blog.scottlowe.org

As you may recall, the idea behind XC Connect is that multiple applications across platforms could synchronize data with each other.  This would make it possible, for example, for a list of Contacts normally managed inside Outlook to also be shared seamlessly with Linux systems running Evolution and Macintosh clients running iCal.  This synchronization would also be possible, in an encrypted fashion, across the Internet.

Tests of Windows-to-Windows synchronization are very positive.  The but the real test for me is synchronizing between iCal/Address Book and Outlook.  If that part works as well as what I’ve seen thus far, I will be truly excited.  The idea of having a single list of contacts is more enticing than perhaps I can fully elaborate.

I plan on performing some additional tests this weekend, and when those tests are complete I’ll post more information here.

Then all I have to do is figure out why my Treo won’t synchronize fully with my laptop.

Almost from the moment I switched to Mac OS X, I started looking for an application to provide the functionality of virtual desktops.  I suppose my days of dabbling with Linux and the X Window System had ingrained me to believe that a *nix-based system just wasn’t the same without virtual desktops.

My virtual desktop journey started with CodeTek Virtual Desktop, a commercial product that’s very capable.  The idea of the desktop pager was very natural, and the ability to automatically switch desktops when switching applications was very handy.  I could simply Alt-Tab to the application I needed and CodeTek would automatically switch the appropriate desktop.  I could also specify that new windows for a particular application should always be created on a particular desktop.

After a while, I started looking into a new crop of open source virtual desktop managers.  Space.app was one, but was (granted, this was quite some time ago) still a bit too rough around the edges.  I was then turned on to Desktop Manager, which I used for long time.

Desktop Manager wasn’t as full-featured in some aspects as CTVD, but I really liked the desktop transitions (great way to show off Mac OS X’s graphics functionality).  The ability to support CTVD pager skins was a nice feature as well, and I really like the overlay of the desktop name on the desktop.  One feature that I particularly enjoyed using was the Mac equivalent of the Run dialog box, invoked by Option-Cmd-R.  This made it easy to launch an application without having to navigate to the desktop where the Applications folder was found.

Just within the last day or so, I started using Virtue.  Virtue’s “claim to fame” is that it doesn’t use a desktop pager to switch virtual desktops; instead, it uses a translucent pop-up window similar to that used by Quicksilver.  I’m having a bit of a problem getting used to the lack of a desktop pager, but the pop-up bezel is kind of cool, and it looks as if Virtue supports different wallpapers for different desktops.  Virtue also appears to be more advanced with regards to applying desktop overlays (like the desktop name, for example).  All in all, it looks like a great application.  I don’t know if I’ll stay with it or not; if I do switch back to Desktop Manager, it will be simply because I am too ingrained to use the desktop pager and because I miss my “Run…” keyboard shortcut.  In the meantime, I’m going to give it an honest try.

Not long after switching to Mac OS X, I also started using PGP to provide a digital signature to all my business-related electronic communications.  Given the increasing frequency of e-mail messages with spoofed source addresses, I felt that it was only prudent to start providing customers with a way of proving that messages which stated they were from me were actually from me.  Besides, that might also cause some customers to ask, “Is this something I should be considering as well?”

Since that time, I’ve been reasonably pleased with PGP.  However, I recently started looking at a possible upgrade to the latest version of Mac OS X (“Tiger”), and noticed that PGP 8.x is not compatible.  In fact, PGP stated rather clearly that PGP 8.x is not and would not be compatible with Tiger or future releases of Mac OS X.  (This statement was located on the PGP Support web site.)

I’ve researched PGP 9.x and read some reviews, and I’m not terribly excited about the new architecture.  I’d much rather leave my existing SSL/TLS configuration in place and know that my messages are encrypted when going to/from my server, rather than relying on a PGP “proxy” to enforce policies.  I suppose it’s a good way of handling things, but when it comes down to it I just don’t like it.

That being said, in order to proceed with an upgrade to Tiger I’ll have to a) upgrade to PGP 9.x; b) switch to an open source implementation of PGP, such as GPG; c) switch to an alternate form of digital signatures, such as S/MIME; or d) stop using any form of digital signing whatsoever.  Having purchased PGP in order to not use GPG, I’d say that option is out.  Not having any signatures whatsoever isn’t really acceptable to me either, so that leaves S/MIME.

