New features for the MSN toolbar

Last week, Paul Thurrott reported in the Windows IT Pro magazine network WinInfo Daily Update that MSN have begun beta testing of an add-on for the MSN toolbar called roaming favorites, allowing users to manage, search, and access Internet Explorer (IE) favorites whatever PC is in use, as long as it has the MSN toolbar installed (favorites are synchronised with to a central server, accessed from anywhere on the Internet using a Passport logon).

It sounds great (I’ve been thinking of writing a set of scripts to do this for me for some time now as I use at least 3 PCs and didn’t really work out for me as a kind of web-based home page), but I do wish it didn’t rely on the MSN toolbar – why can’t it be a feature within IE7 (for once, one which Microsoft might have thought up themselves).

Meanwhile, in a separate update, Thurrott reports that another piece of new functionality that is intended for IE7 will also be available for IE6 users (again in the MSN Toolbar) – Microsoft’s phishing filter, a feature that helps protect users from scam websites.

Both features sound great, but I’d much rather them available as a download for all Windows XP users without needing the MSN toolbar. On the other hand, it’s only a matter of time before Google (my preferred toolbar) integrates a similar feature…

Vodafone VSPAM

VodafoneWhen I got my new company mobile a few weeks back, I turned it on and immediately received a couple of spam SMS messages inviting me to call a premium rate number. Of course, I deleted them, but I might not have if I’d known about Vodafone‘s VSPAM initiative.

“When an unsolicited text message is received a Vodafone customer can forward it, free of charge, directly to 87726 or VSPAM on their mobile keypad. Vodafone will then collate a consolidated report of all the unsolicited text messages reported by its customers, which it plans to send directly to mobile messaging regulators… previously customers were advised to contact the Independent Committee for the Supervision of Standards of Telephone Information Services (ICSTIS) directly… [who] can take regulatory action against parties running such services. ICSTIS has prosecuted several service providers so far and it intends to ‘name and shame’ the operators who currently support the service providers running these premium rate services.”

[Vodafone press release, 21 August 2003]

Even though this initiative is two years old, I’ve not come across it before, so I’m blogging it here for anyone who is interested.

Useful mobile handset commands

Have you ever been asked to type out some obscure code on your mobile handset to retrieve some information for a support representative? Here are some of the useful codes I’ve found (tested on Nokia handsets using the two largest UK networks: a Nokia 6021 connected to Vodafone; and a Nokia 6600 connected to Orange):

  • *#06# – display the IMEI of the handset (does not require send to process). IMEI number analysis will show details of the handset manufacturer, type and production date (although strangely, my Nokia 6021 is recorded as having been produced two days after I received it!) as well as handset approval information and IMEI number break down.
  • **21*number# – divert all calls to number (call forwarding).
  • *43# – activate call waiting.
  • #43# – cancel call waiting.
  • 141number – temporarily withhold caller line identification (CLI) information when calling number.

These ones might be useful for Vodafone users (none of them worked for my handset connected to Orange):

  • *#100# – obtain own number (returned in local format, e.g. 07812345678). Number analysis will give a whole host of useful information about a number including the number range, country/operator/network (for mobile numbers – although my personal number which has been transferred between networks still shows the operator as Vodafone Ltd even though it’s been connected to Orange for over a year now), number break-down, network technology type (for mobile numbers), and dialling format information.
  • *#104# – obtain voice mailbox number (a response of 447812345678 VF-GMLRE relates to a voice mailbox number of +44-7812345678).
  • *#147# – display number of last caller, along with time and date (e.g. 01234567890 08:00 30AUG05).
  • *61*mailboxnumber*10*duration# – set the ring duration before diverting to voice mail (where mailboxnumber is in international format, e.g. +447812345678, and duration is between 5 and 30).
  • *#1345# – check pay as you talk balance.
  • ##0021# – cancel call forwarding.
  • 1210 – cancel all voicemail diverts.
  • 1211 – reset all voicemail diverts to the standard setting (divert if switched off, engaged, or out of coverage).
  • 1212 – send all calls to voicemail (e.g. when abroad and receiving calls could cost you money!).
  • 1213 – remove the all calls divert (1212).
  • 1471 – voice equivalent of *#147#, with call return options.
  • 21212 – record a personal greeting.

