Over at VoIPSpeak, there's an article describing how to set up Asterisk@Home, a distribution of the Asterisk open source PBX software for Linux, in a virtual machine on a Windows box. It uses the recently-released (and free) VMWare Player for virtualization.

Note that Asterisk@Home is actually a bit of a misnomer - it's more like "Asterisk-Plus" - a package of the Asterisk PBX with many of the more common and popular add-ons and enhancements packaged up. Installation is simplified and the heavy lifting is mostly done for you. Running in a no-cost VM environment, it's really easy to mess with and learn from. Set up a couple soft-phones and you'll be able to try it out all you like.

(via Digg)

This one is perfect for students, who (we all know) spend way too much time on IM anyhow. So in the if-you-can't-beat-'em-join-'em department, have them add encarta@conversagent.com as a contact on their MSN IM people lists. Chris Sells pointed out this service - which ties into the Encarta online encyclopedia - the other day, and so I tried it out.

If you ever have to research things for classes or work and want a more accessible way to do so, you'll find it cool and useful.

Just open a conversation with the "Encarta Instant Answers" contact in your list and start asking questions. You'll get results right in the IM window. If there's information available from Encarta online (did you know you can use pretty much everything from Encarta online???), the agent will offer to share it with you in an expanded window (see below).

It works quite well, and has already tied up a bunch of my time. I'll be keeping this one in my IM contact list for sure.

(click above for a larger view)

Microsoft yesterday announced a zero-day exploit that affects Internet Explorer. The Zero Day Security weblog describes it well:

"A UK group known as 'Computer Terrorism' has released a proof of concept zero day exploit for fully patched Windows systems running Internet Explorer 5.5 & 6.x that takes advantage of a previously known JavaScript vulnerability. Microsoft Security Advisory 911302 covers the essentials. The only Windows systems seeming not affected are Windows Server 2003 and Windows Server 2003 with SP1.

"Of course, to be compromised the user must first browse to a malicious web site. According to Computer Terrorism: Contrary to popular beliefs, the aforementioned security issue is susceptible to remote, arbitrary code execution, yielding full system access with the privileges of the underlying user.

"Several informative sites include Microsoft, FrSIRT, MITRE, US-CERT, InfoWorld, eWeek and SANS (which suggests disabling Java or using another browser and has a BleedingSnort Rule on their site).

"Get ready for a patch blast from Microsoft on this one."

Microsoft's comments have been updated with the latest information. From their Security Advisory 911302 information page:

"...We have also been made aware of proof of concept code targeting the reported vulnerability but are not aware of any customer impact at this time. We will continue to investigate these public reports.

"Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

"This issue was originally publicly reported in May as being a stability issue that caused the browser to close. Since then, new information has been posted that indicates remote code execution could be possible. Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests..."

I was on the phone with a professional contact today, a guy who happens to do cybercrime and anti-fraud work in his job as a special agent for the FBI. That's a part of what I do in my day job, by the way - help chase down bad guys on the 'net and interact with law enforcement to shut them down. It's a fairly effective way to keep one foot in the door of my previous career (police work) and at the same time be firmly planted in the computer technology world. I also get to working with some really smart people who build great software that is used to prevent fraudsters from reaching victims.

Anyhow... So I was on the phone with my anti-fraud cohort, and he had that "FBI-agent-having-a-rough-day" sound in his voice. He's one of these guys who's always very positive, but it was clear quite a bit of work had been cut out for him and his coworkers over the past day or two.

It turns out there's a new set of fake emails running around that try to look like they came from the FBI or the CIA, and which have an attachment that is actually a virus.

Now, let's get one thing completely clear: If you ever get an unsolicited email that has a file attached, DO NOT OPEN THE ATTACHMENT. It doesn't matter if it's from the President of the United States or the Creator of of the Universe... Email is inherently insecure, and if it looks out of place, it probably is. You can read the FBI's press release about the situation here, which describes the fake emails in some detail.

This is just another example of social engineering and the fact that given the opportunity, people will fall for almost anything. Oh - and if you don't have antivirus protection at your email service provider, change providers now. Seriously. Get a GMail or Hotmail account or something.

I'll tell ya one thing... Whoever had cohones enough to construct that virus variety to send email pretending to be from the FBI is in for a rude awakening. Seriously, seriously stupid move. Heh.

Last night I contemplated waking up earlier than usual, getting in the car and going down to the local Wal Mart (well, as local as can be when you live in the sticks) to get in line to buy a XBOX 360 console. After doing some rough calculations in my head last night, I realized that between travel and work, I'll hardly be home between now and the end of the year, so maybe right now isn't the best time for me to buy one anyhow. Oh, but I will be buying one, no worries there.

