Dean Paron at Worldwide Partner Conference

Another video from WPC 2009 that comes courtesy of VarVid is Dean Paron, the (now former) Principle Architect of Windows SBS 2008.  You can watch his video from WPC below.

Dean Paron–Principle Architect Windows Server Solutions Group

Read More

Yours Truly at Worldwide Partner Conference 2009

Hey folks,  I just found this video that I did at Worldwide Partner Conference 2009.  Aaron Booker stopped by the booth with his VarVid camera and captured about 2 minutes of time with me.  I’ve been waiting to see this video, and I guess I just found it.  Pretty late. 

Sean Daniel–Senior Program Manager Windows SBS 2008

Read More

How Developers “Extended” the Vail Launchpad

If you’re a developer and you’re interested in writing something for Windows sHome Server, our Lead Developer Dileep has another tip for you on how to extend the Vail launch pad.  Dileep has had a previous post on the location of the SDK for Vail and how you can get involved.

Most recently, Dileep appeared back on the Home Server blog with how to extend the launchpad, and when you should extend the Launchpad.  You can read that blog post here.

If you haven’t been on the forums already, I did a forum post on why we created the Launchpad, with feedback from you, the customer.  Dileep extended on this, copied here for your reading convenience.

What is Launchpad?

Launchpad is a light weight and extensible client-based user interface that we built for Vail. It was born out of a couple of pain points that our customers experienced from Home Server v1. While Home Server v1 provided the ability for developers to add what we call ‘administrative’ or ‘server management’ tasks to the Admin console, it did not provide any means by which a day-to-day or non-administrative task could be presented to users in a coherent manner that resonates its association with Home Server. As a result we started seeing add-ins for day-to-day consumption of home server capabilities that were deployed to Admin Console, but did not belong there since they were not administrative tasks. We realized that there is a need for providing a coherent and consistent grouping as well as entry point for home server related tasks that everyone in the household can perform from their client PCs. This was the first pain point.

The second one, and perhaps the more significant one of the two, was the limitation around having matching usernames and passwords on the server and the PCs. If you recall, in Home Server v1 we require users to create user accounts on the server that had the same username and password as that of the client PCs so that they can seamlessly access the shared folders on the server as soon as they login to their PCs. This generated lot of confusion with consumers, as was evident from the feedback that we got. With Vail, Launchpad acts as the login UI for signing the user onto the server, thereby granting them access to the Server shares and other platform services exposed via the SDK. We no longer have the requirement to have the user accounts matching on server and client, instead users can use Launchpad to ‘sign-in’ to the server with any user account and password combination that was set up in Dashboard!

In short, Launchpad serves the following purposes:

1. It is the entry point for the day-to-day tasks related to Windows Home Server from the client PCs.

2. It eliminates the need for matching usernames and passwords setup between server and client, and eliminates the password sync dialogs.

3. It Provides a logical and centralized location where all home server related tasks are exposed, resulting in much better awareness of home server and its capabilities.

4. It allows everyone in the household to have visibility to developers' add-ins, than just home server administrators.

So, if you’re a developer, head on over to Dileep’s full post, and start coding up some cool apps that will make users love your add-in, and increase the value of Vail.  I know I’ll appreciate it when we ship!

Read More

Understanding SSL Certificates for client to server encryption

Back in January I made a post, which I called Part 1 of Understanding Certificates.  In this post I talked primarily about how the server is authenticated to the client by using a “root” certificate that the client already trusts, thus establishing a trust relationship with a website you are at without actually having been there before.  If you haven’t read it, it’s a good overview on how that works.

In this Part 2, I want to talk about the encryption between client and server.

Part 1 was all about authentication of the server, this part (2) is going to talk about the encryption portion.  Encryption is important on many networks to prevent prying eyes from seeing the data being sent.  The larger and/or more un-trusted the network, the greater the need for encryption.  The Internet of course being the largest of all public and un-trusted networks.

First the easy stuff, when you go to an SSL based website, you’re using the prefix of HTTPS in your browser.  Additionally, many mainstream browsers such as Internet Explorer or Firefox will show a “Lock” symbol to show that your connection is locked, and safe:

(Internet Explorer)

(Fire Fox)

Each browser will show it differently, but I think most of the mainstream one will use a little lock icon.  You might also see different colours (Red means bad, white or Green mean good).  While we’re on the subject of colours.  Some SSL certificate providers will provide you with extra security and extra validation, which will make the address bar go green.  In the captures above it’s important to note that Firefox and Internet Explorer use a completely different certificate store.  Internet Explorer uses the built-in Windows Certificate store, while Firefox manages its own.  There are pros and cons to each approach, but both are just as secure.

