Wednesday, November 30, 2005

An Unwanted Journey: Day 0006 - Healing

Healing takes many forms. Often it has nothing to do with a cure. That’s a lesson lost on people of faith – not always, of course, because I know many people of faith for whom healing is about connectedness, not cessation of physical symptoms. But some “believers” unfortunately equate healing with evidence of supernatural occurrences.

This morning I attended a healing ceremony at our local Anglican church. Despite my initial uncertainty and hesitation, I found it strangely comforting and meaningful. There was the standard anointing with oil and prayers for healing, but there were also plenty of hugs and expressions of concern and empathy. In other words, there was healing to be found, despite any misgivings I might have about the implied theology of the religious ceremony.

Subsequently, I visited HopeSpring where yet another form of healing was evident. This time it was found with volunteers in a facility dedicated to helping patients and care givers dealing with cancer. The resource centre had some good information available, the most important of which was from the Colorectal Cancer Association of Canada. As I proceed through treatment, I’m sure the facility and its volunteers will be a good support for me and my family.

Afterwards, I was able to speak with the nurse and receptionist from my family doctor’s office when I picked up copies of my lab reports for the fecal occult blood test. They were clearly interested in my health and wellbeing and that of my family…again, evidence of another form of healing being offered in a spirit of generosity.

Finally, after picking up my wife from work, we found another form of healing in a medical consultation with my surgical oncologist. Not everyone can find healing in medical information, but I’m one of the lucky ones for whom knowledge and expertise provides comfort and direction. We left that consultation with a map which is already helping us deal with an uncertain future. Here’s what’s in store for us:

We will follow a German protocol which distinguishes between colon cancer treatment and rectal cancer treatment depending on the distance of the tumour from the anal verge. If the tumour is over 15 cm from the anal verge, then we will treat the tumour as a form of colon cancer, scheduling surgery as soon as possible. If the tumour is under 15 cm from the anal verge, then we will treat the tumour as a form of rectal cancer, scheduling an MRI immediately and then consulting with a tumour board. This board of experts will determine whether to treat the tumour with radiation therapy for three months before surgery. If they determine not to use radiation therapy, then I will likely receive a short course of chemotherapy followed by surgery.

One way or the other, I will have major surgery. The full staging of the cancer will be incomplete until the pathologist’s report following his/her examination of the excised tumour. There will also likely be postoperative radiation and chemotherapy. As the surgical oncologist said so succinctly, “Our goal is to have you cancer free not just six months from now, but five years from now.” With our plan in place and the knowledge that I am in very good hands surgically, a little more healing has occurred today.

Tuesday, November 29, 2005

An Unwanted Journey: Day 0005 - Prognosis & Performance

Parking my brain was actually quite enjoyable…for as long as I could maintain the discipline, that is – I made it through all yesterday evening, thanks to my son watching a Raptors game with me on TV. But when I awoke early, I began reading the chapter on prognosis in The Intelligent Patient Guide to Colorectal Cancer. Surprisingly enough, even though the statistics were not encouraging, the impact remained minimal for the day; perhaps that was because my brain had been in neutral for a few hours.

Here are the statistics, for what they’re worth:

  • Stage 0: 97% of patients with this stage are expected to live five years and likely be cured

  • Stage 1: 96%

  • Stage 2: 87%

  • Stage 3: 55% - 60% if one to three lymph nodes are cancerous; 33% if four or more lymph nodes are cancerous

  • Stage 4: 2% - 5%

It’s difficult concentrating at work. But when I did focus, I got quite a bit done. It was also the day in which I had my annual performance review. That went extremely well. Evidently, by concentrating on preventive measures and automated monitoring tools, by catching potential security threats quickly, by regularly installing patches to the operating system, and by upgrading the backup systems, I have had significant success in creating a powerful and stable IT environment. It was also assuring to receive very positive comments about my people and organizational skills.

I also enjoyed conversations with the parish priest, an intake worker at a local counselling agency, a neighbour who is a specialist in applied health research, a peer support person at a cancer survivor’s group, a minister friend whose wife died of cancer about seven years ago, as well as email from good friends. I really am blessed!

And now that it is evening again, I am trying once more to put my brain into neutral by watching another basketball game. Allen Iverson is truly a marvel.

Monday, November 28, 2005

An Unwanted Journey: Day 0004 - Anger & Hope

No, there was no Day 0003. Of course, there was a Sunday, and I was thinking a great deal about colorectal cancer yesterday. My parents did visit for a few hours. But the day was not one in which I found expression in writing. Instead, it was a day of anger, denial, frustration, and heartbreak as I watched the impact of my illness of one of my sons. It tore me up to witness his sense of loss and helplessness. I couldn’t find a still point in which to express the feelings for the day.

Today is different yet again. I am back to work. I certainly don’t feel very productive right now, but it’s good to tell my colleagues about what’s happening and to review projects with which I can make some progress before surgery occurs. My sick leave entitlements are better than I was anticipating. And my colleagues are generally as supportive as I have any right to expect.

Both my surgical oncologist’s receptionist and my general practitioner called today to talk about next steps. My GP informed me that my alkaline phosphatase results were reasonably good (130) back in August when my annual blood tests were performed. Elevations of alkaline phosphatase can indicate blockage in the bile ducts of the liver when metastases are present from colorectal cancer. There was no reason at the time to have my CEA (carcinoembryonic antigen) tested, but I’m sure that will occur soon. CEA is a protein which some colorectal cancers produce and can be linked to a growing tumour.

