# Thursday, April 1, 2004

For a long time it has been asserted as "fact" about Linux being more secure because it's OPEN and therefore more eyes look at the code and are able to secure it easier. Naive Marc “right place at the right time” Andreessen lists it as the 4th reason in his “why open source is better” list.

 

 This “fact” is dead wrong. I have always believed that Linux will be far LESS secure than propriety software since all it takes is one bad hacker to ruin they day. In a new report, Is Linux More Secure Than Windows? from Forrester Research Inc., says that Microsoft fixes security problems faster! One of the benefits of open source is that there are so many free developers working non stop to fix bugs fast. But somehow Microsoft seems to fix things faster. Guess Adam Smith was right after all.

 

The industry and the author of the article from Forrester believe that based the available data on the past security vulnerabilities, security vulnerabilities follow a timeline from discovery to fix. During this timeline hackers exploit the vulnerability. (Hackers have a “time to market” so to speak that is getting quicker and quicker, see below.)

 

Since the goal is to fix the vulnerabilities faster to reduce attacks then Microsoft is actually more secure. Microsoft took an average of 25 days to fix a vulnerability and RedHat took an average of 57 days.

 

Now forget the MS v Linux issue (more on that soon), but we have to take some responsibility ourselves, no matter what the OS. We have to install patches. Prior to the Nimda worm being released the patch for the exploit had existed for 331 days. SQL Slammer, 6 months. Welchia/ Nachi just over 5 months. Recently with the Blaster worm the patch for the exploit was released only 25 days before the worm was released. In each case a patch was available. We are seeing hackers watching for security alerts and then using those alerts to create exploits and take advantage of the fact that deploying security patches is a complex process in the corporate space or simply not done in the end-user space.

posted on Thursday, April 1, 2004 11:41:35 AM (Eastern Standard Time, UTC-05:00)  #    Comments [10] Trackback
# Monday, March 29, 2004

Last year I was a judge in the final round of the Imagine Cup at TechEd in Barcalona, Spain. It was a great thrill to be involved. I am honored to be a judge in a regional round tomorrow at Fordham University.

posted on Monday, March 29, 2004 1:52:28 PM (Eastern Standard Time, UTC-05:00)  #    Comments [21] Trackback
# Saturday, March 27, 2004

For no other reason than they don't support stored procedures. Anyway, it has been a great time at VSLive so far, here are some images and memories from this week.

Photos: http://www.ftponline.com/reports/vslivesf/2004/photos/#

ABC TV coverage:   http://www.ftponline.com/reports/vslivesf/2004/mmnewsclip/

Our show coverage: http://www.ftponline.com/reports/vslivesf/2004/

Opening BillG Keynote: http://www.ftponline.com/reports/vslivesf/2004/gates/

posted on Saturday, March 27, 2004 11:02:07 AM (Eastern Standard Time, UTC-05:00)  #    Comments [4] Trackback
# Friday, March 26, 2004

Got up early this morning and did an 8 mile run over the Golden Gate bridge and back to the center of town with tri pal Andy Catlin. Put me in a good mood to see the VSLive keynote on Yukon Business Intelligence by Microsoft PM Bill Baker. Besides enhancements to Reporting Services and DTS (DTS will be renamed), Yukon will help bring BI to the masses with UDM:

 

There will be “Visual Studio Controls for Reporting Services“ in Visual Studio 2005 where you can embed reports into ASP pages and Windows Forms much easier. There is navigation, ad hoc query and other cool controls to play with.

 

DTS is completely rewritten. Total event driven and based on the CLR.

 

The Unified Dimension Model is new and great. The UDM basically combines OLAP and the relational worlds into one programming model that will truly bring OLAP to you and me.  

 

Can't wait. :)

 

I give three talks today: SQL Server Notification Services, XQuery in Yukon and ADO.NET Best Practices. I am a busy kid today.

 

Trivia: Yukon is named after the national park in Alaska, not the Canadian province (or territory, who can keep track!). J

posted on Friday, March 26, 2004 12:55:42 PM (Eastern Standard Time, UTC-05:00)  #    Comments [12] Trackback
# Thursday, March 25, 2004

That was Sun Microsoft’s CEO Scott McNealy’s response to an IBM open letter to Sun to open up Java and make the Java language open source.

 

Many people have urged Sun to open up Java. After Eric Raymond’s open letter last month, Scott replied: “We’re trying to understand what problem does it solve that is not already solved.”

 

You make me laugh Scott. Too bad everyone else thinks you, your Linux strategy and desperate attempt to hold on to Java are a joke.

 

C# is open. J

posted on Thursday, March 25, 2004 3:57:40 PM (Eastern Standard Time, UTC-05:00)  #    Comments [28] Trackback

$613 million that is? The European Commission has fined Microsoft a record $613 million. What are they going to do with the money, further subsidize Airbus? Further subsidize French farmers? Lower German taxes? Give the money to Linux “research”? Send troops to Iraq?

