Computer Shopper: Build Your Own Windows Home Server

Looking for a cool way to repurpose that old PC sitting in the corner? We can’t think of a better use than to build and configure your own Windows Home Server! And Computer Shopper agrees. Check out this new article by Daniel Begun, Computer Shopper “Weekend Project” guru. He gives a great in-depth, step-by-step guide for building your own Windows Home Server. 

Daniel walks us through what hardware you’ll need to get started, how to get your hands on the Windows Server operating systems and then how to configure everything together. Finishing touches include installing the cool add-ins and Windows applications, as well as how to access the vibrant Windows Home Server community for tips, tricks and advice. The article is complete with screen shots and lots of resource links.

Check it out here!     

Hi, my name is Jeff Kunins, and I am the Group Program Manager (GPM) for social networking across Windows Live. In other words, I’m totally focused on partnering with and connecting to social networks and other web services that you already love, allowing them to light up Hotmail, Messenger, SkyDrive, Photo Gallery, etc. with your friends and their online activities. And of course, vice versa, we're also working to make Windows Live help you to get even more engaged with the social services you already love.

My teammate Piero Sierra is the GPM for Messenger and our Windows Live Mail client, and together we are going to be writing a series of posts about Messenger and social features across Windows Live.

Let’s start at the beginning.

Early days

The instant messaging category got going in earnest around 1996 with the debut of ICQ, around the same time that Hotmail was founded. Over the next two years, each of what are now the leading IM services launched in rapid succession: AIM, Yahoo! Messenger, QQ, and our own MSN Messenger. 

Messenger1999 and Messenger today	The original MSN Messenger team

Over the following six years, instant messaging services as a category enjoyed explosive, viral growth, ultimately reaching well over half a billion active users sharing hundreds of billions of messages every month. 

Like every major new communications paradigm over the past 20+ years, the thirst and demand that people have to connect, communicate, and share with one another is nearly limitless.  E-mail didn’t disrupt or reduce phone usage – it added to it.  IM didn’t disrupt or reduce e-mail – it added to it.  The same goes for mobile phones and text messaging, and the same too, for social networking over the past 5 years.

That’s interesting to keep in mind – especially for readers in the United States, where the IM trends (and particularly Messenger’s popularity) have been somewhat less positive.  On the one hand, as users ourselves, we’re all daily participants in the rise of Facebook, MySpace, QQ, and the overall "social" category of web services around the world, and it’s awesome to see our partners’ successes. Today, social networking services as a whole drive a similar number of minutes as e-mail or IM. Even though globally, e-mail and IM have basically peaked and leveled off, people continue to spend roughly the same amount of time using them, while social networks have grown to match. And even with all of that new activity, those same people are still connecting, communicating, and sharing more than ever with the people they care about via IM.  And yes, it really is mainly the same people – for example, globally, 44% of people who use Facebook in a given month also use Hotmail or Messenger in that same month, and vice versa 66% of monthly Messenger users also use Facebook, according to Comscore.

The original social networks

IM services really were the original "social networks." They first popularized the notions of viral invitations and social graphs, real-time and asynchronous messaging with friends, sharing of status messages and other content, online activities and casual games to enjoy with your friends, and rich personal expression—from the humble emoticon , to winks, nudges, and more. IM services have always been optimized for sharing among a close circle of friends, and really pivoted around online presence and real-time conversations more than connecting you to your content and activities from the rest of the Web.

Combining the social focus of instant messaging with the fact that IM clients are installed by default on the vast majority of PCs and are generally "always on" means there's a great opportunity for collaboration and integration between traditional IM services like Messenger and the wide range of social networks and other sites that our joint users are already on. You’ve already seen Windows Live and other leading IM services come out with social networking features like our What's new feed, and there is much more to come.

