Open source software

Free software is a funny thing, partly because it tends to spark off “holy wars”, so it can be hard to focus on the practical issues when you’ve got people shouting about their vision of purity. I like this blog post (a parody), which applies those principles to cars: The transmission tax.

Most of the people reading this are probably aware of the basic principles, but here’s a quick recap. If you get a piece of software for your computer, it can be “closed source” or “open source”. Closed source is something like Microsoft Office or Adobe Reader: you get the application itself, so you can run it on your machine, but you don’t get the source code that the programmers used to create it. Open source means that you get the source code too, and there are some (theoretical) advantages to this:

Continue reading “Open source software”

Password security

Last year I signed up with Facebook, and the “find friends” page asked me to give them the password to my GMail account so that it could log in as me and look at my list of contacts (address book), then see whether any of those people are already registered. I, however, was disinclined to acquiesce to their request; with my password, they would be able to impersonate me (sending emails on my behalf), intercept incoming emails, and even lock me out of my own account. I’m not saying that the Facebook programmers in particular would necessarily do any of these things, but I prefer to be cautious about handing out that type of information.

This may seem a bit paranoid, but I read an interesting post today at Coding Horror: A Question of Programming Ethics. Basically, somebody wrote a shareware program called “G-Archiver” that will store a backup copy of your GMail messages on your hard drive; in order for this to work, you obviously have to provide your password. However, it turns out that the program was emailing all these passwords back to the programmer. Oops.

In fairness, you need to type your password into your computer somehow if you want to get at your email; this could be through a web browser or a dedicated email application (e.g. Outlook Express). So, you have to make the trade-off: who do you trust? Personally, I’m willing to trust Microsoft applications, although I know that other people disagree. I’m also willing to trust Firefox. However, open source isn’t a panacea; just because something can be read, that doesn’t mean that anyone has actually read it, particularly if it’s obscure. It’s also worth mentioning that the same thing could be done on other platforms (e.g. a Mac); this isn’t a virus, it’s the program doing exactly what it was designed to do.

Integrated Windows authentication in web browsers

A while back, I was setting up an internal website (on a Windows domain with Active Directory), where I needed to identify each person who connected to it. IIS has an option for “integrated Windows authentication”: the idea is that if you’re already logged into the domain then you don’t have to provide a new username and password (or retype your Windows password) because the webserver will recognise you. This is similar to the way that permissions work on a fileserver, and I’ve used the same approach for desktop applications. One scenario is that you might want to use Outlook Web Access internally.

However, in order for this to work, the web browser actually has to send the relevant information to the webserver. The website doesn’t actually get your password, just your username, e.g. “Golgotha\jkirk”. Opinions may vary about whether this type of authentication is a good idea; personally, I think it is, because I don’t want people to get into the habit of typing in their password whenever a pop-up dialog box asks them for it. Still, whatever your views, it makes sense to be able to control this setting.

Continue reading “Integrated Windows authentication in web browsers”

70-621

On Monday morning I took the Vista upgrade exam (70-621). I passed it with a healthy margin (pass mark was 700/900 and I scored 820/900), so I’m happy with that, and it gives me two extra certifications:

  • Microsoft Certified Technology Specialist (Microsoft Windows Vista: Configuration)
  • Microsoft Certified IT Professional (Enterprise Support Technician)

Continue reading “70-621”

Vista boot menu

I’ve been dual-booting between Windows XP and Windows Vista for a while, so the boot menu gave two choices:

  • Earlier Version of Windows
  • Microsoft Windows Vista

I decided that it would be a bit neater if the first option referred to Windows XP specifically. In Windows 2000/XP, this information was stored in a “boot.ini” file, so you could modify it with a text editor as long as you were careful. However, it’s now stored in a binary file, a bit like the registry hive. Steve Lamb posted an entry about this recently, recommending the (free) application VistaBootPRO. That program does look quite user friendly, but since I’m getting ready for my Vista exam I decided that I’d be better off figuring out how to change the display name with the built-in tools.

