Archive for December, 2010

What is the worst behavior a manager can have?

I was thinking about all the managerial behaviors that can wreak havoc on a staff. Putting aside for now the obvious ones-screaming, overt belittling, sexual harassment, and the tendency to break out into song-what are the behaviors that can really disable a team and undermine a staff?

I’d like to open this up to you guys, but my vote goes for what I will coin the “What does this mean for me?” Syndrome.

I believe in ambition. I believe that you always have to have your personal career goals and continually made decisions that lead to their achievement. But it’s when managers get so wrapped up in their own images that they lose sight of their actual job that it’s becomes problematic.

Best online Microsoft MCTS Certification, Microsoft MCITP Certification at Actualkey.com

We’ve all met someone like this along the way. This person is in the job because of its “status” or because he measures his self-worth by how many people directly report to him. (I’ve actually been in meetings over the years with middle managers in which having an unequal number of direct reports was a major bone of contention. Some people never let go of the playground mentality apparently.) I don’t understand how people can be promoted to manager and the main takeaway for them is status and not the excitement of added responsibility.

The team that has this leader can expect to be sold down the river at every opportunity. The executives want a project completed on an impossible deadline? This manager will enthusiastically commit so she can look like a hero. The fact that the team has to work so many extra hours that they have to reach into the fourth dimension to do it, doesn’t seem to bother her. That she can then go back to the big table with the completed project after stepping over the overworked corpses of her overworked programmers doesn’t register on her radar.

This is also the type of manager who is never available. He has his email sorted into groups based on sender like “Worth my time,” “Can help my career,” and “all others.” When team members’ emails go unanswered or they can never find the manager to ask questions, they soon get a sense that they have about as much clout as Lindsay Lohan’s AA sponsor. Nothing kills morale quicker.

The truth of the matter is that leadership is not all about the leader. If a manager is worth his salt, he will pay attention to his team and work with his team to get projects done. Don’t be a yes-man in either direction.

Okay, so what behavior do you hate the most?

[Editor's note: To the TechRepublic member who has been emailing me saying he doesn't get an answer: I've responded to your emails several times. Please check your Spam folder if you're not getting them.]

Get IT tips, news, and reviews delivered directly to your inbox by subscribing to TechRepublic’s free newsletters.

10 PowerShell commands every Windows admin should know

Over the last few years, Microsoft has been trying to make PowerShell the management tool of choice. Almost all the newer Microsoft server products require PowerShell, and there are lots of management tasks that can’t be accomplished without delving into the command line. As a Windows administrator, you need to be familiar with the basics of using PowerShell. Here are 10 commands to get you started.

Note: This article is also available as a PDF download.
1: Get-Help

The first PowerShell cmdlet every administrator should learn is Get-Help. You can use this command to get help with any other command. For example, if you want to know how the Get-Process command works, you can type:

Get-Help -Name Get-Process

and Windows will display the full command syntax.

You can also use Get-Help with individual nouns and verbs. For example, to find out all the commands you can use with the Get verb, type:

Get-Help -Name Get-*


Best online Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com

2: Set-ExecutionPolicy

Although you can create and execute PowerShell scripts, Microsoft has disabled scripting by default in an effort to prevent malicious code from executing in a PowerShell environment. You can use the Set-ExecutionPolicy command to control the level of security surrounding PowerShell scripts. Four levels of security are available to you:

* Restricted — Restricted is the default execution policy and locks PowerShell down so that commands can be entered only interactively. PowerShell scripts are not allowed to run.
* All Signed — If the execution policy is set to All Signed then scripts will be allowed to run, but only if they are signed by a trusted publisher.
* Remote Signed — If the execution policy is set to Remote Signed, any PowerShell scripts that have been locally created will be allowed to run. Scripts created remotely are allowed to run only if they are signed by a trusted publisher.
* Unrestricted — As the name implies, Unrestricted removes all restrictions from the execution policy.

You can set an execution policy by entering the Set-ExecutionPolicy command followed by the name of the policy. For example, if you wanted to allow scripts to run in an unrestricted manner you could type:

Set-ExecutionPolicy Unrestricted

3: Get-ExecutionPolicy

If you’re working on an unfamiliar server, you’ll need to know what execution policy is in use before you attempt to run a script. You can find out by using the Get-ExecutionPolicy command.
4: Get-Service

The Get-Service command provides a list of all of the services that are installed on the system. If you are interested in a specific service you can append the -Name switch and the name of the service (wildcards are permitted) When you do, Windows will show you the service’s state.
5: ConvertTo-HTML

PowerShell can provide a wealth of information about the system, but sometimes you need to do more than just view the information onscreen. Sometimes, it’s helpful to create a report you can send to someone. One way of accomplishing this is by using the ConvertTo-HTML command.

To use this command, simply pipe the output from another command into the ConvertTo-HTML command. You will have to use the -Property switch to control which output properties are included in the HTML file and you will have to provide a filename.

