiera combinar partes del mismo escrito en diferentes lenguajes de programación.

No obstante, esta es mi argumentación y mi explicación. Los lenguajes son pieles, skins, que recubren a Microsoft .NET Framework. Microsoft .NET Framework es el núcleo central, el core, el corazón que es lo que realmente nos interesa utilizar, y las discusiones o preferencias de un lenguaje u otro no es lo que realmente nos debe preocupar a la hora de abordar un proyecto en .NET, sino el uso correcto de la tecnología apropiada (WCF, WWF, DataSets tipados, ADO.NET Entity Framework, Oracle, SQL Server,... etc).

Sin embargo, en el MVP Summit 2008, he podido comprobar en algunos MVP afines casi radicalmente a un lenguaje, la carencia de ampliar sus miras hacia lo que es en mi opinión más práctico y más abierto para todos, comprender en el que el lenguaje es importante, sí, pero no lo más importante. No obstante, la envidia sigue comiendo a algunas personas y después de ver algunas reaciones de MVPs (pocas pero algunas) en este MVP Summit 2008, me temo que lo seguirá habiendo durante algún tiempo. Me temo que es un tema de educación y aprendizaje el hecho de que nos demos cuenta de algunos aspectos como estos."

Cambio y fuera

Oscar

Ciudad de Héroes {Maracay}

oscar — Thu, 15 May 2008 18:20:57 GMT

El proximo Juevese 22 se estara realizando en Maracay el evento Ciudad de Héres {Maracay}.

Allí se realizará en lanzamiento de Windows Server 2008, Visual Studio 2008 y SQL Server 2008.

Este evento esta organizado por MUG del Centro, IUETLV .net y UBA.NET en Conjunto con Microsoft Venezuela.

No se pierdan esta oportunidad de asistir al evento del año!!!!

Cambio y fuera

Oscar

Changing the default icon of a custom workflow activity

Maurice — Thu, 15 May 2008 18:06:52 GMT

By default every custom workflow activity shows the same icon. And using an icon that help understand what the activity actually does makes life so much easier for the user of your activity. And remember he is a developer so some day he might just return the favor

The default looks like this.

So changing the icon isn't hard there are just a few steps that might catch you if you aren't careful.

This is what my demo project looks like:

Add the new image to the project. In my case I added a folder named Images and dropped the PushpinHS.png in there. This PushpinHS.png can be found in the standard VS2008ImageLibrary.zip located in C:\Program Files\Microsoft Visual Studio 9.0\Common7\VS2008ImageLibrary\1033.
Change the build action for PushpinHS.png to Embedded Resource.
Next go to the Activity1.cs file and add the ToolboxBitmap attribute to the Activity1 class. We need to specify two parameters, the first is a type in which assembly the PushpinHS.png is located and the second is the name of the resource to use. These two are related because the resource name us relative to the namespace of the type used.

[ToolboxBitmap(typeof(Activity1), "Images.PushpinHS.png")]
public partial class Activity1: SequenceActivity
{
}

And now we have a nice new icon in the activity like this:

One problem is that the resource name is actually relative to the class specified. Using relfector makes it easy to see all the actual names, including the namespace used.

So what to do if your activity is in another namespace and a direct reference to the resource isn't possible?

The easiest way is to add another class outside of all namespaces and fully specify the resource name like this:

using System.Drawing;
using System.Workflow.Activities;

internal class ResourceLoader
{ }

namespace WorkflowConsoleApplication1.MyActivities
{
    [ToolboxBitmap(typeof(ResourceLoader), "WorkflowConsoleApplication1.Images.PushpinHS.png")]
    public partial class Activity1: SequenceActivity
    {
        public Activity1()
        {
            InitializeComponent();
        }
    }
}

Note the ResourceLoader used in the ToolboxBitmap attribute is not included in any namespace to we need to specify the full resource name "WorkflowConsoleApplication1.Images.PushpinHS.png".

Enjoy!

