Ping – ping ping ping ping – ping ping, ping? Ping! Ping, ping ping ping ping; ping-ping ping! Ping.

Ping ping ping, *ping* ping ping #ping ping. Ping, ping:

“Ping ping ping ping ping — ping ping ping (ping ping ping)”.

Ping ping ping ping. Ping. And yet and yet…

Ping?

Ping.

Click here to read the rest at TechCrunch

Windows 7 is still continuing to increase the gap between its predecessor, Windows Vista. Windows 7 is nearing its first birthday now and after nearly 11 months its done quite well for itself.

According to the new stats released by Net Applications, it’s still growing and now holds an impressive 15.87 percentage share of the overall OS market. Windows Vista on the other hand, is still dropping and being left behind with just 14% of the market. It was only in July the Windows 7 managed to overtake Windows Vista by grabbing 14.34 percent of the market, marking a major milestone for Microsoft and their most successful operating system to date.

Windows 7 is still rapidly growing and I’m sure we can only see this figure begin to increase even more as it reaches it’s first anniversary, not to mention the increase in PC sales coming up to the holiday season. It seems Microsoft are managing to push more users from Windows Vista than they are from Windows XP. Part of the reason so many XP users are still holding on is because the upgrade process from Windows XP to Windows 7 isn’t as straight forward as it is from Windows Vista. The other reason could be that some people are holding out for the first Service Pack for Windows 7 before they make the change.

Either way, Windows XP is still the dominant player with 60.89 percent of the market, which is only 1 percent less than it had last month.

For the moment Windows 7 seems to be growing mainly at Windows Vistas expense, but of course Windows XP is coming down, but still has a long way to go.

Related posts:

1. Windows 7 Market Share Breaks 10%
2. Windows Gains Market Share, Mac Loses Market Share, Coincidence?
3. Windows 7 Market Share Still Climbing
4. April Stats on Market Share Win7 Gaining on WinXP
5. Windows 7 and the OS Market Share

Click here to read the rest at Windows 7 News

A lot of people use Select-String but I haven’t seen much discussion of the –Context parameter.   This is an awesome feature that we added in V2.  If you haven’t tried it, you should spend a few minutes experimenting.  I can guarantee you that will you be glad you did.

Let’s see what the HELP has to say about the Context parameter:

PS> Get-Help Select-String -Parameter Context

-Context <Int32[]>
    Captures the specified number of lines before and after the line with the m
    atch. This allows you to view the match in context.

    If you enter one number as the value of this parameter, that number determi
    nes the number of lines captured before and after the match. If you enter t
    wo numbers as the value, the first number determines the number of lines be
    fore the match and the second number determines the number of lines after t
    he match.

    In the default display, lines with a match are indicated by a right angle b
    racket (ASCII 62) in the first column of the display. Unmarked lines are th
    e context.

    This parameter does not change the number of objects generated by Select-St
    ring. Select-String generates one MatchInfo (Microsoft.PowerShell.Commands.
    MatchInfo) object for each match. The context is stored as an array of stri
    ngs in the Context property of the object.

    When you pipe the output of a Select-String command to another Select-Strin
    g command, the receiving command searches only the text in the matched line
     (the value of the Line property of the MatchInfo object), not the text in
    the context lines. As a result, the Context parameter is not valid on the r
    eceiving Select-String command.

    When the context includes a match, the MatchInfo object for each match incl
    udes all of the context lines, but the overlapping lines appear only once i
    n the display.

    Required?                    false
    Position?                    named
    Default value
    Accept pipeline input?       false
    Accept wildcard characters?  false

Let’s have some fun.  I’m going to use Superstar James O’Neil’s Hypervisor Management Library to experiment with.  He has a number of functions the work with NICs.  Let’s party.

