Bad guys are not stupid. What the lack in morals they sometimes make up for in creativity and smarts. That's why they can be so dangerous. Think like a bad guy: If you wanted to find a way to take advantage of a large public event in order to gain fraudulent access to thousands (or more) individual computers so you could install keystroke logging software and trojan software to allow you to grow your rogue bot network, what would you do?

Well if it was today, maybe you'd think to yourself, "Hey the Superbowl is this weekend. Let's set up a fake site and trick people into going there with an email and screw 'em all over."

Or, if you were smarter, you'd just take over the server that houses the site for Dolphins Stadium.

If this doesn't tell you why you should be focused on security, then what does?

The news item is here, and an advisory with a description is here.

The official Web site of Dolphin Stadium, home of Sunday’s Super Bowl XLI, has been hacked and seeded with exploit code targeting two known Windows security flaws.

In the attack, which was discovered by malware hunters at Websense Security Labs, the server hosting the site was breached and a link to a malicious JavaScript file was inserted into the header of the front page of the site. Visitors to the site execute the script, which attempts to exploit the vulnerabilities.

According to Dan Hubbard, senior director, security and technology research at Websense, the malicious site hosting the script has been taken offline by law enforcement officials but the hacked Dolphin Stadium site — which is attracting a lot of Super Bowl-related traffic — is still hosting the malicious JavaScript.

A visitor to the site with an unpatched Windows machine will connect to a remote server registered to a nameserver in China and download a Trojan keylogger/backdoor that gives the attacker “full access to the compromised computer,” Hubbard said.

Oy. What's it gonna take??

One of my all-time favorite coworkers and human beings is Phillip Forteza, who works in the QA department. He's started blogging, and I'm excited about it.

Phil is one of those guys that smiles, smiles, smiles - regardless of the day or the situation. He is a truly good person, one of the kindest I have ever met, and I am always glad to see him. I only wish I was as up-beat and positive as Phil is every single day, though good and bad. If I'm every feeling down and out and I happen to run into him, it's a guaranteed fact that his powerful attitude will lift me up and remove that monkey from my back.

Check out what Phil has to write, it's more than worth the read. We need more people like Phil in this world, but alternatively more spreading of The Phillip Way is a pretty good option.

I hope mine is not an exception to the rule, because this is pretty cool: I've been running the release version of Windows Vista on one of my laptop computers since yesterday (one that I use all the time and which does a whole boatload of work), and quite literally everything seems to run considerably smoother and faster than it ever did on XP. Now, I don't have Aero Glass/WDM on (graphics card doesn't support it), but Office, web browsers and all apps are notably better. Especially Outlook. Wow.

The only issue I have found so far is that the Explorer shell seems to hang every now and then. I probably just have a rogue random utility that's not playing well. I'll have to look into that. At least when I kill the Explorer process, it's sending trouble data off to Microsoft for analysis. That's a good thing. It recovers gracefully, though when the process restarts. While I have not seen this kind of issue since the Windows 95/98 days, the fact that the process comes back gracefully and everything still works is a plus.

I ran all the betas, and I for one am glad they delayed and fixed up some stuff. So far it looks pretty darn good. Some of the dialogs (like the new Start Menu style and file system dialogs) are a little goofy for a power user, but I intend to stick with them and see if I can make them work well. I am, after all, getting older and more set in my ways, so I find I need to allow more time for me to adjust than I used to, heh.

Tomorrow (Tuesday, January 30th) is the big day. That's when Microsoft's Windows Vista operating system, long in the making and refinement, and it's Office 2007 suite will be available for purchase by the commonfolk.

Only this time around, you can choose between buying online and downloading or going to the store and picking up a cardboard box and CD. This is the first time the OS and productivity suite have been made available for purchase and download online.

On Tuesday, the Windows Marketplace site will allow you to make your purchase and get that immediate gratification, all from the comfort of you own easy chair (or whatever seat fits the bill). The Marketplace system uses their Digital Locker, which allows you to purchase software online and get back at it later - you can store your purchase online.