Who are you talking to on the Internet - Your next girlfriend, or her dog?

nuoyan — Thu, 15 May 2008 18:00:00 GMT

Social networking web sites like MySpace are more and more popular in young people’s everyday life in recent years. People have the desire to make new friends on the Internet for various reasons, such as dating, for a relationship, for friendship, or for business networking; people also like to re-connect with old friend through such web sites.

However, identity issues have never been completely solved for years. Years ago, everybody on the Internet can claim himself or herself to be anyone (without any technical restrictions). One person can steal pictures from another person’s web site and claim to be that person. Even in the present time, there’re a lot of profiles on web sites like MySpaces are fake ones. They claim (appear) to be pretty girls or handsome boys, and attract large amounts of people to add them into their friend lists.

I’ve never done any research on this, but personally I think they may have the following goals in mind when stealing those identities and making those fake profiles.

1.    Collect relatively a large number of users’ information for various illegal business purposes (i.e. but not limited to send Junk messages or any form of advertisements). They attract a lot of users in their desired genders to be in their friend lists, so that they can more or less get some personal information from them. There are, and actually quite a few young people provide real information in this kind of web sites.

2.    To get their psychological satisfactions. Some people with psychological issues have the desire to be a completely different person online and get a lot of followers. They enjoy doing so and get the satisfactions they desire to have by doing so.

3.    Just for fun. Yes. Many people make a fake profiles just for fun.

I believe there are many other reasons that I yet to know. But this is truly a problem. How can you ensure you are chatting with your potential date but not her dog on the Internet?

Some new social network systems like Facebook provide ways to verify users identity. For example, if you want to register as a college student, you may have to use your college email address; if you want to register as a company employee, you may have to use your work email address; etc. But even so, you can still find several Bill Gates, several Steve Ballmer’s and etc in the system. People can still register for a profile freely and use a fake identity.

As the result, this kind of identity issue is really a human issue, but not a technological issue. Indeed, my answer to the previous question I posed is “ to be careful.” Know your goal when you are using these web sites and don’t abuse. Try to verify whom you are really talking to before disclosing too much information. Learn to protect yourself. Young people like teenagers usually don’t protect themselves enough when trying to get to know new people. They should take more care. And parents should provide more education to their children about protecting themselves online.

In fact, even in an ideal environment that everyone uses their own identity (can be real or imaginary but need to be their own, not stolen), there are still issues. For example, boyfriend may know girlfriend’s password so when you are talking to someone online, it’s possible that you’re really talking to her boyfriend; in the same sense, wife may know husband’s password, too.

As the result, these issues are not likely to be technically solved, at least in a short time. Think about what information you want the others to know before disclosing; and think about if there’s any unexpected person who may potentially know this information as well before disclosing. Do some verification to make sure the one you’re talking to is the one you want to talk to. If you do all these carefully, I’m positive that you won’t email me and tell me that you’re in a relationship with a dog any more.

Debian and Ubuntu OpenSSL and OpenSSH Vulnerabilities

Don — Thu, 15 May 2008 17:10:00 GMT

Debian and Ubuntu have released multiple security advisories to address vulnerabilities in their OpenSSL package and other cryptographic application packages that rely on it. These vulnerabilities are due to weaknesses in the random number generator that is used to create SSL and SSH cryptographic keys. As a result of the vulnerability, the keys generated using the flawed OpenSSL package may be weak. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to conduct brute force attacks and obtain sensitive information. These vulnerabilities may affect any Debian-based systems, such as Ubuntu, and may indirectly affect other systems if these weak keys have been imported into them.

US-CERT encourages users to review the following advisories and apply any necessary workarounds or updates:

Debian Security Advisory DSA-1571-1

Debian Security Advisory DSA-1576-1

Ubuntu Security Notice USN-612-1

Ubuntu Security Notice USN-612-2

Ubuntu Security Notice USN-612-3

Ubuntu Security Notice USN-612-4

Ubuntu Security Notice USN-612-5

Ubuntu Security Notice USN-612-6

Additional information about these vulnerabilities is available in the Vulnerability Notes Database.