PS> #First Let’s find the functions
PS> dir *.ps1 |Select-String function.*NIC

network.ps1:3:Function Add-VMNIC
network.ps1:64:Function Get-VMNic
network.ps1:94:Function Get-VMNicport
network.ps1:104:Function Get-VMnicSwitch
network.ps1:121:Function Get-VMNICVLAN
network.ps1:282:Function Remove-VMNIC
network.ps1:332:Function remove-VMSwitchNIC
network.ps1:366:Function Select-VMNIC
network.ps1:392:Function Set-VMNICAddress
network.ps1:422:Function Set-VMNICSwitch
network.ps1:459:Function Set-VMNICVLAN

PS> # That gave me too many so let’s add a $ to the end of the SEARCH STRING
PS> # That indicates a Line end
PS> dir *.ps1 |Select-String function.*NIC$

network.ps1:3:Function Add-VMNIC
network.ps1:64:Function Get-VMNic
network.ps1:282:Function Remove-VMNIC
network.ps1:366:Function Select-VMNIC

PS> # Let’s see 1 line before and after each matching line
PS> dir *.ps1 |Select-String function.*NIC$ -Context 1

  network.ps1:2:
> network.ps1:3:Function Add-VMNIC
  network.ps1:4:{# .ExternalHelp  MAML-VMNetwork.XML
  network.ps1:63:
> network.ps1:64:Function Get-VMNic
  network.ps1:65:{# .ExternalHelp  MAML-VMNetwork.XML
  network.ps1:281:
> network.ps1:282:Function Remove-VMNIC
  network.ps1:283:{# .ExternalHelp  MAML-VMNetwork.XML
  network.ps1:365:
> network.ps1:366:Function Select-VMNIC
  network.ps1:367:{# .ExternalHelp  MAML-VMNetwork.XML

PS> # Notice the line numbers and that the matching line has a > in front

PS> # Now let’s try 3 lines before and after the matching line
PS> dir *.ps1 |Select-String function.*NIC$ -Context 3

  network.ps1:1:
  network.ps1:2:
> network.ps1:3:Function Add-VMNIC
  network.ps1:4:{# .ExternalHelp  MAML-VMNetwork.XML
  network.ps1:5:    [CmdletBinding(SupportsShouldProcess=$ true)]
  network.ps1:6:    param(
  network.ps1:61:}
  network.ps1:62:
  network.ps1:63:
> network.ps1:64:Function Get-VMNic
  network.ps1:65:{# .ExternalHelp  MAML-VMNetwork.XML
  network.ps1:66:    param(
  network.ps1:67:        [parameter(ValueFromPipeline = $ true)]
  network.ps1:279:}
  network.ps1:280:
  network.ps1:281:
> network.ps1:282:Function Remove-VMNIC
  network.ps1:283:{# .ExternalHelp  MAML-VMNetwork.XML
  network.ps1:284:    [CmdletBinding(SupportsShouldProcess=$ true)]
  network.ps1:285:    param(
  network.ps1:363:
  network.ps1:364:
  network.ps1:365:
> network.ps1:366:Function Select-VMNIC
  network.ps1:367:{# .ExternalHelp  MAML-VMNetwork.XML
  network.ps1:368:    param(
  network.ps1:369:        [parameter(ValueFromPipeline = $ true)]

PS> # The line before is boring so let’s get rid of that and then see a
PS> # few lines after
PS> dir *.ps1 |Select-String function.*NIC$ -Context 0,3

> network.ps1:3:Function Add-VMNIC
  network.ps1:4:{# .ExternalHelp  MAML-VMNetwork.XML
  network.ps1:5:    [CmdletBinding(SupportsShouldProcess=$ true)]
  network.ps1:6:    param(
> network.ps1:64:Function Get-VMNic
  network.ps1:65:{# .ExternalHelp  MAML-VMNetwork.XML
  network.ps1:66:    param(
  network.ps1:67:        [parameter(ValueFromPipeline = $ true)]
> network.ps1:282:Function Remove-VMNIC
  network.ps1:283:{# .ExternalHelp  MAML-VMNetwork.XML
  network.ps1:284:    [CmdletBinding(SupportsShouldProcess=$ true)]
  network.ps1:285:    param(
> network.ps1:366:Function Select-VMNIC
  network.ps1:367:{# .ExternalHelp  MAML-VMNetwork.XML
  network.ps1:368:    param(
  network.ps1:369:        [parameter(ValueFromPipeline = $ true)]

