An email list I am subscribed to had a quick thread that pointed to a conversation about FeedDemon and the fact that a user didn't want to use IE as the default embedded browser inside of FeedDemon. That's fine, but the problem is that someone suggested he actually abandon his favorite RSS reader (meaning FeedDemon) and try another one.

The recommendation was (in my opinion) premature. Why? Because FeedDemon can in fact use the Mozilla engine as it's embedded web browser, and you can find out how here.

And by the way - if there's something you wish was in FeedDemon for the future, Nick listens. Go to the FeedDemon forums and just ask.

There is an interesting post describing the exploit of a weakness in MD5 via collisions, with a reproducible real-world example. The authors computationally found the collisions and were able to reliably and predictably produce two completely different postscript documents with the identical MD5 checksum. Their use-case story revolves around maliciously capturing a digital signature and using it for something other than it was intended. In the story, the MD5 checksum is relied upon to validate the authenticity of a document. The researchers wanted to show how this flaw could possibly be used in the real world.

"Recently, the world of cryptographic hash functions has turned into a mess. A lot of researchers announced algorithms ("attacks") to find collisions for common hash functions such as MD5 and SHA-1 (see [B+, WFLY, WY, WYY-a, WYY-b]). For cryptographers, these results are exciting - but many so-called "practitioners" turned them down as "practically irrelevant". The point is that while it is possible to find colliding messages M and M', these messages appear to be more or less random - or rather, contain a random string of some fixed length (e.g., 1024 bit in the case of MD5). If you cannot exercise control over colliding messages, these collisions are theoretically interesting but harmless, right? In the past few weeks, we have met quite a few people who thought so.

"With this page, we want to demonstrate how badly wrong this kind of reasoning is! We hope to provide convincing evidence even for people without much technical or cryptographical background."

Once again, security by obscurity defeated. Interesting read and might make you think. If anyone has comments on their test or process. I'd be interested to hear.

For those with a tastefully colorful sense of humor, here's some tech news. It looks like a new MP3 player in the shape of a toy bear has been released...

Controls are located on the little blue arms and on its head, but(t) what's the best thing about it? To sync with your PC, you just hook up to it's USB rectum:

Nice. Classic. Sure makes ya wonder, though. What were they thinking? Heh.

(via the Raw Feed)

Microsoft has released their Windows Server Update Services (WSUS) product, which is a replacement for Software Update Services (SUS). The server solution acts as an in-house patch management and deployment solution for your networked Windows machines and core applications.

What's New in Windows Server Update Services:

• More updates for Microsoft products, in more categories (Windows XP Professional, Windows 2000, Windows Server 2003, Microsoft Office XP, Office 2003, Microsoft SQL Server 2000, Microsoft SQL Server 2000 Desktop Engine [MSDE] 2000, and Microsoft Exchange Server 2003, with additional product support over time) 
• Ability to automatically download updates from Microsoft Update by product and type
• More language support for customers worldwide
• Maximized bandwidth efficiency through Background Intelligent Transfer Service (BITS) 2.0 (BITS 2.0 is not installed by Update Services and is available on Microsoft Update)
• Ability to target updates to specific computers and computer groups
• Ability to verify that updates are suitable for each computer before installation—a feature that runs automatically for critical and security updates
• Flexible deployment options
• Reporting capabilities
• Flexible database options
• Data migration and import/export capabilities
• Extensibility through the application programming interface (API)

This new release is ten-fold better than the old SUS product, and if you are responsible for deployingpatches reliably and verifably across your company, this is something you must at least try. It will save time, improve your comtrols, and generally help you sleep at night.

Oh - and it's free to download. Just install it on a Windows 2000 SP4 or Windows 2003 server - your existing CALs cover it.

• Info here
• Download here
• FAQ here
• Full product overview here

Too bad there's not a Windows Mobile device that truly rivals Blackberry's form-factor for durability and real-world practical power use (yet, that is) (in my humble opinion, that is), but I can continue to hold out hope for better PocketPC's now.

Why? Because the Windows Mobile OS (2005 version) will soon be getting a messaging security and feature pack update that will enable "push" technology for instant delivery of all your Exchange 2003 info (email, contacts, calendar, etc) to your Windows Mobile 2005 powered device. Exchange 2003 SP2 will enable the functionality on the server side.

So half my concerns about the PocketPC/SmartPhone editions of Windows Mobile will be alleviated - namely the always there, immeidate delivery story.

Funny thing... I was having coffee with a Microsoft friend just the other day. He asked me why I was still using a Blackberry (common question from my Microsoft acquaintances), and I didn't have to say much. My first argument was the lack of real-time push.sync (which we both knew was coming on with the next Exchange update and the Mobile update). He agreed with me in one respect, though: RIM got the form-factor figured out when they built these Blackberry things - nailed it right on the head. RIM's keyboard rocks, plain and simple.