S/MIME is fine by me, anyway, since Microsoft has done a reasonably good job of incorporating S/MIME support into recent versions of Outlook.  Since a significant portion of my customers and colleagues use Outlook, then it begins to make sense to use S/MIME.

Over the next few weeks, I’m going to be researching which certificate authority (CA) I’ll use to issue my S/MIME certificates.  I’ve registered with CAcert.org, in the event that I decide to use them.  My preference would be to use a CA that can offer me a certificate with my actual name on it.  On the other hand, I’m cheap (rather, I’m frugal) and I don’t feel like paying $20/yr just to maintain a certificate.  It may be that in order to get my actual name on the certificate I’ll have to pay for it.

I’ve already located a number of resources in using S/MIME with Mac OS X 10.3 (“Panther”), my current version, and those have been added to my del.icio.us bookmark list (usually with the Encryption or Security tags).  If anyone has any other resources that may be helpful, feel free to let me know.

Technorati Tags: Encryption, Macintosh, Messaging, Security, Standards

As you may already know, I’ve been struggling with a bug in an environment running Exchange Server 2003 and Windows Server 2003 with SP1.  The bug is manifested as an error that appears when users with the properly delegated permissions attempt to add or modify an e-mail address on an already mail-enabled or mailbox-enabled object.  The error, listed as error ID c10308a2, contains text along the lines of being unable to determine if the Microsoft Exchange System Attendant service is running.

The underlying issue is a change that Windows Server 2003 SP1 makes to the security descriptors applied to the Service Control Manager.  This change in security descriptors now makes it impossible for non-administrators to query service status; hence, the error message.

In trying to apply the fix suggested by Microsoft in KB905809 (the use of the SC.EXE command), the error was never resolved.  It turns out that the workstation I was using the test environment was configured not to use the primary DNS suffix, but instead use a predetermined DNS suffix search list.  This configuration resulted in the system’s AD domain name not being in the suffix search list.  As a result, even though the fix from Microsoft was applied, errors still occurred.

This morning I double-checked everything on the test servers as well as the test workstations, corrected the problem described above, and reset the environment to match the production environment.  Then, walking through the tests again, I confirmed that running the SC command to add permissions to the Authenticated Users group (see the KB article linked above for more details, then see this explanation of SDDL syntax) does indeed resolve the issue.

So, finally, we can put this issue to rest.  If you are running Exchange Server 2003 with Windows Server 2003 SP1 and finding that your non-administrative users can’t add or modify e-mail addresses using Active Directory Users & Computers, see KB905809 and run the SC command listed in there.

I received a copy of the new album by Casting Crowns today, Lifesong.  There are a couple of really good tracks, like the title track “Lifesong,” and “Father, Spirit, Jesus”, and “Set Me Free.”  Most of the songs, though, are a very different style than Casting Crowns’ debut album.  To be honest, I’m a bit disappointed.  After so thoroughly enjoying their first CD, I was really looking forward to their next album.

This is not to say that the CD is bad.  It just wasn’t what I had expected.  Songs from their first album really moved you, like “Voice of Truth”, “Who Am I”, “American Dream”, and “If We Are The Body”.  And they did so with a powerful rock sound.  These songs, on the other hand, are much softer.  The lyrics are good, but the musical style is not what I was hoping for.

Then again, a few of the tracks from the original album didn’t really strike me the first time I heard them, but as I listened to them again I began to enjoy them more.  Perhaps the same will happen here.

Technorati Tags: Christianity, Personal

I have a few things I wanted to mention here, but none of them were really long enough to warrant their own entry.  So, I’m lumping them all together here.

First, I’ve started going back and adding excerpts (or summaries) to most of the entries posted on this weblog.  This makes the WordPress archive views cleaner (no more Technorati tags showing up for short entries).  I’m sure there are probably other reasons why this is a good idea as well, but I don’t know what they are (yet).

Second, the process of adding these excerpts has reminded me of how challenging writing can be.  I was always taught to have a firm purpose and focus when writing, and in those cases where that was true the summaries come to me easily.  However, for those entries where my focus wandered, I am finding it difficult to summarize and describe what was written.  This just really reinforces for me the challenge and the reward of writing here, of being able to effectively communicate and relate ideas to others.  It’s a skill that many have lost (or never gained) in recent years, and society is worse for it.