PS> # Let’s take a look at the body of Remove-VMNIC
PS> dir *.ps1 |Select-String function.*Remove-VMNIC$ -Context 0,20

> network.ps1:282:Function Remove-VMNIC
  network.ps1:283:{# .ExternalHelp  MAML-VMNetwork.XML
  network.ps1:284:    [CmdletBinding(SupportsShouldProcess=$ true)]
  network.ps1:285:    param(
  network.ps1:286:        [parameter(Mandatory = $ true ,  ValueFromPipeline = $ true)]
  network.ps1:287:        $ Nic,
  network.ps1:288:
  network.ps1:289:        $ PSC,
  network.ps1:290:        [switch]$ force,
  network.ps1:291:
  network.ps1:292:        $ VM, $ Server #VM no longer required, but preserved for compatibility with V1
  network.ps1:293:    )
  network.ps1:294:    process {
  network.ps1:295:        if ($ psc -eq $ null)  {$ psc = $ pscmdlet} ; if (-not $ PSBoundParameters.psc) {$ PSBoundParameter
s.add("psc",$ psc)}
  network.ps1:296:        if ($ NIC -is [Array] ) {[Void]$ PSBoundParameters.Remove("NIC") ;  $ NIC | ForEach-object {Remo
ve-VMNIC  -NIC $ _  @PSBoundParameters}}
  network.ps1:297:        if ($ nic -is [System.Management.ManagementObject])  {remove-VMRasd -rasd $ NIC -PSC $ psc }
  network.ps1:298:            # note: In V1 the switch port was removed before removing the NIC, but this is done autom
atically.
  network.ps1:299:    }
  network.ps1:300:}
  network.ps1:301:
  network.ps1:302:

Party on your own.  You are going to love –Context!

Experiment!  Enjoy!  Engage!

Jeffrey Snover [MSFT]
Distinguished Engineer
Visit the Windows PowerShell Team blog at:    http://blogs.msdn.com/PowerShell
Visit the Windows PowerShell ScriptCenter at:  http://www.microsoft.com/technet/scriptcenter/hubs/msh.mspx

Click here to read the rest at Windows PowerShell Blog

I once heard that everyone in the world smiles and cries the same way – that language and culture had no effect on these.

I thought of that when I navigated to: http://www.computerworld.jp/topics/mws/180709.html

I have ABSOLUTELY no clue what they are saying but in the middle of the article I saw this:

【リスト11：WakeOnLan.ps1】
1 param($ MacAddress) 
2 [byte[]] $ MagicPacket = 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
3 $ MagicPacket += (($ MacAddress.split('-') | foreach {[byte] 
('0x' + $ _)}) * 16)
4 $ UdpClient = New-Object System.Net.Sockets.UdpClient
5 $ UdpClient.Connect(([System.Net.IPAddress]::Broadcast) ,9)
6 $ UdpClient.Send($ MagicPacket,$ MagicPacket.length)

I guess everyone in the world scripts the same way too. 

Given that they are scripting in PowerShell, I bet they are also smiling! 

Experiment!  Enjoy!  Engage!

Jeffrey Snover [MSFT]
Distinguished Engineer
Visit the Windows PowerShell Team blog at:    http://blogs.msdn.com/PowerShell
Visit the Windows PowerShell ScriptCenter at:  http://www.microsoft.com/technet/scriptcenter/hubs/msh.mspx

Click here to read the rest at Windows PowerShell Blog

Starting with Windows Server 2003 SP1, it is possible to provide server authentication by issuing a Secure Sockets Layer (SSL) certificate to the Remote Desktop server. This is easy to configure using the “Remote Desktop Session Host Configuration” tool on Server operating systems. Though no such tool is available on Client operating systems such as Windows Vista and Windows 7, it is still possible to provide them with certificates for Remote Desktop connections. There are two possible ways to accomplish this. The first method is using Group Policy and Certificate Templates, and the second one is using a WMI script.

[April 15, 2010: Updated to correct which certificates can be used.]

