An "open letter" to Microsoft...

Once again, commenters everywhere are espousing opinions on Microsoft's latest statements regarding the company's plans to disallow updates for pirated copies of Windows (and other software).

We all know taking that position results in one primary problem: Unpatched computers get infected or overrun and then bombard computers of others - making victims of people with valid, paid-for copies of Windows.

I understand Microsoft's position, I disagree with it, and I have a solution.

Patch the pirated computers, "update" the pirated computer's firewall to control two-way traffic, then turn that firewall on. Turn it on all the way. Like as in "nothing-in, nothing-out." Stop all the network traffic on those machines. And put "PIRATED" in all four corners of the screen, like you do with Safe Mode. Heck, for that matter, only allow users to boot into safe mode if it's pirated.

Of course, you could leave open connections to, say, a Microsoft site where people could be allowed something like, oh maybe 30 days to register their software. Give 'em a reduced registration rate maybe. Or maybe not. That's up to you.

Seriously - A significant portion of my job is protecting my company from all those unpatched and out-of-date computers. My time is valuable, and so is the time of many others like me. The ball belongs in your court - Where thousands of people have to spend hours and hours defending networks, you can fix it for all of us in one fell-swoop.

Microsoft's failure to patch problem computers makes for a less-secure Internet. It makes for higher operating costs for my company. It means I am focusing my time on things I need not deal with. It means I'm not focused on more important things that deserve my individual time.

Revenues are important, sure, but so are your customers, and so is wide area network security. This is the one area where revenues might just need to take a back seat. Think about it. Do the right thing.

Drastic? Sure, but healthier than leaving security holes all over the planet.

By not helping your enemies, you hurt your friends. You can't win, but you can make sure the people who are already on your side are taken care of.

Patch that software. Then get 'em with the firewall. Do it. We need you.

And thanks for listening.

EDIT:

P.S. - Is this a little tongue in cheek? Sure it is, somewhat. The idea is to discuss all the options and possibilities, and I think people need to talk more about the option of making it harder for software thiefs, regardless of the PR impact. Talking about it and actually doing it are two very different things, and often useful ideas come out of the conversations about the "fringe" options.

Already several emails and opinions are coming in (keep 'em coming, and you can also use the comments link below), so let me point out a few things...

• First, I don't think Microsoft is "evil" - and that was not my point. Not even close.
• Second, I know automatic updates would still work for pirated software under the proposed plan. That's not my concern - apparently there are some idiots who steal software that just don't have the brains or desire to turn it on, for whatever reasons.
• Third, I'm not freaking out over something that hasn't happened yet. Rather, I am thinking about and commenting on something that's being discussed and in which I have professional interest and experience. Part of my experience is that if you offer opinions before Microsoft takes action, you're more likely to have your opinion count for something, however small. Come to think of it, that's more about the way the world works in general than it is about Microsoft...
• Fourth, my thoughts are more about Microsoft asserting itself from both the "security-custodian" and "software-seller" roles. Two statements (drastic ones, granted) in one brush stroke.

Mitch Wagner at Security Pipeline has his own opinions on the matter, too. See what other people are writing about the subject with Feedster.

Interesting conversation. What do you think?

Joe Stagner, a Developer Community Champion at Microsoft, will be presenting a series of two webcasts per month, starting this week and running through May on the general topic of designing and writing secure applications.

Dubbed the "Digital Blackbelt Series," the webcasts will cover these topics:

Today was a real win for - and by - the people of Iraq. Today was a great day.

Read reports direct from Iraq here, and see more photos here.

Atheer Almudhafer, from Falls Church, Va., gives the Iraqi sign of victory after casting his absentee ballot at the New Carrollton, Md., voting station, Jan. 28, 2005. His finger is marked with indelible blue ink, intended to prevent double voting. "I give the sign of peace and voting. Together it is victory," Almudhafer said. Defense Dept. photo by Tech. Sgt. Cherie A. Thurlby, U.S. Air Force.

Microsoft has opened up the Office document formats and made them available for the world to see.

The Schemas provide developers and representatives of business and government a standard way to store and exchange data stored in documents. The download contains documentation on a number of XML schemas for Microsoft® Office 2003 Editions including:

• Microsoft Office Word 2003
• Microsoft Office Excel 2003
• Microsoft Office InfoPath® 2003
• and Microsoft Office Visio® 2003

It also includes schema information for:

• Microsoft Office OneNote® 2003
• Microsoft Office Project 2003
• and Microsoft Office Research Services

Download the schemas and documentation and read the Office 2003 XML Reference Schemas Frequently Asked Questions.

News coverage from TechWorld:

"The move puts Microsoft on a better footing to compete against open-source applications and non-proprietary document formats. Governments around the world have begun to reconsider the use of proprietary formats, which usually lock them into using particular applications and may hinder archiving efforts.