Vista delivers some significant and (I think) important security enhancements, so from that standpoint I see it as something akin to a must-have. However, with all the versions being shipped and the relatively complex hardware requirements to review before you purchase, be sure to take the time to see what you really need.

Office 2007 is something I can recommend whole-heartedly. I have been running it for a year or more in betas, and the release version, which I have been using since the day it was made available to volume license customers, is excellent.

What editions can you buy online on Tuesday? Microsoft will let you purchase and download upgrade copies of Windows Vista and and full copies of these Office editions:

• Windows Vista Business
• Windows Vista Home Basic
• Windows Vista Home Premium
• Windows Vista Ultimate
• Microsoft Office Home and Student 2007
• Microsoft Office Professional 2007
• Microsoft Office Standard 2007

(via Trevin)

One thing I've noticed about all the weblogs out there is a significant lack of content on certain topics. Management and dealing with management issues is one example. There are a few out there that are quite good, but it's not a common topic. Probably because it's not exactly exciting, geeky or all that interesting to the average person. Or maybe because managers are afraid to talk publicly about problems they run up against. Or because not many managers blog. Personally, I run across complex issues all the time, and I enjoy talking about them in an appropriate way. I think it makes me a better manager in the long run to hear what others have to say. Hence this weblog entry.

A while back I was meeting with one of the people I work with and discussing the variety of ways communication problems can drag an organization down. It was one of those typically generalized philosophical conversations, the kind I like to think of as learning moments. Some call them teaching moments, which is also accurate, but I like to remember I can (and better) learn while mentoring, too. It's a given that inefficiencies can make it difficult to get things done in business, and inefficiencies in communication can certainly have a significant impact. As we traded thoughts back and forth on the topic, I realized that my compadre was unawaredly mixing two different problems together, and classifying them as one. We stopped for a moment, and I explained to him what I see as the difference between communication and behavior problems. There is a fundamental and critical difference, I pointed out - one that is often overlooked and misunderstood.

We've all known people who say or do things that don't contribute in a positive way to an effective team or organization. Unfortunately we often describe such people as having "communication problems," when in fact what they exhibit is instead a complex set of behavior problems.

Because the two types of issues are fundamentally different (as are the respective solutions), a well-honed ability to recognize the difference between them is an valuable and important management trait for one who has the desire to make changes in this area.

A communication problem exists when there is a process gap or other barrier that makes it impossible to successfully communicate some critical information. For example, in the IT support world, we often wonder why users don't provide us with the information we need to help them. Instead they tell us a life story and pass on a lot of information that won't help us solve the problem, all while leaving out the critical nuggets of data. Then the IT employee wonders why and spends significant time chasing users down and trying to gather the missing details needed to work the issue.

But the communication problem in this case is not the lack of information provided by the customer. Rather it's the lack of a properly-defined process. I suggested, in our hypothetical conversation, that if an IT help desk employee has to regularly perform the same tasks and if the information necessary for success is challenging to gather from users, then the solution should be in doing something to ensure the proper information is collected and that the users know what's needed and expected. That's a communication process. And a well-defined communication process does a couple things: It sets clear, unambiguous expectations and provides a known mechanism to accomplish the activity it defines. It also needs to be reasonable and usable, to be fully successful. Perhaps the IT help desk would deploy a standard form, for example, which collects all of the information required to resolve a class of issue. At that point, once the user population has been made aware of the form and process, it is reasonable to expect the users to take advantage of the tools and instructions provided.

Now, if our information communication process is in place and communicated effectively and sufficiently, yet the people to whom the process applies neglect to do their part, we no longer have a communication problem. At that point, we have graduated to a more complicated class of issue: The behavior problem.

Behavior problems are individual in nature, and are more closely related to personality and situational issues. They're not typically resolvable with processes. Instead, they require individual guidance and potentially some form of discipline. Now, the term "discipline" here does not have to be a negative word. Rather, I use it in the context of behavior and performance management. And what works for one won't always work for the rest. This is the area where the professional manager earns his or her stripes: Working with people to change default behaviors in situations where the behavior cannot work. It's hard work.