To see how this command might be used, think back to the previous section, where we typed Get-Service to create a list of every service that’s installed on the system. Now imagine that you want to create an HTML report that lists the name of each service along with its status (regardless of whether the service is running). To do so, you could use the following command:

Get-Service | ConvertTo-HTML -Property Name, Status > C:\services.htm

6: Export-CSV

Just as you can create an HTML report based on PowerShell data, you can also export data from PowerShell into a CSV file that you can open using Microsoft Excel. The syntax is similar to that of converting a command’s output to HTML. At a minimum, you must provide an output filename. For example, to export the list of system services to a CSV file, you could use the following command:

Get-Service | Export-CSV c:\service.csv

7: Select-Object

If you tried using the command above, you know that there were numerous properties included in the CSV file. It’s often helpful to narrow things down by including only the properties you are really interested in. This is where the Select-Object command comes into play. The Select-Object command allows you to specify specific properties for inclusion. For example, to create a CSV file containing the name of each system service and its status, you could use the following command:

Get-Service | Select-Object Name, Status | Export-CSV c:\service.csv

8: Get-EventLog

You can actually use PowerShell to parse your computer’s event logs. There are several parameters available, but you can try out the command by simply providing the -Log switch followed by the name of the log file. For example, to see the Application log, you could use the following command:

Get-EventLog -Log “Application”

Of course, you would rarely use this command in the real world. You’re more likely to use other commands to filter the output and dump it to a CSV or an HTML file.
9: Get-Process

Just as you can use the Get-Service command to display a list of all of the system services, you can use the Get-Process command to display a list of all of the processes that are currently running on the system.
10: Stop-Process

Sometimes, a process will freeze up. When this happens, you can use the Get-Process command to get the name or the process ID for the process that has stopped responding. You can then terminate the process by using the Stop-Process command. You can terminate a process based on its name or on its process ID. For example, you could terminate Notepad by using one of the following commands:

Stop-Process -Name notepad

Stop-Process -ID 2668

Keep in mind that the process ID may change from session to session.

Seven overlooked network security threats for 2011

No one working in network security can complain that the issue has been ignored by the press. Between Stuxnet, WikiLeaks server attacks and counterattacks, and the steady march of security updates from Microsoft and Adobe, the topic is being discussed everywhere. IT workers who have discovered that consolidation, off-shoring, and cloud computing have reduced job opportunities may be tempted to take heart in comments such as Tom Silver’s (Sr. VP for Dice.com) claim that “there is not a single job position within security that is not in demand today.”This and similar pronouncements by others paint a rosy picture of bottomless security staff funding, pleasant games of network attack chess, and a bevy of state-of-the-art security gadgets to address threats. Maybe.

In these challenging times, separating hype from visionary insight may be a tall order. Yet it’s important to strike a sensible balance, because there are problems both with underestimating the problem as well as in overhyping the value of solutions. This situation became readily apparent when making a list of overlooked threats for the upcoming year. The task of sorting through the hype must not become a cause that only managers will be inspired to take up.


Best online Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com

Table A summarizes a modest list of security threats that are likely to be overlooked in the coming year. The list thus adds to the mélange of worry-mongering, but at least the scenarios are plainly labeled as worst case scenarios.
1. Insider threat

Millions of dollars can be spent on perimeter defenses, but a single employee or contractor with sufficient motivation can easily defeat those defenses. With sufficient guile, such an employee could cover his tracks for months or years. Firms such as Symantec Vontu have taken a further step and characterized the insider threat issue as “Data Loss Prevention” (DLP). Also in this category are attacks on intellectual property, which tend to be overlooked in favor of more publicized losses.
2. Tool bloat backlash

Recent TSA changes to airport security demonstrate that the public’s appetite for security measures has limits. The same is true for network security. As demands for more and more tools taking an increasingly larger percent of the IT budget mount, backlash is inevitable. Many tools contribute to a flood of false positives and may never resist an actual attack. There is a network security equivalent of being overinsured.
Threat Area     Worst Case Scenarios
1. Insider Threat     Enterprise data including backups destroyed, valuable secrets lost, and users locked out of systems for days or even weeks.
2. Tool Bloat Backlash     Decision-makers become fed up with endless requests for security products and put a freeze on any further security tools.
3. Mobile Device Security     A key user’s phone containing a password management application is lost. The application itself is not password-protected.
4. Low Tech Threats     A sandbox containing a company’s plan for its next generation of cell phone chips is inadvertently exposed to the public Internet.
5. Risk Management     A firm dedicates considerable resources to successfully defend its brochure-like, ecommerce-less web site from attack, but allows malware to creep into the software of its medical device product.
6. SLA Litigation     Although the network administrator expressed reservations, a major customer was promised an unattainable service level for streaming content. The customer has defected to the competition and filed a lawsuit.
7. Treacheries of Scale     A firm moves from a decentralized server model to a private cloud. When the cloud’s server farm goes offline, all users are affected instead of users in a single region.
Table A. Worst Case Scenarios for Overlooked Network Security Threats
3. Mobile device security

There’s lots of talk about mobile device security, but despite prominent breaches employing wireless vectors, many enterprises haven’t taken necessary precautions.
4. Low-tech threats

Addressing exotic threats is glamorous and challenging. Meeting ordinary, well-understood threats, no matter how widespread, is less interesting and is thus more likely to be overlooked. Sandboxes, “test subnets,” and “test databases” all receive second class attention where security is concerned. Files synchronized to mobile devices, copied to USB sticks, theft of stored credentials, and simple bonehead user behaviors (”Don’t click on that!”) all fit comfortably into this category. Network administrators are unlikely to address low tech threats because more challenging tasks compete for their attention.
5. Risk management

Put backup and disaster recovery in this category, but for many, having servers with only one NIC card or relying upon aging, unmonitored switches and exposed cable routing are equally good use cases. Sadly, most organizations are not prepared to align risks with other business initiatives. To see where your organization stands in this area, consider techniques such as Forrester’s Lean Business Technology maturity for Business Process Management governance matrix.
6. SLA Litigation

Expectations for service levels are on the rise, and competitive pressures will lead some firms to promise service levels that may not be attainable. Meanwhile, expectations for service levels by the public continue to rise.
7. Treacheries of scale

There will be the network management version of the Quantas QF32 near-disaster. Consequences of failure, especially unanticipated failure, increase as network automation is more centralized. Failure points and cascading dependencies are easily overlooked. For instance, do network management tools identify SPOF? A corollary is that economies of scale (read network scalability) lead directly to high efficiency threats – that is, risks of infrequent but much larger scale outages.