Still, Wal Mart is on my drive to work, and so I decided to grab my standard morning coffee from the little store at the bottom of the hill, drive into town, and do some people watching. After all, I realized, it's more the excitement and the weirdness of the hype around the event than the console itself. An XBOX 360 today is the same box and hardware as you can buy later. But the launch fans? That only happens once.

So I headed out for the big ol' St. Helens, Oregon Wal Mart. I listened to the radio on the way there, and heard stories of gamers in places like Manhattan, NY, where apparently people had been lined up forever (like lots of places around the country) and Bellevue, Washington, where Bill Gates went to the local Best Buy and picked up his own console. Somehow I don't think he needed to do that, but hey - it was cool. 

Honestly, I was more interested in watching the people when they opened the store than I was in buying a console on Day One. I'm more interested, too, in how much they'll be selling for on eBay later today, and about when the day will be that they start dropping them off the backs of trucks at stores in huge numbers. One friend says he thinks it will be on Thursday night. Another person I know tells me the store he pre-ordered from called and let him know his delivery would be delayed, and that they were not sure if he would get his before Christmas. People are lining up everywhere. Clearly, the demand is high and the supply (either artificially or in actuality) is short.

Anyhow, back to the local Wal Mart. I wasn't sure what to expect in the Big Town of St Helens. I pulled into the parking lot and saw a small crowd of about 15-20 shivering people huddled right next to the front door of the store. A couple of people were (smartly) waiting in their vehicles with the heat on. I pulled up and deduced that the Wal Mart store has probably handed out numbers to the first people to show up, but that's where things got more interesting. Every employee that came anywhere near the front door was the target of sly, mean-sounding questioning. "Are they coming to open the door? Hurry up, it's f***n' cold out here! What?!? No?!?!? G*d d*mnit!"

When it came time to open the door and head for the counter - and keep in mind, everyone had a number - the race walk through the door turned into a jog, and then quickly into a sprint for the back of the store, where ten boxes sat stacked neatly behind a counter. I followed (at a walking pace, of course) to observe. A couple of people commented on the foot race and we all laughed a little. Mostly the people (at least those who didn't have a number) noticed how strange the whole thing was. All this for a video game console? Hey, for some it's what life is all about, I guess.

So, I started to think about the gamer personality. Some of the people were needlessly quiet and cagey, not really letting on as to who had what number, and some were not even providing information about whether numbers were even given out. It was amusing, really. There was this competitive hype attitude. The need to be first, to sneak around that metaphoric corner on the battle map and shoot your opponent in the back of the head.

It's really kinda interesting.

Fist fights, secrecy, celebration, celebrity, short supply, bright green boxes, launch hype, auction hype and even more random hype. Some will be upset they can't get one, others will be upset they pre-ordered and the kid down the street was first, and others will be holed up in their rooms for the next five days with lots of Mountain Dew, Red Bull, Doritos and Little Betty Snack Cakes turning a whole new shade of pasty white with a day-glow green tint brought on by the magical glow of the XBOX 360, only to emerge into a world where the colors are not quite as bright, the definition is not quite as high, and the people with guns in their hands are the ones you want to avoid. Ahhh, the life...

Merry Christmas and all that. Earlier and more bizarre every year. 

But hey, dude, it's a sweet console.

You think your house decorations are awesome? Are you one of those people who tries each year to out-do your neighbors? Or are one of the out-done that suffers the effects of Mr. Uber-Decorator?

Well, no matter who you are and no matter what your motivation, I bet you've never seen a house decoration display quite like this one. Seriously, the picture at right is not even close to what the video shows. Wow, cool...

UPDATE: As it turns out, the man who built it is named Carson Williams and he lives in Mason Ohio. Apparently, the show attracted so many people that when a couple cars had an accident, the police could not get to the accident because the streets were jammed up with other cars, so Carson had to stop the display each night, at least for a while.

Here are some other links for ya:

http://www.christmaslightfinder.com/
http://www.twasthenightbefore.com/webcam-2005.htm
http://www.pensacolalights.com/
http://www.christmasutah.com/
http://www.kindlachristmas.com/Videos.asp
http://www.welovechristmaslights.com/

The Microsoft anti-malware team has posted information about their products' ability to remove the rootkit associated with the Sony DRM mess that everyone and their brother has written about over the past couple weeks. If you don't know whether your Sony CD was one that may have installed this junk on your computer, there's a list of CD titles available here. If your CD is not on the list, it's ok. If it is on the list, Sony BMG will send you a replacement.

If you think you might have a problem (or if you just want to make sure you're cleaned up in general), go to the Windows Live Safety Center, where you can scan your computer for this and other malicious or bad software and clean it right up. Select the "Full Service Scan" followed by the "Quick scan" option. You'll need to install the ActiveX control for the scanner.