US-CERT will provide more information as it becomes available.

http://www.us-cert.gov/current/index.html#debian_openssl_vulnerability

Acceder a la caché de Internet Explorer (I)

lfranco — Thu, 15 May 2008 16:59:45 GMT

En algunos casos puede ser interesante acceder a la caché de navegación de Internet Explorer. Por ejemplo, para poder guardar un registro de los sitios que visitan los usuarios de nuestra organización sin tener que montar un ISA server o similar.

Para ello, y como todavía no he encontrado nada implementado en el propio Framework, vamos a hacer uso de algunos elementos del API de Windows. Ese gran amigo que todavía nos sigue sacando las castañas del fuego algunas veces... :-D

El punto de partida:

Cuando accedemos a la carpeta de archivos temporales de Internet, podemos eliminar el contenido o cambiar la ubicación de la carpeta que utilizamos para almacenar este información:

Incluso si pulsamos la opción de ver archivos, el explorador nos muestra una vista similar a esto:

Sin embargo, esta vista se genera automáticamente a partir del contenido de un fichero llamado Index.dat, que se encuentra en la carpeta "Archivos temporales de Internet\Content.IEX", siendo X la versión de IE del sistema. De modo que, para poder acceder a la información contenida en este fichero no nos queda más remedio que utilizar algunas funciones del API de Windows.

Presentando a los protagonistas:

Como os decía anteriormente, a falta de poder usar código manejado vamos a utilizar los ladrillos del propio S.O.

Esta estructura representa un elemento dentro de la caché de Internet.

[StructLayout(LayoutKind.Sequential)]

public struct INTERNET_CACHE_ENTRY_INFO

    public UInt32 dwStructSize;

    public string lpszSourceUrlName;

    public string lpszLocalFileName;

    public UInt32 CacheEntryType;

    public UInt32 dwUseCount;

    public UInt32 dwHitRate;

    public UInt32 dwSizeLow;

    public UInt32 dwSizeHigh;

    public Win32API.FILETIME LastModifiedTime;

    public Win32API.FILETIME ExpireTime;

    public Win32API.FILETIME LastAccessTime;

    public Win32API.FILETIME LastSyncTime;

    public IntPtr lpHeaderInfo;

    public UInt32 dwHeaderInfoSize;

    public string lpszFileExtension;

    public UInt32 dwExemptDelta;

};

Más información acerca de esta estructura en:

INTERNET_CACHE_ENTRY_INFO Structure

http://msdn.microsoft.com/en-us/library/aa385134(VS.85).aspx

También nos basaremos en estas dos funciones, encargadas de devolver un puntero a un elemento del tipo INTERNET_CACHE_ENTRY_INFO dentro de la caché. La primera de ellas devuelve el primer valor encontrado en la caché, a partir de un puntero a una cadena que representa el patrón a buscar. Mientras que la segunda recibe el manejador devuelto por la primera llamada a FindFirstUrlCacheEntry.

[DllImport("wininet.dll", SetLastError=true)]

private static extern IntPtr FindFirstUrlCacheEntry(

  string lpszUrlSearchPattern, IntPtr lpFirstCacheEntryInfo,

  out UInt32 lpdwFirstCacheEntryInfoBufferSize );

[DllImport("wininet.dll", SetLastError=true)]

private static extern long FindNextUrlCacheEntry(

  IntPtr hEnumHandle, IntPtr lpNextCacheEntryInfo,

  out UInt32 lpdwNextCacheEntryInfoBufferSize );

Podéis encontrar más información acerca de ellas en:

FindNextUrlCacheEntry Function
http://msdn.microsoft.com/en-us/library/aa384049(VS.85).aspx

FindFirstUrlCacheEntry Function
http://msdn.microsoft.com/en-us/library/aa384026(VS.85).aspx

Y ahora que?

