Category: A Microsoft Life

I have a Jerry Pournelle story.

0

“We have an unusual request about this week’s security bulletins release. If you have the time can you talk to someone on the phone?” This was from my Waggener Edstrom liaison.

It was 2004 and I would get these requests often in my part time role as communications person for Microsoft’s Security Response Center. The PR team and I would weigh who the request came from, their audience, and several other factors in deciding who we would get on the phone with as opposed to responding in email. Not for spin or positioning purposes, (you can’t really spin a security vulnerability although many have tried. They tried and failed? No. They tried and died) but more use of time vs. how many people would be reached.

“Sure.” I said. “What’s the outlet?”

Waggener Edstrom has served as the major PR firm for Microsoft for such a long time. There’s a reason for that, they are whip smart and I knew that if they were asking for my phone time it was worth doing.

“It’s a gentleman who runs a fairly well-subscribed newsletter, he’s written for Byte and a lot of other publications back in the day. His questions are mostly technical about the attack vector, it seems like a good place to get any additional information out.”

It was a slow day for me, a Thursday as I recall and our monthly release had happened that Tuesday so most of the pressing outlets like CNN or the LAtimes/Boston Globe/NYT gamut or Wired or whatever had already had their calls with me, so I said sure let me set up a 30 minute block of time and give me five minutes prep for us to decide whether or not to do this or over email.

I stupidly never asked who the gentleman was who I would be talking to.

Ok prep for the call time. I’m in my office which back then was decorated in what my Wagg Ed support team referred to as “affluent freshman college dorm room” style. I had cool lava lamps and a projector with a liquid oil pattern cast on the wall, blacklights, a nice futon etc. Meetings all over the MSRC were sometimes held in my office just because. Once, our fearless leader kicked me out of my own office to have a meeting, but that was before we started pranking his office with greek architecture. I digress.

I picked up the phone for the prep, keep in mind my role here in my life was directly communicate guidance for Microsoft customers in regards to security threats and vulnerabilities and patches. We’re 60 seconds into the prep discussion when I finally open the newsletter and look at the web page and find out the caller is going to be

Jerry. Fucking. Pournelle.

*record scratch* *narrator voice* This is me, you may be wondering how I got here.

Well let’s start with The Mote in God’s Eye. The Niven and Pournelle team-up was formative for me because their voices were so interesting individually, but that story meshes so seamlessly (unlike say a Peter Straub/ Stephen King mashup which worked so brilliantly *because* of the slight tonal discord) that it made me seek out all of Pournelle’s other work. I had already consumed Niven’s.

“We’re taking this call” I blurted. “We are taking this fucking call. We are sooooo taking this call.”

I think I freaked the PR team out a little bit.

So now I’m 60 seconds away from speaking to Jerry. Fucking. Pournelle. In some random space in my life where his interests and my role collided and neither had anything to do with the fact I was a huge fan. I knew about his newsletter and website and his interest in computers and tech, I just had no idea *that* was the person I was going to talk to. And now it was my job.

Be cool man. Be cool.

Now I’m on the phone with him. He asks how I am and how my day is. I managed somehow to hold it together and chat like all this was perfectly normal but I didn’t trust myself to not screw it all up so I just said “before we get to your questions, if I may, your fiction has been a huge influence on me. I’m a fan and I’m a little weirded out that I’m talking to you”

I know that’s what I said, verbatim, because I had it typed in notepad to read from so I would not screw it up.

He laughed and spent like the next two minutes just sort of shooting the shit with me. Then he delved into his questions which were clearly from someone who wasn’t just a hobbyist, he understood the ins and outs of the threat and he wanted to articulate why applying the updates was important in the newsletter.

At one point I got bold. I said, “Well on the one hand the attacker could do X but on the gripping hand the patch does Y.”

He stopped me. “If I were to use that, there would be three elements, with the “on the gripping hand” being always the third. That’s how moties work. It helps see past a binary choice!”

I still use this today. I say things often like so: “On the one hand X, on the other hand Y. But on the Gripping hand….” and when it gets spotted by people for the reference I usually get an email or nod to the effect “I got what ya did there” and when people are confused I get to explain it and introduce them to The Mote in God’s Eye.

I have Jerry to thank for that. The call was simple and perfunctory, we got his questions answered, he was gracious and kind with my fanboyism. But that moment where he took an element of such a foundational influence that he and Niven had written and riffed it as “No no no say it like this, and people will get it” was one of those moments in my life where I was flummoxed and not at the same time, and won’t ever forget.

We never spoke again, I cannot claim to have known him or that we were Facebook friends or anything. I doubt he would have even recalled the conversation within a month or two of it just because he probably had lots of conversations like that with people.

