Blacklist blacklist blacklist: the forbidden word

I just got chapter 6 of Exchange 2013 Inside Out: Clients, Connectivity, and Unified Messaging back from Microsoft Press. Like most other major publishers, Microsoft Press has a strict process to try to catch potentially offensive, libelous, slanderous, or sensitive terms before they appear in print. In this particular chapter, the editors requested many changes because of the odd vocabulary associated with message hygiene. For example, it’s OK to say “spam” to mean “an unwanted commercial e-mail message,” but it’s not OK to say “ham” to mean “a legitimate or desired commercial e-mail message” because in some book markets, ham is either unheard of or regarded as offensive.

However, they also busted me for using “blacklist,” as in “real-time blacklist.” This is the accepted term of art for a DNS-based system that allows an e-mail server to look up IP addresses of senders in real time to decide if they appear on a list of known or suspected spammers. Apparently “blacklist” is an offensive word in some contexts, although I’m having a hard time figuring out where or why.

Imagine my surprise when I fired up my Xbox tonight and saw this:

Now, to be clear, I get it– Microsoft Press is not the same as IEB, Microsoft’s behemoth of a business unit. I’m sure they have different rules or something. And my editor, bless her heart, is only enforcing the rules forced on her by some clique of zampolits…but seriously?! Xbox LIVE has tens of millions of worldwide customers who are seeing this forbidden word. On the other hand,  my book, if I am very lucky, may sell as many as 25,000 copies (that would make it a runaway hit by computer book standards), and yet I can’t use a well-known and commonly accepted term in context.

Sheesh…

Exchange OWA IM integration and Lync trusted application pools

I am a bit ashamed to say that I wasted most of a day on this, but I’m posting this in the hopes that I can help someone else avoid the same mistake I made.

I just spent about five hours troubleshooting why I couldn’t get Exchange 2013 Outlook Web App to display IM and presence data from a Lync 2013 standard edition server. I had carefully followed the integration steps in the documentation, including the part that says this:

If you have installed the Microsoft Exchange Unified Messaging Call Router service and the Microsoft Exchange Unified Messaging service on the same computer then there is no need to create a trusted application pool for Outlook Web App. (This assumes that the server in question is hosting a SipName UM dial plan.

So, having read that, I didn’t set up a trusted application pool or trusted application… and IM didn’t work.

I fussed with certificates. I read a ton of documentation. I swore. I drank too much diet Coke. I ran OCSLogger and found errors about an unknown peer. “AHA!” I thought. “There must be an error in the docs and you really do need to create a trusted application pool.”

So I created the pool and the trusted app. Two quick lines of PowerShell, a quick login to OWA, and voila:

As much as I would like to claim that it was a documentation error, this was pure fail on my part: the problem was that my Exchange 2013 server doesn’t host a SIP dial plan, so Lync doesn’t automatically add it to the Lync known servers table. It will have a SIP dial plan when I get to the next section of this chapter, but that’s a post for another day.

So, in summary: yes, you do need to create a trusted application pool and application for your Exchange servers even if they are multi-role unless they are hosting a SIP dial plan. 

Now, time for another diet Coke…

Bad experience at Larry’s Pistol and Pawn in Huntsville

I’m not really a complainer by nature (thank goodness), and I don’t tend to have problems with customer service at most of the businesses I deal with– in part because I am picky about who gets my money. Having said that, I had a bad experience with Larry’s Pistol and Pawn in Huntsville that I wanted to document.

Larry’s has been in business for a long time; when I moved to Huntsville in 1991, they had the only indoor pistol range in town. As long as I’ve lived in the area, I’ve shopped there, and I’ve never had a bad experience. Yesterday, though, I had a salesman who was both discourteous and uninformed about the law. He refused to sell me a rifle because I am a dual resident of California and Alabama– “I won’t sell you this because it’s not legal in California,” he said. 

I explained that I’d just gone through the same process at another local store, which had called the local Bureau of Alcohol, Tobacco, Firearms, and Explosives (BATFE) office to confirm that it was legal. According to 27 CFR 478 § 11, it is in fact legal for a US citizen who resides in more than one state to purchase a long gun in any state of residence. I meet the legal residency definitions for both Alabama and California, and if you read Example 2 in the definition for “State of Residence” it’s clearly applicable.