Third, I think I’ve finally managed to get all of the weblog customizations in place, at least for now.  It’s not a radical departure from the default WordPress theme, I know, but it’s a decent first step.

OK, so maybe these things are related after all…they all have to do with this weblog.

Technorati Tags: Blogging

In reading through a pile of unread industry magazines, I came across an article by Kevin Tolly, a columnist for Network World, titled “Closing the door on Windows”, that describes his switch to the Macintosh platform.

I guess my own personal switch from Windows to Mac OS X last year was, to borrow a phrase from Tom Yager, ahead of the curve.  In his article, Tolly describes the experience in these terms (all content copyright of respective holders):

“…the bottom line is that I’m able to get my work done more efficiently with fewer crashes and have already found ‘richer’ programs…which I expect to offer me more than their MS Office counterparts.”

While I can’t vouch for the latter part of his statement (I don’t use Apple’s iWork suite), I can say that my own experience is much the same.  The Mac’s fluid UI, rock-solid BSD underpinnings, pervasive networking support, and a variety of open source applications make it possible for me to do my job in a very effective manner.  That’s not to say that everyone will have the same result, but it is definitely to say that the Mac is a viable alternative.  It is definitely a viable alternative, and more and more people are discovering that fact.

As the next-to-last article in a series of postings about the problem described in this KB article, it appears that Microsoft will not be producing a hotfix for this bug.  In speaking with Microsoft earlier today, it appears that no hotfix will be produced for this, even though it is a confirmed bug.  As of this afternoon, the only known fix for the problem is using both methods outlined in the KB article.  I hope to confirm that for sure on Monday.

I’m also going to confirm on Monday whether membership in the local Administrators group (on the actual Exchange servers) will also fix the issue.

The next posting about this problem will be the last one regarding this issue.  Really.

As I’ve continued using my Treo 650, I’ve run into an apparent conflict between the Treo’s GPRS functionality and Bluetooth HotSync support.

Yesterday, I was trying to HotSync my Treo back to my PowerBook so that I could install Chatopus, an IM client for the Treo.  (BTW, Chatopus is pretty cool; it’s an XMPP/Jabber IM client.)  However, every time I tried to HotSync via Bluetooth, I’d get the “Port is in use by another application” error.  Reviews of the HotSync log on the laptop showed nothing, which indicated to me that the problem was on the Treo.  Just on a whim, I dropped the GPRS connection I was using to retrieve mail in VersaMail and tried again.  It worked!

The only conclusion that I can draw is that having a GPRS connection prevents using Bluetooth to HotSync.  Note that it doesn’t prevent Bluetooth use in general, since I can use my Bluetooth headset without any problems.  It just seems to prevent the use of Bluetooth for a HotSync operation.

This does not appear to be a limitation of Palm’s HotSync software on the laptop, so I don’t think that using something like The Missing Sync (from Mark/Space) will help matters.  (I am looking into switching to that software, though.)

If anyone has any additional information on this conflict, please post more information in the comments.

Technorati Tags: Bluetooth, Mobility, Treo

This is a follow-up to my posting titled “Another Funky AD Issue”, in which I described a situation with a customer where support staff are unable to modify or add an e-mail address to a mail-enabled or mailbox-enabled user or contact after it has been created.

It turns out that this is a bug in Windows Server 2003 SP1.  The KB article I referenced in the earlier blog posting is also slightly inaccurate; what that article portrays as two separate workarounds to the problem are actually two steps in one workaround.  So, in reality, you’ll need to perform both steps (both the SC.EXE command and the Group Policy Object) in order to fix the problem.  (Please note that I have not verified this myself yet.)

As it currently stands, the KB article is the only known workaround for this problem.  According to the Microsoft Product Support Services people I’ve spoken with thus far, it is unknown if Microsoft will issue a hotfix to correct the problem.  In the meantime, I have forwarded a URL with another potential fix (see this URL) for Microsoft to analyze and determine if this will help the situation.

Other potential solutions include adding the support staff to the local Administrators group on the Exchange server(s); this, clearly, is a less-than-ideal solution.  Supposedly, removing Windows Server 2003 SP1 will also correct the problem.  (Again, I have not verified this personally.)

Microsoft Product Support Services is supposed to get back in touch with me in the next couple of days with some additional information.  I’ll post more information here as it becomes available.

Technorati Tags: Exchange, Windows