Part I: Using Group Policy and Certificate Templates.

This method allows you to install Remote Desktop certificates on multiple computers in your domain but it requires your domain to have a working public key infrastructure (PKI).

First, you need to create a Remote Desktop certificate template.

Creating Remote Desktop certificate template:

1. On the computer that has your enterprise Certification Authority installed start MMC and open the “Certificate Templates” MMC snap-in.


2. Find the “Computer” template, right-click on it, and then choose “Duplicate Template” from the menu.


3. In the “Duplicate Template” dialog box, choose “Windows Server 2003 Enterprise” template version.
   


4. The “Properties of New Template” dialog box will appear.


5. On the “General” page of this dialog box, set both “Template display name” and “Template name” to “RemoteDesktopComputer”. Note: it is important to use the same string for both properties.


6. On the “Extensions” page, select “Application Policies”, and then click the “Edit…” button.


7. The “Edit Application Policies Extension” dialog box appears.
   


8. Now you can either remove the “Client Authentication” policy leaving the “Server Authentication” policy, or you can use the special “Remote Desktop Authentication” policy. Doing the latter will prevent certificates based on this template from being used for any purpose other than Remote Desktop authentication.


9. To create the “Remote Desktop Authentication” policy, first remove both the “Client Authentication” and “Server Authentication” policies, and then click “Add…”


10. The “Add Application Policy” dialog box appears. In this dialog box click the “New…”
    


11. The “New Application Policy” dialog box appears. In this dialog box, set “Name” to “Remote Desktop Authentication” and “Object Identifier” to “1.3.6.1.4.1.311.54.1.2”, and then click “OK.”
    


12. Select “Remote Desktop Authentication” in the “Add Application Policy” dialog box, and then click “OK.”


13. Now the “Edit Application Policies Extension” dialog box should look like this:
    


14. Click “OK” in this dialog box, and then click “OK” in the “Properties of New Template” dialog box.

The new template is now ready to use.

The next step is to publish the template.

Publishing the “RemoteDesktopComputer” certificate template:

1. On the computer that has your enterprise Certification Authority installed, start the Certification Authority MMC snap-in.


2. Right-click on “Certificate Templates”, then select “New\Certificate Template to Issue” from the menu that appears.


3. The “Enable Certificate Templates” dialog box appears. Select “RemoteDesktopComputer”, and then click “OK.”

Now the “RemoteDesktopComputer” template is published and can be used in certificate requests.

The last step is to configure Group Policy to use certificates based on the “RemoteDesktopComputer” template for Remote Desktop authentication.

Configuring Group Policy:

Note: The following steps create the new policy to apply to all computers in the domain, but it can also be scoped to an Organizational Unit if needed.

1. On the domain controller, start the “Group Policy Management” administrative tool.


2. Right-click the “Default Domain Policy” and click on “Edit…” in the menu that appears. The “Group Policy Management Editor” appears.


3. Navigate to “Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security.”


4. Double-click the “Server Authentication Certificate Template” policy.


5. Enable the policy, type “RemoteDesktopComputer” in the “Certificate Template Name” box, and then click “OK.”
   


6. As soon as this policy is propagated to domain computers, every computer that has Remote Desktop connections enabled will automatically request a certificate based on the “RemoteDesktopComputer” template from the Certification Authority server and use it to authenticate to Remote Desktop clients. You can speed up the propagation to a specific computer by running the “gpupdate.exe” command line tool on that computer.

Part II: Using a WMI script.

This method allows you to use a server certificate of your choice with Remote Desktop connections but the certificate needs to be manually installed on the computer first. For example, this method can be used if you bought your certificate from a public certificate authority.

First check that your certificate meets the requirements for Remote Desktop certificates. Certificates that don’t meet these requirements won’t work and will be ignored.

Basic requirements for Remote Desktop certificates:

1. The certificate is installed into computer’s “Personal” certificate store.


2. The certificate has a corresponding private key.


3. The “Enhanced Key Usage” extension has a value of either “Server Authentication” or “Remote Desktop Authentication” (1.3.6.1.4.1.311.54.1.2). Certificates with no “Enhanced Key Usage” extension can be used as well.

