There's much rumbling going on in the internets this morning due to the story about the MacBook Air being the computer to be compromised (hacked) during the PWN2OWN contest being held at the CanSecWest conference this week. 

The rules were fairly simple; the first to hack a machine would win the hacked computer and $20,000 if done via a network, $10,000 if done via the internet (via a browser), or $5,000 if accomplished via an installed program.  The interesting sub-topic of this is that Vista's IE7 was not the first of the three machines being bombarded.  The third computer is running Ubuntu.

I expect Vista's IE7 to fall soon, but the fact that Safari was the first, and possibly the easiest gateway to gain access has caused much gnashing of teeth and redirection of the facts of the case.  In my reading, Apple lost this round; plain and simple.  Have no fear, Vista will get it's share sooner or later.

What's interesting is the reaction from the pro-Apple crowd.  The fanboys are not used to this kind of disappointment:

"...but has anyone even bothered to try the other two computers... [or] are the two other computers Dells and nobody wants them?"

"Big deal."

"...if the same interest and effort are put to exploit Vista... that would have already happened."

"Let's face it: if the prize is the laptop you hack then everyone would be trying to hack the Mac: who the [expletive] wants the shame of walking away with a Dell under their arm?"

Everyone needs to calm down and recognize what happened today:  Holding all other things equal, modern operating systems are pretty secure (borne out by the fact that nobody took home the $20,000 prize) and on any day you can be hacked if you're not careful, regardless of your computer and operating system.  In short, be careful on the internet.  There are people who pay money to gain ownership of computers, and yours can be owned unless you take care, patch often, and keep anti-virus programs up to date.

More reading:

• http://arstechnica.com/journals/apple.ars/2008/03/28/macbook-air-compromised-in-2-minutes-for-10000
• http://apple.slashdot.org/article.pl?sid=08/03/28/0126221
• http://security.itworld.com/5013/mac-hacked-first-in-contest-080327/page_1.html

Nightly care and feeding of your Visual SourceSafe database is a must.  If you are working with a project or multiple projects of any size, this is an important task.  The challenge is that Microsoft makes it a little difficult to find the right tools to help you keep your database tuned.

The process I created and describe below has worked for me for years.  It is a bit of overkill, but has produced a stable database night after night, and has continued to work through 3 VSS version updates.

The process is a 3 step batch file:

1. Run a base Analyze to identify any bad data, backup
2. Rerun using -F switch (fix), backup
3. Rerun using -C switch (compress), backup

Steps 2 and 3 are a bit redundant as they both use the fix (-f) switch.  You may chose not to use that switch both times.

Batch file code:

   1: cd c:\

   2: cd program files\microsoft visual sourcesafe

   3:  

   4: REM *** Set the base variables for directory names

   5: for /F "tokens=2,3,4 delims=/ " %%i in ('date/t') do set d=%%k%%i%%j

   6: for /F "tokens=1,2,3 delims=:. " %%i in ('time/t') do set t=%%i%%j%%k

   7: set B=e:\Backups\VSS\Analyze

   8: set C=%B%\Current

   9: set S=%B%/%d%-%t%

  10: set A=C:/public/VSS/data

  11:  

  12: ANALYZE -V4 -I- -B"%C%" "%A%"

  13: for /F "tokens=2,3,4 delims=/ " %%i in ('date/t') do set d=%%k%%i%%j

  14: for /F "tokens=1,2,3 delims=:. " %%i in ('time/t') do set t=%%i%%j%%k

  15: REN %C% %d%-%t%A

  16: MKDIR %C%

  17: ANALYZE -F -I- -V4 -B"%C%" "%A%"

  18: for /F "tokens=2,3,4 delims=/ " %%i in ('date/t') do set d=%%k%%i%%j

  19: for /F "tokens=1,2,3 delims=:. " %%i in ('time/t') do set t=%%i%%j%%k

  20: REN %C% %d%-%t%B

  21: MKDIR %C%

  22: ANALYZE -F -I- -C -V4 -B"%C%" "%A%"

  23: for /F "tokens=2,3,4 delims=/ " %%i in ('date/t') do set d=%%k%%i%%j

  24: for /F "tokens=1,2,3 delims=:. " %%i in ('time/t') do set t=%%i%%j%%k

  25: REN %C% %d%-%t%C

  26: MKDIR %C%

  27:  

The batch file has some DOS trickery to tease out the current date and time.  This allows me to rename (REN) the "\vss\Analyze\Current" directory to the time the step completed.

The result is a the following file structure in my e:\ drive:
e:\Backups\vss\Analyze\[yyyy][mm][dd]-[hh][mm][am/pm][a/b/c]
e.g.
e:\Backups\vss\Analyze\20080319-0144AMC

This structure allows me to run the backup a weekend evening and if the database goes haywire, I can get any one of the last "good" databases for recovery, even if one of the last good backups was in the middle of this batch script.  It also allows me to delete "old" backups as I see fit.  Of other note, a log file (analyze.log) is placed in the root of each backup directory, in case you want to see exactly what went down during the process.