 

I think that Microsoft is victim of anti-American sediment in Europe right now. The fine is excessive. It surpasses fines the Commission has imposed on price-fixing cartels and it sends the wrong message about antitrust enforcement priorities.

 

The US Attorney General’s Office agrees with me. "Imposing antitrust liability on the basis of product enhancements and imposing 'code removal' remedies may produce unintended consequences," US Assistant Attorney General Pate said. "Sound antitrust policy must avoid chilling innovation and competition even by 'dominant' companies. A contrary approach risks protecting competitors, not competition, in ways that may ultimately harm innovation and the consumers that benefit from it."

 

Come on now, Media Player? It sucks. Everyone downloads MusicMatch or WinAmp anyway. IE beat Netscape since Netscape took way too long to innovate (was years in-between releases). Media Player sucks and nobody really uses it.

 

So European Commission you showed your true colors Maybe the US should fine Airbus for dumping and price fixing.

posted on Thursday, March 25, 2004 9:12:04 AM (Eastern Standard Time, UTC-05:00)  #    Comments [12] Trackback
# Wednesday, March 24, 2004

The New York Jets appear to be returning from exile with a new stadium in the west side of Manhattan (thank goodness I live on the East side).

posted on Wednesday, March 24, 2004 1:46:14 PM (Eastern Standard Time, UTC-05:00)  #    Comments [0] Trackback
# Tuesday, March 23, 2004

This new virus is really causing problems. I am getting a fair amount every hour. ORCSWeb blocks them at the gateway and sends me a warning. Time to hunt down virus writers and throw them in jail.

The Declude Virus software on orcsweb.com has reported that you were sent an E-mail from ca@digsigtrust.com, containing the : W32/Netsky.P@mm virus in the document09.zip attachment. The subject of the E-mail was "Re: Proof of concept".

The E-mail containing the virus has been deleted to prevent further damage.

posted on Tuesday, March 23, 2004 3:55:47 PM (Eastern Standard Time, UTC-05:00)  #    Comments [11] Trackback

On Saturday I will be doing a post-con with Andrew Brust on .NET Data Access at CSLive in San Francisco. Hope to see some of you there!

.NET Data Access Soup to Nuts
Andrew Brust and Stephen Forte
Saturday, March 27


In this workshop, we'll cover the basics and fine points of ADO .NET, seen from both Windows Forms and ASP.NET vantage points. After a brief introduction, we'll cover connected and disconnected data access, ADO .NET data binding, strongly-typed DataSets, and the XML features of ADO.NET. We'll then take a close look at using ADO .NET and SQL Server together, including development of stored procedures, triggers, and functions; advanced T-SQL techniques; and working with SQL Server and COM+ transactions. Attendees of this workshop will also get a high-level look at the forthcoming features of "Yukon," the watershed next release of SQL Server.
 

posted on Tuesday, March 23, 2004 12:11:31 PM (Eastern Standard Time, UTC-05:00)  #    Comments [11] Trackback
# Monday, March 22, 2004

If you agree or disagree with her, this is good reading.

From the Washington Post:

The al Qaeda terrorist network posed a threat to the United States for almost a decade before the attacks of Sept. 11, 2001. Throughout that period -- during the eight years of the Clinton administration and the first eight months of the Bush administration prior to Sept. 11 -- the U.S. government worked hard to counter the al Qaeda threat.
 
During the transition, President-elect Bush's national security team was briefed on the Clinton administration's efforts to deal with al Qaeda. The seriousness of the threat was well understood by the president and his national security principals. In response to my request for a presidential initiative, the counterterrorism team, which we had held over from the Clinton administration, suggested several ideas, some of which had been around since 1998 but had not been adopted. No al Qaeda plan was turned over to the new administration.

We adopted several of these ideas. We committed more funding to counterterrorism and intelligence efforts. We increased efforts to go after al Qaeda's finances. We increased American support for anti-terror activities in Uzbekistan.

We pushed hard to arm the Predator unmanned aerial vehicle so we could target terrorists with greater precision. But the Predator was designed to conduct surveillance, not carry weapons. Arming it presented many technical challenges and required extensive testing. Military and intelligence officials agreed that the armed Predator was simply not ready for deployment before the fall of 2001. In any case, the Predator was not a silver bullet that could have destroyed al Qaeda or stopped Sept. 11.

We also considered a modest spring 2001 increase in funding for the Northern Alliance. At that time, the Northern Alliance was clearly not going to sweep across Afghanistan and dispose of al Qaeda. It had been battered by defeat and held less than 10 percent of the country. Only the addition of American air power, with U.S. special forces and intelligence officers on the ground, allowed the Northern Alliance its historic military advances in late 2001. We folded this idea into our broader strategy of arming tribes throughout Afghanistan to defeat the Taliban.