Another useful Vodafone number to know is for checking call rates when abroad. Text from country (e.g. from France) to 4636 and the reply will detail the cost to make a call from country, the cost to receive a call from country, the cost of sending an SMS message from country to a UK number and the name of the Vodafone preferred rate network for country (e.g. SFR in France).

If anyone has some more useful codes (not numbers for information services), please leave a comment on this post including the handset type and network on which the codes have been tested (no requests for handset unlocking codes please).

Other useful links

Area code information
International dialing instructions

So you want to be a consultant…

Earlier today I posted a link to Steve Friedl’s illustrated guide to IPSec. Steve’s site has a whole load of technical tips, but one item I stumbled across was his extremely interesting review of consultancy practices (subtitled as “Why work 8 hours/day for someone else when you can work 16 hours/day for yourself?”).

As an IT consultant (albeit one employed by a global IT services organisation), married to a PR consultant, I can really relate to some of Steve’s consulting maxims, the most pertinent of which I’ve quoted below:

  • “‘Trust’ is your best job security”.
  • “You are primarily in the customer service business, not the technical business”.
  • “For a good consultant, your voice is comforting: Be very easy to find”.
  • “The best way to appreciate the value of a good [specification] is to do a project without one”.
  • “Customers hate ‘unhappy surprises’ much more than ‘timely bad news'”.
  • “Ongoing business is much more important than maximizing every billable hour” (which goes hand in hand with “hourly arrangements of any substantial magnitude require that you have earned your customer’s trust”).
  • “It’s better to give away some time than to throw away your reputation” (but remember “if the customer doesn’t know you did work off the clock, you don’t get credit for it”).
  • “Detail is comforting to a customer”.
  • “If you routinely take ownership for your own mistakes, you’re much more likely to be believed when you claim something is not your doing”.
  • “Your best advertisement is publishing of original, technical content”.
  • “It’s a huge asset to communicate well – cultivate this skill vigorously”.
  • “Your references are your reputation in the consulting world”.
  • “The customer is not always right”.
  • “The Internet never forgets: don’t provide dirt for your future”.
  • “If you’re booked up solid, your rates are too low”.
  • “Your long-term customers are your best customers”.
  • “The best way to make a lot of money is to make your customers a lot of money”.
  • “You must know how to read your customer”.
  • “Your customers are buying your judgment, not just your time”.
  • “Being known for your integrity is the Holy Grail of consulting”.

He also makes some useful observations on technical skills and certification:

“Your references and your experience are far more important than your certifications. What counts here is truly learning the subject matter, and there is no harm in obtaining the certificate in the process. But if the goal is just to collect some paper, it leads to the prototypical computer jockey with lots of alphabets after his name but limited power in the driver’s seat.

Where the skills question gets tricky is when getting outside your comfort zone: a customer will ask you about a project that you are almost, but not quite, qualified for. Surprisingly, this happens a lot: if you have conducted yourself well, your customer would rather find a way to use you – a known quantity – than find somebody else. This occurs over a fairly wide range of skills.

When considering one of these projects, the first rule is: never lie to your customer about your skills. Be completely candid with your customer about what you know and how you would address the project. This would likely include substantial off-the-clock time as you got up to speed on the technology in question.”

Well worth a read for any consultant (whether self employed or not) and for any customers who employ consultants too!

An introduction to IPSec

I’ve been meaning to write something about Internet protocol security (IPSec) ever since I heard Steve Lamb talk about it a few months back but Owen Cutajar blogged about Steve Friedl’s Illustrated Guide to IPSec a few days back which gives a much better description than I ever will! Steve’s site has a whole load of useful technical tips, but as his URL might give away, he comes at things from a UNIX perspective.

For Windows users who are interested in implementing IPSec, I recommend that you read both Steve Lamb’s blog and Steve Friedl’s Illustrated Guide to IPSec, but what follows is a brief description of some high-level concepts which might help to put it all into context.

