It is interesting to see what Microsoft has done with Windows Mobile so far, and where they plan on going. This presentation give a good overview and also a fairly good lookout on what is coming and when.

Some highlights:

• Windows Mobile 5.0 - released
• MSMQ support
• SQL Server 2005 mobile
• .NET 2.0 compact
  
• 'Crossbow' Release in late 2006, to hit the market by mid-2007
• 'Photon' Release in late 2007, to hit the market by mid-2008
• New kernel
  

It seems that they are now switching to releasing a new version of the mobile OS every year or so.

Interestingly enough, they seem to have cut the roadmap slides in the above version (or am I missing something?), but you can still see the full slide deck using Google's cache.

If you are at all interested in non-SOAPy web services, you might want to take a close  look at WADL, the Web Application (!) Description Language. It is an XML based language that can be used to describe general HTTP-based service APIs that can not be described reasonably in other meta-description frameworks, such as WSDL.

Ultimately, this technology will allow web service providers (such as Amazon, Ebay, Google, Yahoo!) to focus on providing their respective services, and not on creating new APIs in a variety of languages to use these services.

Aside from everything else happening around me, I had 'one of those days' yesterday:

It actually started pretty good. I finally got my acto together and moved my 19" rack from my garage to work, to get better use out of it. Fortunately Marc H. was able to help me, since this thing is really heavy (and would never fit into my little crappy car). Everything worked great, and in less than two hours the rack was happily humming in my lab. We went to lunch.

Now, after lunch I want to move my old server (mail, file & print, CVS, etc.) into the rack. Fair enough, not a big one: everything in the rack connected, I start the system, BIOS and POST come up, the OS is starting to boot happily ... 3 ... 2 ... 1 ... BLACK. No more restarts - the system is DEAD.

A few sweat drops later, I see that the fuse in the power supply blew. Well, not a problem: it is a six year old system and after a little scavenging in old PC rubble, I find a compatible 6.3A fuse, replace it, put the system back together: it works! Great, back into the rack, power on, BIOS comes up ... 3 ... 2 ... 1 ... BANG, smoke coming out of my server .... argh!

The adrenalin level is quite high now, and I decide that a smoking power supply will be a little too hard to fix. CompUSA is your friend, and a few 45 minutes later I am back with a brand new 500W power supply. Finally. Well, the old one was over 6 years old anyways, no surprise. Into the rack, power on ... 3 ... 2 ... 1 ... BANG ..BANG.... (dead silence).

Something is definitively fishy here, right? Have I just lost my marbles or what is going on?

Well, something is strange, but this time it was not me: The Compaq (now Hewlett Packard) PDU (Power Distribution Unit) is a 127V 30A monster, which comes with a fat power cord and a huge three prong plug. In the past it fit happily into a 125V, 30A outlet. The outlet in my lab, which fits the plug really well, is a 250V outlet.

It seems to me that either (i) the electricians of the building have made a fatal mistake, (ii) the Compaq (now HP) engineer designing the PDU was smoking something terribly unhealthy or (iii) the electrical code is inconsistent. Either one of the three possibilities is not quite reassuring ...

Here is my presentation from yesterday's panel discussion at the Network Security 2006 conference (many thanks to Hubert and Eve, which have essentially provided the largest part of this).

Network Security - SAMLv20.pdf (103.81 KB)

After an interesting panel discussion yesterday at the Network Security 2006Conference, I started to think about security protocols in general again. One comment from a gentleman in the audience struck me in particular: PKI (and other authentication systems) are hard to setup and control, because every time you create a new authentication service you have to fill in all kind of attributes for the user at hand, e.g. name, employee id, group membership etc.

As we all know, directories are great, but they are not exactly capable of solving this problem. Instead, this problem could be solved by separating authentication and autorization data, keeping the authZ data in a common format [1]. SAML (in particular attribute statements) might be a good solution for the authZ data format, since it is well undestood, extensible and has good privacy features. But obviously, there might be other good, open authZ languages, as well.