So given that basic context, let’s walk through some fun facts about Messenger…

People still IM… a lot 

• More than 300 million people in 76 countries and 48 languages use Messenger every month  they say “I you” and “LOL” not only in English, Spanish, German and Japanese (the first 4 languages we offered) but also in Chinese, Estonian, Thai, Catalan, Hindi, and many more.
• Messenger users now represent:
  • 65% of all Internet users in Brazil
  • 48% of all Internet users in Canada
  • 48% of all Internet users in Spain
  • 47% of all Internet users in France
  • 40% of all Internet users in Italy
  • 39% of all Internet users in UK
• People use Messenger for 163 billion minutes every month, which is about 9.4% of all time consumers spend on the Internet worldwide.
• More than 40% of our users sign in each day (more than 130 million daily users)
• Every day, those users share over 1.5 billion conversations and send more than 9 billion messages.
• And at peak times, that drives more than 40 million “simultaneous online connections,” (the number of people signed in at the same time).

Status messages, profile pictures, and other personal expression

Messenger and other instant messaging apps really were the first places that hundreds of millions of people started updating their status messages for their friends, and including emoticons and other kinds of fun personal expression online. Messenger users still do that a lot, right alongside more recently popular activities like social networking and mobile text messaging.

• Messenger users share over 1 billion status updates every month
• Those users often click through from the Messenger client to the Web, helping drive more than 300 million users to Windows Live Profile, Home, and SkyDrive every month.
• With the Messenger application on Facebook, you can use the “always on” Messenger client on your PC to automatically update your Facebook status.
• Likewise, with the Windows Live web activities partnerships with 74 sites around the world like Facebook, MySpace, Twitter, Digg, Hyves, and more, you can share your status updates and activities on those sites with your Messenger friends, in the What’s New feed in the main Messenger window.
• Just like ring tones and phone skins, people love emoticons and other forms of personal expression they use to adorn Messenger and their IM conversations– sharing tens of millions of profile picture updates each month, purchasing millions of emoticon packs, and using other fun features like Messenger scenes that add a personal touch to how their friends see them in Messenger.

Messenger windows with different scenes	Dynamic display pictures

Looking ahead 

Like Hotmail, Messenger is one of the largest scale communication and sharing services in the world, with a strong 10 year history of reliability, performance, and innovation. We're particularly proud of Messenger's role in the history of helping people connect, communicate, and share online with the people they care about most, and we're working hard every day on new ways for Messenger to keep playing that role as a great partner to the modern web ecosystem around us.

In upcoming posts we’ll talk more about how Messenger is built, how people are using different Messenger features, and how we’re thinking about the evolution of our role as a social application. Until then, I hope you’ll continue to use Messenger and to keep the feedback and comments coming!

- Jeff Kunins 
  Group Program Manager, Windows Live social networking

Hot on the heels of the ATI Radeon HD 5450, AMD today has announced the ATI Radeon HD 5570.

The Radeon HD 5570 is designed for small form-factor PCs and it too supports DirectX 11 in Windows 7. You can find the specs for this graphics card here on AMD’s product page. For this card, they were able to jam the same multimedia capabilities as what AMD calls the “enthusiast-class” ATI Radeon HD 5870 graphics card into this power efficient, lower priced graphics card.

AMD’s press release doesn’t include a price other than “affordable price”.

Of course both the ATI Radeon HD 5570 and previously announced Radeon HD 5450 carry the Compatible with Windows 7 logo – as does AMD’s entire HD 5000 Series of graphics cards.

Missed our TechNet webcast on January 22^nd? Not to worry, we’ve made the recording available through LiveMeeting.

View “Deploying Windows with Volume Activation” now.

Thanks!

- Jodi

What better way to prepare for Valentine’s Day with our extended Windows Home Server community than to help us help you show the love for WHS! We’ve got a fun Valentine’s Day promo to announce to kick off the celebrating – thru everyone’s favorite…some Windows Home Server Stickers!

2009 has been a great year and we’re sure 2010 will be even better with the incredible combination of Windows Home Server and Windows 7 protecting, connecting and organizing everything in your digital life. Show off your love for Windows Home Server by letting us send you some of our favorite Home Server stickers including the tattoo, “Mommy book” cover, the blue house and the status houses.

So how do you get your stickers? Usually were all about technology and  e-mail, but this time we're going OLD SCHOOL with snail mail to avoid keeping any information about you. Just send a self-addressed stamped envelope (SASE) to the address below. We’ll send you all four stickers pictured above and shred your original envelope.