For the record, my VSS database contains over 55k files, occupies 1.35GB on the hard drive, and this process takes ~2.5 hours to run.  If you run this during the work week (or your dev team has no life), you need to log in to the VSS database and lock it using the Administration tool, then log out.  The FIX (-F) switch will not work if any users are actively logged in to the database.  Sadly, there is no command line to lock the database.

I installed Vista SP1 last night and the install was unremarkable, which is a good thing.  I did not have any issues with any of my development tasks today, and the OS seemed to simply get out of my way.  That's exactly what it should do.  Now that I know SP1 is baked in without issue my next task will be to perform an annual spring cleaning and rebuild this machine.  However...

As has been discussed ad nauseam, many bits of functionality were discussed long ago when Microsoft was hatching Vista.  Some came to fruition, some were abandoned early, and some just disappeared into the ether.  One item that seemed to live into the release of Vista was the idea of "offline updating" or slipstreaming Service Packs into existing disk images (a.k.a. ISOs).  The idea is that when a service pack comes along, you simply unpack it, and copy all of the files into the UPDATE folder in the ISO.  Boom.  Done.  Err... not so fast.  Seems that Microsoft had "ran into some unexpected issues with the servicing stack" for SP1 so no soup for you, system admins; well, unless you consider getting a new ISO from Microsoft a solution.

___________________________________________________________________

I'll admit that the following may not be an SP1 related note, but I only noticed it post install.

At some point along the line, Microsoft changed their warning windows to a layout that looks suspiciously like another application that strikes fear in my heart.  I can't be the only person to notice this?

Scott Cate blogged about LINQPad today, and I must note what a great idea this tool is.  In effect, LINQPad is SQL Query Analyzer (a.k.a. SQL Server Management Studio [SSMS]) for LINQ queries.

This tool is to accompany O'Reilly's C# 3.0 in a Nutshell written by Joseph and Ben Albahari.  Not only is it a wonderful tool to debug your LINQ queries, but it comes loaded with 200 examples from the book which is great for beginning in LINQ.

The product is free, so if you are a .NET developer, download LINQPad today.  Do not pass go.

As an interesting experiment, Joseph Albarahi suggests replacing your shortcut to SQL Management Studio with a shortcut to LINQPad.  According to Joseph, "at the end of [a] week, you will actually think in LINQ, rather than thinking in SQL and translating to LINQ."  IMHO, you won't be able to completely do without SSMS as LINQPad doesn't offer table management tools, but LINQPad certainly could sit right next to SSMS.

I had a love/hate relationship with physics.  In college, my classes were too big (for me) but the theories were so intriguing that the classes kept me coming back for more.  Of particular interest were my Statics (not to be confused with Statistics) and Dynamics classes.

If I had these games tools available to me when I was in school, some of the subject matter may have been slightly easier to grasp.

Phun

Crayon Physics

Bravo to Microsoft for streaming their keynotes and their session presentations on their website at http://visitmix.com/2008/.  I would love for Apple to also stream their presentations.  Currently I rely on blogs such as Engadget or Gizmodo to distill those presentations for me.  This is a disservice to both me and Apple.  

I was intensely geeked out by streming the live video of Scott Guthrie's keynote on my phone while at lunch today.  The experience was amazingly and surprisingly good. 

I've worked with and around networks at many levels for years.  What I haven't done, however, is work as a network administrator.  I've found that most good net admins both look and behave like Jeff Albertson (a.k.a. The Comic-Book Guy).  They just seem to have that special something.

Regardless, you may still find yourself with the need to perform some basic administration on an Active Directory.  For example, you may need to share a network drive at the logon.  Well, here's how you do just that:

Note: I'm not a net admin.  I only play one when absolutely necessary.  The method below is based on what worked for my environment.  Your mileage may vary.

How to share a user drive at logon

Create the folder & set properties

1. Create the user folder on a server named the same as the user to share it with a dollar sign ($) at the end, e.g. MattB$
2. Right-click, Sharing and Security...
3. Change to Share this folder, then click Permissions
4. Delete the "Everyone" account, and add the user who will own this directory
5. Change their rights to allow Full Control for this user
6. Click OK to get to properties, then click on General tab
7. OK

Create the logon script

1. Start notepad.exe and add the following line:
   net use u: \\servername\%username%$
2. Change "servername" to the name of your server, and change the "u" to whatever drive label you want to use; X: or Y: or Z:, etc
3. Save the file as logon.bat to your desktop
4. Right-click the file and choose "copy"

Edit your group policy

1. Get to the group policy you wish to edit by opening AD Users & Computers, right click the domain, click properties, Group Policy tab, select the GP and click Edit
2. Navigate to User Configuration/Windows Settings/Scripts
3. Double-click Logon, click "Show Files..." then right click and paste the logon.bat file there
4. OK all the way out, and close AD editors

Either wait for your AD to replicate these rules out or go to a command prompt on your AD server and type
gpupdate /force

At logon your user will be auto-shared this device

Other reading:

• http://www.rlmueller.net/LogonScriptFAQ.htm
• http://isweb2.memphis.edu/umad/documents/LogonScript.htm
• http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_22496941.html

Sorry for anyone paying attention, but I had a bit of a DNS issue.  My server was maintaining its own DNS records and the host changed the way they forwarded records.  My site went *poof* and disappeared.

With a wave of my hand, I bring back mattbirmingham.com