If the authentication mechanism are now capable of carrying the authZ data (such as the in the SAML TLS proposal, or in GSS-SAML), then a few requirements of a good authorization model are fullfilled:

1. The authorization data is described by an open language.
   
2. The authorization language is stable across different authentication mechanisms.
3. It can be carried directly within the framework of the authentication protocol, - or -
   it can be left on the authorization server an only be referrenced.
   
4. It provides at least for pseudonymity, if properly properly profiled also for anonymous authorization.
   

[1] I am assuming here that a bag of attributes is sufficient to enable authZ decisions.

On May 17, 2006 at 9:30pm Paul, Santiago and I will host a BOF on "Project FIFI - Bridging the Interoperability Chasm". FIFI (Fast Infoset For Indigo) is a prototype project that aims at bringing the Fast Infoset ITU-T/ISO standard to the .NET 2.0 platform and furthermore integrating it with the upcoming Windows Communication Framework (WCF - aka Indigo).

BOF 2535: Project FIFI - Bridging the Interoperability Chasm
Track: Web Tier
Room: Hall E 135
Date: 17-MAY-06
Start Time: 21:30

Stay tuned for more.

Fresh from Washington state: Indigo to support POX in TextEncoder

Combine this with Marc Hadley's adventures with REST in JAX-WS, and you might actually get something interoperable ..

This will make the SunRay slim clients more useful: You can attach all kinds of USB mass storage devices to the SunRay USB ports. E.g., if you have your USB key chain drive, you can connect it and it will be automounted in

$DTDEVROOT/mnt

which resolves by default to

/tmp/SUNWut/(username)/mnt

CDs, DVDs and the like are not yet fully supported, but they might work.

To administer your drives and allow for graceful removal, use the /opt/SUNWut/bin/utdiskadm command.

It kinda seems obvious, but you will loose access to the drive if you hotdesk (i.e. switch from one terminal to the other).

This feature is available since the SSRS 3.0 release.

I'll be speaking at Network Security 2006 in Washington, D.C. The session is a panel discussion on 'User Authentication Technologies', moderated by Radia Perlman.

I will be spaking on SAML, Liberty and some new developements in that area, with a particular focus on using SAML in new ways for network security. This will include using SAML for TLS, Kerberos and more genrally within the GSS-API.

Today, Sun opens their Enterprise tools to the NetBeans community. This is really good news for Java developers, since they now get a truly modular, extensible, easy-to-use and easy-to-install IDE, that features:

• UML modelers (both ways)
  
• XML tools
• SOAP orchestration
  

This is obviously in addtition to the Matisse UI builder, the profiler, the J2ME development tools etc. Also, the NetBeans platform is now also being used for non-development applications (see e.g. the Stocktrader application).

The blog on my home system was last night not reachable, since my cable modem decided to refuse service. I hope this is fixed and service will be reliable, once more.

Hmm - unfortunately, dasBlog is not very friendly to JRoller when talking MetaWeblog. It seems that I have to stick to Blogger ... sigh!

Here is a screenshot of Vista on a Sun Ultra 40 AMD workstation. I forgot to post it earlier, my apologies.

Note that the video board is fully supported without any additional drivers. Only the audio board does not work out of the box.

Through Tim's ongoing: Check out this post on WS-SopranosDesperateHousewivesKwisatchHaderach ...

In an earlier article, I showed how to make a system dual-boot Windows Vista and Debian Linux through GRUB. This was fairly straightforward, even with the new boot loader (BCD) that ships with the latest Vista builds. All of that happened in a reasonably simple environment - I used Microsoft Virtual PC 2004 SP1 to run Vista build 5342 and Debian.

This time, things are bound to get a little bit more interesting: I am installing Vista build 5342 on a Sun Ultra 40 AMD workstation. The other OS is - obviously - Solaris 10 01/06 (Update 1).