"Microsoft Office formats have become a de facto standard, one of the factors making it difficult for organisations to use alternative applications."

(via Robert Scoble)

My employer, Corillian Corporation, has a few openings, including one for an employee to work on the IT Department's Help Desk. Maybe you'd be interested, or maybe someone you know would fit the bill?

Corillian is a Portland, Oregon-area software company, and IMHO it's a pretty darn nice place to work. Great challenges, great opportunity, and great people.

The IT Help Desk job is an entry-level or early-career position, working in the corporate IT department. The employee in this position acts as the point person for the company's internal help desk. Managing requests for service and basic Windows computer and network troubleshooting are the primary day-to-day job tasks. Excellent customer service skills and a customer-oriented, confident, on-your-game personality are critical. The company is looking for someone who can hit the ground running from a customer-service standpoint.

If you or someone you know is interested, time is of the essence - So email or call me and I will put you in touch with the hiring manager. My email is greg@greghughes.net and my office phone is 503-629-3771.

QA and Software Developer Positions: I am told that Corillian is also looking for QA and Software Engineers, so if you are what a leading-edge software company would consider a top performer in either of those areas, email or call me about those positions, too, and I will make sure you are put in touch with the right people. It'll be competitive, I can tell you that, so be prepared, but don't hold back.

Note: This post is my own, and is not a communication by or for my employer. I am just trying to make people aware of some opportunities that I happen to know about. In the interest of full disclosure, I should say that if you get hired, depending on the position they might spot me a small bonus that would probably pay for a nice lunch or dinner for you and me. But don't count on it - and the help desk job reports under me in the organizational scheme, so I am not eligible for any bonus on that position. Phew! 

Nikon has announced that their cool new D2X digital SLR camera will be available on February 25th, and that it will sell for a "suggested" street price of $4999.00. Hook up a GPS device to record location data. Transmit data via WiFi. Remote control the camera. Instant-on and fast shutter response time of 37ms - great improvements for low-lag operation. Flash sync at 1/250th of a second. Awesome metering. Fast continuous shooting. All nice stuff.

But there's one thing that will keep me from even considering buying this camera. And it's not the price.

It's this bit of info, gleaned from the fine print in the spec sheet:

• Approx. 1.5x focal length in 35mm [135] format equivalent

Argh, no! I have to say, I was pretty darned surprised to find this hidden in the back of the specs list, especially since they are marketing the D2X as being capable of "5fps continuous shooting mode full size or 8fps in a 6.8MP cropped mode." Turns out the "cropped mode" means a 2x multiplier over 35mm equivalent, as opposed to non-cropped mode, which has a 1.5x multiplier.

Very sneaky. Very sucky.

At 12.4 megapixels and $5000, someone tell me why in the world camera manufacturers can't put a chip in the thing that will make it act like a real 35mm camera from the field-of-view/coverage perspective. I'd take lower effective resolution (say 8 megapixels or so?) and no multiplier at this point.

Believe it or not, to someone who was a film photographer for several years, this actually matters to me. Nothing aggravates me more about digital SLR cameras than an image that has a telephoto-style crop and a short-lens depth of field. I hate that. I have a D70 that does that. Don't get me wrong, for $1000 I like the D70 just fine. It's a consumer-grade camera, and sure I'd like it a heck of a lot more if it had a chip that would use the lens the way it was built to be used. But this camera is more than the D70 can dream of being.

So, if I am going to pay five times the cost for a better camera, put in a full-sized chip that uses the full field the lens was built to cover. Seriously.

Hey Nikon - Just so you know, I was actually ready to seriously consider spending $5000 on your new camera - but now I guess I'll just wait. Again.

John Pultorak decided to build a real, working replica of the Apollo Guidance Computer - the ones that were used in the actual Apollo spacecraft.

"This report describes my successful project to build a working reproduction of the 1964 prototype for the Block I Apollo Guidance Computer. The AGC is the flight computer for the Apollo moon landings, with one unit in the command module and one in the LEM.

"I built it in my basement. It took me 4 years."

What a great project. Building one of these looks to provide useful insight into the entire computer system, from top to bottom and beginning to end.

This is the computer that got the first people to the moon and back. And you can make one yourself. Now that's cool.

(via engadget.com)

"Louis is here with the weather..."

The painful, awful, terrible weather.

"Maybe Louis, you can tell us what we can expect for the rest of the week..."

If you're ever having one of those days where you feel like the clumsiest person on the face of the planet, just click the link above, and find comfort in the fact that someone, somewhere has almost certainly had a harder day than you.

(I recall my time in journalism school, which is almost certainly where this tape came from, and it could be brutal at times. Broadcast news performance is an art, and artists are few and far between).