Perhaps the most useful set of terms we can keep in mind when it comes to defining the issue and a solution: Communication Management and Behavior Management. Understanding these and knowing the differences are what we really need to be concerned about. That and the fact that even with a good communication method in place, it still takes the people and personalities that can and will work within any processes established to be successful.

What kinds of behavior problems are often confused with communication issues? Well, there's the "that's not what I want" class of problems. And then there's the "I didn't think of it so I can't get behind it" philosophy. Or the "that doesn't apply to me because I decided I didn't want it to" issue. Often behavior problems involve some form or another of what I refer to as "terminal uniqueness" - People who believe that they are different and their jobs, situations, wants, needs, requirements and desires are completely different than those of anyone else, and  that therefore nobody else can possibly understand or make decisions that might affect whatever they're focused on. And there are, of course, many more.

Anyhow, I have a variety of stories from my own management experience (both as related to me personally and with others) that illustrate this point, but one person's examples only help to define the situation in a self-limiting form. Do you have examples of your own experiences where the cliche "communication problem" term has been applied, but in reality the issue was people not playing nice? How do you deal with those situations and people?

And I should finish up by pointing out that I am far from perfect in this area. None of us are. I've not been the easiest person to manage at times over the years, to be sure. But a good healthy conversation helps us all to be aware of what's happening around us and within us, and allows us to learn and grow. So, let's converse.

What do you think?

I ran across the Giveaway of the Day web site the other evening and was intrigued. I've watched it for a few days now and have downloaded a couple of the programs they've offered. Basically, the site has a different piece of commercial software (typically smaller, utility-style stuff but you never know) that they give away for free for 24 hours. The catch, if you can call it that, is that you can only download any given program during its 24-hour offer period, and you have to install it during that period, as well. If you wait and try to install it later (as I did in once case), the product cannot be successfully registered.

But for free, whatcha gonna do, complain? I mean, come on. Heh. This is an interesting vehicle for getting people to check out other software offered by the companies whose software is featured, I suppose (they show examples of other software titles offered by each company with links).

Worth checking out. Be sure - as always - to use caution whenever downloading any software from the Internet. Good antivirus and antispyware software is important to have in place and running before you start downloading stuff. Heck, before you ever use the Internet for that matter.

In addition, the site has a freeware library that contains some interesting stuff as well as a Game Giveaway of the Day site. Same methodology, only it's games you get to play with.

Here are today's software and game give-away's:

The Guardian (in the UK) has a writer who points out that there are 164 branches of Starbucks within five miles of Regent and Wigmore Streets in London. That got me to looking around a bit, and I discovered that within 20 miles of where I work, there are no less than 184 Starbucks stores. Luckily I live in the middle of nowhere, so there's nothing near my home. I used to live right across the street from one until move out here. Talk about pricey!

How much should you be worried? Check out the Starbucks store locater for yourself and see what your situation looks like.

Makes me think... Is Starbucks the new Marlboro? I quit smoking a few years ago...

Okay now people, those of us who grew up elsewhere in snow and ice know what it means to drive in it (and have a bunch of reasons not to). I mean, I learned to drive in three feet of snow ferchrysake... There are times when you just have to restrain yourself. So, if you live in a city where it gets icy once or twice a year, and if the only way you can drive halfway decently is if its dark and cloudy but completely dry on the ground (you know, when even direct sunlight makes you lose control), then please please please please... just don't leave the house when there is snow or ice on the ground. Especially in a vehicle. That nice AWD car or four wheel drive SUV won't help you one little bit as soon as you touch the brakes... But it will dent. There is no force field.

Evidence to support my argument is available by clicking the pretty picture. Please review. TYVM:

(photo from King5 News)

"Elementary teacher Derek Porter witnessed 15 different car
collisions on icy roads outside his Portland apartment
Tuesday morning and caught several on home video."