Both my GP and the surgical oncologist’s receptionist advised me to “put my brain in neutral” for the next few days until I’ve had my consultation with the surgical oncologist to review my treatment and staging options. Maybe they’re right. Maybe my research is elevating my anxiety levels unnecessarily right now.

There is a cancer support group in the Waterloo Region that offers some promising programs – HopeSpring. This resource might offer some help for our family as we try to cope with cancer. There are peer counsellors, support groups for patients and caregivers, discussion groups, classes, therapies, yoga, tai chi, and a resource centre. If I am enrolled in the Grand River Regional Cancer Centre’s CARE Source programme, then there will also be other professional supportive care options available to me and my family. I can even manage my treatment plan online using this resource.

I guess this means Day 0004 is a good day with some reason to hope and transcend the anger and frustration without denying the value of days like yesterday.

Saturday, November 26, 2005

An Unwanted Journey: Day 0002 - Too Much Life

Family, friends, and neighbours have been incredibly supportive today. You will notice that I don’t mention names of family members, friends, acquaintances, or colleagues on my web blog. That’s simply because I want to respect their privacy, not because I don’t appreciate their significance in my life.

But from the moment I got up this morning, it seemed like someone had a hug, called on the phone, shared comforting experiences, wrote supportive emails, went for a walk with me, or simply asked how I was doing. To put it simply, I felt loved and valued by those around me.

What the conversations, emails, and stories also revealed, though, was what a neighbour perceptively named “too much life”. If you give people an opportunity to share in your own story of life’s twists and turns, you will discover just how many others are either currently involved in their own difficulties or have endured traumas that put your own into context. “Too much life” is just one way of saying that sometimes life deals us hands that we would not have chosen on our own or even guessed could happen. But when we share with one another, we realize that our own little circle of concern is part of a far larger canvas of intersecting circles of concern. In those areas of overlap, we can comfort one another and learn from one another.

In most cases, all we have to do is ask. Today was just one such example of how asking and giving are reciprocal and mutually beneficial.

Still, the rollercoaster continues. Several times during the day, I found myself shifting from sorrow to hope and then back again to uncertainty. Christmas carols put me over the edge, but then my wife and sons and I would recall something that would end up with us all howling with laughter.

I love them deeply. I love the way they respect me and yet demand my best. I love the way they are coping with their own sense of loss and uncertainty. I feel blessed.

Friday, November 25, 2005

An Unwanted Journey: Day 0001 - Shock & Statistics

Today was devoted to family, friends, thinking, feeling, and recovering from the shock of yesterday’s diagnosis. My wife and sons were, naturally, very upset. We all had time to cry and express our frustration, disappointment, and sorrow yesterday afternoon and evening and again today. It was cathartic to do so. For me, the tears were mainly about loss and trauma, even though I thought I was prepared for whatever the gastroenterologist would have to say. But nobody is quite ready for that kind of news. Certainly I wasn’t, and neither were the members of my immediate family.

But we’re moving past that into new territory today. I’m hopeful that we will each find a place of peace and acceptance of the situation while, at the same time, bolding saying “No” to the doom and gloom of cancer statistics.

Early this morning I read an essay by Stephen Jay Gould entitled “The Median Isn’t the Message”. As Steve Dunn said in his introduction to the essay, it “is the wisest most humane thing ever written about cancer and statistics.” I agree. It set the tone for the day.

Gould made a number of useful points in the essay against both those who see no value in statistics and those who use them carelessly. In 1982, Gould was diagnosed with a rare and vicious form of cancer called mesothelioma in which the median time from diagnosis to death was a mere eight months. But he recognized that the statistics were skewed and that the true point of the statistics was in the variation and not the median. Because of that realization, as well as because he had an inherently sanguine personality, Gould could write “I am an optimist who tends to see the doughnut instead of the hole, but primarily because I know that variation itself is the reality.” He lived for another twenty years before dying of another unrelated cancer. Two months before he died, Gould published his magnum opus, a 1342-page book entitled The Structure of Evolutionary Theory.

I, too, am committed to an attitude of affirmation of life and the incredible variety and opportunity it provides. I will gather and digest information, but I will also visualize myself as an exceptional person for whom endless possibilities exist, no matter how discouraging the statistics might be.

That choice was reinforced later in the day when we visited Chapters and I discovered and purchased a book called The Intelligent Patient Guide to Colorectal Cancer by Michael Pezim and David Owen, two Canadians from Vancouver who specialize in this particular form of cancer. The last two sentences of the preface by contributing editor Cheryl Edwards are ones that I trust will apply to me and my family: “You will choose courage and hope. Though the journey was unwanted, you will choose the way you face the future and your inner spirit will prevail.

Thursday, November 24, 2005

Next Step - Surgical Oncology

Today has been difficult. My gastroenterologist gave me the bad news that I have a cancerous tumour in the sigmoid colon that is about 8 cm in length. It has probably been growing there for six to eight years without me being aware there was a problem until recently. Next week, I am scheduled to meet with a surgical oncologist to discuss the CAT scan and MRI that will be conducted to help in the staging of the cancer, primarily to determine the full size of the tumour and whether or not it has metastasised into the liver or other organs. Then there will be a round of chemotherapy and radiation therapy to shrink the tumour in preparation for surgery which may be performed sometime just before Christmas.

