Today I found Sig Weber's Playground and his xslt files for reading and formating a RSS feed using a XML webpart. This is pretty simple stuff except for the XSLT stuff and is equivalent to Leadit's version. I prefer the format of Leadit's version but would prefer to have ability to customize the feed display with xslt. Hmm…

I decided to write a description of my firewall policy today. I have been tweaking it again to get the RSS Reader webpart to work. I think if I write it out I will better be able to see any logic errors.

General Firewall Policy Description

1. Allow computers in the local domain complete access to other computers in the local domain.
2. Deny inbound access from the internet.
3. Allow computers in the local domain anonymous outbound access to the internet with the following protocols:
   1. HTTP
   2. HTTPS
   3. FTP
   4. POP3
   5. SMTP
   6. NTP(UDP)
4. Authenticate the user using Windows integrated authentication for IP protocols other than the ones listed above.
5. Minimize the downloading of advertising and sexual content.

Firewall Rules and Implementation

1. Direct Access Rule – Direct access to computers in the local domain is granted via the proxy client configuration for the web browser.
2. Default Inbound Access Rule – Inbound access from the Internet is denied by the ISA firewall by default.
3. Protocol rule #1 – If the client is from the local domain, anonymous outbound access is granted to the Internet for the normal protocol set, HTTP, HTTPS, FTP, POP3, SMTP, and NTP. Almost all internet access will go through this rule.
4. Protocol rule #2 – If a client requires access to an IP protocol outside of the normal protocol set, that client must be authenticated using windows integrated authentication.
5. Site and content rule #1 – Deny content from known advertising websites listed in the “No Ads” destination set and redirect the link to a local web page. This rule increases bandwidth by reducing the amount of unnecessary content being downloaded from the internet.
6. Site and content rule #2 – Deny content from known sexual websites listed in the “No Sex” destination set and redirect the link to a local policy web page.
7. Site and content rule #3 – Allow clients from the local domain access to all domains that have not been explicitly denied.
8. Do not authenticate outbound listener. I think this is a temporary fix to get the RSS reader webpart to work and requires that the web.config have a <defaultproxy> statement. This is opposite of what the folks at www.isaserver.org recommend but their recommendation does not work for my server. All http connections end up being anonymous but I don't care.

I got an email from Jan asking me to comment on his Essentials webparts on his weblog. I really like them because they show what I have  been working on. I set up a quick and dirty homepage to use them as a simple status report. I used a default template and just dropped the Navigation webpart, the Whats New webpart, and the RSSReader webpart on to the left side. Simple but satisfying!

Since I had recently reinstalled Sharepoint to fix an unrelated problem, I had to reinstall the webparts. So I made sure I had the latest versions and started off with the RSSReader. It looked easy. It had an installer! The bad news is that it finishs with an error.

========= WPPackager install log started 3/26/2004 11:18:39 AM  =========
3/26/2004 11:18:58 AM: Error: Config file: 'd:\inetpub\wwwroot\web.config' for virtual server 'http://companyweb/' is missing or appears invalid. Could not apply required CAS settings to this server.
3/26/2004 11:18:58 AM: Error: Could not apply required CAS settings to virtual server 'http://companyweb/' during installation of 'Lead-it SharePoint RSSReader Webpart'
3/26/2004 11:18:59 AM: Success: Installation Successfully Completed

The good news is that the error does not matter!? The dll is in the GAC. The web.config is configured. The webpart is in the wpcatalog. Once you figure out how to configure your firewall you are set. That was actually quite hard. I decided to put my findings in a second post on my weblog since it is specific to ISA.

The installation of Essentials was quite easy if you knew the locations of your wpcatalog, web.config, and GAC. I found that I only needed to restart the sharepoint server to start using them.

Yesterday I renewed my mail account on Yahoo and upgraded to Mail Plus. This adds more disk space, a spam learning feature, and virus protection. Today I installed the latest version of Mailwasher Pro and turned on its spam learning feature. Both these products show a remarkable amount of agreement on which mail is spam. I am hoping these two products will help me get rid of spam and avoid false positive mishaps. I think the use of Yahoo and other web mail providers is a viable strategy for small businesses. Although my setup is probably overkill it is not costly or time consuming. Email that makes it to my PC probably goes through three or four spam detectors and at least two virus checkers. I averaged 156 deleted emails per day with MailWasher. The bulk of these obviously were spam. It is interesting to note that the latest average for the week is only 126. Maybe this is a trend.

