July 2005

If you are planning an in-place upgrade of your server running Exchange 2000 to Exchange Server 2003, beware of the Badmail folder.  Apparently, during the Exchange Server 2003 setup process, the setup application tries to go back and stamp ACLs (access control lists) on all the objects in the installation directory.  This, by default, includes the Badmail directory.  If your Badmail directory contains lots of items (which, in an Exchange 2000 installation, it probably does), then this can cause the Setup process to appear to be hung.  Microsoft has published this KB article discussing the issue and the resolution.

Fortunately, in Exchange Server 2003 SP1, Microsoft has changed the behavior of Exchange to use the Badmail folder only if explicitly configured to do so (see this KB article).  No more monitoring the Badmail folder!

In addition, for those networks that have not yet deployed Exchange Server 2003 SP1, Microsoft has released the BadMailAdmin tool.  I’ve tested this, and it works as advertised.

I’m not a Linux expert, so I haven’t really spent a great deal of time wandering the various Linux distributions to see which one(s) I really like.  I have been primarily using Red Hat Linux 9.0 (RH9), even though it’s an older distribution with an older kernel that is no longer supported.  I tried the Fedora Core distributions, but just kept coming back to trusty old RH9.

Rather than continue to try to shoehorn RPMs built for one of the various Fedora Core versions onto RH9, I’ve decided I’m going to try a new distribution.  But before you congratulate me for venturing into the brave new world of Linux distributions, you should wait to hear what I’m going to try next.  I’m going to try CentOS, a free redistribution of the source RPMs that comprise RHEL.  Basically, it’s Red Hat Enterprise Linux, but with all references, branding, artwork, etc., for Red Hat removed from the source RPMs and then recompiled.  I’m downloading the ISO images for CentOS 4.1 right now from an FTP mirror at North Carolina State University (Go Wolfpack!).  I’ll post my impressions of CentOS 4.1 once I get it installed and running.  (That’s assuming I can make it work under VMware.)

In the meantime, I am continuing to explore more uses for OpenBSD, which I find that I really enjoy working with.

I’m a stickler about cookies.  No, not the kind you eat…the kind that web servers place on your computer when you visit a web site.  I understand that cookies are sometimes necessary to maintain state as a user navigates through a web site; HTTP is, after all, a stateless protocol.  But a cookie for every site no matter what?  That just gets on my nerves.

Up until now, I had Camino configured to ask if I wanted to allow a cookie or not.  This got time-consuming when I was visiting a site I had never visited before and all the ad servers wanted to place a cookie to track me.  I wanted a way to tell Camino, “Block all cookies unless I say otherwise.”  Finally, in Camino 0.9a1, I can set all cookies to be denied and then view the exception list, but there was still no way to edit the exception list.

Being the determined (read: stubborn) person that I am, I was determined to find a way to edit this exceptions list.  (As a side note to the Camino developers, please write a UI for editing the exception list.)  After not too much searching, I found that the hostperm.1 file in ~/Library/Application Support/Camino is an ordinary text file that contains the exceptions list.  To add a site to this list, simply follow the same format as one of the existing lines, specifying 1 to allow cookies or 2 to deny cookies.  Of course, any editing to this file should be done while Camino is not running.

I’ve spent some time over the last few days researching some of the various ways in which to allow users to login to Linux servers using their credentials from Active Directory.  Along the way, I’ve found some useful articles; notably, here, here, and here.  These are also bookmarked in my del.icio.us bookmark list under the Linux tag.

It looks as if the best solution involves the use of Kerberos for authentication and LDAP for user/group name resolution.  As fate would have it, as soon as I decide to use Kerberos, some new security holes are discovered.  At least these security holes don’t involve Microsoft’s implementation of Kerberos, but they will affect the Linux Kerberos clients.  Hopefully, patches for the affected portions will be released reasonably quickly.

As this project evolves, I’ll continue to post more information here.  A final “how to” will likely also be posted on the Mercurion Systems web site as well.

I suppose since I didn’t post this until Wednesday, the title isn’t exactly correct, is it?

In any event, Microsoft has released the security bulletin for July, which contains 3 critical updates (updates rated “critical” are considered the most severe by Microsoft).  These updates patch security vulnerabilities in Microsoft Word, Internet Explorer, and Windows (including Windows Server 2003 SP1 and Windows XP SP2).

Microsoft had previously released a workaround for the Internet Explorer flaw (note that this page now directs users to the location of the update rather than the earlier workaround).

Additional information on the patches can be found here.

Mozilla released Firefox 1.0.5, which patches a number of security vulnerabilities.  You can get more information on the release here or by visiting the Mozilla.org web site.

In addition, more information has been revealed about Firefox 1.1, the next version of the open source web browser.  An alpha version of Firefox 1.1 could be ready within just a few days.

If Mozilla can continue to innovate with Firefox and address my two primary concerns—ease of deployment and distributing security updates—then they will continue to steal market share away from Internet Explorer.  If nothing else, Mozilla will at least force Microsoft to be competitive again, and that is a success in and of itself.

Mozilla is also updating Thunderbird, the companion e-mail client to Firefox, and that update is expected to be available soon as well.

One of the RSS feeds from Mac OS X Hints today pointed me to a website on DNS Service Discovery (DNS-SD).  DNS-SD is part of the magic behind Bonjour (formerly named Rendezvous), the way in which Mac OS X is able to automatically locate services across the network.  Bonjour is used, for example, in locating an Airport Extreme base station, or used by Camino and Safari to find web servers on your network.  Personally, I like Bonjour, and it’s good to see that it is finally being extended beyond single-segment implementations.  And, with Bonjour for Windows available from Apple, it’s starting to look like a viable cross-platform solution for finding and connecting to network services automatically.

I’ve been using Camino 0.9a1, the latest version of the native Mac OS X browser, for the last few days.  I have to say that I am impressed.  I like the new features on the Go menu that shows the most recently visited websites; this makes it easier to flip back to a site than having to switch to the “Bookmarks” view.  The new tab bar is much better as well; I couldn’t stand the old one.

The CamiTools add-ons for Camino 0.9a1 are also excellent; I’m using both CamiOptions as well as CamiFlash.

If you are using Camino now, you should give this new version a spin.  You’ll be glad you did.

Apparently, Microsoft’s public statement regarding the downgrade of Claria software in their anti-spyware product (which now recommends that users ignore the Claria software instead of remove it) isn’t sitting well.

In this article at eWeek, a number of spyware experts call Microsoft’s explanation less than satisfactory. Ed Bott, Ben Edelman, and others have all commented on Microsoft’s explanation.  The overwhelming consensus is that users don’t trust Microsoft to be honest.  And why should they?  Unfortunately, Microsoft has placed itself in an unenviable position, and only by being completely squeaky clean and transparent will it be able to avoid a backlash over actions such as this.

Well, barring some unforeseen disaster or God leading us otherwise, my wife and I are going to Stockholm, Sweden, around Labor Day.  A good friend of mine is getting married and we’ve been invited to the wedding.  It’s a bit scary, as the only foreign country I have ever visited was Mexico, and that was to a high-traffic tourist area.  Somehow, I don’t think that thousands of Americans visit Stockholm in September every year.  Anybody know any Swedish?