Although it sounds complex, symmetric key cryptography is a very basic method of encrypting messages (e.g. DES or AES/Rijndael) using a shared secret. The plain text input is encrypted to produce cipher text which is transmitted to the intended recipient, who can then decrypt it to produce plain text output. An example of such a mechanism is the Caesar shift, whereby characters are shifted by a known number of places (the shared secret), so that for example if the shared secret is 3, A becomes D, B becomes E, and so on. Symmetric key cryptography is simple, and fast, but relies on some form of mechanism for exchanging keys (shared secrets).

Symmetric key cryptography

Public key cryptography is an asymmetric encryption mechanism, whereby knowledge of the encryption key doesn’t provide the methods to decrypt the message. The recipient of the message generates a pair of keys (using a certificate authority) and publishes the public key in a directory so that anyone can send them encrypted messages that only they can read. This pair of keys is actually a single key split mathematically using a one-way algorithm (i.e. one which current mathematics does not allow to be reversed). When sending a message, it is encrypted with the recipient’s public key and they can decrypt it (using their private key). Unfortunately even this method has its weaknesses as it is slow, subject to what is known as a “known ciphertext” attack and requires the public key to be trusted (i.e. to be from a known certificate authority).

Asymmetric key cryptography

The real-world answer is often a hybrid encryption process whereby a symmetric session key is encrypted using the recipient’s public key and then, once this key has been decrypted by the recipient (using their private key), they can read messages encrypted using the session key. The session key is transmitted with the encrypted message as a digital envelope. Once the message exchange is complete (whether that is literally the transfer of a message, or a communication session) the session key is disregarded (i.e. its life is finite – dictated by the length of the session).

IPSec is used to authenticate and/or encrypt TCP/IP communications, securing either specific ports or all IP traffic and is obligatory for IPv6.

In an Active Directory environment, IPSec is generally configured via group policy and both the client and the server must be configured. No reply is issued to rejected packets – they are simply dropped. Installing a certificate authority (CA) is a simple process (although because a lot of the configuration is wizard-based, it can be difficult to appreciate exactly what has been done). Windows Server 2003 Certificate Services allows a hierarchy of CAs to be implemented (generally with the root CA kept offline once the hierarchy is established) as well as adhering to public key standards from RSA, Entrust and Verisign (licensed by Microsoft to avoid any per-certificate cost issues). Once a certificate has been issued the client no longer needs to communicate with the CA. Of course, internal CAs are only suitable for internal use of IPSec (a trusted CA needs to be used for securing traffic across the Internet).

One of the advantages of IPSec is that, because it works at the network layer, it can be used to provide secure data transfer without affecting applications; however the downside is that architects (or administrators) should carefully consider the impact that encrypting all traffic would cause as some security software (e.g. intrusion detection systems) will no longer function.

Service packs, feature packs and releases – how they should work

The various Microsoft product groups issue service packs, feature packs and releases. This is all very well, but they mean different things to different people and are confusing. Then, last Friday, Paul Thurrott reported in the Windows IT Pro magazine network WinInfo Daily Update that Virtual Server 2005 SP1 will now become Virtual Server 2005 release 2 (R2). This might sound like a trivial name change but what it means for legal users of Virtual Server 2005 (a basically good product, but with a few fairly significant bugs), they will need to purchase R2, rather than install a free service pack.

If Microsoft follows this path they are going the way of Apple, who issue point version upgrades to their OS X operating system and have the audacity to charge existing users for a full product (there is no upgrade available).

In my opinion:

  • Service packs should fix bugs (security or otherwise) and that critical patches should be released in advance of a rolled-up, regression tested, service pack. Ideally service packs should also have a predictable timescale (e.g. 6 months after product release then every 12 months from then on until the product reaches end of life).
  • Feature packs should offer new features for an established product. I don’t believe that there should have been any additional features included with Windows XP SP2 (e.g. the Windows Firewall) – instead SP2 should have been a set of bug fixes (alleviating some of the deployment issues associated with new technology) and additionally Microsoft should have offered a free feature pack for Windows XP which provided the extra security features. In this way, users can stay at the latest supported product release (service pack level) but choose which feature packs to add. Security features and other important updates should be free of charge. Others which enhance a product might carry a small charge.
  • Mid-life releases (e.g. Windows Server 2003 R2) are all very well as a marketing mechanism for rolling the latest service packs into a product for new users, but should not preclude existing users from gaining from the latest service pack/feature pack updates. If a product really warrants a new licence, then it should carry a new (major) version number!