What’s a network administrator to do? Address the issues over which some control can be exerted, and be vigilant about the rest. Too much alarm-sounding is likely to weaken credibility.

Get IT tips, news, and reviews delivered directly to your inbox by subscribing to TechRepublic’s free newsletters.

Microsoft releases five critical security bulletins for November

For this month’s Patch Tuesday, Microsoft released six security bulletins, five of which it’s rated as critical. (The remaining update addresses an important threat.) While one of the critical threats is actually present in Macromedia Flash, the vulnerability affects Windows platforms.
Details

Redmond released six security bulletins for November’s Patch Tuesday, rating five as critical. However, four of the six updates addressed privately reported threats, and there had been no reports of active exploits for these four vulnerabilities at the time of publication. Here’s a closer look at each update, in order of risk.
MS06-071

Microsoft Security Bulletin MS06-071,”Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution,” addresses the Microsoft XML Core Services vulnerability (CVE-2006-5745). This is a publicly disclosed threat, and there were reports that attackers were actively exploiting this vulnerability before Microsoft released the update.


Best online Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com


This is a critical threat for XML Core Services 4.0 and XML Core Services 6.0; it does not affect XML Core Services 3.0 or XML Core Services 5.0. This bulletin replaces Microsoft Security Bulletin MS06-061 for all affected versions.

Running Windows Server 2003 in its default configuration mitigates this threat. Some complex workarounds are available; see the security bulletin for more details.
MS06-067

Microsoft Security Bulletin MS06-067, “Cumulative Security Update for Internet Explorer,” addresses three problems:

* DirectAnimation ActiveX Controls Memory Corruption Vulnerability (CVE-2006-4777)
* DirectAnimation ActiveX Controls Memory Corruption Vulnerability (CVE-2006-4446)
* HTML Rendering Memory Corruption Vulnerability (CVE-2006-4687)

CVE-2006-4777 and CVE-2006-4446 are publicly disclosed threats, and there were reports that attackers were actively exploiting these vulnerabilities before Microsoft released the updates. CVE-2006-4687 is a privately disclosed threat, and there had been no reports of active exploits at the time of publication.

This bulletin has a cumulative rating of critical. It affects all versions of Internet Explorer 5.01 and Internet Explorer 6; however, it does not affect Internet Explorer 7. This bulletin replaces Microsoft Security Bulletin MS06-042 for all affected versions.

Possible workarounds include restricting how ActiveX controls and Active Scripting run in Internet Explorer, completely disabling ActiveX controls, and opening all e-mails in plain text. However, if you choose to implement the workarounds while waiting to patch, Microsoft warns that it’s possible, albeit difficult, to launch a successful attack even with Active Scripting disabled.
MS06-068

Microsoft Security Bulletin MS06-068, “Vulnerability in Microsoft Agent Could Allow Remote Code Execution,” addresses the Microsoft Agent Memory Corruption Vulnerability (CVE-2006-3445). This is a newly discovered vulnerability, and there had been no reports of active exploits at the time of publication.

This is a critical vulnerability for Windows 2000 Service Pack 4 and Windows XP SP2; it is only a moderate threat for Windows Server 2003 and Windows Server 2003 SP1. This bulletin replaces Microsoft Security Bulletin MS05-032 for all affected versions.

Available workarounds include disabling ActiveX controls and applying a patch to the registry. See the security bulletin for more details.
MS06-069

Microsoft Security Bulletin MS06-069, “Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution,” addresses multiple Flash Player vulnerabilities: CVE-2006-3014, CVE-2006-3311, CVE-2006-3587, CVE-2006-3588, and CVE-2006-4640. These are privately reported threats, and there had been no reports of active exploits at the time of publication.

This is a critical threat that only affects Windows XP SP2. This bulletin replaces Microsoft Security Bulletin MS06-020 for Windows XP SP2.

Not surprisingly, one workaround is to block ActiveX and Flash Player. See the security bulletin for more details.
MS06-070

Microsoft Security Bulletin MS06-070, “Vulnerability in Workstation Service Could Allow Remote Code Execution,” addresses the Workstation Service Memory Corruption Vulnerability (CVE-2006-4691). This is a privately reported threat, and there had been no reports of active exploits at the time of publication.

This is a critical threat for Windows 2000 SP4; it is a low threat for Windows XP SP2. This bulletin replaces Microsoft security bulletins MS03-049; it replaces Microsoft Security Bulletin MS06-040 for both Windows 2000 SP4 and Windows XP SP2.

An attacker would need administrator privileges to launch a successful attack in Windows XP SP2. One simple workaround is to block ports TCP 139 and TCP 445 at the network firewall.
MS06-066

Microsoft Security Bulletin MS06-066, “Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution,” addresses two vulnerabilities: the Microsoft Client Service for NetWare Memory Corruption Vulnerability (CVE-2006-4688) and the NetWare Driver Denial of Service Vulnerability (CVE-2006-4689). There had been no reports of active exploits at the time of publication.

This is an important threat for Windows 2000 SP4 and Windows XP Professional SP2; it is a moderate threat for Windows Server 2003 and Windows Server 2003 SP1. This bulletin replaces Microsoft Security Bulletin MS05-046 for Windows XP Professional SP2 only.
Final word

On the surface, five critical updates may seem to be a lot. But the important thing to remember is that two-thirds of the threats were newly reported vulnerabilities with no reports of active exploits.

Microsoft’s security team got ahead of most of the threats this month. While that’s not the same as having no vulnerabilities at all, it’s better than a poke in the eye with a sharp stick.