And the other two removal tools the team works on are also able to resolve the problem:

"The Windows AntiSpyware Beta will be able to detect and remove this as well with the 11/17/05 signature release. Detection and removal will also be added to the December release of the Malicious Software Removal Tool which will be released the second Tuesday of December."

If you've not yet used the Windows Live Safety Center, it's a great place to run a scan on any computer for a variety of potential problems, without having to download and install special software programs. The complete scan checks for open ports that might cause problems, viruses, malicious software and more. It can also clean up temp files and defragment your hard drive to improve performance and reliability. This whole services thing is looking pretty promising.

Hard core console gamers are already camping out tonight in front of Best Buy stores and other retailers hoping to get their clammy paws on a new XBOX 360 console, which are in predictably short supply at stores as the launch happens Tuesday.

And be sure to check out the XBOX360 Fanboy blog for all the latest news. Heh. Bill Gates is even going to show up at the Bellevue Best Buy store to hand out the first one and play some games with the crowd.

I'm not, like, old or anything (ugh), but I'm not as young as I once was. Still, I might wake up early (I tend to do so anyhow) and truck it on down to the local WalMart, where they have exactly ten consoles that will be on sale at 7am tomorrow. Word is the Fred Meyer store (for those not in the northwest, take WalMart and fancy it up significantly) in the next town over got seven units and will be doing a lottery for whoever is in line at 5am, then selling them when the store opens at 7am. In the city, people are lined up at Best Buy stores to get one of the 50 units that each store supposedly has.

When I stopped by the WalMart on the way home, the phone at the electronics counter was ringing off the hook. The guy at the counter just shook his head, and told me that phone's rung more than a couple hundred times today with people asking about the XBOX 360 console.

So here are the real questions we're all wondering about:

• How many units shipped for launch?
• When will the truckloads of consoles hit the stores? Should we start a pool?
• Is this possibly a planned shortage thing, or is the supply really that low?
• What will they be selling for on eBay tomorrow afternoon?

I dunno... I know I'll be buying one of these, but I'm not quite sure if I'll be getting up bright and early to scrape the windshield and stand in the sub-freezing temperatures to gamble on something I might not walk away with. Heheh... Maybe I am getting old.

That infamous and terrific gadget-lover's blog, Engadget, has launched it's Engadget Holiday Gift Guide for this holiday season at http://holidaygiftguide.engadget.com/.

We know sorting through the thousands of gadgets on the market right now can be a bit of a pain for anyone doing some shopping, so we’ve gotten together our annual Engadget Holiday Gift Guide in order to help make sense of what’s worth dropping some coin on this year.

Even though online shopping means no one really has an excuse anymore not to buy early, we’re going to be running up our gift suggestions once a day until December 24th, so high-tail over to holidaygiftguide.engadget.com for the latest! And be sure to check back often, as we’ll be posting a variety of gift suggestions sure to please the full range of recipients everyone’s got, from nerds-extraordinarie to Mr. and Mrs. Enduser.

NOTE: These products are selected by the Engadget editors, not Best Buy, and we didn’t check to see whether they’re for sale at Best Buy or not.

That Sony VAIO XL1 Media Center PC is lookin' pretty nice...

Microsoft's CTO, Ray Ozzie, posted earlier today about his views on SSE, of the Simple Sharing Extensions to RSS and OPML that Microsoft recently published as an open draft specification (licensed under a Creative Commons Attribution-ShareAlike model). Ozzie knows a lot about sharing information - He created Lotus Notes and was the founder of Groove, a terrific and innovative collaboration platform that Microsoft acquired not that long ago.

He describes the problem with sharing and combining loosely-coupled information.

"As an industry, we have simply not designed our calendaring and directory software and services for this 'mesh' model. The websites, services and servers we build seem to all want to be the 'owner' and 'publisher'; it's really inconsistent with the model that made email so successful, and the loosely-coupled nature of the web."

So he's talking about how to extend RSS and OPML to allow synchronization.

"There are many great item synchronization mechanisms out there (and at Microsoft), but we decided we’d never get short term network effects among products if we selected something complicated – even if it were powerful. What we really longed for was 'the RSS of synchronization' ... something simple that would catch on very quickly."

Note that this is not the same stuff that's gluing RSS into the core of Vista and whatnot - rather it's a simple way to mesh, communicate and synchronize information from multiple sources in XML. It's nifty, simple and smart. I think I've got my mind wrapped around it now. Very cool. Geeks, read on:

• The SSE draft spec is here
• A SSE FAQ page is here

Just read a blog post over at HinesSight (a great Oregon-based blog, by the way) called "I pick up a hitchhiker." You know that feeling when you read or see something and you can literally feel your stomach bottom out? You know, the one's that stop you in your tracks and show you that your little world is not so bad after all?