Continue reading “Vista boot menu”

One person’s bloat is someone else’s feature

Most people are familiar with the way that indicators work in a car: you have a stalk sticking out of the steering wheel, and you knock it up or down depending on whether you want to indicate right or left. After you’ve finished your turn, the indicator will automatically turn off.

On a motorbike, it’s a bit different. There’s a control on the left handlebar, so you move that with your thumb. However, turning is mainly done by leaning, rather than just using the handlebars, so the bike doesn’t really know when you’ve finished; this means that you have to turn the indicator off yourself. When I first took motorbike lessons, the school bike had a horizontal slider for the indicators, with three possible positions: left, centre, right. As you’d expect, left and right would indicate in those directions while the centre position meant that the indicators were off. The snag was that it was quite easy to overcompensate. For instance, I’d intend to move the control from right to centre, but I’d push it too far and wind up indicating to the left. Bear in mind that you wear gloves on a bike, which reduces the amount you can feel, and you can’t hear a gentle ticking noise like you can in a car. Looking down at the controls is strongly discouraged, so I did make mistakes every so often. When I bought my first bike, it was the same model as the school bike (a Suzuki GN125) but from a later year. One subtle change was the way that the indicator worked: the slider control would now spring back to the centre after you pushed it left or right, and to turn it off you pushed it inwards. It’s just a small thing, but it made my life easier for a feature that I used frequently.

It’s unusual to see motorbike adverts at all, but car adverts rarely mention anything like this; they prefer to focus on glamorous locations (and actors). I think there’s a similar issue with computer programs: the most useful changes don’t get much publicity, as compared to the superficial changes (e.g. the “Aero” interface in Vista).

Continue reading “One person’s bloat is someone else’s feature”

Exchange 2007

I’ve been doing some upgrades this weekend, including the new version of Microsoft Exchange (mail server). This has a couple of small quirks, which it’s useful to be aware of:

1. If you want to use Outlook Web Access, and your server is “mail.example.com”, the address is now:
https://mail.example.com/owa/
Previously (in Exchange 2003), it was:
https://mail.example.com/exchange/
but that address will no longer work.

2. Microsoft’s advice is that you should have two Exchange servers per organisation, with different “roles”. One will be the edge transport server, that sits outside the domain and talks to the internet. The other is the hub server, which receives email from the edge server, and integrates with Active Directory. You don’t have to follow this advice, but if you choose not to then you need to allow anonymous users to connect to your “Receive connector”, as explained here. Otherwise, computers that try to send you mail will get error “530 5.7.1 Client was not authenticated.” Since you can’t make this change until after installation, I’d recommend that you block port 25 on your firewall until you’re ready to start receiving email. My normal approach is to map port 26 on the router to port 25 on the server – that way, I can simulate SMTP via telnet until I’m satisfied that it works correctly, while the rest of the world will just think “Oh, that server’s unavailable, I’ll try again later”, and their messages are just delayed rather than bounced. When you’re happy, then put port 25 back to normal.

Visual Studio vs mIRC

I’m doing some ASP.NET development in Visual Studio 2005 at the moment, and I’ve spent the last half hour beating my head against the wall because of an obscure error message:

ASP.NET Development Server failed to start listening on port 1651.
Error message:
Only one usage of each socket address (protocol/network address/port) is normally permitted.

This happened whenever I tried to run the application, or use the ASP.NET Configuration utility. (The idea is that Visual Studio has its own webserver built in, so you don’t need to have IIS or equivalent installed on your development machine.)

I went to a command prompt and ran “netstat -a” to see whether anything else was using that port. Port 1651 wasn’t listed there, although 1652-1654 were. I ran the command again as “netstat -a -b | more” to find out ownership info, and it turned out that mIRC was using those nearby ports. So, I closed mIRC down, and was able to run the ASP.NET apps without any trouble.

Curiously, I then restarted mIRC, and I can still run the ASP.NET apps. Running netstat again, I see that “WebDev.WebServer.EXE” is using port 1651 and “mirc.exe” is using port 2064. So, there’s probably a random element to port assignment.

Hopefully this info will be useful to other people: even if you aren’t using the same applications as me, the basic principle should still be valid (e.g. if Apache is conflicting with iTunes).