Pues ahora nada, que me he quedado sin tiempo... hasta aquí este primer post. Mañana continuaremos con la construcción de un pequeño proyecto de ejemplo que utiliza estas funciones para acceder a la caché de Internet y muestre el contenido en pantalla. Y si da tiempo, sería interesante crear una aplicación o servicio que vaya monitorizando y guardando este contenido en algún medio persistente (tal vez XML o una base de datos).

Hasta mañana!

** crossposting desde el blog de Lluís Franco en geeks.ms **

Puget Sound Small Business Server User Group (PSSBS) Meeting tonight (Thursday, May 15th, 2008)

steveb — Thu, 15 May 2008 16:06:00 GMT

There have been a couple changes over at the PSSBS User Group. After four years or so of meeting in Building 43 on Microsoft's Redmond Campus, starting this evening we are now meeting at Microsoft's Lincoln Square offices in Bellevue. We'll be in 27004. We are asking that everyone meet near the elevators on the first floor of Lincoln Square (just north of Tully's in the main lobby) and we'll take people up to the room in groups. Meeting will be 6 PM - 8:30 PM. Lincoln Square is located on Bellevue Way NE between NE 6th and NE 8th Street in downtown Bellevue.

On the agenda for tonight's meeting will be a quick presentation by HyBlue's President, Matthew Sutton, on his new data security solution, IceLock, followed by a Response Point Hands On Lab. The lab is being run by PSSBS member Van AuBuchon who ran the lab for SMB Nation East earlier this year. Van is a long-time system builder and early Response Point reseller.

The other major change is the update by Culminis of our SharePoint Website. We have been upgraded from SharePoint 2.0 to SharePoint 3.0. The redirect from www.pssbs.org has been made and the new address is https://ug.culminis.com/sites/PSSBS. I am still working with Culminis in getting the home page open to anonymous users, so for now you have to authenticate to view anything. Will have that resolved soon so we can have the events calendar public facing again.

If you are in the Puget Sound area and have tonight open, head on over to Lincoln Square and join us for the PSSBS meeting! If you have any questions or need directions feel free to call me at 206-255-3214 or contact me via email at steve @ banksnw . com (you'll have to push all that together).

Steve

También se me ha quedado cara de niño :)

Eladio — Thu, 15 May 2008 16:01:14 GMT

Nada, que me he instalado el World Wide Telescope, como comenta Miguel Llopis en su post: http://geeks.ms/blogs/mllopis/archive/2008/05/13/microsoft-nos-regala-el-cielo-con-worldwide-telescope-descargadlo-ya.aspx , y la verdad es que me he quedado un poco con cara de niño (mira el video que aparece aquí: http://www.worldwidetelescope.org/experienceIt/ExperienceIt.aspx?exp=true ; en fin, seguiremos siendo niños de vez en cuando delante del portatil :) Por cierto, lo bonito que parece todo lo que se...(read more)

PC Magazine - Updated list of Free Security Software

harry — Thu, 15 May 2008 15:48:00 GMT

As noted in the article, there are both advantages and disadvantages to using free security sofware instead of a purchased security suite. Personally, I like using some of the freely available tools as they are efficient and as protective as competing products that require purchase.

Still, folks should do their homework and ensure any free products will meet their needs. They should research free product offerings to understand what they will and will not be able to do functionally with these tools.

ADVANTAGES OF FREE SECURITY PRODUCTS
-- Free product offerings are better than having no protection at all (especially for folks on a tight budget)
-- There are actually many great free firewalls, AV products, and anti-spyware tools available (some free products are often as good or better than competing paid products - but you have to do your homework)
-- Sometimes a simple "no frills" solution is all you need and it might even offer better performance than a full featured product offering lots of "whistles and bells"
-- You can try adding a new layer of protection and if you find there's not a compelling need you can uninstall it and it hasn't cost you any money (e.g., if you rarely get spyware and wanted to test out a free product offering)

DISADVANTAGES OF FREE SECURITY PRODUCTS
-- Security suites may cover more areas of exposure for improved protection (so there are no gaps)
-- Some free products may not be as comprehensive in their scope of protection when compared to paid products (e.g., AV protection may be limited to just files and may not cover exploits, rootkits, or other risks)
-- Some free security products may try to upsell folks with occasional popup messages to the more comprehensive paid versions
-- Very limited user support may be available, where full technical support may be available for
-- Most free products are only available for personal use and these must not be used on a free basis in a corporate environment

Below is an analysis of some of the most recent product offerings. Both AVG and Avast have been well rated as basic AV products. They often provide protection for leading edge threats more quickly than even some of the mainstream solutions.