I know, I know... All us security pros are often looked upon with disdain. We "make your job harder" and "come up with policies and rules that make it impossible to do any work." On those exaggerated points we can agree to disagree. We have to strike a balance, which can be hard to do at times, and below is just one of many, many reasons why. I wish I could discuss all the Bad Things(tm) that cause us to do the things we have to do, but unfortunately that's not always possible.

A recent UTube video shows how a simple browser address typo can result in a complete mess, from a security standpoint. And in the grand scheme of things, this particular security issue is relatively small.

But for the average computer user it's a big deal. Take a look for yourself.

The dramatic accompaniment music is fun (and superfluous), but the threat is real, and not fun. Imagine how you would respond to this problem. Or would you even respond. Many people just pretend it didn't happen and keep on using their computer. I can't tell you how many times someone has told me, "I have a virus son my computer, it's been there for a couple months and it keeps getting worse."

And the whole time they use their computer to do online banking, pay bills, and all those things that should be protected.

I recently moved the greghughes.net domain (web site, mail and everything else) to a godaddy.com virtual dedicated server. In doing so, I lost the anti-spam services that were previously provided by my old web host. Needless to say, the resulting load of spam was fairly overwhelming. My prior host had an appliance out front that caught the better part of the junk email headed for my email server, but a fair amount still got through. At any rate, the move and resulting lack of junk mail protection necessitated a thoughtful look at the options out there.

My criteria were as follows:

1. Needs to be software I can run myself. I've had my fun (yeah, that's sarcasm) with expensive services that are not overly effective. Complicated billing, archaic payment systems (invoices without a dollar amount? what?) and a couple hundred bucks or more a year was not for me.
2. Preferably open-source. Nothing solves problems that plague the community like the members of the community, so I figured there must be something out there that the afflicted masses build and maintain.
3. It had to stop spam, not just identify and tag it. My email server (MailEnable) is already capable of detecting and "flagging" emails as spam, but that doesn't stop it from getting to my mail server in the first place. The goal was to prevent, not react. So I was looking for a gateway-like solution - something that receives all the inbound email, checks it, and forwards on only the good stuff.
4. It needs to learn how to act. Static rules don't work. We see it in the fraud world, and it certainly applies to spam battles, as well. The system has to be able to learn and adapt and operate in the context of my email accounts.
5. It needs to be kept current. An open source project that no one has worked on for six months or more is likely a dead project, and that won't get you anywhere in a world where the landscape changes constantly. Spammers change tactics a lot, and the tools to prevent spam have to evolve to keep pace.

I did a bit of research, and frankly I came up with very little that met all my criteria. Sure, there are a whole slew of commercial products out there, but as I said before, I was looking for open source and free (or very close to it). I'm not looking to buy.

The one thing I found that truly seemed to fit the bill was ASSP, which stands for Anti-Spam SMTP Proxy. It's an open source, Perl-based gateway application that you can run on any operating system that supports the Perl interpreted language (which is pretty much all of them). It requires Perl v5.8 and a specific set of Perl modules, and it can be run as a daemon/service. ASSP has been updated about every two months in the recent past, with the most recent update having been in December (as of the time of this writing).

"The ASSP server project is an Open Source platform-independent transparent SMTP proxy server that leverages numerous methodologies and technologies to both rigidly and adaptively identify spam."

I quickly downloaded the ASSP files, installed the necessary Perl modules and was on my way. I had the ASSP service up and running within just about 15 or 20 minutes. Note that to get the app to run as a service, you will need to manually edit the config file and set the flag in there to specify that you want to run it as a service, or else the only way you'll be able to get it to start is on the command line. Alternatively, you can start ASSP from the command line, access the web admin interface, and change the setting there. Once you do so, you'll be able to start the Windows service or run the daemon in Linux or whatever OS you're working with.

