It has been quite a while since I wrote an article on Vladville and some events during last week prompted me to take a second look at Jabber IM. Jabber is a free, open source, secure, standards-based instant messaging platform that to the untrained eye looks a lot like MSN, ICQ and AIM chat. Under the hood it has quite a bit of features not present in competitive IM implementations but for small business purposes it has two very unique points of interest: price and privacy.

By deploying Jabber IM server internally with Trillian client, small business can get a private, corporate IM system for less than $25. Given the price point (and setup complexity) of other technologies, Jabber is very hard to beat. Thats just my opinion however.

Here is a link to my guide, hopefully it can get you started with your own private IM world:
http://www.vladville.com/articles/smallbizim.asp

Good news, Microsoft SBS team has announced a new blog dedicated to SBS Support issues. It is being lead by Mark Stanfill:

My name is Mark Stanfill and I am a technical lead on the SBS team. My daily job involves providing 3rd and 4th tier escalations for Microsoft Support, writing and editing technical content, mentoring, and delivering training. I will be moderating this blog and acting as general coordinator.

What will be in this blog?
* SBS-specific components - Questions about components that can only be found in SBS. “How does the POP3 Connector work under the hood?”; “Can I modify RWW?”; “What is the Transition Pack?”
* Component-specific questions - These are questions about the components that make up SBS - Windows Server, Exchange, Windows SharePoint Services, etc. Questions may or may not be SBS-specific, but do deal with the workings of the particular service on an SBS box. “How do I do ‘X’ in Exchange?” “Can you use ‘X’ component of Windows Server 2003 on SBS?”
* Interoperability - How does SBS work with other services, either on the same box or on the network? “Can I install ‘X’ on SBS?” “What are the best practices for installing a second ‘X’ server in to an SBS environment?”
* Non-technical - There’s no way around discussing licensing and business needs as part of a complete technical solution. Questions in this category include: “I have 7 users and 5 CALs, what’s the best way to license ‘X’?”; “I want to migrate from ‘X’ to SBS 2003, what is the least expensive way to do that?”; “I plan on growing to 200 users in 2 years, is SBS a good solution for me?”

Check it out and add it to your RSS reader.

Now this is impressive. I had gotten used to the original Google Desktop Search to the point of just minimizing and embedding it into my start bar but this new release is just incredible. They have added useful plugins (the single most important thing in Firefox, and IMHO the only reason its being so widely adopted) and they seem to be pretty generic but very well put together for me. My email, my rss feeds, my news, my pictures, a scratchpad (will this end my use of Notepad?) and a whole bunch more. I am very impressed.

Disappointment? It’s a beta. Now unlike Microsofts definition of beta (”broken”), Google seems to have another definition: “we haven’t figured out how to make money off it yet” and that is quite sad. There are Google applications that I have used for a long time yet they are still in beta. Same with Microsoft. Are they both afraid of putting a release stamp on something so that they have a piece of software to be evaluated and compared on? I honestly do not understand it. I inherently distrust both MSN and Google on all these applications, despite the “do no evil” mantra, but I do have to admit that I am very impressed with both the desktop and the msn screen savers.

Download Google Desktop here.

The Microsoft SBS Product and Development teams have announced plans to visit 12 U.S. cities this October as part of the second U.S. SBS Partner Group Tour. The goal of this tour is to take the Small Business Partners and Microsoft Team Members to the next level of partnership and create even greater success with SBS going forward. In an effort to better connect with the SBS Partners, Microsoft team members will be guests at each of 12 Partner group meetings. As an attendee at this two-hour free event, you will learn first-hand the benefits of moving your customers to SBS 2003 and the opportunities that await you. Microsoft will also be soliciting your feedback on your future needs. Make a connection with the Microsoft team, see the potential of SBS, and make your voice heard!

Each attendee will receive a 4-Port Mini USB Hub.

About the Training:
After a very successful tour of 14 U.S. cities in March of this year in reaching 1,000 partners, the Microsoft team was so impressed with the turnout, questions, and enthusiasm that they requested another tour in October to visit more user groups. In some circles, they are called “User Groups,” but we know the majority of members are actually Microsoft Partners looking to join up with other SBS Partners to create greater opportunities and results for their companies.

Says Microsoft’s SBS Product Manager, Winni Verhoef: “I am looking forward to meeting the US partners. Coming from the field, my actions have always been positively influenced by talking with partners and customers. Not only do I get a chance to listen to them again, but in exchange I will be able to directly share our best practices and marketing programs, to empower them for increased profits this year..”