Get up to speed on Microsoft’s October security bulletins

Making up for lost time, Microsoft has released nine security bulletins for October after taking the month of September off. Of the nine updates, Microsoft has rated three as critical, four as important, and two as moderate threats.
Details

Last time, I told you what you needed to know about Microsoft’s three critical security bulletins for October: MS05-050, MS05-051, and MS05-052. This time, let’s look at the remaining six bulletins, classified as either important or moderate threats. In case you’ve lost track, important is more dangerous than moderate, so I’ll address the bulletins in that order.


Best online Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com

MS05-046

Microsoft Security Bulletin MS05-046, “Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution,” affects users of the Client or Gateway Service for NetWare (CAN-2005-1985). This is a remote code execution threat, but no exploits have appeared in the wild.

Applicability
This threat applies to all Windows OS versions after Windows 2000 that have Client Service for NetWare (CSNW) installed (known as Gateway Service for NetWare on Windows 2000). This includes:

* Windows 2000 Service Pack 4
* Windows XP SP1
* Windows XP SP2
* Windows Server 2003
* Windows Server 2003 SP1

Risk level
Microsoft has rated this as an important threat for all affected systems.

Mitigating factors
While some components of CSNW are present on all affected platforms, none of the operating systems activate this service by default. Only systems that have CSNW fully installed and activated are vulnerable. In addition, Windows Server 2003 SP1 systems are only vulnerable if the attacker has valid logon credentials.

Fix
Install the update. Microsoft has tested and approved several workarounds. These include:

* Block ports TCP 139 and 445 at the firewall.
* If not using CSNW, remove it.

MS05-047

Microsoft Security Bulletin MS05-047, “Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege,” could allow an attacker to completely take over a vulnerable system (CAN-2005-2120). This bulletin replaces Microsoft Security Bulletin MS05-039 on all affected platforms.

Applicability

* Windows 2000 SP4
* Windows XP SP1
* Windows XP SP2

Risk level
This is an important threat for all affected systems.

Mitigating factors
If you already applied MS05-039 to Windows 2000 systems, remote attackers can’t exploit the vulnerability without valid logon credentials. For both versions of Windows XP, attackers must have valid logon credentials. In addition, attackers must have administrator privileges to exploit the vulnerability on Windows XP SP2.

Fix
Install the update. Microsoft has tested and approved one workaround: Block ports TCP 139 and 445 at the firewall.
MS05-048

Microsoft Security Bulletin MS05-048, “Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution,” is a newly reported vulnerability (CAN-2005-1987) that could allow an attacker to take complete control of vulnerable systems. The threat stems from an unchecked buffer in Collaboration Data Objects, but no exploits have appeared in the wild.

Applicability

* Windows 2000 SP4
* All versions of Windows XP
* All versions of Windows Server 2003
* Exchange 2000 Server SP3

This threat does not apply to Exchange Server 5.5, Exchange Server 2003, Exchange Server 2003 SP1, Windows 98, Windows SE, or Windows ME.

Risk level
This is an important threat for Windows 2000 SP4 and Exchange 2000 Server SP3. It is a moderate threat for all other affected systems.

Mitigating factors
Most systems don’t have the affected components enabled by default.

Fix
Install the update. A workaround is available for some systems, but applying it affects functionality. See the security bulletin for details.
MS05-049

Microsoft Security Bulletin MS05-049, “Vulnerabilities in Windows Shell Could Allow Remote Code Execution,” is a newly discovered threat, and no exploits have appeared in the wild. This bulletin addresses three separate threats:

* Shell Vulnerability CAN-2005-2122
* Shell Vulnerability CAN-2005-2118
* Web View Script Injection Vulnerability CAN-2005-2117.

For Windows 2000, Windows XP, and Windows Server 2003 (but not Windows Server 2003 SP1), this bulletin replaces Microsoft Security Bulletin MS05-016. This bulletin also replaces Microsoft Security Bulletin MS05-024 for Windows 2000.

Applicability

* Windows 2000 SP4
* All versions of Windows XP
* All versions of Windows Server 2003

Risk level
Some of the vulnerabilities don’t apply to all platforms or are only moderate threats. The aggregate threat level for all platforms is important.

Mitigating factors
All three vulnerabilities require valid logon credentials. There are various other mitigating factors, which mostly involve not visiting malicious Web sites or opening suspicious e-mails.

Fix
Install the update. There are various workarounds tested and approved by Microsoft. For Shell Vulnerability CAN-2005-2122, don’t open attachments with .lnk extensions. For the other two threats, block TCP ports 139 and 445 at the firewall.
MS05-044

Microsoft Security Bulletin MS05-044, “Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering,” is a relatively minor file-tampering threat (CAN-2005-2126). This vulnerability’s only effect is to allow an attacker to alter the destination directory for downloaded files, which means attackers could use it in conjunction with other attacks to place files in unprotected locations. Proof of concept is on the Web, but Microsoft says it hasn’t received any reports of successful attacks.

Applicability

* Windows XP SP1
* Windows Server 2003
* Windows Server 2003 for Itanium-based systems

Risk level
This is a moderate threat for all affected platforms.

Mitigating factors
Attackers must entice users to visit a malicious FTP site.

Fix
Install the update. As a workaround, simply don’t download files from untrusted FTP sites.
MS05-045

Microsoft Security Bulletin MS05-045, “Vulnerability in Network Connection Manager Could Allow Denial of Service,” is a newly reported minor threat caused by an unchecked buffer (CAN-2005-2307). Proof of concept is on the Web, but Microsoft says it hasn’t received any reports of successful attacks.

Applicability

* Windows 2000 SP4
* Windows XP SP1
* Windows XP SP2
* Windows Server 2003
* Windows Server 2003 SP1

Risk level
This is a moderate threat for Windows 2000, Windows XP SP1, and Windows Server 2003. For Windows XP SP2 and Windows Server 2003 SP1, it is a low-level threat.