Rude Guy wasn’t in the mood to listen; he told me that the other store where I’d made a previous purchase had broken the law. That didn’t seem likely; gun stores tend to be terrifically careful to follow the law and ATF regulations because failure to do so can get them shut down and their employees jailed. I politely thanked him and left. Then I called the local ATF field office myself and spoke to a very helpful ATF employee. I explained my situation, she cited 478§11 to me, told me I was good to go, and gave me her phone number to have Larry’s call her if they had any questions.

Armed with this information (ed.: see what I did there?) I went back to Larry’s, stood in line for the same guy, and explained my phone call. He was even ruder than before: “I don’t care what she said,” he said angrily; “I still won’t sell to you.” Clearly there was no point in arguing, so I left.

I’ve sent Larry Burnett, the owner, a detailed letter explaining what happened, so we’ll see what action, if any, he takes. Until I hear back, though, Larry’s is off my shopping list. If you’re in the market for firearms, ammunition, or supplies, I suggest you go elsewhere.

Please stay home, Mr. President

Our dear leader, President Obama, is coming to the Bay Area on Monday. (Why he’s coming is unclear to me; it’s not as though Romney has any chance of winning California, so I presume it’s so Obama can raise money from his legions of wealthy fans out here.)

Anyway, the point of this post is to point out what happens when he’s here. The picture below will help illustrate my complaint.

See those red rings? During his visit, most private aircraft are essentially not allowed to fly within those rings; flight training (and cropdusting, and animal control, and a long list of other operations) are specifically prohibited, and there are other restrictions. Commercial passenger and cargo flights are exempt, luckily (otherwise AA passengers departing SFO Monday would be in even more trouble, hey ho!)

The largest ring is a 35-nautical-mile radius centered around the San Francisco (SFO) VOR. That takes in the Palo Alto, San Jose, Oakland, and San Carlos airports. So from 1pm Monday until 10am Tuesday,  the dozens of instructors and hundreds of students training at those airports are grounded. That means an immediate loss of several thousand dollars per instructor– and the losses are greater for flight schools themselves.

More to the point, this is just a further delay in my pursuit of my license, as I can’t fly during that time unless I am actively, y’know, going somewhere.

Oh, and the best part: the geographic and time restrictions of this temporary flight restriction can change at any time. So I could, in theory, inadvertently and innocently violate it if it changes while I am in flight. This is rare and unlikely, thank goodness.

So thank you, Mr. President. I’m glad you’re doing your part to help the economy. See also previous helpful contributions here and here. (substitute “Bush”, “Romney,” or the name of your favorite post-9/11 president above if it makes you feel better, although President Obama has been a worse offender in this respect than was President Bush.)

Backups and MEC

tl;dr edition: don’t let this happen to you.

I’ve been working on a couple of iOS applications for my upcoming talk at the Microsoft Exchange Conference. Since MEC starts in just over three weeks, this has become a matter of some importance.

Side note: I often talk about “the Exchange tribe” as a shorthand way to talk about the community with people who aren’t in it. The MEC team has posted a bunch of speaker photos which may help put some faces with the names. These pictures don’t show everything; for example, you can’t see Greg Taylor’s sense of humor, the color of Jeff Mealiffe’s most excellent glasses, exactly how much Scott Schnoll looks like SA Martinez from 311, or what Devin Ganger is trying to karate chop. The pictures are useful for recognizing who’s who, though the rumors that Ross Smith is making a set of MEC speaker trading cards is false as far as I know.

Last night, I unplugged my laptop, tossed it in my bag, and headed for SFO for the redeye to DFW, thence to Huntsville. This morning at DFW, I pulled out the laptop again to work on my code a bit. I had made a stupid mistake the other night: I created a class based on UIViewController instead of UITableViewController, which means that Xcode refused to link the class definition files with the view controller itself in the storyboard editor. That caused a variety of bad behavior, including an inability to link selectors for the “done” and “cancel” buttons in the view 

I realized my mistake right after I had deleted the view so that I could recreate it. “No problem,” I thought. “I’ll just restore it with Time Machine.” This, despite the fact that my main Time Machine backup is on a disk back in Mountain View.

So, I tried to do that; I opened Time Machine, found my source folder (/Source/ExOOF in this case), and restored the folder from its most recent update at midnight. Switching back to Finder, I accidentally opened the project in Xcode. I quit Xcode and noticed that Finder was asking me whether I wanted to replace the folder or not. I said “yes” and was greeted by a mysterious Finder error.

Long story short, my working copy is now gone. I can’t restore the Time Machine copy either, as the local replica only contains the project file, not the source code.