The first thing I did after getting the service set up was to access the web administrative interface and change the default admin password. Do that first. Please. Then I put all of the anti-spam options into "training" mode and I specified a few of the basic server settings (like my domain and email account). I set it up to accept all inbound connections for email (SMTP) from the Internet on port 25, and to forward all emails that are determined not to be spam to the MailEnable server on another (unused) port. Since the MailEnable SMTP server is on the same host, the configuration and security setup was pretty simple. Of course, I them spent some considerable time looking through the many, many settings available. It's cool stuff, but you don't have to tackle it all right up front.

It's worth mentioning here that the ASSP wiki has a lot of good information about setting you system up. Be sure to refer to that resource. If you do, you can be up and running in no time. If you don't, you might just wish you had. Remember, always read the freakin' manual before you ask questions. Heh.

The training mode actually results in all email being delivered (not blocked), but it adds some header information to the email which you can read if you like in order to determine whether or not the ASSP system is flagging it as spam. I actually set up my Thunderbird client with a rule to look for the ASSP header and if the spam flag was true, to move the email off to another folder.

What you are supposed to do during this training period is to categorize the good and bad email, and in doing so tell the ASSP service how to treat the email it sees coming in. I used the email interface for submitting spam and good mail to ASSP for about a week before I turned training mode off. Reporting is very easy. I specified two email aliases in the ASSP system, such as spam-no@greghughes.net and spam-yes@greghughes.net (those are not the actual addresses of course) and on a regular basis forwarded groups of email back to the ASSP service that fit into each category. In fact, I even went back into my archive of valid email from before installing ASSP and forwarded a bunch of it to the system, so it could quickly learn what valid email looks like in my world. Your learning period will probably be about a week or so, or however long it takes you to gather 400 or more spam emails along with some some good, valid email.

Once you've provided the system with a corpus of good and bad email, you run a little Perl script on the server to update the Bayesian spam detection database, which is the adaptive learning part of the system. I did this a few times - about daily - throughout the first week. With each update the system got smarter and smarter. Once spam email was being very effectively categorized by ASSP, I switched the system from learning mode into normal operating mode and also configured ASSP to forward a copy of all spam emails it receives to a separate email account (say something like allspam@yourdomain.com). In doing so I have created a place for the system to provide me with all the spam email so that I can continue to peruse it when I feel like it in order to make sure nothing gets trapped in there as a false positive. But my main email account is spam-free. Initially I found a few valid emails were ending up being categorized as spam, but all I had to do was to forward those to the email error reporting interface mentioned above and then rebuild the database, and now for the past few days I have seen zero false positives. I intend to continue to check that account now and then, just to ensure I don't miss any critical email. It's a quick and easy process, especially since all the spam that is blocked by the system as a result of coming from known spammer sources (RBL lists) never even makes it into the system. So, I'm just weeding through the small remainder of the stuff that the system analyzes and weeds out in the second phase of its analysis.

Here is what the service has done for my email account since I turned it on about 12 days ago:

General Runtime Information

ASSP Proxy Uptime:
12.232 days

Messages Processed:
2297 (187.8 per day)

Non-Local Mail Blocked (percentage of email that is spam):
87.5%

CPU Usage:
0.27% avg

That's 288 valid emails and 2009 blocked as spam. As I said at the beginning, a bit overwhelming for only one email account in the mix, and obviously quite necessary to do something about it.

I still need to do some small amount of work to make sure the service stays up and running from a high-availability standpoint, and in fact I have that minor issue with not only the ASSP service but also a couple other email services and even the IIS service. Resource constraints seem to play havoc now and then on my virtual server, but I think I have managed to get a handle on that.

For anyone that's looking to put an anti-spam proxy in place for your own mail server, I most definitely recommend checking out ASSP and giving it a try. Download it here (use the most recent stable version). Or check out the ASSP Wiki, which contains documentation, the FAQ, and everything else you can think of. A high-level list of features can also be found on the ASSP home page at SourceForge.