Let us be clear. Even their most ardent advocates did not contend that these ideas, even taken together, would have destroyed al Qaeda. We judged that the collection of ideas presented to us were insufficient for the strategy President Bush sought. The president wanted more than a laundry list of ideas simply to contain al Qaeda or "roll back" the threat. Once in office, we quickly began crafting a comprehensive new strategy to "eliminate" the al Qaeda network. The president wanted more than occasional, retaliatory cruise missile strikes. He told me he was "tired of swatting flies."

Through the spring and summer of 2001, the national security team developed a strategy to eliminate al Qaeda -- which was expected to take years. Our strategy marshaled all elements of national power to take down the network, not just respond to individual attacks with law enforcement measures. Our plan called for military options to attack al Qaeda and Taliban leadership, ground forces and other targets -- taking the fight to the enemy where he lived. It focused on the crucial link between al Qaeda and the Taliban. We would attempt to compel the Taliban to stop giving al Qaeda sanctuary -- and if it refused, we would have sufficient military options to remove the Taliban regime. The strategy focused on the key role of Pakistan in this effort and the need to get Pakistan to drop its support of the Taliban. This became the first major foreign-policy strategy document of the Bush administration -- not Iraq, not the ABM Treaty, but eliminating al Qaeda.

Before Sept. 11, we closely monitored threats to our nation. President Bush revived the practice of meeting with the director of the CIA every day -- meetings that I attended. And I personally met with George Tenet regularly and frequently reviewed aspects of the counterterror effort.

Through the summer increasing intelligence "chatter" focused almost exclusively on potential attacks overseas. Nonetheless, we asked for any indication of domestic threats and directed our counterterrorism team to coordinate with domestic agencies to adopt protective measures. The FBI and the Federal Aviation Administration alerted airlines, airports and local authorities, warning of potential attacks on Americans.

Despite what some have suggested, we received no intelligence that terrorists were preparing to attack the homeland using airplanes as missiles, though some analysts speculated that terrorists might hijack airplanes to try to free U.S.-held terrorists. The FAA even issued a warning to airlines and aviation security personnel that "the potential for a terrorist operation, such as an airline hijacking to free terrorists incarcerated in the United States, remains a concern."

We now know that the real threat had been in the United States since at least 1999. The plot to attack New York and Washington had been hatching for nearly two years. According to the FBI, by June 2001 16 of the 19 hijackers were already here. Even if we had known exactly where Osama bin Laden was, and the armed Predator had been available to strike him, the Sept. 11 hijackers almost certainly would have carried out their plan. So, too, if the Northern Alliance had somehow managed to topple the Taliban, the Sept. 11 hijackers were here in America -- not in Afghanistan.

President Bush has acted swiftly to unify and streamline our efforts to secure the American homeland. He has transformed the FBI into an agency dedicated to catching terrorists and preventing future attacks. The president and Congress, through the USA Patriot Act, have broken down the legal and bureaucratic walls that prior to Sept. 11 hampered intelligence and law enforcement agencies from collecting and sharing vital threat information. Those who now argue for rolling back the Patriot Act's changes invite us to forget the important lesson we learned on Sept. 11.

In the immediate aftermath of the attacks, the president, like all Americans, wanted to know who was responsible. It would have been irresponsible not to ask a question about all possible links, including to Iraq -- a nation that had supported terrorism and had tried to kill a former president. Once advised that there was no evidence that Iraq was responsible for Sept. 11, the president told his National Security Council on Sept. 17 that Iraq was not on the agenda and that the initial U.S. response to Sept. 11 would be to target al Qaeda and the Taliban in Afghanistan.

Because of President Bush's vision and leadership, our nation is safer. We have won battles in the war on terror, but the war is far from over. However long it takes, this great nation will prevail.

posted on Monday, March 22, 2004 2:52:23 PM (Eastern Standard Time, UTC-05:00)  #    Comments [5] Trackback

Oh boy this is going to be awesome. The 2004 North Africa Developer conference is only about 3 weeks away and I can't wait. The NDC will feature the future Microsoft technologies : Longhorn, Whidbey and Yukon, alongside standard.Net development topics. I will be presenting on Mobility (ASP .NET Mobile Web Forms/Controls), Yukon TSQL Enhancements, and SQL Server 2000 Notification Services. 

The NDC in Tunis was my favorite event last year.

My second time to Casablanca, Morocco and I plan to party hard with my fellow  Regional Directors:

Malek will take me to get a rug and I plan on drinking lots of mint tea.

posted on Monday, March 22, 2004 2:36:47 PM (Eastern Standard Time, UTC-05:00)  #    Comments [7] Trackback