It will be during surgery that the appropriately named “surgical staging” will occur. That will determine the extent to which (if any) the lymph nodes have been infected. The hope is that the surgery will be able to remove the entire tumour as well as surrounding tissue that might be infected while leaving sufficient tissue behind to resection the bowel. If there isn’t enough tissue left, then I will likely have to undergo a colostomy.

The impact of the surgery, various therapies and recovery time will be substantial not only on me (7-10 days in hospital plus 6-8 weeks recovery), but on my family. This was difficult news to bear. It was very emotional for all of us, but we have a strong family and care deeply for one another. We will need to support one another and keep things as normal as possible.

If all goes well, I will recover and deal with an annual colonoscopy. If it doesn’t go well…we’ll deal with that when the time comes.  I remain hopeful, especially that the financial impact will not be crippling and that I will be able to remain productive at work.

Wednesday, November 23, 2005

Artifax Applications: Cancer and Colonoscopy: Redux

Cancer and Colonoscopy: Redux

Last week I indicated that I would be either more or less worried as a result of the planned colonoscopy procedure for this week. Well, I guess I’m more worried. As the sedative was taking effect, I asked the gastroenterologist whether I would be informed immediately of anything discovered during the procedure. He indicated that I probably wouldn’t remember much of anything, but that he always delivers bad news quickly.

As it turned out, either the procedure was very short in duration or I simply was too sedated to care one way or the other. But we did speak again immediately afterwards. He found a large growth in the rectum and took a biopsy, but he strongly suspects cancer. Today I confirmed a follow up appointment with him for tomorrow afternoon, but it is likely we will schedule surgery as soon as possible.

This morning I spent time preparing OneNote entries for the online research I began regarding colorectal cancer. It truly is amazing what a remarkable fund of information is available online. Not only could I find useful information geared to either the physician audience or the general audience, but I also found diagrams specifically illustrating the stages of rectal cancer. My hope now is that we have caught the cancer (the lab results still have to confirm this) in an early enough stage to give me a good prognosis.

Here are just a few of the hyperlinks that I found useful:

I have also ordered a couple of books through which should arrive in a few days. They are:

One of the more interesting videos available online may not be as current as I’d like, but it does arm the patient with knowledge about survival rates for surgery for rectal cancer. In 1999 the difference could be as high as 700%, depending on which surgeon performed the operation and what method of excision was used. According to the BBC report, TME (total mesorectal excision) excises rectal cancer which has spread beyond the wall of the rectum by removing all the fat as well. The cancer is described as similar to a crab in jelly. The goal is to lift the jelly out of the jelly mould without breaking off the claw of the crab. Otherwise, the likelihood of local recurrence increases dramatically. If there is local recurrence, then 90% of those people will die from cancer.

I guess I’ll be asking for a surgeon with very low local recurrence rates who uses the TME technique.

Sunday, November 20, 2005

Collaboration, Yeah!

The happiest moments in my work life have depended on communication, collaboration and cooperation. Even though I’ve been an independent consultant for twelve years, the sense of fulfillment I derive from my work is not exclusively about getting a job done. It is also about understanding what others need to improve their own work life and about cooperating with them to ensure my products and services help them and their coworkers.

That’s true, not only in my consulting work, but also in my work as an IT manager. Sure, getting things done and meeting the needs of clients is gratifying. But the greater kick is participating in a process in which the end result is greater than the sum of the parts. It’s about working with other people collaboratively. Technology is really just the how-to. Still, once you understand the process, the technology is a very important ingredient.

Fortunately, my career has coincided with the personal computer age. From 1983 to the present, I have witnessed first-hand how PCs, graphical operating systems, networks, the Internet, and now software collaboration tools have made work life better for millions of people. Sure, there have been times of incredible frustration. Occasionally, I have even considered joining ranks with the neo-Luddites who bemoan the stranglehold technology has on our lives. But I’ve never gone over to the dark side. Instead, I’m convinced that computer technology has improved work in ways similar to the way medical science has improved quality of life for millions.

One example is a collaboration tool called SharePoint Services. I’ve been introducing this technology to our staff, hoping to lead them beyond simple file shares. The original impetus was to facilitate communication for and management of meetings. With SharePoint Services, we can move beyond the typical meeting process; namely, invite users to meetings from within Microsoft Outlook, take meeting minutes in a template or simply in another email, send them out and hope members remember the decisions, follow through with the action items, and wait for the next invitation. Now, we can still invite members to a meeting from with Microsoft Outlook, but also use the invitation to create a meeting workspace in SharePoint with a central location for members to read the agenda, know who’s attending the meeting, follow up with action items on an interactive list, allow those who were unable to attend to see the meeting notes, action items assigned to them, any documents that were part of the meeting process and alert themselves to any changes to lists and documents. And that’s just the start to what SharePoint will do.

In any case, the (share) point is that our tools and technology have improved dramatically over the years. That doesn’t mean that a team will automatically communicate, collaborate, and cooperate. But it does mean that if the will and skills are present, we can keep this process of continual improvement and job satisfaction alive using these tools.