So how secure are you?

Well, in the details of the certificate, you can check out the encryption level of the certificate by looking at the public key:

 

This certificate used here for passport is a 1024-bit encryption level.  This means that the keys used to encrypt or decrypt this traffic uses a 1,024 character key length.  That means that in order to decrypt this network traffic, you need 1,024 ASCII based characters in exactly the right order.  That’s a tall order to boot!!  Anything less than 1024 at the time of this printing is not considered industry standard encryption.  Hackers have horse-power to crack 512-bit certificates in just a few weeks, this isn’t new news, this has been done back in 2002!  It also states that even 1024 can be cracked, but it would take a lot longer, given the cracking method used is “Brute Force”. It would take a large number of years to crack this, and you’ll notice if you review your certificates, they are only used for 1 year, and then the key is changed with a new certificate, forcing your hacker to start over.

However, with the introduction of this, 2048-bit certificates are already shipping today.  The bigger the number, the harder it will be to decrypt. What’s the hold up?  Processor power.  Not necessarily in your PC, but on your phone, in your router, even on the server processor!!.  Using higher-level encryption, means that each packet sent over the internet needs to be encrypted on one side, and decrypted on the other.  Does your phone have the processor to deal with higher level of encryption? what about servers that process millions of requests per second, that would double the CPU load for decryption/encryption!  So don’t be surprised if you see 1024-bit for a while longer: it’s still considered industry standard.

You may notice that root or chaining certificates last longer.  This is because their public key is typically not out in the open for all to see, and potentially use to hack.  So it’s generally accepted for these higher certificates to have a longer lifespan.

But how does it work Technically?

Let’s dive into how it works.  When you buy a certificate from a 3rd party, they ask for a CSR (Certificate Signing Request).  The website generating the CSR generates two pieces of information:

1. The Public Key
2. The Private Key

The public key is encoded in this request, along with the final public public certificate.  The certificate provider validates that this is in fact the server it’s issuing a certificate for (the more expensive the certificate, the more validation is done).  The private key NEVER EVER leaves the website generating the certificate.  Think of a mailbox that the post office runs that sites outside the convenience store.  the public key is the slot in the top.  Anyone can get access to that to send stuff into the post office, but the key to open and get access to all this sent mail, only the post office has, and never leaves around anywhere.

Once the certificate request is signed, the public key is placed right on the website for all the world to see, and the private key is kept safe inside the certificate store, hidden from view and access only to administrators!

The private key is used to decrypt everything encrypted with the public key, and vice versa.  Additionally, a per-session key is established and everything is encrypted using that as well.  This prevents when the server sends something to the client encrypted with the private key, any listening clients from decrypting it with the very public “public key”. If you want to go deeper,  you can dive into the nitty-gritty details over on Wikipedia on Transport Layer Security.

What if something goes wrong?

If something goes wrong, or something changes, a certificate is revoked.  A client will check the CRL (Certificate Revoke List) embedded in the certificate to see if the current one is still valid.  If a website cert has been compromised, or a name changed, or anything changed, the certificate is revoked and another one issued.  Clients will know which one to use simply by checking the CRL distribution point.

Here we see that Verisign has their CRL hosted up online that anyone can go and see if this cert is revoked or not.  Clients will known not to trust or use a revoked certificate.

Remember, if you end up at a site that has a certificate that you don’t trust and your address bar in Internet Explorer is red (after you mistakenly continued onto the website), you’ll still get the encryption between the server and the client, BUT you won’t know for sure you’re talking to the right server.  So you should ALWAYS make sure you do not continue onto these types of servers.  Even if you *think* it’s going to the right place.  Imagine if it’s not, and you logged in with your username and password.  You just gave your username and password to some random site! 

Be careful out there, look for the lock icon (), look for the https:// in the address-bar, and be  weary sending personal information anywhere!!

Read More

Calling All Developers–Windows Home Server “Vail” needs you!

A few weeks ago, we released the Home Server codename “Vail” public preview.  Along with that came a software development kit.  Like Windows Home Server version 1, the product is extensible, and we need add-in developers!!  We’ve put a great deal of effort into the improvement of the extensibility of the product. 

Over on the Home Server blog, Dileep, our Development Lead talks about how to jump in and get engaged.  Keep your eye on the official blog for updates as it is a planned series to help you get involved.  If you want to jump straight to the SDK, you can download the complete set of information here (You will have to sign in to Microsoft Connect site).  Any questions can be posted in the developer forum.

UPDATE: See what others are saying about the SDK.