Send me the WHS stickers!

15580 NE 31st St

Redmond, WA 98052

Make sure to include enough postage to return a sticker pack via U.S. mail. It's less than one ounce, so a standard First Class stamp will do if you're in the United States; enclose an envelope with International Reply Coupons (IRC) if you're outside of the U.S. And be sure to send your envelope in soon -- one per person please.
Microsoft will use your self-addressed stamped envelope to send you the offer materials.  We will not keep or maintain your contact information.

* We sadly don’t have an unlimited supply of these, so this offer is good only for the first 2,500 to respond. Limit one set of stickers per person. This offer is non-transferable and cannot be combined with any other offer.  This offer ends on Feb 28^th or while supplies last, and is not redeemable for cash.  Taxes, if any, are the sole responsibility of the recipient.  Any gift returned as non-deliverable will not be re-sent. Please allow 6 - 8 weeks for shipment of your stickers. Due to government gift and ethics laws, government employees (including military and employees of public education institutions) are not eligible to participate.

It is great to see the excitement for Windows 7 translating into customer satisfaction with Microsoft overall. Earlier this week, Bloomberg posted an article headlined “Microsoft Outpaces Apple in Customer Satisfaction” that examined data gathered by YouGov Plc showing that Windows 7 has contributed more than twice as much to Microsoft’s customer satisfaction than Snow Leopard has to Apple’s. The data shows that customer satisfaction for Microsoft was at 64% the day before Windows 7 launched on Oct. 22nd, rose to 67% in the following week, and grew to 73% by the end of 2009 for a total increase of 14%. After Apple’s August 28th release of Snow Leopard, customer satisfaction rose 1% to 65% in the first week and grew 6.9% by the end of the year.

Business buyers will also likely take note, according to InformationWeek who said, “For CIOs, this news is likely to inspire additional confidence that Windows 7 can be regarded as a viable upgrade strategy.”

Earlier today, AMD announced the ATI Radeon HD 5450 graphics card – the latest addition to the ATI Radeon HD 5000 Series of graphics cards.

The ATI Radeon HD 5450 will cost less than $60 (USD) for a 512MB memory configuration and supporting DirectX 11 making it one sweet deal if you’re looking for a DirectX 11 graphics card for your Windows 7 PC.

The Radeon HD 5450 offers entry level performance and ultra-low power consumption and also supports AMD’s multi-monitor technology called ATI Eyefinity and their ATI Stream technology. There will be variations of this card depending on partner offers including passive cooling models or whisper-quiet, single slot fan-cooled models.

This graphics card is perfect for someone putting together a home theater PC (HTPC) with Windows 7 as it comes with features like HDMI 1.3a with Dolby TrueHD and DTS-HD Master Audio.

For a complete list of specs on the ATI Radeon HD 5450, click here.

A review of the HP MediaSmart EX495 was posted yesterday on Maximum PC’s web site. Author Norman Chan reviews the new MediaSmart and compares it to last year’s EX487 model. Chan states that “The improvements HP made to its flagship Windows Home Server are a direct response to feature requests made by consumers – including us”.

One noted feature of the EX495 is the speed of the machine, which is now powered by a Pentium Dual Core CPU which runs at 2.5GHz. This clearly amplifies performance by increasing file transfer speed, and the ability to transcode and stream video in real time. To store all of this digital entertainment, the MediaSmart EX495 also comes with 1.5TB of storage and leaves 3 additional bays empty for further internal expansion.

Chan then goes on to tell us about the MediaSmart 3.0 software which is “equally impressive” as the device itself. The new key features mainly revolve around converting your video files to be used on multiple devices. Feature highlights include:

• A local webpage where you can perform manual backups.
• Advanced options in the console for Media Collect and Video Conversions.
• Custom video settings.

To top it off, all of these great new features come at a price that is $100 less expensive than the earlier version (EX487). Interested in buying one for yourself? Chan ends the article with some fairly good incentive: “No other solution on the market comes close to matching the EX495’s performance, feature set, and ease of use.”