Saturday, November 19, 2005

Yes/No: The "I" in IT

My wife and I were travelling in the car this morning listening to CBC Radio One as we usually do. We were listening to an excerpt highlighting a lawyer questioning a witness at an inquiry about the use of Agent Orange in New Brunswick since the 1950s. This particular lawyer, like every stereotypical lawyer, insisted that the respondent answer either yes or no. At the time, I commented to my wife that lawyers idiotically simplify reality by insisting on yes-and-no answers to questions when reality is not so binary.

Later in the afternoon, I was watching a taped lecture by a visiting physicist at the Perimeter Institute by the name of Anton Zeilinger from the University of Vienna. Imagine my chagrin when I looked up an article he recommended we read from the NewScientist entitled “In the beginning was the bit”. Why? Because in that article the author summarizes one aspect of Zeilinger’s theory with the phrase “we can only interrogate nature the way a lawyer interrogates a witness.”

Not only does Zeilinger apparently take me to task for disparaging lawyers the way I did this morning, but he also reminds me that the “I in IT” is information. But perhaps I’m taking this too personally. Zeilinger is important because he answers fundamental questions about why physics is quantised (light comes in photons, electrons come with fixed energy levels, etc).

But it isn’t because he is acting like a prosecuting attorney in a court of physics by demanding yes-and-no answers. In fact, there is nothing really new about an information theory which suggests bits of information can be reduced to 0s and 1s – that’s simply classical information theory. Zeilinger (and his partner Brukner) has proposed another measurement called total information in which the information about an entangled 2-bit pair always includes the effects of measurement. In other words, the total information content in such a system always comes to two bits, not one. This is what physicists call an Urprinzip, or foundational principle for quantum mechanics. It may become one of the key principles of the 21st century.

This makes me much happier. The reason why lawyers ask for yes-and-no answers to their questions is because they want to reduce reality, presumably to make it easier for either the judge or the jury to make a decision about guilt or innocence. In that endeavour, it is obvious to most people that they are distorting reality to achieve their goals.

But physicists and IT managers do the same things, albeit with different tools. When a physicist measures an elementary system, he/she can only answer one question with a yes-or-no answer. The rest is uncertain (Heisenberg’s Uncertainty Principle). Classical computers and classical IT managers work along these lines too. Classical computers only deal with on/off, yes/no, true/false. IT managers draw process diagrams and flowcharts all of which are predicated on yes-and-no answers too. So, really, our technology and our managers are no better than the lawyers.

Quantum physics, and perhaps all reality, Zeilinger argues, has to work this way. What this means, then, is that information itself underscores everything we think we know about reality. The RBQ (Really Big Question) therefore becomes not “What is an elementary system?” but “What can be said about an elementary system?”

I really don’t know what all this means in practical terms for the everyday life of an IT Manager, but it is somehow comforting to think that there may be good reasons why reality at all levels is so uncertain, so complex, and so human.

Wednesday, November 16, 2005

Cancer and Colonoscopy

As I’ve been filling in medical questionnaires recently, I’ve had to reflect on a singularly disturbing feature of my family medical history. Every death on my father’s side of the family seems to have been as a direct result of cancer. There was lung cancer, pancreatic cancer, bladder cancer, prostate cancer, and so on. The procedure I’m preparing for is called a colonoscopy and is intended to discover whether I have colon cancer.

A family predisposition to cancer is only one reason why the procedure is used. Polyps, colitis, diverticulosis and diverticulitis, bleeding lesions, anemia, and a whole host of other symptoms can also be sufficient reasons why a gastroenterologist might make the recommendation. Colonoscopy is useful as both a diagnostic tool and a means whereby immediate treatment is conducted, including removal of polyps using electrocautery, injection of medicines into the lining of the colon, removal of tissue for biopsies, or a simple determination of the best site for subsequent surgery. None of this sounds appealing.

I find myself apprehensive and curious, perhaps not as worried as my family physician thinks I should be. Given my family medical history and how many people are diagnosed each year with colorectal cancer, I should be more worried than I am (about 150,000 in the United States will be told they have colorectal cancer in 2005). Certainly, of new cancers discovered each year, colorectal cancer is only surpassed by lung cancer. This year alone, up to 57,000 people will die of colorectal cancer. Of those diagnosed and those who die, most will have had no knowledge that they were at risk. Those are good enough reasons to be concerned; but, in addition, I have two of the most significant symptoms mentioned – change in bowel habits, and blood in the stool (for more information, see WebMD Health).

Next week by this time, the procedure will be over, I’ll be getting news on what was found, and I will be thinking about next steps. Maybe I’ll be more worried, maybe less.

IT as Desktop Icon

So, what do users expect of an IT Manager?

One answer to that question which I find fascinating is that users consider IT the same way they think of a desktop icon. One click, no thinking required, you get the product or service you want (thanks to Niel Nickolaisen’s essay).

OK. If I can’t change that perspective, how can I change to adapt? One way is to consider myself a product manager. If so, then successful product management best practices should work equally well for IT management:

  • Understand market needs

  • Develop product roadmaps and product lifecycle plans

  • Conduct formal product launches

  • Define and use product success criteria

To understand market needs, the best approach may be to work for a day in the exact same way as the user; if that means being a scheduler for a day, so be it. Product roadmaps and lifecycles mean we need a plan for every step in the evolution of an IT product within the enterprise from roll-out to replacement. Launches imply trials of new IT-related functions and procedures followed by enterprise-wide communication and campaigns. Product success criteria suggest we can use metrics to determine when we are on track and when we wandered too far.