“Microsoft has a key focus on the small and medium size businesses and with Small Business Server, an extremely mature and perfect solution for those offices. I would challenge any firm without a network to reconsider and to take this opportunity to meet and question the key developers of this great solution. If security, efficiency and reliability are a concern you need to consider the newest solutions from Microsoft.” Anne Stanton, MVP-CRM, MBA/ACC, President, The Norwich Group, Norwich, VT

SBS User Group head in Orlando, Florida, Vlad Mazek adds: “For years, Microsoft has challenged us to realize our potential. This fall, the SBS Product Team that designs the very core of Microsoft SMB technology will go on the road to meet you and discuss the opportunity and future of SMB IT. As a Microsoft partner and an IT Professional you owe it to yourself to find out what is next for SBS and to truly realize the full potential of our favorite platform.”

Target Audience:
Small Business Consultants

Prerequisites:
All though there are no formal prerequisites for this seminar, attendees should have an understanding of and some experience with SBS 2003.

Course Agenda:
The following are covered in the FREE, two-hour evening event:
* Building a successful business model with Windows Small Business Server 2003
* SBS 2003 SP1 Follow up
* Small Business products update
* Small Business Specialist Community
* R2 Next release features
* Q&A: tell us what you want

This is a FREE event sponsored by your local SBS User Group. Beyond the valuable and timely information that follows a TS2 event content, you’ll also receive:
* Helpful information on how SBS Partners make money in the SMB Space
* An invaluable opportunity to network with other local, successful SBS focused Partners (and their local SBS Partner Groups)

Click here to register

Yup, its my birthday and I’m 27 now. Strangely enough, not feeling old at all (this year I ran 3 marathons and a 10K which is more than I’ve done my first 26 years on this planet). Nope, not feeling old but you can’t argue with the numbers.

Woohoo, the Exchange 2003 SP2 alpha is out. Yup, for those of you not up with the lingo the “Community Technology Preview” basically means alpha so if you install this on your production server.. well, I guess you won’t be able to email me and complain about it
Overview

The software included in this Exchange Server 2003 SP2 CTP download is intended for evaluation and deployment planning purposes only, and not for production use. CTP releases of any product will not display the stability of a shipped Microsoft product. You may encounter problems with Exchange Server 2003 SP2 that could possibly result in a loss or destruction of data. Some of the mobility features contained in this CTP download are not yet available for testing, pending availability of Windows Mobile 5.0 devices. This build is available only in English.

Important: This release is not intended for production environments and should only be used in a test lab environment.

Exchange Server 2003 SP2 CTP is unsupported pre-release software distributed for feedback and testing purposes only, and is not supported by Customer Services and Support (CSS). For questions about this technical preview, see the Exchange Server Newsgroups or the Exchange Team Blog.

Known Issue: The release notes contained in this download are out-of-date. For the most current version of the release notes, see the Exchange Server 2003 SP2 CTP Release Notes.

On a more serious note, the SP2 answers pains that have been experienced by too many for too long: 16GB store limitations and management of mobile devices. The SP2 will pump the store limitation to 75GB and introduce remote-wipe functionality for Windows Mobile.

This CTP is available here, but it is alpha and it is not intended for production purposes. Susan Bradley reminds you that it is not reversible so do not put this in production.

We were at the Microsoft Quarterly Partner Technight in Orlando last night (with Rene Alamo and James Cuomo) and it was a very informative event. We pressed them about the details of the new SA and they admitted they did not know anything about the licensing side of the house. Well, apparently there are some folks in Microsoft who do, and they managed to spill it to ENT News in this article by Scott Bekker.

Now mind you, these are just rumors so take them with a grain of salt. It does look pretty good, especially the enterprise part:

Desktop Deployment Planning Services. Designed to assist in planning deployment of desktop software such as Windows and Microsoft Office, the planning services will be delivered by Microsoft partners and measured in engagement days. The number of days will depend on how much a customer spends on desktop SA over three years. Customers spending $60,000 will get one day, $300,000 will get three days, $600,000 will get five days, and $1.25 million will get 10 days. Customers will be able to trade training vouchers for additional deployment planning service days. The benefit is scheduled for 2006. A smaller-scale version for Microsoft Open Value customers, called Information Worker Desktop Services, is also planned.

Enhanced support. Customers will now get one free base support incident per Software Assurance agreement, and incremental incidents for every $20,000 spent on servers and CALs and $200,000 spent on Information Worker and Client software. The 24×7 Web-based incident support currently available to SA customers for standard editions of servers will be extended to enterprise editions and desktop products. Customers with Premier Support contracts will also be able to convert incidents earned through SA into Premier Support incidents. The benefits, planned to be available in February, are apparently intended to cover 40 percent to 100 percent of a customer’s regular Microsoft support costs.