-Nicole

Hi, my name is John Scarrow and, in conjunction with other product groups, I oversee service abuse and security issues for Windows Live and other Microsoft products such as Internet Explorer. Building from Dick Craddock’s previous post, I’m going to get into the nuts and bolts of how we fight phishing scams at Hotmail using SmartScreen® technology.

Phishing, as defined in Wikipedia, is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

Traditionally, the majority of phishing attacks target financial institutions and online retailers, and are aimed at acquiring log-in credentials that can be sold or used to fraudulently separate users from their money. There is a more recent trend now to phish for credentials for online services and social networking sites. Both use similar methods to phish for information. APWG (Anti-Phishing Working Group) reports that phishing numbers are not trending down.

The chart below shows the trends for phishing attempts identified using SmartScreen in Internet Explorer 8 last year.

A typical phishing attack

Here’s an example of a phishing attempt that was caught by Hotmail in an attempt to steal the user’s Windows Live ID credentials.

Notice in this example that the e-mail appears to come from a valid domain (WindowsSupportTeam@live.com), and includes text and images that look like e-mail sent from Microsoft. If you click the link in the e-mail, you get to the following (fake) Windows Live sign-in page:

This page, like the e-mail before it, uses a URL that may seem at first glance to be valid, and copies the images and text from the actual Windows Live sign-in page. Many customers, upon seeing this page, would simply type their credentials, which would be captured on the attacker’s website.

Once the perpetrator has the user’s credentials, they sign in to the victim’s account and send spam via Windows Live Hotmail to all the contacts in the victim’s address book. This form of social engineering spam is very effective as the spam appears to be coming from someone you know and trust.

To learn more about how to avoid phishing attacks, check out this article from Microsoft Online Safety.

In order to prevent these attacks from succeeding, Hotmail employs three key tactics to thwart phishing:

• E-mail authentication looks at the sender e-mail address to make sure it is has not been spoofed. This prevents senders from pretending to send mail from another domain, for example mybank.com or mysite.com, and instead the sender must prove that they are who they say they are.
• Content filtering looks at the content of the e-mail to detect likely phishing attacks.
• URL or IP reputation looks at the reputation of links contained in the message and their domains, and identifies sites that are likely to host phishing content.

Content filtering is not significantly different than what we do for spam, and Dick has done a nice job talking about that already in his last two posts. However, e-mail authentication and URL reputation have a specific impact on phishing, and need more explanation. In this post I’ll specifically focus on e-mail authentication, and then cover URL reputation in a follow-up post.

E-mail authentication

In the example above, the e-mail appeared to come from windowslivesupport.com, when in fact, it came from a completely different domain and service. This is a common tactic used by spammers and phishers known as domain spoofing. From a spam perspective, a higher perceived reputation of the sender can increase the percentage of people who open the message. From a phisher’s standpoint, it’s even more valuable, because recipients are also more likely to comply with the request to provide personal information such as a username and password.

There are two primary authentication technologies that are considered by most large scale e-mail providers to prevent domain spoofing: DomainKeys Identified Mail (DKIM) and Sender Policy Framework / SenderID (SPF). (There are notable differences and debates between SPF and SenderID, debates that go beyond the scope of this post. For the most part, Hotmail treats these two technologies the same way, so for simplicity, I’ll refer to both here simply as SenderID.) Hotmail currently supports only SenderID. However, we will be validating DKIM under certain circumstance in our next release.

SenderID is easier for legitimate commercial senders to adopt than DKIM, as it requires no new code deployment on the outbound mail servers. As noted by Online Trust Alliance, over 50% of e-mail sent by key sectors (those currently at the most risk of phishing attacks), use some form of SenderID. Although the adoption rate for DKIM has been slower to follow, many companies in these key sectors are now signing their e-mail with DKIM as well.

In the case of SenderID, commercial e-mail senders must identify all their outbound MTAs (Mail Transfer Agents or simply put - mail servers), collect and track the list of IP addresses they send e-mail from, and add all of this info to the TXT record in the DNS entry for their domain. For DKIM, they must deploy e-mail servers that support DKIM signing, and manage the key in the DNS server for access by e-mail receivers. Because of these requirements, it has taken e-mail senders time to fully support either DKIM or SenderID.