PC Magazine - Updated list of Free Security Software
http://blogs.pcmag.com/securitywatch/2008/05/free_security_software.php
http://www.pcmag.com/article2/0,1759,2304349,00.asp

QUOTE: Sometimes free security is worth what you pay for it. But if you know what to look for, you can get a an excellent buy when it comes to protecting yourself—without dropping a lot of cash. You may be better off with a full-scale commercial Internet security product, but you're far better off with a free product than with no security product at all. You may be surprised at how much protection you can get at no cost. The latest versions of the popular free antivirus products from avast! and AVG both now include spyware protection as well, and they're quite effective.

SPECIFIC PRODUCTS REVIEWED INCLUDE
==================================
avast! antivirus 4.8 Home Edition
AVG Anti-Virus Free 8.0
Spybot Search & Destroy 1.5
Spyware Terminator 2.0
ThreatFire 3.5

Pic for MCP Mag Thread

Kicking and Screaming I am Bloggin — Thu, 15 May 2008 13:33:59 GMT

This pic is for a thread on MCP Magazine’s SBS Forum. You can click the pic for a larger view. Read More......(read more)

PowerToys for Windows Vista - TechNet

alvinchen — Thu, 15 May 2008 13:02:00 GMT

簡單好用的工具，

以前的"CMD Prompt here"都回來啦！

原文：
Utility Spotlight Script Elevation PowerToys for Windows Vista

或者點這裡直接下載。

Microsoft Security Bulletin Minor Revisions - May 14, 2008

Don — Thu, 15 May 2008 12:44:00 GMT

Issued: May 14, 2008

Summary

he following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS08-026 - Critical
* MS08-017 - Critical

Bulletin Information:

* MS08-026 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms08-026.mspx
- Reason for Revision: V1.1 (May 14, 2008): Updated the Deployment
    Information sections for Office 2004 for Mac and Office 2008
    for Mac to link to the Microsoft Download Center. Also added
    entry to Update FAQ to clarify why the update for Outlook
    2007 is rated Critical.
- Originally posted: May 13, 2008
- Updated: May 14, 2008
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS08-017 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms08-017.mspx
- Reason for Revision: V1.3 (May 14, 2008): Bulletin updated to add
    a link to Microsoft Knowledge Base Article 933103 under Known
    Issues in the Executive Summary.
- Originally posted: March 11, 2008
- Updated: May 14, 2008
- Bulletin Severity Rating: Critical
- Version: 1.3

Using a WCF proxy through an ISA proxy server

Maurice — Thu, 15 May 2008 11:45:00 GMT

When I tried I received the following very helpful System.ServiceModel.ProtocolException with Message="The remote server returned an unexpected response: (407) Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )."

And this in turn contained an inner exception of type System.Net.WebException and Message="The remote server returned an error: (407) Proxy Authentication Required.".

Now I cannot find any way to add the required authentication but it turns out that setting the wsHttpBinding useDefaultWebProxy to false works just fine

Enjoy!

I’m the Rosetta@home user of the day

CraigN.NET — Thu, 15 May 2008 10:44:34 GMT

I just got an email notification from the Rosetta@home project that I’ve been featured as the user of the day. Congratulations!You’ve been chosen as the Rosetta@home user of the day! Your profile will be Read More......(read more)

Utility to display logs from SystemSherlock Lite

martin — Thu, 15 May 2008 10:29:00 GMT

As mentioned in my post about SystemSherlock Lite, I really love this tool after few days... Only problem I had is that it can take some time to realize what really happened - you need to read pretty big log files and you can spend precious time reading through temporary entries or documents and settings and miss one important entry saying that applications copied something to your System32 folder.