Read More

Windows Home Server “Vail” Drive Extender V2–New Features

Mark Vayman, a lead program manager on the Home and Small Business Server team just tossed out all the new features in Windows Home Server Drive Extender, version 2.  The information and discussion can be found in the Microsoft Forums, and I urge you to surf on over there and jump into the conversation with questions and comments.

Drive Extender is a storage technology first introduced in Windows Home Server's first release. The 1st generation of the technology was file based, and worked on top of "vanilla" NTFS volumes using reparse points. To address the customer feedback we have received and improve the system's resiliency to partial drive failures (seen many times by our support), the Drive Extender technology was updated to use block based storage below the file system similar to software RAID systems.

The following isn't an exhaustive list, but does try to enumerate the major new features as well as features which are no longer supported in the “Vail” version of Drive Extender:

Features carried over from the previous release:

• Duplication can be turned on/off per folder.
• Duplicated folders can survive a single hard drive failure.
• Storage pool can be easily expanded using different drive types and various sizes.
• Graphical representation of storage usage (AKA the pie chart) - isn't present in the beta, but is planned for the next milestone.

New/Improved features:

• For duplicated folders, data is duplicated in real time to two separate drives - there is no hourly migration pass.
• File system level encryption (EFS) and compression are now supported for Drive Extender folders.
• File conflicts are gone, duplication works as intended for files in use as it is performed at the block level now.
• The remaining amount of data to synchronize/duplicate is reported per storage pool.
• All storage operations are executed in the background without blocking other server operations. Specifically, drive removal can be issued without impacting the online state of shares.
• Drives in a storage pool can be named with a custom description to enable physical identification of the drive in the server.
• Drive serial number and exact connection type is reported for each drive.
• Drives which are bigger than 2TB can be added  to a storage pool.
• iSCSI storage devices can be added to the a storage pool.
• The system drive can be excluded from the storage pool.
• A new low-level storage check and repair diagnostic operation was added.
• All storage operations are performed with very low I/O priority to ensure they don't interfere with media streaming.
• A new "folder repair" operation is available which runs “chkdsk” on the folder's volume.
• To protect against silent storage errors (bit flips, misdirected writes, torn writes), additional information is appended to each 512-byte sector stored on drive. In particular, each sector is protected by a CRC checksum, which enables Drive Extender to detect data read errors, perform real-time error correction and self-healing (up to 2 bit errors per sector if duplication is disabled, and any number of bit errors if duplication is enabled) and report the errors back to the user and application. The overhead for this additional data is roughly 12% of drive space.
• Data drives in storage pools can be migrated between servers, and appear as a non-default pool.  A non-default pool can be promoted to a default pool if no default pool exists.

Deprecated features:

• A data drive from a storage pool cannot be read on machine not running the “Vail” server software.
• Data isn't rebalanced across drives to ensure even distribution. The data allocation attempts to keep drives evenly used. A periodic rebalance operation is considered for the next version.

Known inter-op/support issues with the Beta

• As with other software RAID solutions, Drive Extender isn't supported with BitLocker.
• Drive Extender cannot share the same drive with other software based RAID systems (such as Microsoft Dynamic Drives)
• Running low-level software storage tools—for example, defragmentation, full drive encryption, or volume imaging—on server folders may cause issues. These tools have not been fully tested in this release. Please avoid running these tools on the server.
• Internally, the “Vail” software has been tested with up to 16 hard drives and with up to 16 TB of total storage capacity. We’re aware of a number of bugs that occur beyond these limits, so please keep your beta installations under 16 drives and 16 TB total drive space.

Read More

Windows Home Server Codename “Vail” Public Beta Available Today!

Today is an exciting day for me.  As you know, one of the products I work on is Windows Home Server.  Today we’re excited to announce that the next version of Windows Home Server (codename “Vail”) is available for you to try.  This is a BETA release, and while it may seem like you want to switch to it as your actual home server, we want to remind you that it’s still not sanctioned for production usage, because it just hasn’t gone through the hours of testing needed for us to feel confident that it’s rock solid.  Plus we’re still adding features!

What we do want to do with the Beta release, is get the public pounding away on all of our features, but most importanly our PC Backup and our new version of Drive Extender! We invite everyone to check it out by downloading the software from the Microsoft Connect site. (English language builds are available now).  If you don’t have extra hardware, Vail installs flawlessly into Hyper-V based environments and one of our MVPS already has a blog post on how to install it into VMWare.

What’s new?