The other day I decided to change to using passphrases instead of single passwords on my Windows accounts. Aside from the minor headache of having to remember I made the change at all, it's been a good thing.

That is, until today.

This afternoon I decided re-enable my wireless sync with my Exchange server on my Windows Mobile 2003 smart phone (Audiovox 5600). I had disabled it when I changed the password the other day, with plans to set it back up when I had time. So I went to enter the new passphrase on the mobile device, but no workie... Apparently, while Windows and Outlook and Exchange-HTTPS and pretty much everything else in the Windows world supports passphrases that include spaces, not so on Windows Mobile 2003.

Apparently you simply can't enter spaces in the password box on the smart phone.

So, I have a choice to make: I can either change back to using passwords in order to allow my Windows Mobile device to sync with Exchange (one step forward, two steps back), or I can stay with passphrases and leave my Windows Mobile device crippled (don't even get me started on that one).

Needless to say, I am not very happy with either option...

Anyone have a solution? Am I missing something here? Seems to me when you create a password interface, you'd support what the back end system allows you to use?

National Geographic: Animal-Human Hybrids Spark Controversy

"Scientists have begun blurring the line between human and animal by producing chimeras—a hybrid creature that's part human, part animal..."

Makes me uncomfortable when I think about it for more than ten seconds. Anyone else feel the same?

Johan van Rooyen's Really Learn Spanish weblog includes a series of MP3 podcasts geared toward people who want to learn the Spanish language in the real world. I've just subscribed.

"A series of podcasts aimed at helping you in your efforts to learn Spanish using unconventional techniques I developed during the seven years I spent in Spain teaching English and learning Spanish."

Interviews, pronunciation explanations, and suggestions for how to learn all combine to help you grow in your acquisition of the language.

Very cool use of the delivery mechanism, and great content to boot. It will be interesting to listen to this new series over time. As of the time of this writing, Johan had released three installments in the podcast series.

(via blogyourway.com)

Mt. St. Helens continues to rumble and spew steam and ash, and Portland, Oregon radio station 1190 KEX posted a news story today with audio from the instrumentation used to monitor and listen to the mountain as it continues it's activity.

• Click here to listen to the seismic audio from 1190 KEX
• Click here for the story at the 1190KEX.com web site
• Latest Mt. St. Helens eruption information
• More St. Helens links than you could possibly ever need

Presenting to a group? Always disable your Instant Messenger client before you start with your desktop on the projection screen. (via Mitch Ratcliffe)

Another useful tip: Never, ever use your live email client on the screen during a presentation. That XXX Porn Superstore spam email will almost certainly be the first thing on the screen when you bring it up in front of the whole company during your demo... (I know this from personal experience)

Google has launched their Google Video Search, which lets you search through what appear to be transcripts from television shows for any terminology you woudl typically use in your Google searches.

For example, click here to search for "blogosphere" and you can click through and see where the term was used on television in recent weeks.

Cool stuff, especially if you're looking for coverage and use of key terms or names:

• Enron
• hubris
• tsunami
• "snow storm"
• "Academy Awards"

You get the idea.

I had to change one of my passwords today (good security practices and all that), and with the recent discussions around the 'net concerning using passphrases in place of passwords, I decided to go full tilt and start using passphrases on this account rather than passwords.

One of the great things about passphrases is that they can be quite long and secure, yet easy to type and remember. For example, I could use either of these as a secure passphrase that more than meets all the security requirements of a Windows standard password-complexity template:

Is this my nifty-difty passphrase?

   - or -

Wow yo thats a really cool Red Radio you have there!

Of course, I could also be more paranoid (and in real life I am) by using something like "Is this my nyftie-dyftie passphraze?" but even with the standard dictionary words, the combination of having to determine the number of words, case, punctuation, order and spacing is a pretty darn complicated task. For more information about effectiveness of passphrases and their complexity, read what Jesper Johanssen wrote on the topic.

I can included spaces and everything - they're part of the passphrase, and the fact that I am using dictionary words works in the case of a passphrase, where they don't really pass muster when using 8-character-minimum passwords.

Passphrases use multiple words or variations, can be out of place and odd, easy to remember and easy to type quickly. The only problem I have had since changing to my new passphrase is remembering that I changed my password at all - I keep typing the old one... It's like writing "2004" on checks, I guess... This, too, shall pass.

Anyhow, I can type my passphrase accurately every single time, very quickly and reliably, so I am happy with that. If I choose a phrase that means something to me at the time, it will be easy to work with until I have to change it again in several weeks. I think it's a good thing - all in all better from a user standpoint than convoluted and hard-to-type passwords.

More on passwords vs. passphrases can be found here. Also, Susan Bradley, who blogs about Small Business Server quite a bit, has some thoughts on the subject and some policy configuration information (via Adam Field).