I was playing with Sherlock yesterday and I spent lot of time parsing through log files generated by SystemSherlock. Then I spend 20 minutes writing some automated parser and I want to share with you ;)

Usage is pretty simple - just click on Open log file, select your log file and output similar to following should appear:

I dont know what else to add - this utility is pretty simple, however can save your time ;) One more notice - log parse is able to handle also mixed logs (so if you have one log where you store different entries together with log output from SystemSherlock Lite, you can use it and it will only show entries from SystemSherlock Lite.

Any comments, requests? Feel free to post comments...

SQL Server Performance issues with Fragmentation and heavy usage of TEMPDB?

SSQA.net — Thu, 15 May 2008 08:59:00 GMT

Whenever a performance issue occurs on the SQL Server database best option for diagnosing and troubleshooting common problems by using publicly available tools such as Profiler, System Monitor (Perfmon), and Dynamic Management Views (DMVs) in SQL Server Read More......(read more)

Windows Media Player DVD Sites

marc — Thu, 15 May 2008 08:48:00 GMT

New sites:

http://windowsmediaplayerdvd.blogspot.com/

http://windowsmediaplayerdvd.googlepages.com/

http://windowsmediaplayerdvd.wordpress.com/

http://www.squidoo.com/windowsmediaplayerdvd

http://hubpages.com/hub/windowsmediaplayerdvd

http://www.xanga.com/windowsmediaplayerdvd

http://journals.aol.com/windowsmediadvd/windows-media-player-dvd/

http://windowsmediaplayerdvd.spaces.live.com/

FIX: An ongoing MS DTC transaction is orphaned in SQL Server 2005

SSQA.net — Thu, 15 May 2008 08:14:00 GMT

The following pages were recently modified. Source: Knowledge Base Product: Microsoft SQL Server 2005 Enterprise X64 Edition & SQL Server 2005 Standard Edition Notification Contents: New and All Modifications FIX: An ongoing MS DTC transaction is Read More......(read more)

Fable 2 Studio Visit facts

TR1GG3RMAN — Thu, 15 May 2008 07:50:00 GMT

The following summarized answers to those community questions not included in the video interviews are based on my personal understanding of the demo and are neither direct quotations or verbatim answers provided by Lionhead Studios . Therefore, any of the following answers may be incorrect, incomplete, or both. Will weather conditions change randomly and autonomously throughout gameplay? Yes, as well as time. For example, during night time and as days pass, you will notice progression in the different...(read more)

My "customer" is showing

bradley — Thu, 15 May 2008 07:03:00 GMT

There are times that I showcase my "customer" viewpoint. We were chatting earlier about the features in the Essential Business Server and one of the folks said that some partners he had been talking to wanted to have their own firewall product rather than the forefront gateway, not because of technical merit mind you...but "due to the margins they make on the firewall they sell".

Doesn't that sound a bit odd or is it just me?

There are folks out there that present themselves as "trusted advisors" that are not going down the "Amy Babinchak's rules of firewall shopping" and instead picking the firewall soley based on the product kickback they get? That just sounds a bit odd is all. In the CPA world we have to disclose when we get commissions and what not. So it will be interesting to see how this holds out.

Isn't that edge piece the most important thing you can choose? And yet rather than evaluate and place in there the right solution or in the case of EBS the right integrated solution, they want to know what sort of margins Forefront kicks back?

Doesn't that taint your decision making process?

As a beancounter I understand that we're here to make a buck, but at least make sure that the thing you are getting the margin on has value to your customer, won't you?

Office top issues from the Partner managed newsgroups

bradley — Thu, 15 May 2008 06:46:00 GMT

The following “hot topics” were posted and resolved during the month of
April:

Office:

PRODUCT: Word 2007

Issue Description:
------------------------------
When you send emails from Word 2007, the email is sent to the Outbox.
However, the send email window stays and never closes.