There’s some meat on those bones, I think. Maybe not the best metaphor for a sometimes vegetarian who’s about to undergo a colonoscopy, but it merits further reflection, to be sure.

Monday, November 14, 2005

Rapping on Reports

When you get good at something, you have to have extremely compelling reasons to change. For eleven years, I was very successful in building my own custom applications development business (Artifax Applications) using a technology from Microsoft that worked extremely well for both me and my clients. The database was Microsoft Access, the programming language was Visual Basic for Applications, and the reporting tool was the Report Designer in Access.

One of the ways to ensure success in custom applications development is to become expert in report design. I guess I did that well, because my confidence level in being able to create and deploy extremely complex reports was almost arrogance. If a client could give me proper requirements and could thoroughly document the business logic, then my conceit was that I could build the report. And I did…again and again.

After I became involved with the company with which I am currently employed as an IT Manager, I found myself facing compelling reasons to change. The Enterprise Resource Planning (ERP) software we implemented there used Crystal Reports v8.5. Yes, it was a powerful alternative to what I had become accustomed to using, but there were many occasions when I found myself cursing under my breath (and sometimes out loud) at the constraints built into the design of the product. The user interface was clumsy in comparison. The lack of a full-fledged class-based programming language and custom library environment was very frustrating. The limitation of a single sub-report layer without any further nesting possible bewildered me. And so it goes.

Still, the most compelling reason to change was very simple and pretty much undeniable. The ERP package made the decision for me. Crystal v8.5 was supported and fully integrated into the vendor’s modules.

Now, things are changing again. The vendor is talking about options. Upgrade to Crystal 9 or 11 for .NET. And although Microsoft Access still works well for custom SQL pass-through queries, form design and report design based on ODBC data sources, it is not integrated into the latest release of the ERP. SQL Server Report Services isn’t really an option either, even though the object-based report model and XML report definitions it sports sounds terribly avant garde.

So, when it comes down to it, the choice isn’t all that tough. Crystal 11 for .NET, here we come.

Back to Yoga

I’ve come back recently to hatha yoga. Not just the typical postures that one finds in books by Indian gurus (B.K.S. Iyengar being the most famous), but yoga as a flowing series of movements (the practice is actually called The Flow Series). The DVDs I’m using to structure my daily practice are from the White Lotus Foundation. Tracey Rich and Ganga White are the trainers and I am the middle-aged, overweight, stiff-as-a-board novice. Still, it’s making a difference.

Each morning, I engage the DVD player with a choice of four disks, depending on how energetic and vigorous a workout I want to use to start my day. So far, I haven’t had the courage to try the more advanced workout – Fire – nor the advanced Total Yoga. I’ve been content to stick with Earth and Water. The workouts are each about forty-five minutes in duration, starting with sun salutations of one kind or another, followed by standing postures, seated postures, bending and twisting, inversions, and relaxation.

It’s a challenge explaining why The Flow Series is so stimulating a start to a busy day. Part of the attraction is simply that my body feels fully stretched and energized. Another benefit is the sense of peace and contentment which inevitably accompanies the completion of a workout. Another less obvious aspect is that I have made an intention and carried it through. That aspect of intentionality may be the most significant benefit of all.

Yoga is, for me at least, about respecting the body and allowing it the freedom to move. As we age, the body becomes less responsive, bound by chains of habit, neglect, and lack of intention and attention. But engaging in a daily regimen of stretches, inversions, bends, and awareness of the body helps me rediscover my centre, much like writing helps me ascertain what I really think about an issue or concern. I have often said that it is only when I write that I truly know what I think. Similarly, it is only when I practice yoga that my body finds its voice; right now, it’s complaining about neglect and the extra pounds that must be carried around. Maybe someday it will say something like “Hey, looking good!”

Saturday, November 05, 2005

Russinovich and a Blizzard of Threats

I was telling my sons, avid players of Blizzard’s World of Warcraft, all about the Sony BMG fiasco in which the Digital Rights Management (DRM) software Sony uses from First 4 Internet for copy-protecting its CDs employs rootkit technology, the same technology criminals use to hide their nefarious activities on hijacked systems.

They weren’t too familiar with rootkits, but I was surprised to discover that they both were already aware of the situation (thanks to a high-school science teacher in Friday’s class). In addition, my one son mentioned that he suspected a connection with Blizzard’s Warden, the euphemistic name given by World of Warcraft enthusiasts for the controversial program Blizzard uses to detect cheaters. That program scans the systems of players ostensibly to detect files used to cheat on the game. (In case you’re interested, a strong case can be made that Blizzard is using spyware that is every bit as alarming as what Sony has done with copy-protection – see 4.5 million copies of EULA-compliant spyware, 5-Oct-2005).

I didn’t really get the connection my son suspected at the time, but since then I’ve discovered that there is a strong likelihood of an actual connection. (It was Mark Russinovich’s follow-up blog More on Sony: Dangerous Decloaking Patch, EULAs and Phoning Home that gave the link to the following World of Warcraft story.)

Yesterday, The Register published an article entitled World of Warcraft hackers using Sony BMG rootkit. In that article, the author claims that anonymous World of Warcraft hackers have confirmed that they can use the Sony BMG rootkit to hide from the Warden simply by adding the prefix “$sys$” to file names used to cheat on the game. The article was copyrighted by SecurityFocus but doesn’t indicate who the author is nor does it reveal the names or proof that the World of Warcraft anti-cheat system is actually being thwarted by these unnamed hackers.

