h0bbel.p0ggel.org

I've been attending various Microsoft Technet events (link in norwegian) over the years, for the most part every time they find time to grace the little city of Bergen, Norway with their presence. For the most part I've been pretty happy with the events, they provide a way for me to get out of the office and spend a day listening to usage scenarios and sometimes they have even provided me with some valuable input.

Obviously, this is a Microsoft event designed to promote Microsoft in all it's glory, but I've been OK with that since they have been putting on these for free. I can bare the brainwashing sessions, they more often than not provide some value I can actually put to use later. Other sessions have had me actually correct the speakers, but that is an entirely different story.

Sadly, for me this seems to be something of the past. Starting from the next event here in Bergen, Microsoft will require an early bird payment of 1000.- NOK + VAT, roughly $140 USD, to participate. After the early bird period passed, the price is raised to 1500.- NOK + VAT.

I can understand that the events have a cost, and I can see how Microsoft haven't been able to profit directly from them in the past, but does Microsoft really think that people will pay to attend them? In my case I would have to be away from the office an entire day, and then try to get my employer to pay the fee as well. The total cost of that is way over the actual value the event itself represents.

Even if Microsoft tries to "award" attendees with some kind of scoring system that could potentially win you a goodie bag of related Microsoft stash, or a "Change the world or go home" hoodie (?!), I suspect that many others will think the same way as I do. Normally these events have been fully booked, and you might not be able to actually get a pass unless you sign up early enough, my feeling is that they will see significantly less attendees than they have before.

Perhaps that's even their intention, as they also limit the number of student passes (half admission price) to 20 in each city. Even if I'm no economic guru, I do understand the current economic climate and why Microsoft would want to try to get some of their investment back. I just don't think everyone else feels it would be ok to both spend an entire day away from the office and pay to get brainwashed at the same time. Somehow I think that Microsoft would be better off spending a bit more on getting people interested and hyped up about their solutions, instead of charging them for it.

After all, the current climate might just be what Linux and other FLOSS solutions needs to really gain momentum in Norway?

It would be in Microsofts best interest to get their vision out there, and convince people. They won't be able to use these events to get any convicts now, as those who are looking elsewhere already certainly won't pay to be convinced otherwise.

Bad move Microsoft, bad move.

Does any other vendors like Microsoft charge for small events like this? I'm not talking about Lotusphere or VMworld, but rather small local "evangelism" meetups?

Root

who, on his about page, describes himself as a "contributing developer in the Habari Project where I am keeping an eye on the interface." has posted a little rant called Habari: Is it going to hell? where he lashes out about the current design on habariproject.org.

I don't know how he managed to get those mangled screenshots he provides, but I had browsershots create screenshots for me for IE 5.01, 5.5, 6.0 and 7.0 and they came out like this:

Do anyone see the same result as the screenshots in his post? No? Good, that proves I'm not completely fruity.

That gives us one question; Would you listen to this person?

Also, have a look at this comment on the post. It's hard to keep your own place tidy, isn't it? Especially when you complain about others. Reality often does come-a-biting.

The guys over at Automattic has made the Automattic Stats plugin available for download, which makes it possible for self hosted Wordpress installations to get the same statistics package as wordpress.com hosted blogs have by default. While this sounds like a good idea, and I'm sure a lot of people will be really happy about it, the total amount of data Automattic potentially can gather from Wordpress installs is further increased by this.

The plugin itself requires an Wordpress.com API key, you can use the same one as you use for Akismet, and all the data and statistics are gathered and created on the wordpress.com servers. In fact, the whole admin interface is located on the wordpress.com dashboard.

Combined with the data that Akismet gathers for each and every comment made on any Akismet protected installation it seems that Automattic are indeed gathering as much data as they can on non-wordpress.com hosted installs as well. They already have all this data for each of the 931,951 hosted installs and their data set can now grow even further with the new statistics package.

I wonder if people actually realize how much data Akismet actually gathers? For some reason it sends much more data than the actual comments, and combine all that information with views, post/page views, referrers, and clicks that the new statistics plugin sends back Automatic will have a lot of data about your self-hosted Wordpress install. I still can't understand why that much data needs to be sent for every comment made on every site that Akismet protects.

Combine that with the fact that Matt Mullenweg also owns Ping-O-Matic the sheer amount of data that the software creators have at their disposal in their datawarehouses is something that you might want to think about.

I know both plugins are opt-in for the self hosted Wordpress installs, but chances are that most installs will enable them both as they do provide a useful service to the site owner.

Don't get me wrong, Akismet does a great job fighting the evil that is comment spam, and I'm sure the statistics package will do a great job as well, but you might want to consider if you want to contribute to the data gathering. I'm not normally a very paranoid person, but the more I think about this the more it worries me.

For now, I run Akismet on this site just because there are no real alternatives available. I've also enabled the statistics plugin for testing purposes. I just wish there was a decentralized anti-spam service available.

Yet another “how to change the administrator password in Windows” hoax is in the wild.

A recent posting on internetbusinessdaily.net shows a way to get cmd.exe to run instead of the default screen saver, and if you then issue the net user command to change the administrator password.

This approach is just as flawed as the previous bogus security claims. This only works if you already have administrative privileges, so there is no need to actually do the whole copy routine outlined in the post. Just issue the net user command directly, and you’re done.

Of course, you are only protected if your system uses the NTFS filesystem, as FAT32 doesn’t give you any file level security at all.

Can we now stop with the bogus claims? If you have administrator access, you can change the administrators password. Gee, there’s a surprise…

The recently surfaced "Windows XP Privilege Escalation Exploit" is really no such thing. In fact, it's not even close. At first glance, it does look valid enough, but the fact remains that it's not even close to being a real exploit.

Let me explain why. In the original article, you can read:

Using simple command line tools on a machine running Windows XP we will obtain system level privileges, and run the entire explorer process (Desktop), and all processes that run from it have system privileges. The system run level is higher than administrator, and has full control of the operating system and it’s kernel. On many machines this can be exploited even with the guest account. At the time I’m publishing this, I have been unable to find any other mention of people running an entire desktop as system, although I have seen some articles regarding the SYSTEM command prompt.

While this is true, one rather important thing is left out. You need to have local administrator access to be able to do this. This whole "exploit" is based on scheduling a task and having it run as local system.

By default, the only account(s) that can schedule tasks on Windows XP and Windows Server 2003 (and I imagine Vista too) are members of the local administrators group. Imagine that? For this so-called exploit to be possible, you have to have local administrator privileges!

The original author claims that you can even reset the administrator password this way. Well, so can any user that has local administrator access to begin with. Where is the problem? The only scenario were this might be a problem if some system administrators lets their users schedule commands on domain controllers, or other servers, but that would be very bad system administration to begin with. And we all know what problems bad sysadmins can get themselves into.

What annoys me with this whole thing, is that everyone and their mother seems to be jumping on the bandwagon and screaming exploit. It's not! Being able, as administrator, to run a command prompt or even a whole desktop as local system poses no significant risk what-so-ever.

Move on, there is nothing to see here. I claim FUD.