Cause:
------------------------------
The addins in Outlook. "Business Contact Manager for Outlook addin" or
"ribbonCustomizer Add-in" may cause such an issue.

Resolution:
------------------------------
1. Exit Outlook.
2. Click Start > Run > type outlook /safe, click OK.
3. Send emails from Word 2007 again. It should work fine now.
4. And then restart Outlook into normal mode, click the Tools menu > Trust
Center.
5. Choose Addins > choose Com Addins, click Go.
Uncheck the addins one by one. Click OK, OK. Test the issue until the issue
is fixed.

6. Thus, you can narrow down which addin causes such an issue and then
disable it to fix the issue. If you do want to use that addin in Outlook, to
workaround the issue, manually close the email window after you sent it.

PRODUCT: Entourage/Outlook

Issue Description:
------------------------------
When you send *jpg file attachments via Entourage and receive the email with
Outlook 2003/2007, you cannot open or preview the *.jpg file on the PC.

Cause:
------------------------------
It is caused by a security update for Outlook - KB945432
When you installed the patch KB945432 on the PC with Outlook 2003, Emails
with .JPEG attachments from Entourage clients cannot be opened on machines
that are running Outlook 2003 with patch KB 945432 installed.

Resolution:
------------------------------
It is a known issue. Follow the steps below to remove the Patch KB945432 to
temp workaround it.

1. On the PC with Outlook 2003, go to Start > Control Panel > Add or Remove
Programs.
2. Check the option "show updates".
3. Select the patch KB945432. And choose Uninstall/Remove to remove it.
4. Restart the PC and check the *.jpg file attachments. What is the result?

Also, apply the hotfix 951701 will fix the issue. However, the hotfix is not
published. If this issue is urgent or your would like to obtain this hotfix
at your convenience, you may contact Microsoft Customer Service and Support
(CSS) directly to obtain the hotfix in a timely manner. For a complete list
of CSS phone numbers and information about support costs, visit the
following Microsoft Web site:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

PRODUCT: Excel 2007

Issue Description:
------------------------------
When you open Excel and then open an Excel file, the blank sheet is not
replaced by the opening file. Thus, there is an additional blank worksheet.

Cause:
------------------------------
There is an Excel file (blank worksheet) in the XLSTART folder which will be
auto loaded when Excel starts.

Resolution:
------------------------------
#1 Check the Excel Startup folder.
Please backup and then delete any files that are located in the following
Excel Startup folders. Following folders is for Excel 2003. If you are using
other version, please change the folder accordingly (Excel 2007: Office12).

-- C:\Program Files\Microsoft Office\Office11\Startup
-- C:\Program Files\Microsoft Office\Office11\Xlstart
-- %userprofile%\Application Data\Microsoft\Excel\XLSTART
-- The folder specified in the "At startup, open all files in" box (on the
General tab of the Options dialog box) in Excel program

Note: Some of the above folders may be hidden.
#2 Come into Excel safe mode to test the issue

Under Excel safe mode, it doesn't load the third party addins, Excel setting
registry keys, and the files in the startup folder.

1. Click Start->Run, type "Excel /safe" (without the quotation marks) in the
Open box.
Note: There is a space between the Excel and the /safe switch.
2. Click OK. Open an Excel file to see if there is still an additional blank
spreadsheet.

PRODUCT: Project Server 2007

Problem description
----------
One workstation cannot connect to Project Server via Project Professional
when the Project Server is protected by a certificate, receiving the
following error message:
Bad Certificate (CERT_REV_FAILED) (ID 0x800a1529)

Resolution
----------
Modify the IE certificate revocation settings:
Go to Internet Options > Advanced tab and disabled the following two
options:
- Check for publisher's certificate revocation
- Check for server certificate revocation

PRODUCT: WSS 3.0 with SP1

Problem description
----------
How to add/select users from other domains while the target domain and the
native domain only has one-way trust.

Cause
----------
We can use the peoplepicker-searchadforests command line to specify a user
account to access the target domain.

stsadm -o setproperty -url http://servername:port -pn
peoplepicker-searchadforests -pv
"domain1:contoso,username,password;domain2:nwtraders,username,password"

To shorten the delay, we can use the
Peoplepicker-activedirectorysearchtimeout command line.