Mark Russinovich makes another point that has prompted me to investigate the “phoning home” system in greater detail. I can’t name names yet until I’ve done the research, but I suspect some commercial software companies are using similar technology to “phone home” whenever an unauthorized user starts up a copy of their application.

In the network I manage, we’ve seen software behaviour which led us to suspect the application was "phoning home". We were curious as to how the vendors accomplished their goal. We suspect that every time the application is loaded, an ID is transferred over an Internet connection to the vendor's database. The database then checks that ID against its records and counts the numbers of sessions currently open against that ID number. Then, if the number exceeds the number of the license agreement, the user is contacted immediately and notified that he/she is attempting to use the software illegitimately. The program then aborts loading.

I don’t have a problem with requiring users to purchase licensed copies of software. But I do dispute the right of a software vendor to “phone home” and keep track of application sessions if that behaviour is not explicitly part of the end user license agreement (EULA).

In the case of Sony, despite their protestations that "phoning home" doesn’t happen at all, Russinovich has confirmed that the DRM software Sony uses does check to see if there are any updates for the album art and lyrics. But Sony could theoretically be using the technology for other, less legitimate purposes.

It makes you wonder what else vendors might be doing on your computer? Perhaps more importantly, what kind of legal protection can we expect from our governments to prevent and prosecute vendors guilty of this kind of behaviour?

Friday, November 04, 2005

Windows Connections - Postcript: Rootkits & Blogs

One thing I promised myself to do as a follow up to the Windows Connections conference 2005 in San Diego was to investigate rootkits more fully. If there is a form of malware that will keep me holding my breath and praying to the IT gods, it’s rootkits.

Coincidentally, one of the questions in the final Q&A for the expert panel was how to get into technical writing and publishing. Mark Minasi asked a very pointed question in return: “What are your motivations – to get rich or to get famous?” Well, as it turns out, you’re not likely to get rich, but you can get famous. A case is point is Mark Russinovich. If you’ve been paying any attention to IT blogs and you’re interested in becoming a technical writer who achieves world-wide notoriety, look no further than Mark’s blogs over the past week.

Mark, who probably knows as much about Windows internals as anyone, was the victim of a rootkit. That in itself scares me. He’s one of the authors of RootkitRevealer (RKR), a tool for IT Pros to use to sniff out and remove rootkits from systems they suspect might be infected. As it turns out, RKR revealed a hidden directory, hidden device drivers, and a hidden application on one of his systems. His ProcessExplorer application didn’t help him diagnose the problem any further, but another of his tools called LiveKD did. What he discovered was that a company called First 4 Internet had provided Sony with Digital Rights Management (DRM) software for CDs. You can read more in Mark’s blog about the details of his discovery process (itself an incredible lesson in how complex this kind of detective work can be), but the bottom line is that Mark had purchased a CD from Sony BMG called Get Right With the Man by the Van Zant brothers which was protected with DRM software which required the user to install a proprietary CD player on his/her computer in order to play the CD at all.

The real kicker was that not only did the DRM software do things to Mark’s system that were beyond the acceptable scope of CD-player software and even the end user licence agreement (EULA) he signed with Sony, he couldn’t uninstall the software! Why? Because deleting the drivers completely disabled the CD itself! The DRM Sony chose used the same techniques as malware writers; namely, a class of rootkit.

Since writing his blog post which exposed the problem on Monday, October 31st, Mark has become an overnight sensation (OK, he was a sensation already with IT Pros long before Monday) with media coverage across the world, including the BBC and USA Today (the IT Press, as well as conference attendees, got in on the action as well). Sony has responded in something less than admirable fashion (see the nonsense they expect of the end user in Mark’s follow up blog post from todayMore on Sony). But the lesson for aspiring IT technical writers and Windows Connections conference attendees who were present at the final Q&A is too obvious. Keep blogging, man! Who knows what will happen?

Windows Connections - Thursday Sessions

It just keeps getting better. Even though I’m certainly winding down with conference fatigue, the quality of the presentations is consistently high and very informative. This morning’s keynote, for instance, was from an actual Microsoft employee, Steve RileyDebunking Security Myths.

It was fairly light as far as technical content goes, but Steve admitted that upfront. The point of the keynote is to fire up the audience, and that is exactly what he did. In the process, Steve attacked what he and his co-author Jesper Johannson call “security theatre”. This is a phrase Jesper coined to point out the nonsense we encounter daily in which true security risks are routinely ignored and the insignificant becomes a ”problem”. Steve gives the example in his book of the security protocols at airports where little old ladies with toenail clippers have to surrender their “weapons” while black belt Karate experts pass unimpeded.

Steve had another session later that I attended as well (I also purchased his and Jesper’s book, Protect Your Windows Network From Perimeter to Data) entitled Troubleshooting TCP/IP. The latter session wasn’t as well prepared. In fact, Steve admitted as much, saying that he finished the slides at 10:00 pm last night. Even though he went overtime in his presentation, there were quite a few slides he was unable to use. And his comments on IPsec filtering didn’t really fit the tone of the rest of the talk.