I am just one more of millions affected by his work in some way saying, thanks Jerry. Thanks for the stories.

Everything Old is New Again

23

In February of 2012 I left Microsoft, a company I had worked for ever since I was 21. It wasn’t a bad break, it was a good break. I wanted to go off and experience all new adventures. And I have. In the past year alone I’ve worked for an *amazing* team of engineers and developers at the HBO Code Labs here in Seattle. I can’t say enough about what an incredible experience that was and what they are doing for the future of providing their customers with HBO’s top notch content.

But I am a gamer first and foremost. Have been since I was five. Will be when I shuffle off this mortal coil at the cyber enhanced ripe old age of 120. And in that moment at age 120 I will *still* remember exactly where I was when I first saw this.

I don’t know a console gamer who doesn’t remember that incredible introduction to the world of Gears of War. I was hooked. I was sold. That was a day one purchase for me.

Since then Gears of War is the only title I have played every release through in coop, with my friend Mark. We’ll put off playing the game until we can set aside a week to play it together. I’ve played multiplayer, and done the entire 50 waves of Horde mode for charity with my friend e.

So when the outstanding team at Black Tusk asked me to help them make the best Gears of War experience to date by representing the community and being their advocate, how could I say no?

As of today I am now the Director of Community Engagement for Black Tusk Studios. I’m not sure there is a word that properly expresses my excitement at the opportunity to represent this community. Gearstastic? Lambentocity? AWESOMES OF WAR? I have time to work on it.

I’ve been hiding, I confess. I’ve been shadowing the Gears forums and looking at people’s thoughts. I don’t just want us to make the best next generation Gears of War game ever, I want to make sure that everyone playing the game today feels just as good today and down the road in their investment into our amazing world as we do. There’s a Gears nation out there. I’m a part of it and it’s amazing.

So now it’s out. So hit me. You can email me directly at Stepto@microsoft.com or Stepto@stepto.com or my twitter at twitter.com/Stepto or the official Gears of war social media feeds at @GearsofWar and @BlackTuskStudio.

It’s not like we’re just starting out here, we’ve been passionate about the community from the get go. We’re expanding that commitment from the fine work Jack Felling have been doing and going big.

I want to be flooded with your thoughts. I want to hear everything you like, dislike, want, don’t want and hope for in relation to this rich and amazing world. Spare no detail. All thoughts will be entertained. Depending on volume I cannot promise I can respond to everything, but I do promise this: I will forego sleep to try.

It’s a mad world. Let’s get busy and Jump in.

The Curious Tale of MS03-007

7

This is a story about how I knew within a window of 48 hours when the invasion of Iraq (2003) was going to happen.

It was early March, 2003.  I didn’t know exactly who the guys in suits were, but I knew they weren’t Microsoft.  Only one person I knew wore a suit daily to work at Microsoft, that was Raymond Chen. And he wore a much better class of suit than the guys who suddenly appeared late one evening on floor 6 of Building 40 on the Microsoft campus.

I had joined the Microsoft Security Response Center in November of 2002.  The Slammer attack was my first introduction to *the entire Internet* going offline as a result of a Microsoft security issue.

We were only just recovering from that event.  While all the appropriate and smart people had been mobilized to deal with Slammer, we were not happy with how ad hoc the response was.  So during the month of February and March we developed the Microsoft Internet Security Emergency Response process, MISER. Bill Gates hated the name. It was soon changed to Software Security Incident Response Process, SSIRP.

All I knew was that I had just been given one of the largest offices in the building, where I had installed a bar and held press calls on the security updates for all of MSRC and the ones I had program managed through the Windows team. Back then security updates happened every Wed. morning at 10am Pacific time, instead of every second Tuesday of the month like today. 

As release manager at the time, I would fire up “Yo, Pumpkin Head” on my computer and crank the speakers up as the updates propagated across the cluster of Microsoft.com and Windows Update.  We’d gather in the hallway and chatter as we made sure the updates and security bulletins reached their checkpoints while listening to the music. The entire process took almost exactly long as the song, around four minutes. When that music flooded the hallway, you knew updates were being launched. After that four minutes, I took press calls from CNN, MSNBC, ZDNET, NYT, etc for the rest of the day.

Point being, I was finally settling into the role vs. being in emergency mode for weeks over Slammer.

Then the guys in the suits showed up.

Our process was pretty established.  Microsoft issued security bulletins with updates to fix the problem. We didn’t issue warnings or advisories, we were dead set on issuing the transparent communication of the issue only when there was an update to correct it. At the time we viewed warnings or advisories as the equivalent of leaving a box of guns on the street corner and issuing a notice to citizens that there was a murderer in the area, go get your guns.  As many bad guys would get them, if not more, than attentive good guys. We learned better later, but this was the state in 2003.