Today I finally got Sharepoint installed and working. Here was the plan.

1. Stop the Sharepoint database with NET STOP mssql$sharepoint.
2. From the Add or Remove Programs, remove Sharepoint.
3. From the Add or Remove Programs, remove the MSDE instance of sharepoint.
4. Reboot.
5. Install a new instance of SQL Server called SHAREPOINT using the Premium cdrom. When it asks, change the default disk location. Ignore warning message about SQL and Windows 2003.
6. Apply SQL Service Pack 3a to the new instance.
7. Start the database.
8. Run STSV2 and pick the server farm option. It tells you that you will have to manually extend the site after the installation completes. I got an error at the end complaining about FrontPage extensions on the default server.
9. Go into Sharepoint Central Administration and extend the companyweb site. I used the DefaultAppPool with Network Service.
10. Pick a site template.

I verified my installation by saving a document into Sharepoint and then bringing it back up. It knew who I was and did not ask me for a logon.

I finally gave up on trying to tweak Sharepoint to work and starting the process of re-installing. Guess what! The reinstall fails. It doesn't create the two databases. Maybe I am missing something? So I have downloaded STSV2. I think I will try to stuff it directly into a new SQL Server instance rather than go through MSDE first. I want to put the sharepoint databases on a seperate partition.

Along the way I downloaded the web version of SQL Enterprise manager. To get it to not ask me for my userid I had to give NETWORK SERVICE full access to the  Microsoft.Net\Framework\v1.1.4322 directory. I was trying to view my MSDE instances. It didn't help. My problem was that I was entering the server name incorrectly.

I modified my Sharepoint intranet site to use a couple of webparts from Leadit.SharePoint.Essentials. Jan Tielens did a nice job on everything except the instructions on how to install it. I think the Whatsnew and Navigation webparts on my main page are really handy. My intranet site is getting a little more useful than the ordinary file system it replaces.

It took me awhile to find this one. When I start Radio it tries to open a web page at 127.0.0.1:5335. If I tried localhost:5335 it worked. For some reason the ISA firewall was getting the request. Naturally it refused to allow me to do it. It didn't know any better but it shouldn't have been involved. I never had to do this before but I had to code 127.0.0.1 into the ISA client configuration for the web browser and hard code 127.0.0.1 as a site I could go directly to and then reboot my client workstation. I think this is a result of my change to using automatic configuration.

“This analysis will endeavor to address some of those concerns, but I will be quite frank: this was a definitive victory for al-Qaeda.“

A comprehensive article explaining why al-Qaeda picked on Spain and why it is a victory for Al-Qaeda. Acts of terrorism can cause people to vote more emotionally rather than rationally and may give elected officials the wrong message of how they need to respond. Terrorism blackmail works and Europe is the target.

Love Canal Declared Clean, Ending Toxic Horror. Love Canal was clean enough to be removed from the Superfund list two decades after it became the first site on the list. By Anthony Depalma. [New York Times: NYT HomePage]

I used to work for Occidental Chemical so I got more familiar with some of the details of the Love Canal problems. When I started work for them I was surprised to find out that the dumping occured before I was born. I thought it occurred in the 1960's but was surprised to find out it occurred in the 1940's.  I was also surprised to find out that this site was a state of art storage facility for chemicals in its day. The canal was ideal since it was clay lined to prevent leakage. The canal was capped and covered with top soil. When Occidental sold the land to the city for one cent, it was agreed the land would be used as a park. Somehow the city forgot about the dump and sold the land to developers. People putting in utilities and roads finally broke the canal but ignored the results. The position of Occidental Chemical was that almost everyone had some blame. The federal goverment was the primary customer of Occidental's products and advisor, Occidental because they made the products, the city because they sold the land to developers, and the state because it was their road crews who broke the canal. The end result was the Superfund legislation and the realization “we” had made some serious environmental mistakes throughout the country.