Yeah, it's one of those. Read it, and remember as you go through like to take the time to stop, to take a personal inventory now and then, and to do what's right and good.

Another of the new Windows Live series of services officially launched the other day - It's Windows Live Custom Domains, and essentially it allows you to use the great Hotmail email services with your personal domain name.

All you have to do is go to http://domains.live.com/, specify your domain name (which you must already have registered), make a change to your DNS settings for the domain (the service will let you know what the settings are - this is the most complicated part of the whole deal), and create email accounts (which become passport logon accounts for the system).

I created a mail service for blogaholic.net (a domain which I have yet to launch, maybe someday) and added an email account, logged in and was sending mail - all in less than 10 minutes. Suhhh-lick!

Serious about Security

The service is really darn cool (seriously, if you're looking for the power and convenience of Hotmail and the uniqueness of your own domain name, it's hot), but the one thing that stood out to me the most was the client security Microsoft has built into the account setup process for this service. Yes, I know - basic security tools, blah blah... But it's become the rule more and more lately, which deserves mention. It's a terrific sign that the company is building better security - and better user tools to enable and teach effective security - into their services.

For example, when I created the greg@blogaholic.net email account, it required me (as the administrator for that email domain) to set a temporary password. In other words, if I create accounts for others (yes, just let me know), I only know the password they'll use to log into the account the first time.

Once I logged in to activate the email account and start using it, I had to provide the temporary password, and it required me to choose a new one and confirm it. But even better than that, as I typed the new password, a color-coded "password strength" bar showed me the complexity strength of my password. It went from Red (weak) to Yellow (so-so) to Green (strong) as I typed. Nice! That's what we need more of - simple, powerful tools to help end users be more secure in real time. Great work, whoever decided to put that in, and to whoever built it. It's quite effective.

[UPDATE: Apparently this is a feature that shipped earlier this year and was included in the LCD package and which was PM'ed by Trevin in Windows Live Identity Services - cool! Looks like I found another blog to subscribe to!]

On the same page, the user has the option to set their password to expire every 72 days. Unfortunately, that box is not checked by default (it really should be), but the fact that it's available is very good. Hopefully they'll change their tun and check that box by default, and let people un-check it of they don't want it. I'm always a proponent of more-secure-by-default.

If you want to find out more, Omar Shahine (Lead Program Manager on the HotMail front-door team) has info here and here, and the Custom Domains team has a blog here.

A couple months ago I took early delivery of a ThinkPad X41 Tablet PC, and I like it a lot. There are a few things I'd improve (like maybe offer a faster proc and faster hard drive spin speed as an option, and possibly higher resolution video), but overall it's great.

But I ran into my first problem last week. The "push-through" latch - which sticks out of the machine's screen either on the screen surface side or the top surface side, depending on whether you've rotated into slate mode - broke and fell out. So not I have a Tablet without a latch. Luckily, the lid tends to close shut. he only real problem is it also tends to rotate if you push on it the wrong way.

Looking at the base side of the latching mechanism, it appears something in there broke. Not good. And the thing, is, all I've done with it is open and close it normally... No torture, drops, hard landings, hard closings or anything.

Bummer. Seems like the convertible Tablet PC latch market needs a better design. Someone out there should design the perfect latch, patent their Really Good Idea and run with it.

Recently I've been targeted by teenagers who are suddenly waking up and wanting to learn about things in their newly-discovered/interesting world. Well, okay so maybe it's a phase, but hey - you take advantage of these periods when they present themselves, you know? Often the reason for the Q&A is a science fair project, or else it's that magical "how do you hack computers" series of questions. Science fair projects I can help with. Hacking? Not quite so willing. But I'm always game to help people learn more about computer security and IT.

One thing that keeps modern teens and kids interested in learning is something that reads well, is on the Internet, and doesn't present itself like a text book. That's why I really, really like "How Stuff Works" (howstuffworks.com) as a resource for adults and kids to learn about cool things and, well, how they work. The power of the site is that it takes complicated topics and makes them understandable.

The How Stuff Works site has been around since before the Internet became uber-popular. I can remember reading lots of great content there many years ago. A guy names Marshall Brain (no joke) was the originator of the site and idea. His related books (appropriately titled 'Marshall Brain's How Stuff Works' and 'Marshall Brain's More How Stuff Works') are terrific for teens and younger kids. He's also written other great books. Parents should pick up a copy of 'The Teenager's Guide to the Real World' for every kid on the planet.

Anyhow, HowStuffWorks.com is one of the most visited sites on the Internet. you can learn all kinds of cool stuff there, explained in ways anyone can understand. That's what makes it so great. Here's a few examples I've sent various people lately:

• How Lasers Work
• How Network Address Translation (NAT) Works
• How Firewalls Work
• How Web Servers Work
• How Internet Cookies Work
• How Wi-Fi works