I had just settled into the job as I mentioned.  I even had theme music. Then the guys in the suits showed up.

I wasn’t even involved at first.  I walked past our reserved emergency conf. room and in it were George, Ian my boss, Dr. Lipner, and the dudes in suits. I just walked on.  The most prized skill in information security is knowing when you do not want to be burdened with knowing what you do not already know.

It wasn’t until later that Ian showed up in my office to talk about it.

“You know what’s going on?” Ian knew I usually had my ear to the ground.  On this I didn’t.

“Dudes in suits. Usually US government.” I replied.  Ian had served in foreign military, specifically artillery. If it was US gov. in the room I’m sure they were roiling over what they would have to make him sign.

“Yea but do you know what’s going on?” Ian said.

“Nope!” I said.  I’d been knee deep in the regular reported vulnerabilities and MSRC work.

“How much do you know about WebDAV?” he asked.

Turns out I knew a lot.  Back then, WebDAV was a godsend to moving files around over the Internet vs. FTP or trying to use straight up HTTP.  WebDAV essentially treated certain web stores like a mapped network drive.

And in Windows 2000 it had a huge gaping hole.  It was enabled by default.  On all versions.

Ian explained carefully the issue to me, and that the guys in suits, from a section of the US government I’m not going to specify, had discovered it because they were attacked.  And that section of the government had a very important operation about to begin within 14 days.

“How soon do you think we could do a patch?” Ian asked.

I knew the Windows Sustained Engineering team’s schedule and backlog and made a scratch guess.

“No test, smoke test, full test, 14, 21 and 30 days.”  No test meant make the update, someone next to you tests that it fixes it, and you just ship it. Never mind the hundreds of millions of configurations in the world. It was the worst kind of update to ever release.  One we had never done before. 

Smoke test meant some more testing meaning seven days of in house testing.  Full test meant we would release the update to a number of high profile volunteer customers without letting them know specifically what it was for, so that we could understand the full impact.

“No good,” Ian said.  “We need to have it before mid March.”

“Ok, But that’s going to be a realignment of just about everything in the pipe.”

“This issue is worth it.”

That was no easy thing, and Ian knew it.  Before long I found myself in the room with George and Dr. Lipner and Ian and Mike Nash our VP.  Oh and the guys in suits, who I was never introduced to.

Here was the crux of the problem.  All Windows 2000 machines were essentially open to a trivial wormable attack like Slammer through this WebDAV vector.  It had been discovered by a government agency who had been attacked. Suddenly we had to re-evaluate how we communicated about updates.  This was bad enough we would have to consider going with how to block the attack before we actually had an update.  At the time that was anathema to the MSRC.  But this situation caused us to rethink everything.  We drew a line a long time ago before I joined, that no government got preference over users. But this wasn’t about an update per se it was about the existence of the hole. We had to figure out what to do if it became known, not for the agency involved but for everyone.

We handled it like we did any other update.  The reporter in this case we decided didn’t matter.  The severity drove the update, not who reported it.

The Windows team worked night and day to produce a fully tested update within 10 days.

On March 15th I wrote the very first Microsoft “Security Advisory” without a patch which contained information describing the issue and how to manually disable the functionality.  It was never released. We sweated the next two days until Wed, March 17th 2003 and released the update.  The security bulletin for the update contained much of the content I wrote for the advisory.

That particular event ended up forming the nascent idea that we should consider advisories when issues might take time to fix.

As I played the music down the MSRC hallway in building 40 that day, I was approached by a member of the senior staff. (Nope, not saying who)

“You know who got hit right?”

I had a good idea.  But just nodded. “Kinda ironic the patch is 007.”

“Watch the news in the next 48 hours.”

War fever has been gripping the US for the past 2 months, it wasn’t difficult to figure out what was about to happen.

On March 19th, the United States of America invaded Iraq.

EVERYTHING MUST GO

1
So I have a box with 25 softcover editions of my first book, A Microsoft Life, and 11 Hardback copies. I asked twitter if people would like signed personalized copies from this stock so here’s the deal!The softcover is $16 plus shipping generated by Paypal. I originally said $15 but I could not find on Paypal where I could include “handling” in order to input the 99 cents the envelope costs so I just added that to the base price. (Seriously the Paypal options are daunting to me.  It’s sometimes hard to figure out just how you want to sell on your site.  Anyways.) There are 25 of the softcovers.There are 11 Hardback copies at $26 a copy plus shipping.VERY IMPORTANT: When you make your order tell me your favorite thing in the “message to seller” box. I will make this part of your personalized inscription.