Good going for the Windows Mobile team. Lord knows that whole Blackberry Connect thing has never really panned out (it's supposedly Blackberry software that runs on the Windows Mobile OS, but it's really not materialized anywhere to speak of).

But about those devices running Winodws Mobile... They need to be improved to really make them work and hold up. My idea? Simple. Microsoft doesn't make the hardware (they keep reminding us of this, and it's become more of an excuse than a reason over the past couple years, guys), but they do have some control and impact in that area. Microsoft should exercise some release management and licensing control over the hardware manufacturers - Perhaps they should specify some quality and usability requirements and license the OS first to those manufacturers that actually produce a better product. that meets some stringent requirements for usability, reliability, durability, performance and battery efficiency.

Important message to all companies looking to do handheld QWERTY keyboards: You might want to consider where you're going to spend your "innovating" funds. You might be best served to simply pay RIM however much they ask to use their keybord. Like, as in their actual keyboard, not some knock-off, lumpy chicklet version like on several of the Windows Mobile powered devices I have used in the past, or the river-rockish Treo keyboard (yuck). Just buy the technology from RIM - Their's ain't broke, nothing to fix or improve.

At any rate, looks like the possibilites continue to change and grow, and Microsoft's made a good move here. Glad to see it's coming to pass.

I was super busy all day yesterday, so I didn't get to update about the Tablet PC stuff that was announced by IBM. The news is everywhere, so I am just providing a few detail items that matter...

First of all - A link to the IBM/Lenovo PC Institute's webcast from Monday (which is available til the end of June). They spend a lot of time talking up TabletPC's in general (Tablet PC's for beginners), discuss what they saw in the Tablet PC market that people really wanted, and show off their new X41 model.

Too bad it's 1024x768 though. That's going to have to change at some point. But I can live with that, my Acer Tablet that I've been using for some time now is 1024x768... I like the resolution of the Toshiba (yes I have used that one as well), but not the screen image quality. We can still dream.

And finally, here are the two models that were given actual online catalog prices and remain listed on the IBM/Lenovo SKU list that I mentioned last week. And hey, what happened to the others that were on there, and where's the $1899 model everyone's quoting press releases on?

X41 TABLET PENT M LV 758 (1.5) 12 WAXGA 256 40GB BG XPT 8C
LENOVO 18662GU
$2,199.00
 
X41 TABLET PENT M LV 758 (1.5) 12 WAXGA 512 40GB BG XPT 8C
LENOVO 18666GU
$2,399.00

Ok, time for a random pet-peeve post. I don't do these often, but I figure maybe I can change the whole world if I post this, so here goes:

People, listen up. If you learn only one grammatical/spelling/language rule this year, please make it this one... It will improve your sales figures, professional development, ability to earn promotions and recognition at work, and your general status in the community. Seriously.

Loose is a four-letter word.

Now, allow me to explain...

• Loose = loos = adj/adv, meaning not tight, fastened, restrained, rigid, bound, etc.
• Lose = looz = verb, meaning to fail in, or to fail to retain possession (opposite of win or find)

I can't even begin to tell you the number of emails, blog entries, letters, and even printed and online professional news articles (who's copy-editing these days anyhow?) I've read where members of the Hooked-on-Phonics generation (dat's Huhked-ahn-Fonikz fer yoo membrz) use the incorrect word in a variety of sentences.

Examples of improper use of "loose" in a sentence:

• "Joe is such a looser. I can't believe that guy."
• "If you don't try hard enough, you'll loose the game."

Examples of correct use of "loose" in a sentence:

• "He's got a screw loose in his head."
• "Your seatbelt is looser than mine."

I could also easily list a variety of colorful uses of both words in the same sentence - but I won't. Use your imagination and post a comment if you feel so inclined.

How have you seen these words (or others) completely butchered? Any funny examples?

It became obvious last week that the IBM Tablet PC was most definitely real. Now it appears IBM/Lenovo will hold a webcast to introduce their X41 Tablet PC to the world, probably on Monday (possibly Tuesday since the URL includes 07June in the address?).

Lenovo/PC Institute: Complimentary Tablet Webcast
06 Jun
IBM Business Partners
Customers

Description: Be sure to tell your Business Partners and customers about this complimentary Webcast on the one-of-a-kind features of the new ThinkPad X41 Tablet!

This Webcast will feature:

• A demonstration of ThinkPad X41 Tablet
• The new Lenovo CEO and VP of Marketing explaining Tablet's importance in the marketplace
• Microsoft, Dendrite and Siebel discussing Tablet OS and ISV strategy
• Customers, including MIT and Harvard Medical School, as well as IBM’s Healthcare and Life Sciences GM, discussing Tablet's use in the public sector

Replay available through June 30, 2005.

eWeek says Microsoft will release a security roll-up for Windows 2000 this week. The roll-up package replaces Windows 2000 SP5, which was recently scrapped. You'll need to have SP4 already installed to apply the rollup. It will be available via Windows Update, SUS, et al.