• Extending media streaming outside the home or office
• Multi-PC backup and restore
• Simplified setup and user experience
• Expanded development and customization tools for partners

A Short Demo of the new features is available on Youtube

Before we go too much further, however, we want to pass along a couple of very important hardware-related tips on installing the Vail Beta:

1. In Vail, we’re moving to a new underlying server platform that will only run as a 64-bit OS. We do not recommend running Vail on a 32-bit PC or existing Windows Home Server systems (even 64-bit Home Server systems) because there may be compatibility issues with some OEM drivers.
2. Since it is still in ‘beta,’ please install the Vail code on a secondary computer as opposed to existing Windows Home Server v1 OEM systems (not even 64-bit systems) If you do install the beta on an existing system, you may experience a number of problems, including the inability to run WHS v1 add-in applications (even those provided by OEMs). Installing on a secondary machine will help ensure the best possible user experience, and we would like your feedback on what this scenario is like.
3. Installation of the Vail OS on a PC will also require users to wipe all data from that PC or device.
4. The hardware requirements for Vail call for a 1.4 GHz x64 processor, 1 GB RAM, and at least one160 GB hard drive. Full details and additional requirements will be posted on the Microsoft Connect download site.

Also, if you are a developer, this beta includes a new software development kit (SDK) that gives developers and partners even more ways to customize the OS and add new functionality and services to Windows Home Servers. Download the SDK here.

Finally, before you start filing bugs, some features yet to come are:

• Changing a users password
• Changing your home server password
  

Please refer to the official home server blog for the official announcement.

We look forward to hearing your feedback.  Please open issues and discuss on the Connect Website.

Read More

McAfee Update Shuts Down XP Machines

McAfee corporate customers across the globe using Windows XP experienced massive shutdowns today as an update to McAfee's security suite deleted svchost.exe—a very common Windows process—causing machines to reboot continuously. McAfee has confirmed the problem and removed the faulty virus definition file from the update. Only McAfee's corporate users were affected.

If you or your workplace were affected, Twitter user scratchfury offers this (unverified) tip:

boot to safe mode, rename mcshield.exe, reboot, run Virus Console, pick Tools -> Rollback DAT, name back to mcshield, reboot

We don't have a machine to test it on, so follow his tip at your own risk, and only if you know what you're doing. If you've fixed it already, let's hear how you did it in the comments.

Courtesy of LifeHacker

Read More

The Next Wave of Productivity – Office 2010

Wow, it’s hard to believe that Office 2010 is here already.  I’ve been running different forms of beta for just shy of a year!  In fact, I can’t even consider running Outlook 2007 anymore, as the new Outlook 2010 makes me sooo productive.  The new Outlook ribbon, the detailed calendar views, the ability to import my Facebook internet calendar directly into Outlook (2007 did it, but one-time only, 2010 will continuously do it, keeping me up to date). 

I’ve been using it exclusively for work, and the features are amazing, but I hear (and can’t wait to try) that it has some social connectivity for personal use.  Can’t wait to get it on my home PC!

Join Microsoft & Steven Elop at the virtual launch!

Click the graphic above, to add to your calendar, then watch Stephen Elop, President of the Microsoft Business Division, announce the launch of Office 2010 and SharePoint 2010 on May 12, 2010 at 11 a.m. EST. The live Microsoft keynote focuses on the next wave of productivity that delivers:

• End user productivity across the PC, phone and browser
• IT choice and flexibility
• A platform for developers to build innovative solutions

Join the virtual launch event with Microsoft executives, product developers, partners and customers to:

• Find out how peers and partners are already seeing benefits to their business by leveraging the next wave of productivity.
• Submit your questions through live Q&A.
• Participate via blogs, tweets, social media networks, commenting, and more.

View on-demand breakout sessions showing how Office 2010 and SharePoint 2010 meet the unique challenges people and businesses are faced with today, and provide the solutions they need for tomorrow.

Read More

Create SUPER complex passwords with touch typing skills

I found this awesome tip on LifeHacker, one of my favorite blogs… Shift your fingers one key for easy to remember, super complex passwords!

You're constantly told how easy it would be to hack your weak passwords, but complicated passwords just aren't something our brains get excited about memorizing.

His clever solution: Stick with your weak, dictionary password if you must; just move your fingers over a space on the keyboard.

If you want a secure password without having to remember anything complex, try shifting your fingers one set of keys to the right. It will make your password look like gibberish, will often add in punctuation marks, and is quick and simple.

When John Pozadzides showed us how he'd hack our weak passwords, he listed his top 10 choices for getting started hacking away at your weak passwords. Let's take a look at how a few of those popular passwords fare when finger shifting to the right:

• password => [sddeptf
• letmein => ;ry,rom
• money => .pmru
• love => ;pbr

Something longer but still really lame, like, say, "topsecretpassword", becomes "yp[drvtry[sddeptf". These may not be perfect compared to secure password generators, but they're likely orders of magnitude better than a lot of people's go-to passwords.