Using both DKIM and SenderID can work extremely well when all the pieces are in place. The requirements to support SenderID seem very simple, however, identifying all the mail servers in your organization can be challenging. Many IT departments are either decentralized, use multiple 3rd parties for outbound e-mail and marketing, or simply don’t have a good understanding of how to properly form their DNS TXT records. If the TXT record in DNS does not identify 100% of the servers that are authorized to send e-mail on behalf of the domain, many valid e-mail messages could inadvertently fail authentication and thus be incorrectly deleted by Hotmail and other mail providers. This creates an interesting challenge for Hotmail on the receiving end. When exactly can we delete mail that fails authentication, without accidentally deleting some good mail?

Which came first: the chicken or the egg?

Providers who are filtering incoming e-mail may stop short of deleting e-mail that fails authentication due to potentially incomplete records. But since strict enforcement of spoofed mail isn’t happening at most e-mail services, senders don’t have the motivation to adopt SenderID and DKIM standards. This creates a classic “chicken or egg” problem – not enough senders are authenticated properly so e-mail services can’t rely on authentication which means senders have no incentive to authenticate.

But this doesn’t have to be a chicken or egg problem, and Hotmail has come up with a unique solution. From the previous post you know that Hotmail has a reputation system in place that lets us evaluate e-mail coming from any specific IP address. We use this information to infer if a particular domain has a complete list of IP addresses of all their sending servers in their DNS TXT record. We do this by identifying messages from IP addresses that have a good reputation yet still fail authentication. In cases where very few good e-mail messages fail authentication, we know if a particular domain has done a good job identifying all their sending servers and have complete TXT records. This allows senders that do the right thing to get the benefits (the deletion of spoofed mail) without penalizing those that are still working their way up to 100% adoption.

Both DKIM and SenderID can generate false positives (mistakes) above and beyond failures in implementation as described above. For example we find that 1-3% of mail that fails SenderID fails due to mail forwarding services. Mail senders who are under heavy phishing attacks have repeatedly asked us to delete all these e-mail messages just to be sure, even though they know it could result in deleting good e-mail. We have always been concerned about this, as more and more folks are forwarding their other e-mail inboxes to Hotmail to take advantage of our filtering and user interface. We must insure that their valid e-mail makes the trip, forwarded or not.

At the last MAAWG (Messaging Anti-Abuse Working Group) and OTA (Online Trust Alliance) conferences in Philadelphia we announced our intention to verify DKIM authentication on inbound mail when SenderID authentication fails. This “Double Fail”, as it’s been termed, virtually eliminates the false positives that can result from either DKIM or SenderID alone. This allows Hotmail to confidently delete messages that fail both forms of authentication, when they come from senders who have complete records.

Finally, in the event that phishing mail does get into your inbox, we disable links by default for senders who are not  a) on your contact list, b) marked as safe, or c) proven reliable by participating in the Sender Score Certified program. This means that before we enable the links we ask if you trust the sender, and allow you to decide whether you think that sender is safe. More information on mail treatment can be found on the Windows Live postmaster site.

E-mail authentication can be a very powerful tool to combat phishing. However, with all the inherent challenges, it requires creative solutions to make it work. At Hotmail we use authentication in conjunction with URL reputation and content filtering, and as a result, we are able to have a huge impact on phishing scams. In my next post I’ll cover our SmartScreen URL reputation system and how we use it across multiple products such as Internet Explorer and others. I’m looking forward to your feedback on this post (did I include too much technical detail, or do you want more?), as your comments will influence how I take on the next subject.

Thanks -

John Scarrow
General Manager Safety Services

So far we covered the Windows 7 Sensor and Location Platform architecture (I Can Feel You – Using the Windows 7 Sensor Platform), and Using Sensors in Your Application – Native Part 1. This post introduces the managed API for using sensors. In future posts I’ll continue with the native API.

So far, you have seen C++ and COM examples of the Sensor and Location platform. Now let’s take a look at how managed code developers can use the platform, using the Windows API Code Pack for the .NET Framework, to discover and work with sensors.