I attended another Exchange session with Jim McBee Is RPC over HTTP Right For You? Sounds delightful, I know. Actually, Jim, who is obviously a mild-mannered and humble person, did an admirable job of detailing how to configure both the server and the client to allow remote users to connect to Exchange using Outlook 2003 on a Windows XP Professional machine from outside the firewall. Yes, there is still VPN and Outlook Web Access, but if the vast majority of remote users want only to get at Outlook in the same way they would from within the firewall, Steve’s suggestions will help the IT Pro “make it so”.

Lucky for me, I got to attend one other session with Dan Holme. I learned today that before he became an IT guru, Dan was an improvisational comedian, something which might explain his phenomenal ability to think on his feet, although I haven’t caught him making anything up (to the best of my knowledge). Dan’s session AD Design, Delegation, and Security Brainshare was unlike any other presentation at the conference. He intentionally put the “connections” back in Windows Connections, opening up the floor from the very beginning to questions and comments from the 100 or so attendees. But he was also prepared to “play the dance mix” when there weren’t enough questions to continue.

Finally, Ruth Morton and I met some more Canadians! I met two guys from the University of Western Ontario at breakfast, while Ruth and I met a colleague from the University of Waterloo at the break in the afternoon. At lunch, we met someone from Kansas who we will keep in contact with as we both try to establish user groups in our respective regions.

No, we didn’t win any of the draws at the end of the conference. Yes, I have the red-eye flights to catch before I’m back in “home country”.

Wednesday, November 02, 2005

Windows Connections - Wednesday Sessions

It would have been a big problem. Just suppose I had won that Harley Davidson motorcycle at the Windows Connections conference today. How would I have managed to get it back to Kitchener, Ontario? So, thankfully, I have one less problem in my life. ;>(

The conference sessions today were as engaging as yesterday - lots of information (sometimes too much, to be accurate), lots of ideas germinating from those sessions, and lots of books to purchase and web sites to visit. And then there are the tools! Probably the most important of the tools I will start using is Process Explorer from

The last session of the day for me involved the same presenter who gave the keynote address this morning after breakfast. Mark Russinovich is not only a brilliant programmer, he is an excellent speaker and top-drawer communicator. His keynote this morning was entitled Understanding and Fighting Malware: Spyware, Viruses, and Rootkits. His session in the late afternoon was Advanced Windows Troubleshooting with Process Explorer. In both cases, Mark delivered talks with very useful slides, a polished presentation, and much to stimulate those attending.

Rootkits, for instance, are a very, very scary technological development in the malware arena. The most recent rootkits can mask processes, services, TCP/IP ports, files, registry keys, and user accounts. They can hijack processes, manipulate kernel-mode data structures, filter user-mode and kernel-mode APIs and so on. Sysinternals’ RootkitRevealer is one tool to help IT Pros fight rootkits, but the tool itself has already been attacked by rootkit authors in a cat-and-mouse game. The bottom line is that unless you have exceptional skills and knowledge in dealing with rootkits, you’re better off formatting your hard drive and reinstalling Windows after you’ve confirmed a rootkit problem!

Process Explorer, the focus of Mark’s afternoon session, is a ‘no-contest’ winner over the default Task Manager tool in Windows. I’ve already downloaded version 9.5 and started learning how to use it to diagnose problems with processes, security, services, CPU time, threads, and handles.

Mark Minasi’s presentation Windows Logons Revealed was a disappointment, despite Mark’s valiant attempt to make the subject interesting and approachable. Maybe it’s just me, but the technical detail was overwhelming and, in my view, unnecessary. There was simply too much material and too great detail. The bottom line was that Kerberos is better than anything previous.

I branched out for two Exchange presentations for the other two sessions I attended. One was with Tom Meunier’s (no slides, unfortunately) Exchange Systems Administration on a Dollar a Day which offered a wealth of resources and tools to help the IT Pro charged with managing messaging. Sue Mosher’s Outlook 2003 Security: Balancing Protection with Usability was also quite helpful in setting the context, both historical and technical, for the preferred email client for Microsoft Exchange.

Finally, in addition to the sessions today, I had breakfast with the Culminis people (Peggy, Frank, and Joyce) and lunch with Ruth Morton from our own WWITPro user group and Roger, a lead from the San Diego Small Medium Business user group. In both cases, I got lots of useful suggestions for starting and promoting our own user group in the Waterloo/Wellington region.

Tomorrow is the last day of the conference for me before returning to Kitchener. There will be another keynote and three more sessions, a final draw and Q&A before leaving for the airport. Too bad there wasn’t more time to see some of the sights and sounds of San Diego. This city really impresses me. The weather is temperate, the city streets pristine, and the overall atmosphere very comfortable. Maybe some day there’ll be another opportunity to visit.

Windows Connections: Tuesday Sessions

After yesterday’s lengthy and mixed quality keynote addresses at the conference, this morning’s keynote was exactly what I hoped for. Tony Redmond of HP returned to the topic of Exchange 12: The next frontier?

Tony is an accomplished IT Pro, author, and very capable presenter. His presentation was well organized with just the right amount of technical detail, sprinkled with his mild Irish lilt and good humour. If there is one complaint, and it’s a minor one, it is that Tony, like so many other speakers these days, kept using the phrase which is a pet peeve for me – “In terms of…” to introduce each new slide in his slide deck. Still, he knew precisely how to present the large picture before delving into the details, something again which many presenters fail to do well. I came away from his session not only with a better grasp of the feature set of Exchange 2003 and tools available now to optimize management of the existing version, but a very thorough understanding of the technical issues surrounding the next large release of Microsoft’s winning messaging product. A very good session.