In order for a certificate to be used for Remote Desktop connections you first need to obtain the certificate’s thumbprint.

Getting the certificate’s thumbprint:

1. Double-click on the certificate.


2. Click the “Details” tab.


3. Select the “Thumbprint” entry from the list.
   


4. Copy the thumbprint value into Notepad.


5. Delete all the spaces between the numbers.

Now you have the thumbprint string ready to use. It should look like this: 0e2a9eb75f1afc321790407fa4b130e0e4e223e2

Once you have the thumbprint you can use the following script to cause the certificate to be used for Remote Desktop connections.

WMI script for configuring Remote Desktop certificate:

var strComputer = “.”;

var strNamespace = “\root\CIMV2\TerminalServices”;
var wbemChangeFlagUpdateOnly = 1;
var wbemAuthenticationLevelPktPrivacy = 6;
var Locator = new ActiveXObject(“WbemScripting.SWbemLocator”);
Locator.Security_.AuthenticationLevel = wbemAuthenticationLevelPktPrivacy;
var Service = Locator.ConnectServer (strComputer, strNamespace);
var TSSettings = Service.Get(“Win32_TSGeneralSetting.TerminalName=\”RDP-Tcp\“”);
if (WScript.Arguments.length >= 1 )
{
    TSSettings.SSLCertificateSHA1Hash = WScript.Arguments(0);
}
else
{
     TSSettings.SSLCertificateSHA1Hash = “0000000000000000000000000000000000000000″;
}
TSSettings.Put_(wbemChangeFlagUpdateOnly);

To run this sample, copy/paste the above code into a “rdconfig.js” file, start cmd.exe as the Administrator, and then run the following command: “cscript rdconfig.js <thumbprint of your certificate>”. Running this script without a parameter will revert Remote Desktop back to using the default self-signed certificate.

Hello all, Ned here again with this week’s conversations between AskDS and the rest of the world.  Today we talk Security, ADWS, FSMO upgrades, USMT, and why “Web 2.0 Internet” is still a poisonous wasteland of gross.

Let’s do it to it.

Question

I am getting questions from my Security/Compliance/Audit/Management folks about what security settings we should be applying on XP/2003/2008/Vista/7. Are there Microsoft recommendations? Are there templates? Are there explanations of risk versus reward? Could some settings break things if I’m not careful? Can I get documentation in whitepaper and spreadsheet form? Do you also have these for Office 2007 and Internet Explorer? Can I compare to my current settings to find differences?

[This is another of those “10 times a week” questions, like domain upgrade – Ned]

Answer

Yes, yes, yes, yes, yes, yes, and yes. Download the Microsoft Security Compliance Manager. This tool has all the previously scattered Microsoft security documentation in one centralized location, and it handles all of those questions. Microsoft provides comparison baselines for “Enterprise Configuration” (less secure, more functional) and “Specialized Security-Limited Functionality” (more secure, less usable) modes, within each Operating System. Those are further distinguished by role and hardware – desktops, laptops, domain controllers, member servers, users, and the domain itself.

So if you drill down into the settings and tabs of a given setting, you see more details, explanations, and reasoning on why you might want to choose something or not.

It also has further docs and allows you to completely export the settings as GPO, DCM, SCAP, INF, or Excel.

It’s slick stuff. I think we got this right and the Internet’s “shotgun documentation” gets this wrong.

Question

Is it ok to have FSMO roles running on a mixture of operating systems? For example, a PDC Emulator on Windows Server 2003 and a Schema Master on Windows Server 2008?

Answer

Yes, it’s generally ok. The main issue people typically run into is that the PDCE is used to create special groups by certain components and if the PDC is not at that component’s OS level, the groups will not be created.