Read More

Windows Media Player 12 Streams Your Media Library over the Internet

Here's a new one to us: Linking your Windows Live ID to Windows Media Player 12 in Windows 7 allows you to stream your entire music library to any computer. Even better: no need to install third-party software with this method.

There are many, many ways to stream your music collection over the internet—but there's something appealing about using the built-in software that Microsoft bundled with Windows 7. If you're already using Windows Media Player 12, you can listen to your home music collection from any Windows computer through the internet. What's more, it actually should work with all your media, not just your music.

In order to use this feature, you'll need a Windows Live ID then you've got to link your Windows Live ID to your media collection. In Windows Media Player, navigate to the Stream menu and choose "Allow Internet access to home media." You'll want to "Link an online ID." If you see "Add an online ID provider" in the next box, click it because you'll need to download some software depending what version of Windows 7 you're running.

Enter your Windows Live email address and password to link your media collection. Go back to the Stream menu, and click "Allow Internet access to home media." In order to enable another Windows 7 PC access, you'll need to repeat these steps. After you're finished, your library will show up in the Other Libraries category of the left-side pane in Windows Media 7.

We don't know a lot of people who actually use Windows Media Player, but this awesome feature could convince some—and it's something that would be great to see in more tight-fisted media players. (Ahem, iTunes, we're looking at you.)

Post courtesy of Lifehacker

Read More

Best of Bing – Windows 7 Themes

Are you on Windows 7 and like the Bing homepage images? You can have the best of them as wallpapers for your desktop! The first Bing’s Best theme pack was so popular, the team decided to release a second Bing theme pack: Bing’s Best 2.

In case you missed out on number one, I’ve listed them both below:

You can also download both of them from here. Enjoy!

Post courtesy of Liveside.net

Read More

Start your day with sip of coffee and byte of technology

Microsoft and HP have been bringing technology solutions to small business customers since before most people ever heard of a latte. Things change fast in our industry. Coffee Coaching’s Mission is to help you stay on top of current technologies. If you’re already in the habit of checking your Facebook page over coffee in the morning, now you can use it to stay on top of your business as well.

We’ve created a place where you can easily find video overviews of products and technologies, information on opportunities for prospecting, interact with Microsoft and HP product managers, and talk with your peers in the Coffee Coaching community.

Go to the source! Hear about Windows Small Business Server 2008 directly from the product group at Microsoft. Learn about HP’s Small business offerings directly from the engineers at HP. We have a collection of short videos on all of the Windows Server family of products and HP hardware solutions.

Click here to become a Fan of Microsoft and HP Coffee Coaching!

· Throughout the day on March 8th, as you explore the site, we will have Microsoft and HP experts available for online discussions.

Grab a cup of coffee and join us for a session of Coffee Coaching.

You Tube | Facebook | Twitter

Brought to you by:

HP | Microsoft

Read More

MVPs are Dressing my dog – that’s just weird.

Two weeks ago, Microsoft hosted the worlds MVP’s at our 2010 Summit.  SBS and Home Server MVPs are the best MVPs at Microsoft (I may be biased, but that’s what I think), followed of course only by EBS MVPs (who are mostly ex-SBS MVPs anyways!).  Ok, who am I kidding.  All MVPs are awesome, I just happen to have many of the SBS and Home Server ones as my buddies.

Microsoft does it’s best to make the MVPs welcome in the Seattle area, which includes dinners, parties, get-togethers, lunches, coffee breaks, etc.  All in the name of geek speak between MVPs and Microsoft! 

If you’re not familiar with what a Microsoft MVP is, they are community voted professionals that go above and beyond the normal to help out the general public with their issues with specific products.  Most MVPs dedicated a lot of time and energy to this cause, and as such we reward them. 

In this particular instance, the tables were turned.  The MVPs rewarded us!!  Taking advantage of the fact they were on campus they decided to dress up my mascot in appropriate attire.

Now, I’m not normally into dressing my dog, primarily because we are both men and we don’t do that.  In addition to that fact, if you put anything on Chico, he freezes.  But, for this blog, he’s willing to don the clothing and answer your questions.  Simply click in the search box and type your search.  I’m sure Chico will have a blog post for you.  If you don’t find it here, you can also check over at the official SBS blog.  If you don’t find it there, shoot me an email and I’ll see what I can do to write one up for you (no promises on timing though, Steve Balmer keeps us pretty busy over here.

Last and most importantly, I want to publicly thank all of the MVPs for their support and the wonderful gift they gave me.  I don’t have to email this to them, because being MVPs, they are so plugged in, they will find it.

Read More