Following this model, Virtual Server 2005 R2 should really be a service pack and there should be an additional feature pack for the new features which Microsoft plans to ship (of which there are precious few details at present). As for supporting Linux as a guest operating system – it either works or it doesn’t – Microsoft needs to make up it’s mind as to whether it is a supported guest or not (if they are smart they will say “yes” – that way users can have a virtual Linux guest running on a Windows host if they need the best of both worlds, with Microsoft still gaining licence revenues for the host operating system and the virtualisation software).

Missing disk space

A few months back, I was chatting with my Dad about his PC (you know, one of those “family IT support desk” jobs) and he was wondering what had happened to all of his hard disk space. David Chernicoff has written an article for Windows IT Pro magazine about the case of the missing disk space and it’s worth a read. I certainly found it interesting – especially the bit about true sizing cf. disk manufacturers’ idea of storage units.

Having trouble accessing a recently installed instance of MSDE? Make sure the MSSQLSERVER service is started!

I just spent ages trying to work out why I couldn’t access the Microsoft SQL Server Desktop Engine (MSDE) instance that an application had just installed… it may sound obvious, but make sure the MSSQLSERVER service is started!

In my defence, if an application requires a server or service restart after installation, I expect it to tell me that’s what it needs, but the version of MSDE 2000 SP3A downloaded by Altiris Notification Server 6.0 didn’t seem to do that. I had similar problems a few weeks back whilst playing around with Community Server. On both occasions, I though it might be a problem with my security credentials so I downloaded the SQL Server Web Data Administrator but that couldn’t access the database either. It was only once I’d checked that all the MSDE services were running (MSSQLSERVER was not) that everything jumped into life.

Another tip whilst I’m on the subject – MSDE 2000 SP3A requires a strong password to be set for the sa user. If using a repackaged version of MSDE (as I was), try extracting the package and examining the setup files to find the SA password that has been set as part of the application installation (e.g. using the SAPWD= option for setup.exe).

Great mobile handset – shame about the connectivity software

Notwithstanding the fact that last month I wrote about how I’d finally found a use for a camera phone, my preferred feature list for a mobile handset is quite simple:

Other features I might use are a loudspeaker (handsfree) mode and GPRS; but whilst camera, FM radio, and even MP3 player are nice to haves, they are by no means essential. As for smartphones, I have a Nokia 6600 but I’ve barely scratched the surface on its capabilities (mostly because I’m scared of running up huge bandwidth usage costs on my personal account).

For a long time now, the standard handset given out to most corporate users in the UK has been the Nokia 6310i. For a while it was the Nokia 6810, but my new work phone is a Nokia 6021 and I love it!

Nokia 6021

Meeting all of my ‘A list’ criteria above, the 6021 is the perfect phone for me but I had some fun and games trying to get it to synchronise my contact details with Microsoft Outlook. Once I worked out how to turn on the Bluetooth functionality within my Fujitsu Siemens Lifebook S7010D, I could get the phone to communicate with the PC via Bluetooth, but although the Nokia PC Suite (v6.5.12) seemed to detect the phone, I couldn’t get the Nokia PC Sync utility to recognise the Bluetooth connection.

After spending ages creating and breaking down Bluetooth pairings between the phone and my laptop, I finally gave up, remembering that I had the same issue with my 6310i too and that IrDA seemed to work every time. Sure enough, an IrDA connection did the trick but the whole point about a Bluetooth-enabled phone is that I can synchronise my phone and my laptop without having to activate IrDA and set up a line of sight connection.

Come on Nokia – you’ve produced a great phone – now how about some decent connectivity software to go with it…

Making IE 7 look like IE 6 to get around website restrictions

I just picked this up via Rory Street and although I haven’t tried it, it certainly looks interesting for those who are having problems accessing websites which check the browser version when using the Internet Explorer (IE) 7.0 beta

Mark Harrison has a post on his blog which talks about changing the IE7 user agent string so that websites think you are using IE6 (a tip from the IEBlog). He also has links to scripts to switch the associated registry setting.