For example, these groups will not get created until the PDCE role moves to a Win2008 or later DC:

• SID: S-1-5- 21 domain –498
  Name: Enterprise Read-only Domain Controllers
  Description: A Universal group. Members of this group are Read-Only Domain Controllers in the enterprise
• SID: S-1-5- 21 domain -521
  Name: Read-only Domain Controllers
  Description: A Global group. Members of this group are Read-Only Domain Controllers in the domain
• SID: S-1-5-32-569
  Name: BUILTIN\Cryptographic Operators
  Description: A Builtin Local group. Members are authorized to perform cryptographic operations.
• SID: S-1-5-21 domain –571
  Name: Allowed RODC Password Replication Group
  Description: A Domain Local group. Members in this group can have their passwords replicated to all read-only domain controllers in the domain.
• SID: S-1-5- 21 domain -572
  Name: Denied RODC Password Replication Group
  Description: A Domain Local group. Members in this group cannot have their passwords replicated to any read-only domain controllers in the domain
• SID: S-1-5-32-573
  Name: BUILTIN\Event Log Readers
  Description: A Builtin Local group. Members of this group can read event logs from local machine.
• SID: S-1-5-32-574
  Name: BUILTIN\Certificate Service DCOM Access
  Description: A Builtin Local group. Members of this group are allowed to connect to Certification Authorities in the enterprise.

And those groups not existing will prevent various Win2008/Vista/R2/7 components from being configured. From the most boring KB I ever had to re-write:

243330  Well-known security identifiers in Windows operating systems – http://support.microsoft.com/default.aspx?scid=kb;EN-US;243330

I hesitate to ask why you wouldn’t want to move these FSMO roles to a newer OS though.

Question

Every time I boot my domain controller it logs this warning:

Log Name:      Active Directory Web Services
Source:        ADWS
Date:          6/26/2010 10:20:22 PM
Event ID:      1400
Task Category: ADWS Certificate Events
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      mydc.contoso.com
Description:
Active Directory Web Services could not find a server certificate with the specified certificate name. A certificate is required to use SSL/TLS connections. To use SSL/TLS connections, verify that a valid server authentication certificate from a trusted Certificate Authority (CA) is installed on the machine. 
Certificate name: mydc.contoso.com

It otherwise works fine and I can use ADWS just fine. Do I care about this?

Answer

Only if you:

1. You think you have a valid Server Authentication certificate.
2. Want to use SSL to connect to ADWS.

By default Windows Server 2008 R2 DC’s will log this warning until they get issued a valid server certificate (which you get for free once you deploy an MS Enterprise PKI, by getting a Domain Controller certificate through auto-enrollment). Once that happens you will log a 1401 and never see this warning again.

If you think you have the right certificate (and in this case, the customer thought he did – it had EKU of Server Authentication (1.3.6.1.5.5.7.3.1), the right SAN, and chained fine), compare it to a valid DC certificate issued by an MS CA. You can do all this in a test lab even if you’re not using our PKI by just creating a default PKI “next next next” style and examining an exported DC certificate. When we compared the exported certificates, we found that his 3rd-party issued cert was missing a Subject entry, unlike my own. We theorized that this might be it – the subject is not required for a cert to be valid, but any application can decide it’s important and it’s likely ADWS does.

Question

Seeing this error when doing a USMT 4.0 migration:

[0x080000] HARDLINK: cannot find distributed store for d – cee6e189-2fd2-4210-b89a-810397ab3b7f[gle=0x00000002]
[0x0802e3] SelectTransport: OpenDevice failed with Exception: Win32Exception: HARDLINK: cannot find all distributed stores.: There are no more files. [0x00000012] void __cdecl Mig::CMediaManager::SelectTransportInternal(int,unsigned int,struct Mig::IDeviceInitializationData *,int,int,int,unsigned __int64,class Mig::CDeviceProgressAdapter *)

We have a C: and D: drive and when we run the migration we use these steps:

1. Scanstate with hard-link for both drives.
2. Delete the D: drive partition and extend out C: to use up that space.
3. Run the loadstate.

If we don’t delete the D: partition it works fine. I thought all the data was going into the hard-link store on “C:\store”?

Answer

Look closer. When you create a hard-link store and specify the store path, each volume gets its own hard-link store. Hard-links cannot cross volumes.