Mitigating factors
Attackers need valid logon credentials to exploit this vulnerability.

Fix
Install the update. Workarounds are available that involve some fairly complex firewall settings. For more details, see the security bulletin.

Microsoft – Java = .NET

Microsoft’s flirtation with Java as a part of its long-term systems strategy ended in late January when Microsoft agreed to pay $20 million to settle a lawsuit with Sun. The suit claimed that Microsoft had altered Java in a way that prevents the software from fulfilling its core goal of “write once, run anywhere.”

The settlement allows Microsoft to continue using an older version of the Java technology in existing products like Visual J++ and Internet Explorer for the next seven years.

Truth be told, Microsoft has spent years preparing for this day. A couple of years ago, rumors surfaced about Microsoft’s COOL technology—its alleged Java-killer.

In fact, COOL research produced the flagship development language for Microsoft’s .NET initiative, called C#. Microsoft designed C# to combine the power of C++ with the elegance of Java. More importantly, Microsoft submitted C# to standards bodies so that an independent standard (not driven by Sun as with Java) would be allowed to develop. Now that the Microsoft and Sun positions are clearly stated, what are the implications for corporate development shops?


Best online Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com

Platform choices will drive language selection
If you decide to implement a solution on a UNIX (or UNIX-variant) platform, you can be almost certain that the solution will be implemented using Java. Sun is in an interesting position here in that they control the language standard for all UNIX implementations but have a vested interest in optimizing Java for their platform. They don’t make money selling Java—they make money selling Sun servers and operating systems.

Although Sun will continue, in the near term, selling its own Java implementations for Windows NT and Windows 2000, I believe they are providing these products primarily to keep their customers satisfied. I don’t see any strategic reason for Sun to pursue this market over the long-term.

Microsoft, on the other hand, is attempting to level the playing field using .NET. Of course, it doesn’t hurt when you own the playing field, i.e., Windows 200x and .NET.

Ostensibly, if you use .NET for your development platform, you can choose any language you’d like. Microsoft is working with other language and tools developers to port their wares to the .NET platform. By the time Visual Studio.NET is released, you should be able to use COBOL, RPG, MUMPS, Python, or any number of other languages to develop .NET applications.

In truth, the versions of these languages will have to be able to support the .NET Common Language Runtime (CLR) before real object interoperability can be achieved. This means that although developers may bring language skills with them to the .NET party, most applications will have to be rewritten to accommodate new language syntax and a common set of data types. This will be true for all languages (including Microsoft’s C++ and Visual Basic) except Microsoft’s implementation of C#.

Protocols will become more important than languages
To a great extent, industry developments have rendered Sun’s lawsuit and the settlement meaningless. During the past two years, all companies (including Microsoft and Sun) have focused on developing systems whose major feature is interoperability rather than exclusivity.

For example, most Sun/Oracle implementations use Java (and some C++) components tied together with JavaScript and Java Server Pages (JSP) as their development language. Most Microsoft Windows NT or Windows 2000 implementations use Visual Basic or C++ components tied together with VBScript/JScript and Active Server Pages (ASP).

The real issue here is not what you use to build the internal system—that’s determined by your access to technical resources. The issue is whether, once finished, the system can interact intelligently with other systems in a loosely coupled, scalable fashion.

I believe that 10 years from now, industry pundits looking back on the early 00s won’t even see this settlement on their radar screen. Instead, they will point to the decision by Microsoft, IBM, and Sun to support Simple Object Access Protocol (SOAP) as the beginning of the interoperability decade.

Doubtless, there are many more standards battles to fight. However, I think that later this year, you’ll see commercial implementations of SOAP that allow developers to use languages and platforms of choice while giving them protocols that allow those systems to interoperate.

SOAP and other associated standards allow systems to discover each other’s functions, manipulate the functions, and return results and error codes. These systems won’t be designed to work with each other but to implement their exportable functions so they can be discovered by other SOAP-compliant systems.

How do you protect yourself?
Unfortunately, the only sure way to cover all your bases is to keep using the development tools and platforms you’ve been investing in until the platform and language battle settles down. You should be getting your developers and system architects trained in XML and SOAP, if you aren’t already.

It’s also not too early to begin architecting your systems to expose themselves to other systems—even to other like systems—using protocols like SOAP instead of proprietary protocols like Microsoft COM (Component Object Model).
How do you feel about Tim Landgrave’s predictions? Start a discussion below.

MCTS Windows 7 Cert Self-Paced Training Kit

Each and every Microsoft 70-680 exam details are available online. You name it we got it. You must be sure you have your Microsoft latest 70-680 dumps copy days before your exam – this is must for passing exam.

Microsoft 70-680 books can be downloaded free of charge If you make time to study the Microsoft 70-680 book it will certainly give you some hidden tips. Many student fear about the MCTS: Windows 7 cert test questions that what kind of question they will face in exams, will they be able to attempt or not. You don’t need to worry about this at all. Each and every Microsoft 70-680 exam details are available online. You name it we got it. You must be sure you have your Microsoft latest 70-680 dumps copy days before your exam – this is must for passing exam. After downloading Microsoft 70-680 exam dumps freely from the website you will see that you have found the best information resource for passing your exam.


Best online Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com

Paying for Microsoft 70-680 exam papers is a relatively simple thing; while these can be costly Microsoft certkingdom 70-680 exams and require both money and time. If you do not pass your 70-680 exam in first attempt then you are going to waste a good amount of the Microsoft TS: Windows 7, Configuring cost, and may become discouraged. In order to save yourself from such Microsoft 70-680 test failure you must do every thing you can. Never forget to buy Microsoft 70-680 braindump for your guaranteed success. Don’t neglect the importance of Microsoft 70-680 dump in exam preparations. We guarantee you that we will provide you the same Microsoft 70-680 sample questions that are going to appear in your MCTS exam. Thousand’s of students have used Microsoft 70-680 dumps to pass TS: Windows 7, Configuring simulations test. You can also be the one. No matter how much tough the exam is, it will be easy for you with these Microsoft 70-680 free dumps available on our website.