If you sense a pattern to my post titles, you're really paying attention. Recently I spent a few weeks using the Samsung Blackjack, a new Windows-mobile smartphone. Within the first 24 hours, as I wrote last month, it became clear to me that the phone wasn't going to work for me, being a power user of mobile technology for critical, fast-paced business. In other words, Crackberry-style. You can read my experiences here, and also know that while I was able to adjust somewhat to the Blackjack, the three weeks that followed that first "24 Hours" post were not significantly better than my initial impressions.

For the past few days I reverted to using my tried-and-true Blackberry 8700 again. I went back because using the Blackjack was holding me back in a substantial way, and I am so busy at work right now I needed to get back to something that would perform and work the way I work. It's worthy of mention that after about 10 minutes using the Blackberry my old wrist pain started to come back. Not a good sign. the 8700 is wider then the Blackjack and the Treo, and I found that holding it was stretching my thumb out in a way that was causing me pain. So, that's a good thing to discover. Also, while I enjoyed the quick usability of the Blackberry the moment I went back to it, I found the screen and general look and feel to be plain and stark after living in Windows Mobile for a few weeks.

Anyhow, on Wednesday this week, a new box arrived via FedEx from Cingular (despite the much-hyped winter storm) and I swapped the Blackjack and the Blackberry back out again in order to give the new Palm Treo 750 a try. This is the latest of the Windows Mobile 2005 enabled Palm devices. It runs Windows Mobile Phone Edition v5, plus Palm has made some nice little enhancements to the home screen (or "Today" screen, as they say) and other software interfaces. To be honest, I was quite skeptical about whether this new device would be sufficient after my experiences over the past few weeks with the Smartphone version of Windows Mobile running on the Blackjack hardware. But I can report today that I am pleasantly surprised, and that I may have actually found a Windows Mobile phone that can replace my Blackberry for real-world use.

To be certain, the Treo 750 is a significantly beefier (both physically and figuratively) device than the Blackjack. But it is fast and smooth, very well designed and crafted, and is thought-out in a way that most other devices are not. Palm's attention to the enhancements they made to the home screen and some of the underlying software is indicative of their usability focus, and that's important. In fact, it may just make the technology sufficiently usable for what I need. Pretty much anything I need is accessible right there on the home screen. Because it's a PocketPC version of Windows Mobile, it has the touch screen and a stylus, so I can use my finger or the metal pen thing. Of course there is also the ubiquitous five-way button pointer just above the keyboard pad that works quite well for navigation, too.

So, what is it that is so much better about the Treo 750 that has me singing it's praises? Let me count a few of the ways:

• It's fast and more powerful. The Treo doesn't miss keystrokes or pause for several to many seconds when you launch an application or try to do normal everyday tasks.
• The way Palm approached text and MMS messaging is very cool - It looks a lot like an instant messaging interface and makes for a fast and positive text messaging experience.
• Better speakerphone.
• More advanced Windows Mobile software, with the ability to run PocketPC applications.
• The keyboard is pretty darned terrific, leaps and bounds better than the Blackjack's.
• The Treo loads web pages reliably and faster than the Blackjack, which is interesting since the 3G network the Treo uses is not (yet) HSPDA. The Treo currently runs on the UMTS network, with a HSPDA software upgrade slated for the first half of this year.
• Check out some of the ease-of-use enhancements in a one-minute PC WORLD video here.
• Check out Cingular's Treo 750 interactive tutorial (about 20 minutes) here.

What are some remaining Treo 750 and Windows Mobile shortcomings? There are a few, if I want to get nit-picky:

• Battery life in my subjective first-day use on the high speed network was better than the Blackjack, but it is still not up to par with what one gets out of the Blackberry (which is and EDGE network device, for the record - slower yet again).
• More proprietary connectors?? I know, it's a Palm creation. But seriously, why the heck can't we just charge and sync via a standard Mini-USB2.0 port? Time to locate and buy some more accessories. If I had $29.00 for every cheap plastic vehicle charger I ever bought, I'd be just about break-even.
• The Inbox application on Windows mobile doesn't let you aggregate all your mail into the main inbox if you use subfolders in Outlook/Exchange to organize your email. More on that and what I did to alleviate the problem this evening can be found below.