To rollback to the state where peoplepicker doesn't query the target domain,
we can run the command below.

stsadm -o setproperty -url http://servername:port -pn
peoplepicker-searchadforests -pv "NULL"

Additional Reference
----------
Peoplepicker-searchadforests: Stsadm property (Office SharePoint Server)
http://technet.microsoft.com/en-us/library/cc263460.aspx

Peoplepicker-activedirectorysearchtimeout: Stsadm property (Office
SharePoint Server)
http://technet.microsoft.com/en-us/library/cc263496.aspx

Multi Forest/Cross Forest People Picker peoplepicker-searchadcustomquery
http://blogs.msdn.com/joelo/archive/2007/01/18/multi-forest-cross-forest-people-picker-peoplepicker-searchadcustomquery.aspx

PRODUCT: WSS 3.0

Problem description
----------
When you access the WSS 3.0 site from the extranet, you cannot check out
documents in the document library. The error is: "Object reference not set
to an instance of an object".

Cause
----------
By a test, we found that the documents can be checked out in the document
library without issues when accessing the WSS 3.0 site using the internal
URL.

So this issue is most likely caused by the Alternate Access Mappings
settings for the web application.

Resolution
----------
Set the AAM settings as below:

Internal URL: https://portal.xxxxx.co.uk

Extranet Zone;

Public URL for Zone: https://portal.xxxxx.co.uk

PRODUCT: MOSS

Issue Description:
------------------------------
Enabling the Client Integration for this web application resolved this
issue.

PRODUCT: MOSS 2007

Issue Description:
------------------------------
When accessing the page which contains a XMLFORMVIEW webpart that is used to
show InfoPath forms from the extranet, the page cannot be displayed
properly. It works fine when browsing from the intranet.

Cause:
-----------------------------
This is very likely that the URL returned to the user from MOSS 2007 is not
accessible on the extranet. This issue usually occurs if there is a reverse
proxy server standing in the middle and forwards the web requests to an
internal address.

Resolution:
-----------------------------
You set the forward address as the Internal URL in the Alternate access
mapping settings and set the external URL as the Public URL for zone. The
issue then is resolved.

PRODUCT: Project 2007

Issue Description:
------------------------------
One PM receives "ProjectOptCurrencyDigitsInvalid" when trying to create a
new proposal.

Cause:
--------------------------------
The "No. of digits after decimal" of currency is 3 (or a number more than 2)
on the hosting server.

Resolution:
-----------------------------
1. On the hosting server, click on Start > Control Panel > Regional and
Language Settings.
2. Click Customize on the Regional Options tab.
3. Change the "No. of digits after decimal" on the Currency tab to a number
less than 3.

Product: MOSS 2007

Issue description
------------------------------
After you upgrade SPS 2003 to MOSS 2007, you receive an error "HTTP Error
401.1 - Unauthorized: Access is denied due to invalid credentials" when
trying to access the MOSS site that being enabled Kerberos authentication
and a custom host header. However, this error only occurs on the MOSS
server and you can successfully access the MOSS site from other clients.

Cause:
------------------------------
This is because that Windows Server 2003 SP1 include a loopback check
security feature that is designed to help prevent reflection attacks on your
computer. Therefore, authentication fails if the FQDN or the custom host
header that you use does not match the local computer name.

Resolution:
------------------------------
Disable the loopback check:
1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. Right-click Lsa, point to New, and then click DWORD Value.
4. Type DisableLoopbackCheck, and then press ENTER.
5. Right-click DisableLoopbackCheck, and then click Modify.
6. In the Value data box, type 1, and then click OK.
7. Quit Registry Editor, and then restart your computer.

Related KB Articles:
----------------------------
You receive error 401.1 when you browse a Web site that uses Integrated
Authentication and is hosted on IIS 5.1 or IIS 6
http://support.microsoft.com/?id=896861