Students appearing in the Microsoft 70-680 certifications exams can get an awesome Microsoft 70-680 online training deal that includes a number of training resources for example, Microsoft 70-680 study guide, dumps and simulations. This makes a winning combination for each Microsoft 70-680 student. Most of the students feel that Microsoft 70-680 cbt are some what easier from other exams. If you think this, then don’t miss certkingdom Microsoft 70-680 online tests we will provide you training on the pattern of Microsoft Company standards. You wont feel a difference between Microsoft 70-680 online test and Microsoft real exam. This online Microsoft 70-680 lab training will be an easy task for you and you will enjoy Microsoft 70-680 practice test online. No doubt online practice will take some time but it will provide you all Microsoft 70-680 answers with complete understanding and you will never forget these answers in your Microsoft 70-680 tests. There are a number of Microsoft 70-680 practice questions for student in study forum also. IT students can exchange Microsoft dumps and 70-680 exam dumps with their peers. You can invite your friends to download new Microsoft 70-680 simluations pack and solve with each others help. We also provide you the facility of virtual TS: Windows 7, Configuring study teachers. Role of such teacher is commendable in information technology Microsoft 70-680 practice test certification. We provide Free practice exams for MCTS you every thing you need, in other words we provide you success in your exams.

Microsoft retires NT 4 exams, but MCSEs needn’t fret

Don’t panic
It’s OK that Microsoft is retiring the Windows NT Server 4.0 MCSE exams on Dec. 31, 2000.
I’ll stop for a moment to let you catch your breath. Don’t believe me? Well then, I’m sorry to be the bearer of bad news, but you can read Microsoft’s Retirement of Exams notice for yourself. The exams to be retired on Dec. 31, 2000, are:

* Exam 70-058: Networking Essentials
* Exam 70-067: Implementing and Supporting Microsoft Windows NT Server 4.0
* Exam 70-068: Implementing and Supporting Microsoft Windows NT Server 4.0 in the Enterprise
* Exam 70-073: Implementing and Supporting Microsoft Windows NT Workstation 4.0

Don’t worry if you’re still working on—or if you recently received—your MCSE certification in the NT 4 track. You’ll still get your money’s worth from the accreditation. Besides, we all knew these certs would retire someday. We just didn’t think we’d read about it so soon.
If you earned your MCSE in the Windows NT 3.51 track, you need to get hopping. The Windows NT 3.51 exams will retire on June 30, 2000. IT professionals earning their MCSEs in the NT 3.51 track must upgrade their certifications by June 30, 2001, to remain certified.
Your shock, evidenced by floods of posts to Internet newsgroups and in response to our article “NT is dead; long live Windows 2000,” is understandable. In fact, Microsoft’s done all of us a favor by releasing this information now. And before you aim your sharpened saber of rhetoric at my e-mail box, read the fine print. Then you can tell me how you really feel. Cool?

Best online Microsoft MCTS Training, Microsoft MCITP Certification at certkingdom.com

Here’s the deal
If you’re starting from scratch, you’ll need to pass seven exams, not six, to achieve MCSE accreditation for the Windows 2000 track. Five are core, and two are electives.

If you received your certification for the Windows NT Server 4.0 track, your MCSE accreditation expires Dec. 31, 2001. However, if you choose to retain your MCSE status, you’ll need to pass only four exams, as candidates passing three Windows NT 4.0 exams (more on that in a minute) can take Exam 70-240: Microsoft Windows 2000 Accelerated Exam for MCPs Certified on Microsoft Windows NT 4.0. This exam counts for four Windows 2000 exams. They are:

* Exam 70-210: Installing, Configuring and Administering Microsoft Windows 2000 Professional
* Exam 70-215: Installing, Configuring and Administering Microsoft Windows 2000 Server
* Exam 70-216: Implementing and Administering a Microsoft Windows 2000 Network Infrastructure
* Exam 70-217: Implementing and Administering a Microsoft Windows 2000 Directory Services Infrastructure

The prerequisite Windows NT 4 exams for candidates wanting to take Exam 70-240: Microsoft Windows 2000 Accelerated Exam for MCPs Certified on Microsoft Windows NT 4.0 are:

* Exam 70-067: Implementing and Supporting Microsoft Windows NT Server 4.0
* Exam 70-068: Implementing and Supporting Microsoft Windows NT Server 4.0 in the Enterprise
* Exam 70-073: Microsoft Windows NT Workstation 4.0

How is Microsoft helping us? By telling us of changes to the MCSE track now, almost two-and-a-half years before our current credentials expire. The advanced notice provides IT pros with plenty of time to plan their Windows 2000 track and pass the necessary examinations. In fact, it averages out to just one exam every six or seven months.

I think it’s safe to predict that, two years from now, the Windows 2000 skill set will be in greater demand than Windows NT 4 expertise. So we’ll need to be developing skills with Windows 2000 anyway.

However, that doesn’t mean there won’t be a demand for Windows NT 4 engineers—quite the contrary. Believe it or not, there are folks still using Windows 3.1 today (I’m not one of ‘em).

For this reason, don’t lose heart if you haven’t yet earned your NT 4 certification. Go ahead and finish the track, and you’ll have a head start on Windows 2000.