The overall procedure is very similar to what I have described before:

1. Install Windows Vista

2. Install Solaris and edit /boot/grub/menu.lst as described here.

STOP: Solaris is not quite as smart about the boot loaders as GRUB and does some strange things to the MBR - OR - Vista x64 has a different behavior about writing its boot records. At this point, I could start Solaris by default. Vista did NOT boot for me - it was complaining about \Windows\System32\Winload.exe missing.

As such, I ran the System Recovery option from the Vista boot DVD, which reinstalled the Vista boot loaders. To be sure, I ran the bootsect.exe with switch /nt60 on the SYS volume.

For the restore options it is very important that you decline to have the boot problems fixed automatically .Just say "No" and click "Next" and you will be taken to a menu where you can get a full Windows shell - this is MUCH better than the recovery console.

3. Reboot into the Windows shell on the Vista Install DVD.

4. bcdedit /set {default} device partition=c:

5. bcdedit /set {default} osdevice partition=c:

6. Run d:\boot\bootsect /nt60 c:

You should be all set.

If you screw up GRUB

Now back into booting Solaris by throwing the Solaris install DVD into the drive, going to the command prompt of grub and specifying

	root (hd0,1,a)
        kernel /platform/i86pc/multiboot
        module /platform/i86pc/boot_archive

Great. Solaris boots. Now run installgrub(1M) with the following arguments:

installgrub /boot/grub/stage1 -m /boot/grub/stage2 /dev/rdsk/(this is the char device for your root slice)

NOTE: After you re-install GRUB, you will need to go back to the Vista Recovery console.

Here is a help page from Microsoft on BCDEDIT.EXE. Note that you must run COMMAND.EXE as administrator, otherwise BCDEDIT.EXE is not in your search path and will not execute.

Here is a discussion on how to use BCDEDIT in some more situations.

Here is a nice article on Windows PE 2.0 and its relation to Vista.
 

Erwin Tenhumberg made some remarks on his blog that I would like to comment.

Microsoft trying to support their legacy products with an open standard is not an oxymoron. It would certainly be a lofty goal and would find my full support.

The problem that they are facing however, is that this goal is not only lofty, but extremely hard to achieve within a reasonable time frame. The old MS Office file formats are not trivial and they support OLE objects. To come up with a truely open format to support this and many other features, some of which haev been created by their 3rd party ISV's, is very hard.

If you consider now the time and market pressure, Microsoft was in need of choosing between a truely open format and a somewhat documented proprietary format. They chose the later for business reasons (I guess). One issue with a truely open format would have been the problem that public stewartship of the protocol would have further delayed either Office 12 or the implementation of that format in Office 12.

The fact that they are now trying to sell the 'OpenXML' format as open is somewhat dubious. Even worse is the proposed ECMA seal-of-approval for a subset of the output of Office 12 [1] and its submission to ISO/ITU-T for consideration as an international standard. 'Open' means much more that RAND - see e.g. the Minnesota house draft.

[1] The OpenXML specification does not include the full specifications for OPC. While straightforward (I am tempted to say 'copied from Star/OpenOffice' ...), Microsoft could potentially stall, delay and/or deter implementations for OPC through legal means. Office 12 creates OpenXML documents that are contained in OPC files. See here for some more discussions on this.

Once more, I am trying if dasBlog and JRoller are finaly cooperating. This is the first entry to be cross posted. Let's see if this works. Since I am using dasBlog as my Main blog, here are the settings for crossposting to http://blogs.sun.com/roller/page/beuchelt:

Profile Name
Host Name		Port
Username		(set)
Password		Repeat
Endpoint		API Type	Blogger

Windows Vista introduces a new 'Network Level Authentication' mechanism to RDP. It will be intereting to find out what they are doing there exactly, but meanwhile you might want to be able to use your legacy RDP clients to access your Vista desktop. Here is how you do this:

To configure Vista for the old RDP clients, go to Control Panel -> System -> Advanced System Settings. Select the "Remote" tab and then "Allow connections from computers running any version of Remote Desktop". That works - at the very least - good for mstsc.exe on Windows.