For example:

Scanstate /hardlink c:\USMTMIG […]

Running this command on a system that contains the operating system on the C: drive and the user data on the D: drive will generate migration stores in the following locations:

C:\USMTMIG\
D:\USMTMIG\

The store on C: is called the “main store” and the one on the other drive is called the “distributed store”. If you want to know more about the physicality and limits of the hard-link stores, review: http://technet.microsoft.com/en-us/library/dd560753(WS.10).aspx.

Now, all is not lost – here are some options to get around this:

1. You could not delete the partition (duh).

2. You could move all data from the other partition to your C: drive before running scanstate and get rid of that partition before running scanstate.

3. You could run the scanstate as before, then xcopy the D: drive store into the C: drive store, thereby preserving the data. For example:

a. Scanstate with hard-link.

b. Run:

  xcopy /s /e /h /k d:\store\* c:\store
  rd /s /q d:\store

c. Delete the the D: partition and extend C: like you were doing before.

d. Run loadstate.

There may be other issues here (after all, some application may have been pointing to files on D: and is now very angry) so make sure your plan takes that into consideration. You may need to pay a visit to <locationModify>.

===

Finally, the Black Hat Vegas USA 2010 folks have published their briefings and this one by Ivan Ristic from Qualys really struck me:

State of SSL on the Internet: 2010 Survey, Results and Conclusions
https://media.blackhat.com/bh-us-10/presentations/Ristic/BlackHat-USA-2010-Ristic-Qualys-SSL-Survey-HTTP-Rating-Guide-slides.pdf

Some mind-blowingly disappointing interesting nuggets from their survey of 867,361 certificates being used by websites:

• Only 37% of domains responded when SSL was attempted (the rest were all totally unencrypted)
• 30% of SSL certificates failed validation (not trusted, not chained, invalid signature)
• 50% of the certs supported insecure SSL v2 protocol
• 56% of servers supported weak (less than 128-bit) ciphers

Definitely read the whole presentation, it’s worth your time. Any questions, ask Jonathan Stephens.

Wooo, fancy hat. Looking sharp, Jonathan!

That’s all folks, have a nice weekend.

- Ned “I’m gonna pay for that one” Pyle

Click here to read the rest at Ask the Directory Services Team

If you ever wished for a way to view your iPhone snapshots on a bigger screen (without first copying them to your PC), here’s your answer. WiiPhoto transmits photos to your HDTV by way of your Wii game console.

It’s a terrific idea, but one marred by a couple of gotchas and the limitations of the console itself.

The app works with any iOS device that’s connected to your home Wi-Fi network: iPhone, iPod, iPad, and so on. You’ll also need the Wii Internet Channel on your console if you don’t already have it.

width="270" height="388" />

WiiPhoto taps your Wii console to show photos from a variety of sources.

(Credit:
Galarina)

When you fire up WiiPhoto, it displays your device’s IP address, which you type into the Wii’s browser. Once that connection is made, all that remains is to choose a source for the photos you want to view: Facebook, Flickr, SmugMug, your Mac, or your on-device photo library.

I started with my iPhone’s Camera Roll. I tapped a photo, and sure enough, after a couple of seconds, it appeared on my TV. Neat!

However, I quickly discovered that there’s no slideshow option–you have to select pictures manually by tapping on thumbnails. (You can’t even swipe to cycle between them.)

Then I tried Facebook. Although I had no trouble signing into my account, WiiPhoto displayed none of my personal albums, and all my friends’ albums were labeled “photos not available to you.” I’m not sure if this was the result of some oddball FB privacy setting or a bug in the app. According to the developer (who responded very quickly to my support needs), I’m the only one who’s reported the problem.

Things fared better with Flickr, and I liked the app’s option to show not just my photos, but also “interesting photos,” “photos nearby,” and “popular places.” Here, as in Facebook and SmugMug, you can indeed watch a slideshow (though you can’t adjust the default 10-second interval).

Two other issues cropped up during my testing. First, because the best display resolution the Wii can muster is 480p, photos just don’t look that great–especially on larger TVs (I tried it with a 46-inch LCD). They look washed-out and grainy.