“No problem,” says I. “That’s why I have CrashPlan.” A quick trip to the CrashPlan app revealed that… I back up /users/paulr only. When I first set up CrashPlan, I didn’t have anything in /source, so I didn’t back it up. Duh.

So, bottom line: my source code is safe and sound, on a disk on my desk in Mountain View that is completely inaccessible remotely. My app development will have to wait until I get back to Mountain View. I suppose I can work on the accompanying slides, but where’s the fun in that?

Don’t use Symantec security software

You may know that Symantec recently admitted that its network was compromised and that the attackers got the source code to pcAnywhere, Norton Internet Security, and a few other products. Buried in their acknowledgement, however, was the fact that the source code leaked in 2006 and has thus been floating around in the community for quite a while.

Jonathan Shapiro’s response on the IP list seemed to hit the right note for me:

The pcAnywhere source code leaked in 2006, and in all that time nobody thought to do a serious security review to assess the customer exposure that this created? And now after five years in which a responsible software process would have addressed these issues as a matter of routine, they are having people turn the product off?

This is the company that ships the anti-virus and firewall software that you are probably relying on right now. A version of which, by the way, has also leaked. Do you want to be running security software – or indeed any software - from a company that fails to promptly report critical vulnerabilities when they occur and then ignores them for five years?

You can argue about whether Microsoft’s disclosure policy is perfect or not. I cannot, however, imagine a circumstance in which Microsoft became aware of a potential vulnerability and then didn’t fix it for five years.

So: if you’re running Symantec security software on your personal machine, your company’s workstations, or your servers… time to get rid of it and replace it with software from a more responsible (and, one hopes, more security-conscious) vendor.

 

Thursday trivia #48

[ putting this in the "FAIL" category since it's no longer Thursday, but better late than never…]

To begin with, my hearty congratulations to Tony Redmond on receiving a “Distinguished” award from the Society for Technical Communications (STC) for Exchange 2010 Inside Out. This is quite an honor, but a well-deserved one. I read and edit a great deal of material focused on Exchange, and Tony’s book is the best I’ve encountered. Well done.

• And speaking of books: I have the galleys for Bruce Schneier’s latest book, Liars and Outliers. It’s been an interesting read so far, although much of what he has to say about the nature of trust and how trust granting works seems intuitively obvious.
• Looks like I’ll be speaking at TEC 2012 in San Diego. That should be fun; I thoroughly enjoyed speaking at TEC 2010 in Vegas.
• I think it’s telling that if you search for “Exchange Connections 2012″ you get this page, which doesn’t actually mention Exchange Connections– you have to scroll the list of icons over to the right to see it at all, and the textual conference descriptions don’t mention it. That’s rather sad. The page that is ostensibly about Exchange Connections is even worse.
• After next week my teaching schedule will lighten up a bit, so I’m hopeful that I’ll be spending a lot more time flying.
• Some people tend to think that their negative statements and claims won’t get back to their intended target. Wrong-o.

 

 

 

Morgan Hill superintendent’s statement on the Flag Four

Straight from the horse’s mouth:

Good evening. This is Dr. Wesley Smith, Superintendent of the Morgan Hill Unified School District.

The Morgan Hill Unified School District does not prohibit nor do we discourage wearing patriotic clothing. The incident on May 5 at Live Oak High School is extremely unfortunate. While campus safety is our primary concern and administrators made decisions yesterday in an attempt to ensure campus safety, students should not, and will not, be disciplined for wearing patriotic clothing. This situation and our response are under review.

We know that this is an emotionally charged topic. We would ask you to encourage your students to be safe and focus on their academics while in school. If conversations and/or activities are necessary to express their feelings on this issue, we will find appropriate venues that do not disturb student learning or jeopardize the safety of our students. Furthermore, we encourage everyone to demonstrate respect for each other, open communication, and responsibility.

Thank you for your support and understanding.

in other words, the assistant principal who caused this mess just got pitched under the bus, and Dr. Smith would really appreciate it if all y’all stayed in school instead of going downtown chanting “We want respect!” while offering none to your adopted nation.

Don’t buy from Airsplat.com

Long story short: their customer support is poor, they don’t stand behind their products, and they aren’t honest about either.

I bought two electric Airsoft rifles for Dave and Tom for Christmas. Tom’s was fine; David’s was poorly designed and built. I got an RMA for it the day after Christmas, then had to fight with them for months before getting a partial refund. First they ignored me, then they claimed that the rifle had been damaged in return shipping (but couldn’t produce a UPS claim), then they claimed that it was damaged before shipping.