Sean Deuby’s Optimizing Active Directory was another well organized and well presented session. I learned maxims for performance, factors affecting performance of AD, and tools to use in troubleshooting AD performance (such as Sysinterals, Server Performance Advisor, and ADTEST). Sean also spoke to why the 64-bit hardware platforms will become increasingly important to IT Pros over the next two years.

One of the great finds of this conference has been Dan Holme. This guy is amazing! I went to two of his sessions today – Deploying Windows Server Update Services and Practical Solutions to Manage Business and User Data with Active Directory. Dan has incredible energy and is better organized than almost any other presenter I have witnessed. His slide deck was extensive for both presentations, but it is because he truly understands how important those slides are as take-aways for attendees. Since he hasn’t written a book yet, those notes become our lifeline to implementing the recommendations he made in his presentations. Undoubtedly, because of his presentations, I will be implementing WSUS safely as well as beginning some new practices for desktop and notebook users where I work. Thanks, Dan!

Ruth Morton and I, two of the three organizers for the new WWITPro user group for the Waterloo/Wellington regions on Ontario, met at lunch to talk to the good people of Culminis – Peggy and Frank. We will be dealing with these people a lot over the next few years as we grow our user group. They seem like “good” people.

Another presenter that I will want to follow more closely in the future is Jeremy Moskowitz. His afternoon session was Group Policy Settings That Really Work. Jeremy is an engaging presenter with a good sense of humour. Although his slide deck and notes were not as well organized or useful as Dan’s, that is only to emphasize how truly extraordinary Dan’s material and presentations were. Jeremy tends to promote his business and books a little more than I would prefer at a conference like this, but that may be simply a personal preference. Coming from his session, I did gain a number of new ideas about how to organize and design group policies, tools to consider in implementing group policies, and resources to exploit for further assistance, Jeremy’s book being one of them, ironically!

Finally, one of the interesting aspects of this conference has been the trade show. The organizers want us to evaluate sessions and visit as many booths as possible. To trigger the desired behaviour, the organizers are providing some interesting incentives. For every evaluation of a session attended, when you submit the form, you get a ticket for a draw on free registration for another WinConnections conference in 2006. That would be great to win! To encourage visiting trade show vendors, we were given a card to get stamped by each vendor in the show. Those who get their cards fully stamped, get to be in a draw for a Harley Davidson motorcycle! Although there simply isn’t enough time to spend “quality” time with each vendor, the encouragement of the draw is enough to ensure most of us at least pick up the vendor literature and get “scanned” for what is sure to be a barrage of phone calls, email and promotional literature sent our way after the conference. I think it’s a decent trade-off.

So, thus far, this has been an excellent conference. Time to get ready for Wednesday’s sessions.

Tuesday, November 01, 2005

Windows Connections: Flight and Keynote

Yesterday was a long day. It began much earlier than normal because of the very sad news about the death of my friend Bob Andrews. There were friends to write, condolences to prepare and phone calls to make.

The flights from Toronto to Phoenix and then from Phoenix to San Diego were full of spectacular scenery, but the day was really only half-way through by the time I took the shuttle bus to W San Diego and got settled into my hotel room. The Manchester Grand Hyatt, where the Windows Connections conference is actually located, is about a 20-minute walk from my hotel, so, despite my initial worries about safety, I did the walk and got registered.

The conference material is incredibly well done, with a CD of all the slide presentations as well as a 600-page book for the Windows Connections sessions and another similarly sized book for the Exchange Connections conference. It’s been a long time since I attended a conference like this, and I have to admit that the organizers have done a spectacular job.

The opening keynote addresses from Perry Clarke of Microsoft and Mark Minasi was, however, a very mixed bag. Yes, I was getting very tired by the time the keynotes started, but Perry’s presentation on the future of Exchange (specifically Exchange 12) was not, in my view, very well done at all. The Elizabeth Ballroom was packed with over 500 IT types (I’d say about 90% male, as usual), there were 3 large screens and the sound system was fine, but Perry’s presentation lacked coherence and he seemed bereft of any energy that night.

Mark Minasi was another story entirely. He is a very gifted public speaker who knows how to blend laughter and insight. His presentation was on the future of Microsoft operating systems. Mark was able to articulate for me the inchoate feelings that had been developing for me about Vista, SQL Server 2005, Internet Explorer 7.0, Vista and Vista Server. As you might expect, it’s a good news/bad news scenario.

But the best sarcasm was held for Windows Server 2003 R2, the incremental update for the server operating system that Microsoft is expecting SMBs to pay for instead of providing it free of charge to existing customers (there is a group exception for those paying for Software Assurance, something which only makes sense for large customers). The only truly useful feature of R2, in Mark’s opinion, is the new printer management console.

Even Vista seems mainly about flash and the “beautiful” (Microsoft’s new adjective to replace “rich” and “crisp”) user interface. The good news on Vista is the direction Microsoft is taking on making it possible to administer operating systems through the GUI, from scripts (through MONAD) and then to automatically create GPOs from either the user interface or the scripts. This is useful stuff.

Anyway, so much for the first day. Now, let’s see what happens today.