Also, because of how the Wii browser refreshes itself, you hear a beep every two seconds or so–even if you’re still looking at the same photo. That gets annoying mighty quick, but the only real fix is to mute your TV.

Much as I was hoping to love WiiPhoto, I came away just liking it. At $ 2.99 it’s a worthwhile purchase, if only to show off your photos on a big screen–but be prepared for a few disappointments along the way.

Originally posted at iPhone Atlas

Click here to read the rest at The Download Blog: Software tips, news, and opinions from Download.com editors

Reports from several outlets yesterday indicated that Microsoft is in the final stages of the release of Windows Phone 7, their long anticipated answer to the Apple iPhone. Their holiday 2010 availability goal seems to be on target. Others are anticipating an earlier release, maybe as soon as October.

If we take Terry Myerson, Microsoft’s corporate vice president of Windows Phone Engineering, at his word when he wrote on the Windows Phone 7 Team Blog that Windows Phone 7 is the company’s most thoroughly tested mobile platform. He wrote that there were daily automated run tests on nearly 10,000 devices and a combined more than 3.5 million hours of stress test passes and 8.5 million hours of fully automated test passes. If everything works as intended, then the impact will be felt throughout the mobile community.

Windows Phone 7

Microsoft has many things going for it. For starters, the experience of other companies in their own foray has shown Microsoft what works and what doesn’t. So they can avoid the problems that other companies have had. Specifically, Apple’s antenna problem was a small choking point, which was eventually fixed. Microsoft can do well to avoid such missteps.

On the other hand, there should be a large collection of APPS available for purchase that will compete with Android, and the iPhone. Microsoft users, who have been patient throughout the time when Apple and Google were making hay with their mobile devices should be pleased that the device should be everything that they expect.

What do they expect? Multiple APPS for starters, but also connected to the wide array of Microsoft products that only Microsoft can offer. In that sense, Microsoft should be able to dominate the mobile market within a year. For Microsoft that is some heavy expectations.  However, considering how they botched their KIN phone earlier this year, they have a lot to make up for. Users will have to wait, maybe to the end of the year to discover what Microsoft has to offer.

Source: Microsoft

Related posts:

1. Microsoft forecast 30 million Windows Phone 7 Handsets sold in first year
2. The Collapse of Microsoft’s Mobile Phone Market
3. Microsoft has no plans to put Windows Phone 7 on a tablet
4. Marketplace for Windows Phone 7 Unveiled
5. The Costs of Windows Phone 7

Click here to read the rest at Windows 7 News

It’s been only a mere six months since its first unveiling, but Microsoft has already announced that Windows Phone 7 has been released to manufacturing. This means device makers can start tuning the software to their hardware, leaving plenty of time to release devices before the holiday season.
Click here to read the rest at OSNews

Football season is coming soon. There are also many other sports events like baseball, tennis, golf and soccer that are in full swing. For die-hard sports fans out there, I found some handy Chrome extensions to help you track all the games, matches and player stats.

The Are You Watching This?! Sports extension alerts you when games get interesting via colored icons, so you know when to turn in. It lists the scores, news and TV listings for many professional and college sports in the US.

For those who need an edge in your fantasy sports leagues, there are a few Chrome extensions that can help you improve your fantasy team fast. Pickemfirst Fantasy Sports works with Yahoo!, ESPN, CBS and many other fantasy sports websites. This extension brings you news, stats and blogger opinions about all the players mentioned on the web page currently displayed in your browser.

Tweetbeat Firsthand brings in recent tweets from people and organizations mentioned in the page you’re looking at. With this extension, you can see what players, coaches, sports bloggers and commentators think about upcoming matchups.

If following sports online is not enough for you. StubHub’s Event Ticket Finder helps you find last-minute tickets to your favorite sports events right in your browser.

These are just a few extensions to help you stay on top of your game, and you can find many more in the Chrome extensions gallery.

Posted by Koh Kim, Associate Product Marketing Manager

Click here to read the rest at Google Chrome Blog