Quick FAQ
Q. When do I lose my Windows NT 4 MCSE accreditation, if I do nothing?
A. Jan. 1, 2002

Q. How many tests, minimum, must I pass to retain MCSE accreditation?
A. Four

Q. When must I pass those tests by?
A. Dec. 31, 2001

Q. When will the tests be available?
A. Microsoft reports that beta versions of Windows 2000 exams will be released during the first and second quarters of 2000.
Certification’s always a hot topic, and the news that Microsoft is retiring the Windows NT 4 exams has many IT pros debating its merits. Tell me what you think. I’ll collect your comments and follow up with an article letting you know how your opinions compare with those of your peers.

The Windows Phone 7 App Hub experience

In order to distribute your Windows Phone 7 app, you need to deal with App Hub, Microsoft’s developer site for Windows Phone 7 and Xbox 360. I got the impression that Microsoft could not care less about developers here. There is no customer service phone number on App Hub. There is a support form on the site, but it is only accessible to the folks who pay the $99 fee. In my experience, the form was useless, because no one ever responded to my queries. If you go to App Hub Support, you’re instructed to use the forum, or call and create an incident and pay for it.


Best online Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com

From what I can tell, no Microsoft customer service reps monitor the forums. I asked a number of customer service questions, none of which were answered by Microsoft. When there were critical issues with App Hub, no Microsoft personnel came into the forums to straighten them out, and there were no posts from personnel on the Windows Phone blog either. I spoke with Todd Brix, the Director of Product Management for App Hub, and his response was that they were adding more technical resources to the forums in a couple of days (from the time we talked). The additional resources will be appreciated by folks with technical issues, but it does not address the customer service problems. Since I spoke with Mr. Brix, the customer service issues remain the same.

Even the paid technical support is a joke. I called it, and in the process of walking through the phone menu, it was clear that the system was not aware of App Hub. When I told the phone menu “App Hub,” it took me to Xbox support (which makes some sense since App Hub is joined with the Xbox development system), but in that phone tree there were no options for App Hub issues.

Forum threads related to customer service issues (when they are answered) are often locked by overzealous moderators who deem threads to be pointless (their words, not mine) if they respond with a non-answer, and you ask for more information. Many of the users (including myself) are extremely angry about the imperious nature of the moderation and the inability to get any customer support. There is virtually no communications from the App Hub team either about these issues. For example, when App Hub suddenly treated paying customers like free customers, there was zero information coming from Microsoft (the solution was to go to the Xbox Live website, of all places, pull up your profile, and agree to a new Terms of Service).

Speaking of Terms of Service, the application guidelines are almost as bad as Apple’s. The number of things that are forbidden is quite large. While I agree with much of the sentiments, the agreement undermines the positioning of the phone as a consumer device. For example, including XNA development was a smart move to potentially make it the best phone gaming platform around and to leverage the skills of Xbox and other XNA developers. But the guidelines prohibit many of the things that are quite common in video games. For example, much of the gore that has been commonplace in games is prohibited, as is excessive use of explicit language and content of a sexual nature.

I have also seen posts in the forums complaining about the uneven application of the guidelines. For example, some users reported that their applications were accepted initially, but rejected upon resubmission for things that had not changed. My experience of submitting my Airport Status Checker app was not great, but it could have been worse.

My Windows Phone 7 app failed the initial submission, but the feedback was useful and pointed me directly at what I needed to correct (error handling). Unfortunately, the resubmission process was a bit confusing, and I lost a day while my application sat in a state where it wasn’t going to be re-evaluated. The resubmission failed as well. It was clear to me that the testing stops the moment a problem is found. This leads to a ton of wasted time, since you have to resubmit three times to find three failures. If the testers did the full battery of tests up front, it would be much more helpful.

The App Hub site is incredibly buggy. Here’s what I encountered and have been told:

* The forums often do not load in a timely manner.
* You cannot view the profiles of people if they have a space in their name.
* There is no private messaging system.
* Signing up for an account is painful. For me, there was an AJAX validation that was not being triggered correctly, so I lost two weeks of potential development time until I tried the form in a different browser, and it worked fine.
* The developers who were using the previous Xbox and Windows Mobile development systems are fairly upset; apparently, those systems had been quite buggy and finally were sorted out when the merger with App Hub occurred.

Another major issue is billing. App Hub does not currently allow for any kind of subscription billing; this means that any application that creates on-going expenses on your end (like anything where you need to provide a server-side component) has you walking a fine line between making the app cheap enough to sell, and risking having the users cost you more money in the long run than they paid you. Your alternative is to build a payment system into the application itself, which is a major usability issue and requires a significant amount of development work.

There will be no payouts from App Hub until February 2011, and there is no built-in reporting on downloads as of now. These are all things that are supposedly coming, but for the time being they are desperately needed.
Summary

The development experience on the technical side rates a C at best. The lack of APIs took the wind right out of my sails. Outside of that, it wasn’t bad. The emulator is not great; it cannot emulate the sensor stuff, so you are forced to spend money on a phone to test those kinds of functions. This puts developers who want to work on innovative applications even further behind the ball.

If Microsoft gets serious about supporting customers — because that’s what you are when you pony up $99 to be a premium member — I could forgive a lot of App Hub’s technical problems because those issues are just annoyances. But Microsoft’s lack of customer service is simply unacceptable. Microsoft is essentially allowing people to pay to participate in what is still a beta experience, and the results are a disaster. If people did not have to pay to submit applications, it could be swept under the rug, but once you are formally a paying customer, you have every right to expect better.

Unless you consider Windows Phone 7 to be a “must do” platform for development (which is quite unlikely), I suggest that you think of Windows Phone 7 development as a hobby or a learning experience rather than a source of revenue until the App Hub issues are sorted out. When the App Store experience improves, you will still want to carefully evaluate the API’s capabilities and Windows Phone 7’s position in the marketplace to make sure that the apps you want to write are possible, and that you have enough market opportunity to justify your ROI.