Quick sidebar: My friend Trevin reacted in an IM conversation tonight to my petty complaints about the devices by saying, "Oh, cry me a river Hughes." Heh. Hey, man... You know, it's picky, difficult people like me that gently drive usability experts back into their corners and holes (in a friendly way, of course) where they make technology miracles happen in the next rev, and we also provide them with wish lists of things that would make us buy their stuff. Everything I say is intended to be taken from the perspective of "room and opportunity for improvement." Now, Trevin tells me he likes the smaller form factor of the Blackjack. The Treo is just too large and unwieldy for him, he says. Well in my book the Treo is smaller than my Blackberry 8700, at least width-wise, and that's a good thing. The Blackjack was almost too small. And yes, too small is possible - especially when you have to fit a QWERTY keyboard on the thing. Also - Trevin's a truly terrific guy, and I respect his opinions greatly. We have different perspectives, different jobs and use our devices differently. And he was being sarcastc in our IM chat - a little poking fun at friends kind of thing.

For some additional perspective, I'd suggest reading Walter Mossberg's Personal Technology article from Thursday, in which he says he thinks the Blackjack is a better device than the Treo 750 overall, although he recognizes some of the benefits of the Treo. It's clearly a purchase decision to be made based on individual and specific needs. Walt also points out that the newly-announced Apple iPhone (or whatever they end up calling it), which won't be released for several months, will likely be a killer for an of the Windows Mobile phones. Time will tell. The iPhone looks terrific for sure, but until I see one and use it, I am not convinced it would work for my particular business power-user needs. But that's also not likely to be the target market.

As I noted in my Blackjack review and above, I have always been a hyper-organizer of email, using folders and subfolders in Outlook and Exchange to organize email by type and recipient. As a result, due to the way the Windows Mobile Inbox works, in order to see if any email has arrived that gets distributed to any folder other than the inbox, I have to navigate the folder tree on the mobile phone, which requires a whole bunch of clicks and scrolls. Now, the full Windows Mobile edition on the Treo 750 includes a much simpler and easier mechanism in the form of a Folders menu, which allows me to much more easily access the folder list. But what I really wanted was what I was used to: A mobile inbox where all email sits, regardless of how I organize it in my desktop Outlook client.

So, I found myself in a bit of a stuck situation, until I got to thinking about it and spent a few minutes this evening IMing with Trevin. I had briefly thought of dumping all of my Exchange folder hierarchy completely and changing over to using Search Folders in Outlook. Trevin told me he only uses search folders and that he uses them extensively. I am running Outlook 2007, and the search performance in that application pretty slick, so I made up my mind and went straight to my Outlook rules and exported them (just in case), then deleted them all. Now all my email would go to my inbox. I started setting up search folders and found I could actually do a lot more with those than I realized - That's something I will be getting deeper into at a later date. Anyhow, I replicated and created the necessary functionality and effectively solved by mobile inbox issue. Now the phone puts everything where I want it and Outlook shows me what I need to see the way I need to see it, only even better than it did before.

I will always like Blackberries, and I am sure I will be running new ones now and then (since I tend to be the guy who tests the new stuff). But for now, the 8700 is gone and the Treo 750 is in its place. It will be interesting to see how it performs over time, but this time around I have a level of confidence that was not present on the last WinMobile trial. That's a good thing.

What do you think? Have experience with these devices? Any PocketPC/Windows Mobile software you think I can't live without (or would not want to live without)?

Every now and then you find a real gem worthy of pointing to. It's one of those days. A few of the guys who work on my team apparently had an interesting conversation today - one of those ones that, well... As Brent says:

"Today I had one of those conversations. You know, the mildly creative, useless, on the verge of non-pc, feeling giddy, make you laugh conversations."