Here is a screen shot (Build 5342):

Now, the interesting thing would be to get this to work with rdesktop(1) and similar non-Windows RDP clients as well. Unfortunately, the latest Build 5342 is very uncooperative here. rdesktop fails miserably. Compare the TCP streams (upper one is rdesktop, lower one is mstsc.exe on Windows XP SP2):

Again through ConsortiumInfo: Minnesota is introducing a bill that will require the state CIO to chose products that support open standards over those that feature proprietary ones. This is definitvely good news, particularly when looking at the extensive definition of "open" in the text (H.F. 3971, 1.1 (f)):

(f) "Open standards" means specifications for the encoding and transfer of computer 
data that: 
(1) is free for all to implement and use in perpetuity, with no royalty or fee; 
(2) has no restrictions on the use of data stored in the format; 
(3) has no restrictions on the creation of software that stores, transmits, receives, or 
accesses data codified in such way; 
(4) has a specification available for all to read, in a human-readable format, written 
in commonly accepted technical language; 
(5) is documented, so that anyone can write software that can read and interpret the 
complete semantics of any data file stored in the data format; 
(6) if it allows extensions, ensures that all extensions of the data format are 
themselves documented and have the other characteristics of an open data format; 
(7) allows any file written in that format to be identified as adhering or not adhering 
to the format; 
(8) if it includes any use of encryption, provides that the encryption algorithm is 
usable on a royalty-free, nondiscriminatory manner in perpetuity, and is documented 
so that anyone in possession of the appropriate encryption key or keys is able to write 
software to unencrypt the data.

Wow - this goes definitively far beyond RAND and comes pretty close to my understanding of what 'open' really means.

It seems noteworthy that as per provision (6) in this list, the 'openness' of a data format is quite viral in the sense that it requires all descendants to be 'open' as well. One problem that I have with this provision is that the standard itself cannot gurantee that any descendants will be open - if there is an extension point, any implementator could choose to extend without documenting. This should be clarified in the text, maybe to the extend that it should reference the implementation, not the standard.

Since Vista features the new boot loader system, multi-boot is not quite so trivial. There are various guides and FAQs on how to do XP/Vista dual boot (see e.g. here or here), but getting a GRUB based OS (such as Solaris 10 U1 or Debian Linux 3.1) dual booted is not very well documented.

I used the 5342 build of Vista, which ships with the bootsect.exe command in the \boot directory of the installation medium (in my case a DVD ISO image). Ths utility is only needed if you want to go back to the original Vista boot loader by running: bootsect.exe /nt60 ALL

I first installed Vista on my system with all defaults on my first hard drive (IDE 0:0). The new boot loader was in place on the MBR for that drive.

Now I installed Debian and agreed that GRUB should take over the MBR for the IDE 0:0 drive (/dev/hda). After that, Vista became invisible and Debian booted just fine from /dev/hdb (IDE 0:1).

Now, in Debian, you have to edit the /boot/grub/menu.lst that configures grub at run time. I simply added an entry for Vista:

title	Windows Vista (Build 5342)
root	(hd0,0)
makeactive
chainloader	+1

Then you simply reboot and - voila: it should offer you a menu item for Vista. If you select that, the Vista boot loader takes over and the Windows OS comes up.

Some notes:

• I was using Virtual PC 2004 SP1 for this experiment. That is also the reason why I did not use Solaris 10, since VPC and Solaris are not really a happy couple. Since Solaris 10 U1 also uses GRUB, there should be no difference.
  
• For some strange reason I am getting a "Boot Failure" prompt now, right after the BIOS check. After hitting the <any> Key, I get to the GRUB menu.
• I have no idea if this will work similar on AMD x86 machines.