Found an interesting little tidbit about IIS Subauthentication. Just a li’l sumthin sumthin to tuck into your bag of tricks for later.

Today has been so right on. I had a wonderful night out last night. I got to sleep in this morning because I’m on vacation. I left my place to go grab something and the FedEx truck pulled up to my door right as I walked up to my doorstep (I ordered another gig of ram for my personal workstation). I walked in, updated the FedEx tracking which told me it had been delivered - simply an amazing system if I don’t say so myself. One of my current favorite Dave songs, “Oh”, was playing as I walked into the server room.

Today is right on, and it’s not even half over! And there’s still tomorrow too! And this weekend!!

I have a new QOTD entry:

The world is full of willing people, some willing to work, the rest willing to let them. –Robert Frost

I’ve spent a decent part of today trying to figure out how in index PDF documents in SharePoint Portal Server. I finally found a site that pointed me in the right direction - Eric Legault’s post Indexing Adobe PDF Files in SPS 2003. There is also a Microsoft KB article regarding it that I didn’t bother to search for.

What a pain.

Well I had a somewhat interesting 4th of July in Chicago this past weekend. It began fairly slow, with me just piddling around and trying to program a Trillian plugin. I then headed down to the Taste of Chicago in hopes of scoring a turkey leg and seeing the Counting Crows and They Might Be Giants. The first 30 seconds of TMBG was a bit of a letdown, so I went off in search of my turkey leg. Fat and happy a half-hour later, I wandered around the taste for a bit more watching all the people. Then it was time for Counting Crows - they were pretty good. There were people swaying and dancing all over the place, but alas - I merely rocked back and forth.

It was then off in search of a good spot at Navy Pier to watch the fireworks from. We settled on a lawn spot. There were some trees in the way, but worried we were not. This is Chicago…they must shoot the fireworks high enough for the entire city to see, right? Wrong. Most of the show was blocked by the damn tree. Again (This happened last year to me too, even though I was three miles North).

Oh well, I still got to see some big bursts.

And then finally, wonderful public transportation back to home. Oddly enough, the bus took a wrong turn. All the passengers were very confused and eventually demanded to be let out because the bus was taking us completely off the normal route.

One of these days, I’ll see some good fireworks in Chicago…

Two or three years ago, it used to be the latest vulnerability that would get you into a network or box on the Internet. Whether it was IIS 4 or an old Red Hat 6.x box, you could be sure it was missing a patch or two that would allow you to sploit it.

Today, Microsoft’s latest revision of it’s web server, IIS 6.0, has not had one security bulletin issued for it. Enough organizations have gotten slammed by worms that patches are kept mostly up-to-date. What remains the weakest link? The human element, and I’m not even referring to social engineering. I’m simply referring to people and their passwords.

The most common means of compromising a network lately, at least for me, has been a poor choice of passwords. Service accounts that were set up years ago with a simple password and haven’t been changed since. Passwords stored in spreadsheets or technical documents.

Then once you have that initial access, it’s usually a matter of patience and persistence until you find avenues into all kinds of other systems. …because of one weak password.

This leads me to my current obsession with identity management, which is a rising trend in Information Security. The IT industry is beginning to realize what the banking industry has long known (think ATM’s and your card/PIN combination) - a simple username and password is not enough to protect critical assets. Some other form of authentication should be put in place; a physical token of some sort to ensure that authenticity is maintained. Verisign has even launched a lofty initiative called Open Authentication or OATH that aims to provide a “strong, universal authentication” for “all users, all devices, all networks” everywhere. The concept is quite enticing.

Now if only companies could get on the ball and either lock down old, stale accounts or implement some multi-factor authentication, I would feel a lot better about…having something else to worry about! ;)

Awesome! Somebody actually went and made a non-profit Certificate Authority. Now I don’t have to munge around making my own damn certs! kewl.

…is about eating the good parts of the cookie. But you still gotta finish the whole thing!

What a pain in the arse!

I was installing Microsoft’s SharePoint Portal Server 2003 for the good majority of today and kept running into a problem with the Central Administration website - it wouldn’t start! When trying to start it, I would only receive the error “The parameter is incorrect”.

As it turns out, the required application pool wasn’t getting created for some unknown reason. It took a little bit of digging, but I did find the reason at the usual place. Apparently you need to use the form server_name\user_account instead of simply user_account - the install isn’t smart enough to resolve the name without explicitly defining the server name. That seems a little ridiculous to me. You would think the install would do some sort of verification during the install. Guess not!

via Matt Hawley:

You might be a geek if… …you go to a fancy resturaunt and tell them your name is “Lan” in hopes that when they call your name they say “Lan party of 3”.