So! Here you go, a button for the softcover:





 

HARDCOVER IS SOLD OUT

A Microsoft Life: The Audiobookening

0

Tonight I am proud, very proud, to release the audio version of my book, A Microsoft Life.  This edition is called “A Microsoft Life: The Audiobook Expanded Edition with Bonus Material and Surprises (Abridged), with a forward by Wil Wheaton. A forward by Paul and Storm. A forward by Mike Phirman. A forward by Len Peralta, A forward by Larry Hryb, and a forward by Joel Watson”

I am BEYOND EXCITED to tell you it’s now available at Bandcamp. It’s 13 dollars, NAY!  $12.99! Go here to get it, then come back!

From the moment I released A Microsoft Life people asked for an audio version of it. That was fine by me because I have immensely enjoyed actually performing stories from it at spoken word events and at w00tstock. So I invested in some audio equipment (a q-mic personal audio booth and Blue Yeti microphone) and got to recording and learning the ins and outs of producing audio. At the same time, I knew this was going to have to be an abridged version of the book. Some stories in the original work relied on visual gags, and others just didn’t make sense to perform (like some of my speeches, which are widely available on YouTube.) So I picked my favorite stories to perform, and recorded those.

I felt a little bad about the audio version having to be abridged,  then I remembered “hey! I know a bunch of famous people! I wonder if they would like to contribute!” So I had some very good friends each record a Foreword for the book.

I’d like to think that my audio book has the most forewords of any audio book ever. It’s, quite frankly, FOREWORDTASTIC.

I created a couple of new content bits, and I wrote BY MYSELF* an original song and all the chapter intro music. Ok, on the chapter intro music I cheated a lot and used Garageband. In addition to the tracks I included an outtakes reel, some scans of the original drawing my friend Mark did for the cover, a .PDF copy of the FULL text of the book itself, and some pictures of Remington.

I learned a lot and had a great time producing this edition of the book. I pretty much did it all on my own except for the forewords of course and the final song, so if you spot amateur mistakes then yup, that’s me. I’m an amateur at this.

Here’s the track list:

  • 1. Introduction 04:22
    2. A Foreword by Wil Wheaton 04:08
    3. Introduction the Second 09:30
    4. Genesis 07:39
  • 5. Genesis 2 09:37
    6. A Foreword by Len Peralta 01:26
    7. On Bill Gates 09:09
    8. The Great MS-DOS 7 Caper 10:04
    9. A Foreword by Storm, of Paul and Storm 02:00
    10. That One Time, During the Windows 98 Launch 08:26
    11. Sydney, Where the Bare Ass Spankings Lie 12:09
    12. A Foreword by Mike Phirman 02:57
    13. Perspective 06:03
    14. A Foreword by Joel Watson 03:07
    15. Don’t be a Dick 06:29
    16. I got the PAX 26:37
    17. A Career in Infinite Repose 05:46
    18. A Foreword by Paul, of Paul and Storm 02:59
    19. Outtro 01:33
    20. A Foreword by Larry "Major Nelson" Hryb 03:43
    21. Stephen "Stepto" Toulouse and John Drake – The Legalese (A song) 05:03
  •  

Now this next bit is very important: Two thirds of the proceeds from the audio book will be going to Child’s Play, in keeping with the blog entry I wrote here.

Let me say that again, 2/3’s of the proceeds will go to Child’s Play. The remaining third is basically for recouping a little of the money we spent on taking care of Remington. For everyone who originally contacted me to donate to Remington’s treatment, not only can you do that but you can help sick kids as well! I’m handling the donation directly because if I do it that way, Microsoft will match dollar for dollar the amount I donate. I also plan to keep the blog and my twitter updated with the running total to keep me honest and you can see the progress.

There’s so many people I want to thank. First of all I absolutely want to thank Mr. John Drake of Harmonix for his audio work, as well as Paul and Storm, Mike Phirman, Wil Wheaton, Len Peralta, Joel Watson and Larry Hryb for their incredibly funny and clever forewords. It was insanely generous for them to lend their names and time to this project. What started out as kind of a funny joke took a more serious turn when Remington got sick, and knowing that their time will most likely result in increased funds to charity makes me feel really really good. As always I want to thank Rochelle, we managed to keep each other sane both during the recording process as well as Remy’s illness. She had to endure periods of time where I had to insist on absolute silence in a house with several dogs and a cat. No easy feat.

Lastly thank you guys. Your support during the past two months has meant the world to me.

So all this has been really long, I hope your download of the book is complete. It will be appearing on other venues like iTunes, etc at the end of the year. But for right now the maximum return on dollars for charity is through Bandcamp. While iTunes and Amazon MP3 and Zune may be convenient, I urge you to use Bandcamp and add the book manually to your library.

The kids will thank you for it.