I eventually had to dispute the charge with my bank. The whole thing was a big hassle and not worth the few bucks that I might have saved by buying from them instead of a more reputable vendor.

Avoid them.

Power to the people, California style

My office is currently suffering our second power outage of the year. Earlier this year, a plane carrying Tesla employees crashed into power lines, knocking out power to much of Palo Alto. Yesterday, a transformer in our office park failed, killing power to our building and the one next door. Incredibly, 18 hours later, we’re still without power! People here delight in looking down their noses at places like Athens, Alabama or Houma, Louisiana, but certainly I was never without electricity for longer than an hour or two, even during weather that would make the average Californian run for shelter.

Interestingly, outages seem to be a Palo Alto theme: there have been several other notable outages, and at least one other company has moved to neighboring Mountain View to get more reliable electric service.

Our critical servers are protected with UPS systems, but those only help provide time for a clean shutdown, not for ongoing operations. Our landlords arranged for a 1-megawatt diesel generator to tide us over; it’s set up in the parking lot but isn’t yet providing power to the building. The utility estimates that it will take two or three days to make the necessary repairs and get us back online. In the meantime, I have a fully-charged laptop and a mostly-charged MiFi, so at least I can get a few things done.

Twitter plugin test, again

This testing is getting pretty tiresome.

Z-Push considered harmful

So Devin posted about Z-Push, the cool-sound open-source implementation of Microsoft’s Exchange ActiveSync (EAS) protocol. Here’s the problem: the Z-Push folks kinda forgot to buy a license for EAS, and I have a problem with that. After years of complaints that Microsoft wasn’t being open and sharing its protocols, they started to document the behavior of their protocols and offer some of them for licensing, EAS included. That’s good, right? It’s good enough for Apple, Google, and the many other companies that licensed EAS, anyway. However, apparently Zarafa wanted the benefit of Microsoft’s labors without being willing to pay for it, so they built their own implementation. I don’t think that’s fair, and I don’t think the technical coolness of Z-Push should obscure the fact that Zarafa is stealing something that isn’t theirs.

This is what I said in 2002:

Hey, Linux guys: if you want to beat Microsoft, do it by making something better, not by copying their investment.

What happened to Lemonade? How about Funambol? It’s not as though the FOSS world lacks for sync protocols; they just decided that Microsoft’s commercially successful, fully licensable protocol would better suit their needs, so they took it. It boggles the mind. It would be one thing if the protocol were fully open to all implementers, but it’s not. If you don’t like the licensing terms, build your own protocol– that’s not hard to understand, is it?

Twitter integration test 1

This is a simple test to see whether MT properly runs the MT-Twitter plugin when I post a new item. (I know that Ecto’s plugin works already.) (Update 1: nope, it didn’t work.)

Scheduled posting test

Hopefully this will magically appear at the correct time.

Queuing system FAIL

I’m trying to sign my oldest son up for the Church of Jesus Christ of Latter-day Saints’ summer youth program, Especially For Youth. Frankly, I’m jealous that he gets to go. It’s sort of a combination summer camp and mini-seminary, and everyone I know who’s attended it (or whose kids have been) has raved about it. However, the signup process is giving me a headache. Here’s what’s on my screen right now:

So let me count the ways that this reeks of FAIL.

First, it doesn’t tell you what your queue position is. Having a queue length is meaningless; all it does is tell you the total number of people who may (or may not) be waiting for the service. Without some estimate of where you are, knowing the number of people in line or the wait time isn’t helpful.

Second, what does “the average wait time for the entire line” mean? If it’s for the entire line, is it really a total time, or is it the average time that someone has to wait in the queue? It can’t be the latter, because it keeps bouncing up and down. I’ve seen it as high as 130 and as low as 85– during the 240+ minutes that I’ve been waiting.

Third, how about an estimate for when it will be my turn? Is that too much to ask?

Here’s the best part: the registration isn’t first-come, first-served! There’s no hurry to register, but that little detail is several clicks beneath the actual registration screen.

Managing signup queues for high-demand events like EFY is a well-understood problem. If you’ve ever used Disney’s FastPass system, you know about one possible solution (and one that would certainly apply here). The LDS Church does such a good job with its use of technology in general that it’s a real disappointment to see this kind of junk.