Microsoft behind $12 million payment to Opera

Microsoft agreed to pay Norway’s Opera Software $12.75 million to head off a threatened lawsuit over code that made some Web pages on MSN look bad in certain versions of Opera’s Web browser, CNET News.com has learned.

Opera disclosed the payment last week in a terse press release that omitted other details, including the name of the settling party and the nature of the dispute.

But a source indicated that the payment came from Microsoft in order to close the books on a clash over obscure interoperability problems. On at least three separate occasions, Opera has accused Microsoft of deliberately breaking interoperability between its MSN Web portal and various versions of the Opera browser–charges that the software giant has repeatedly denied.

Best online Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com

A Microsoft representative said the company does not comment on rumors.

Reached by phone, Opera executives refused to name the company involved in the settlement or describe the nature of the legal claims, citing a confidentiality agreement.

“We forwarded a few facts to a big international corporation and settled before we took legal action,” Opera Chief Technology Officer Hakon Lie said Tuesday. “This resolves an issue very close to my heart.”

The deal marks the latest in a string of settlements from Microsoft, which is seeking to simplify its business by clearing up potentially damaging legal claims. In the past year, the company has agreed to pay billions of dollars to wrap up litigation with Sun Microsystems, digital rights management developer InterTrust and Time Warner’s Netscape Communications division, among others.

While the Opera payment is relatively tiny, it underscores ongoing ripple effects in the browser market that stem from the overwhelming dominance of Microsoft’s Internet Explorer. Having used its desktop operating system monopoly to help trounce its primary rival Netscape, Microsoft has effectively abandoned significant browser development efforts. That’s left companies with negligible market share such as Opera and Netscape’s Mozilla open-source project to lead innovation in the field.

For example, IE 6, the latest version of Microsoft’s Web browser, released in August 2001, does not yet offer a tool that automatically blocks Web pop-up advertising. Microsoft has promised pop-up blocking as part of a Windows XP upgrade due out later this summer known as SP2. That puts it well behind Opera and others that have offered pop-up blocking for months in response to overwhelming consumer demand.

Last year, a member of Microsoft’s IE team indicated that the company planned to drop independent development of the browser altogether, opting instead to fold its functions into the next major overhaul of its Windows operating system, a project code-named Longhorn.

Since then, however, Microsoft has remained largely silent about its long-range browser development plans.

“I’m not sure what their plan is, whether they’ll do some upgrades with SP2, wait for Longhorn or break out a separate release,” Directions on Microsoft analyst Matt Rosoff said. “Whatever they do, IE is not a major strategic technology for Microsoft anymore…They don’t have a huge team working on IE, and there hasn’t been a lot of evolution in IE for a couple years.”

Web authors bow to IE
IE’s dominance has also created fallout for Web standards, because Microsoft delivers the Web to roughly nine out of every 10 people who use it.

Although IE 6 provides good standards support, some Web site developers have decided that it’s easier to create sites that work best with versions of IE, rather than use code that works equally well on all standards-compliant browsers. For example, Shutterfly, the online photo store backed by Netscape co-founder Jim Clark, does not support any version of Opera or Mozilla browsers, according to a warning displayed on the site this week.

The problem has been a top issue for Web standards advocates for some time, shifting the focus of standards compliance away from browser makers and toward companies behind popular Web authoring tools, such as Macromedia and Adobe Systems.

Opera’s past complaints with Microsoft included charges that the software giant deliberately sought to undermine the experience of Web surfers using its browser by delivering a different set of instructions to Opera than those sent to IE for rendering Web pages on MSN. The results included misaligned margins and indentations that cut off some words, among other things.

Microsoft in 2003 admitted that it had taken steps to detect different types of browsers accessing MSN and sent different Web page layouts to different products. But the company said its efforts were aimed at promoting standards compliance rather than at hurting products that compete with its dominant Internet Explorer browser. Microsoft said it has since stopped the practice.

“MSN is committed to providing the best experience we can to all of its consumers, and there is no intent to degrade the consumer experience for any visitors to MSN,” a Microsoft representative wrote in an e-mail. “When this issue hit last year, MSN tested Opera’s latest browser, determined and made adjustments to ensure all Opera 7 users had a quality experience while visiting MSN.”

Opera, by contrast, has long contended that Microsoft’s alleged maneuvers were intentional and hurt its reputation.

MSN’s browser lockouts at the time provided incendiary ammunition for Microsoft critics, including anti-Microsoft industry group ProComp, which in 2001 accused Microsoft of unfairly exploiting its massive lead in the browser market to muscle out smaller competitors.

“Who else could it be but Microsoft?” ProComp President Mike Pettit said this week, referring to the payment.

Pettit cast a jaundiced eye at the transaction, along with other settlements Microsoft has made with rivals that have alleged wrongdoing.

“If you really analyze the harm that is inflicted and measure the damages paid, it’s a very small dollar amount to Microsoft,” Pettit said. “It’s just the cost of doing business to them, so they’re just going to keep doing it over and over. They pay 5 or 10 cents on the dollar in damages way after the fact, and the net effect of it is to further unbalance the playing field. In the final analysis, they got away with it.”

These days, Opera is looking to move past the PC to distribute its Web browser on devices such as cell phones and personal digital assistants. As a result, Opera will in the future face less of a threat from Microsoft, Opera director John Patrick said.

“People wonder why anyone would get into the browser business,” he said. “But this isn’t about Microsoft and the PC. It’s about every other kind of device, from set-top boxes to cell phones. IE doesn’t dominate that. It’s a different market…The opportunities are enormous.”

Go to Top