Discovering Sensors Using Managed Code

Follow the same guidelines in managed code as you would in native code: first discover sensors, next check their state and request permissions if needed, and then read data from the sensor. Let’s start by discovering sensors.

The main namespace for sensors in the Windows API Code Pack is Microsoft.WindowsAPICodePack.Sensors as implemented in the Microsoft.WindowsAPICodePack.Sensors.dll assembly. This namespace contains the SensorManager class that manages the sensor devices that are connected to the PC. This class exposes a set of methods that are similar to those of the native ISensorManager interface. These methods include GetSensorsByCategoryId, GetSensorsByTypeId, and GetSensorsBySensorId, the last of which receives as an input parameter a GUID that either represents a sensor category, type, or single sensor ID. In addition, you can also find the GetAllSensors method, which returns all the sensors that are connected to the system regardless of type or category, as shown by the following code snippet.

private void PrintAllSensors()

{

    SensorList<Sensor> sensorList =  SensorManager.GetAllSensors();

    foreach (var sensor in sensorList)

    {

        StringBuilder sb = new  StringBuilder();

        sb.Append("Sensor Information:");

        sb.Append(Environment.NewLine);

        sb.Append(sensor.FriendlyName);

        sb.Append(Environment.NewLine);

        sb.Append(sensor.CategoryId);

        sb.Append(Environment.NewLine);

        sb.Append(sensor.State);

        sb.Append(Environment.NewLine);

        Console.WriteLine(sb.ToString());

    }

}

Running the above code snippet on my local dev machine yields the following output, showing the sensors installed on my local machine. Note that only the virtual light is Ready and the rest are showing AccessDenied indicating that they are not enabled.

Sensor Information:

Legacy GPS Driver

bfa794e4-f964-4fdb-90f6-51056bfe4b44

AccessDenied

Sensor Information:

Skyhook Wireless XPS Location Sensor

bfa794e4-f964-4fdb-90f6-51056bfe4b44

AccessDenied

Sensor Information:

Ambient Light Sensor

17a665c0-9063-4216-b202-5c7a255e18ce

Ready

Please note that the Microsoft.WindowsAPICodePack.Sensors namespace offers an extensibility model that allows you to create any strongly typed sensor. When this is combined with the extensibility offered by the native API, you can create any type of sensor you want with any data values. You can read more about the Sensor and Location platform extensibility module at the Sensor and Location Platform Web site: http://www.microsoft.com/whdc/device/sensors/.

With a strongly typed sensor class, the Windows API Code pack can define a .NET Generics version of the Get methods. For example, GetSensorsByTypeId<S>, where S is a type derived from the Sensor base class. The prototype looks like this:

public static SensorList<S> GetSensorsByTypeId<S>( ) where S: Sensor

When using this function, you need to predefine a specific SensorList<> of the desired sensor type, (AmbientLightSensor, in our example), and then call the method requesting the sensor’s manager to return only AmbientLightSensor sensors. The following code snippet illustrates this process:

// Strongly typed SensorList of type AmbientLightSensor

SensorList<AmbientLightSensor> alsList = null;

try

{

    alsList = SensorManager.GetSensorsByTypeId<AmbientLightSensor>();

}

catch (SensorPlatformException) 

{

    //handle error when no sensor device is accessible 

}

The SensorManager class contains one event called SensorChanged, which is equivalent to the native ISensorManager::OnSensorEnter event. The one main difference between the native and managed code implementations is that the managed code implementation, in addition to receiving an event when a new sensor device is connected to the PC, also generates an event when a sensor gets disconnected. Therefore, SensorsChangedEventArgs, the arguments passed to the SensorManager.SensorChanged event handler, includes a SensorAvailabilityChange member that defines the type of change for each sensor, which can be Addition for new sensor devices and Removal when sensors are disconnected from the PC.

SensorManager_SensorsChanged is the function that handles the SensorsChanged event in our application, and it looks like this:

void SensorManager_SensorsChanged( SensorsChangedEventArgs change )

{

    // The SensorsChanged event comes in on a non-UI thread. 

    // Whip up an anonymous delegate to handle the UI update.

    BeginInvoke( new MethodInvoker( delegate

    {

        PopulatePanel( );

    } ) );

}