It's scary how time flies...Windows 2000 is five years old now - wow... Speakimng of which, mainstram support for Windows 2000 ends on June 30th, when the OS goes in to "extended support" mode (which means you pay for support pretty much no matter what).

Information from Microsoft's web site to answer questions people have asked in email and elsewhere:

Windows 2000 Server and Windows 2000 Advanced Server support dates:

• Mainstream Support ends June 30, 2005
• Extended Support ends June 30, 2010

Mainstream support includes:

• Incident support (no-charge incident support, paid incident support, support charged on an hourly basis, support for warranty claims)
• Security update support
• The ability to request non-security hotfixes

Extended support includes:

• Paid support
• Security update support at no additional cost
• Non-security related hotfix support requires a separate Extended Hotfix Support contract to be purchased. Per-fix fees also apply.
• Microsoft will not accept requests for warranty support, design changes, or new features during the Extended support phase.
• Extended support is not available for Consumer, Hardware, Multimedia, and Business Solutions.

Complete Windows lifecycle dates are listed here. Other products also listed here.

Not running on Windows Server 2003 yet? Make the move now and you'll be glad you did - if you haven't tried it, you seriously don't know what you're missing. Not to mention the fact that most every substantial future network security enhancement from Microsoft will rely on the back-end of Windows Server 2003.

And for those still on NT4 - Your version expired long ago, and it's replacement is entering the old folks' home. Time to get with the program and secure your little world.

I use BlogJet to post nearly all my weblog entries - it's a great client-side application that connects to pretty much every blog package you can think of. So, you can write your blog posts locally, include and resize images, format to your heart's content, etc., and then post to your weblog software when you're ready. You can also edit your blog posts. I'm writing this post in BlogJet now - so this would be a BlogJet post about BlogJet.

It'll also record audio, check spelling, and insert "what's playing" info. It creates context menu items that allow you to "BlogJet This" and adds a web browser action button.

Anyhow, BlogJet is cool and awesome. You can get the v6.1 Beta 1 version here.

For complete BlogJet info, go to http://blogjet.com/

Blogging is reaching new heights. While Scoble's blogging from the seat of an airliner with WiFi on a trip to Europe on his way to a geek dinner (sounds like fun), a group of 20 police officers and companion climbers are slowly but steadily audioblogging their way to the rugged summits of Denali in Alaska (20,320 feet) and Humphreys Peak in Arizona (12,634 feet).

Using a satellite phone in Alaska and mobile phones in Arizona, the officers are calling in to a special phone number at audioblog.com, which immediately posts their voice recordings to the Climbers' Weblog at copsontop.com.

Both teams will strive this weekend to summit the mountains as a memorial to honor the lives, service and sacrifices of police officers Eric White and Jason Wolfe, both of the Phoenix, Arizona Police Department. Officers White and Wolfe were killed in the line of duty on August 28, 2004, while searching for a suspect who had just shot another man in the chest.

The officers are members and representatives of Cops on Top, a non-profit organization of police officers and others who execute memorial expeditions to remember peace officers killed in the line of duty. The audioblogging technology enables the teams to document their progress in real time, and to reach the families and friends of those fallen officers who are honored on each expedition.

From The Raw Feed - Apparently they've finally found a way to completely eliminate the Blue Screen of Death in Windows Longhorn:

Make it red.

Now, why didn't someone think of that earlier?

Microsoft just announced that Office 12 files will all be XML-based.

XML: It's not just for InfoPath anymore... From Microsoft Watch:

The new Word, Excel and PowerPoint formats will be designated as .docx, .xlsx and .pptx , respectively. Microsoft is referring to the family of new formats as "Microsoft Office Open XML Formats."

Microsoft is committing to publish the forthcoming XML formats and make them available under the same royalty-free license under which the current Office 2003 file formats are. Licensees will be able to integrate these formats into their servers, applications and business processes "without financial consideration to Microsoft," according to the Redmond software vendor.

Awesome - this is big news, and while some will undoubtedly scoff, this is a great move in a good direction. Integration, integration, integration - EXCELLENT!

Jeremy Zawodny of Yahoo! has posted his company's new corporate employee blogging guidelines. There's a PDF file linked from his post, along with his comments.

Blogging policies are (I think) a good thing for companies to have. Why? Because they set the stage with the proper expectations right up front, before a problem can begin. People often benefit from having the context predefined, so they know what's cool and what's not.

In other words, having a good policy enables people much more than it restricts them. That's why I'm glad my company has a blogging policy, anyhow.

More and more companies are going beyond allowing their employees to blog, and are enabling and encouraging it. What's your company doing?

Just in time to finish off the month of May, the wild irises are coming out in full force all over the place on my property...

click on the image for a 1024x768 copy/desktop wallpaper
click here for a 1600x1063 copy/desktop wallpaper