Virtual PC Express for SA. A previously unannounced version of Microsoft Virtual PC will become part of the Software Assurance package next year. Intended to reduce compatibility issues with legacy applications when users migrate to the next platform, customers will get one instance of Virtual PC Express with each Windows client Software Assurance license. The product will allow users to run two Windows client operating systems at the same time.

Extended training. Starting in February, customers with 30,000 or more licensed desktops will receive larger numbers of training vouchers. Those can be used for certain courses or traded in for additional desktop deployment planning assistance.

Windows Vista Enterprise Edition. Microsoft CEO Steve Ballmer last month mentioned an Enterprise Edition of Windows Vista that would be a level above the Professional Edition. The special operating system appears to be part of Microsoft’s Software Assurance plans. With Vista deliverable late in 2006, it’s not immediately clear if Microsoft has finalized plans for the Windows Vista Enterprise Edition as a Software Assurance–only benefit, but it would make sense.

Not threatening systems with Office 2003. If you’re on OfficeXP or Visual Studio only, we kindly ask you not to browse the web for a little while.
FrSIRT Advisory : FrSIRT/ADV-2005-1450
CVE Reference : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-08-17

* Technical Description *

A critical vulnerability was identified in Microsoft Internet Explorer, which could be exploited by remote attackers to execute arbitrary commands. This issue is due to a memory corruption error when instantiating the “Msdds.dll” (Microsoft Design Tools Diagram Surface) object as an ActiveX control, which could be exploited by an attacker to take complete control of an affected system via a specially crafted Web page.

Note : The affected library is installed with Microsoft Office and Microsoft Visual Studio. Only systems with the “Msdds.dll” library installed are vulnerable.

This vulnerability has been confirmed on Windows XP SP2 with Internet Explorer 6 and Office 2002 (msdds.dll version 7.0.9064.9112).

* Exploits *

http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php

* Affected Products *

Microsoft Internet Explorer 6 for Microsoft Windows XP SP2
Microsoft Internet Explorer 6 for Microsoft Windows XP SP1

Microsoft Office 2002
Microsoft Visual Studio .NET 2002

* Solution *

The FrSIRT is not aware of any official supplied patch for this issue.

* References *

http://www.frsirt.com/english/advisories/2005/1450
http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php

* Credits *

Vulnerability reported by an anonymous person

* ChangeLog *

2005-08-17 : Original Advisory
2005-08-17 : Updated vulnerable products (Microsoft Visual Studio)
2005-08-18 : Updated vulnerable products (Microsoft Office)

For those of you that have been influenced by my use of PocketPC on many mailing lists (or business communication) will be happy to know that the new extended rom for SX66 has been released by Chris the SX66 ROM standardization project. The new rom features 1.40.125 Extended rom along with a number of fixes and tweaks (for example, GPRS not reconnecting). Additionally, the new rom is delivered in two flavors: Tmobile and Cingular, including network settings, logos, ringtones, etc. Chris has also included a number of other programs as well.

Extended rom cooking is what makes this device worth every penny and makes all other PocketPC devices seem like a worhthless brick. HTC Blue Angel is marketed as MDA 2K, Siemens SX66, Audiovox VX6600 and countless other names. Like most phones, major vendors are not the ones manufacturing or even supporting the phones. They license that stuff out. When a problem is discovered, more often than not, you are told to just get the new version in which “everything is fixed” — heard that one before? Well, with HTC devices, because of so much cross-branding, you can use the software released (and licensed) by one vendor on another vendors phone. I’ve upgraded my SX66 a number of times and it has solved a ton of problems that Siemens/Cingular have virtually ignored.

Slashdot is reporting news that CNN and a number of other media sites are getting owned through a pnp security hole for which a patch was released a few days ago. So not only do these companies have an incompetent IT staff that has no patch management system in place but they also lack adequate antivirus protection (or perhaps they have it but haven’t implemented it properly). I am not sure which is more embarassing. Have you learned nothing from SQL Slammer? Patching is important. If I was the CIO of any of those companies I’d be knee deep into monster.com resumes right about now.

The Zotob MS05-039 worm mentioned on Slashdot last Sunday may be the most recent virus that has gone global, hitting Windows 2000 desktops at CNN, ABC, the New York Times, and many others. The virus is spreading around the world rapidly as compromised systems become bots and propagate the worm, with reported outbreaks in Germany and China. InformationWeek has a decent article titled Zotob Proves Patching “Window” Non-Existent. Microsoft calls it a “low impact” threat and tells you What you should know about Zotob. Symantec has W32.Zotob.D removal instructions. Trend Micro thinks that this is a new, different worm altogether and says it is one of the fastest-spreading infections in history.