Read all about it at his blog. They did the math and arrived at the definition for some pretty important technology figures. 'Nuf said. Heh.

Recently I wrote about my frustrations with the several WRT-54G Linksys routers I have bricked and suffered through over the past few years. I've been on a search for a good replacement. A number of people have recommended sticking with the Linksys hardware, but since I have been through a few of them, I really just wanted to make a change. My friend Omar and a few others suggested the D-link routers, specifically the ones that do QoS traffic shaping for a variety of network services. Those people using the D-Link Platinum series routers spoke so highly of them, I decided to look at them seriously and decide which one would be best for me. Omar uses a model that is billed as a gaming router and he loves it.

While at Costco earlier today, I discovered they were stocking a Pre-N "RangeBooster" wireless router, the D-Link DIR-625 model. I saw that it had the QoS engine that people were heralding, and being a -N model it has some future to it, which is nice. Omar had noted to me that these routers have the ability to be configured and tweaked in fine detail right out of the box (in other words the firmware you get on the thing is incredibly capable and sufficiently detailed for advanced users), and he was certainly right. You can granularly configure almost anything you can think of. The device will even email you when system events occur or when a new firmware upgrade is available, if you want it to. Quite cool.

I have been up and running with it all evening and am very, very happy. My wireless network connection is now rock-solid and the user interface for the router is top-notch. Not once has the network paused, glitched, dropped or otherwise puked on itself, which is quite a change. I could get used to this, heh.

You can check out an online emulator of the DIR-625 router's web interface here (use a blank password). Product information can be found here. The support and firmware page for this model is here.

Setup was quick and easy, simple enough for anyone due to good packaging and a CD-wizard driven installation routine. This router is highly recommended for both home users and geeks.

UPDATE: 1/15/2007 - I have been running the router for about a week now with exactly zero problems. This thing is as solid as a rock and shapes traffic quite well. I should have made this move long ago.

In May, the National Security Agency (yes, that one) published a guide in PDF form (818KB PDF file) called "The 60 Minute Network Security Guide - First Steps Towards a Secure Network Environment."

It's good stuff. Sure, it's not a 100% guide to everything you need to know and do, but it covers the bases quite well. Some have balked at the complex password and rotation requirements and made the requisite "that won't work in the real world" noise, but those of us who actually do operate in the real world know it can be done and that 90 days is a bad number (it's too long IMO, and lacks usability - it should be either 84 or 42 days). Sure, a few people will complain (it's human nature and it takes all kinds), but the vast majority are more than happy to do their part. Don't let the vocal few chase you away from what is proven over and over to be right.

There are always good and effective ways to accomplish goal while meeting requirements: For example, the use of passphrases instead of regular passwords makes complex, long passwords a cinch, and all it takes is about 5 minutes of user education to show people how well it can work (use your all-hands meetings and you'll be amazed what you'll get accomplished in a short period).

Read the guide, use it, and you'll be better off. A variety of other security configuration guides from the NSA can be found here. There are more than 80 guides covering server and client operating systems, network infrastructure, database platforms, and more.

(via lifehacker.com)

I've decided after juggling multiple remotes for a bunch of different equipment for far too long that it's time to go on the search for an advanced universal home theater remote that will let me control my projector, surround system, various components like DVD players and XBOXes and whatnot, as well as my room lighting. Programmable one-button setups for multiple devices is what I have in mind. I want to be able to hit a button and have al these systems lines themselves up, set the volume, turn down the lights, etc. In fact, bonus points if it can also control other items in other parts of the house and if I can set up enough macros to where my roomie can have his own preferences for lighting, volume, etc.

In my early searches, I have found a number of very expensive models that I would have to take a new mortgage out for in order to acquire. People actually spend that much money on remotes? Holy cow! We're talking in the thousands of dollars for some of these things. It's ridiculous. There is no way in the world I can spend more than say $800, and even that would really be way too much unless it does everything I am looking for. I'd hope to be able to do some Froogling and find some street prices that get it all under $500. I'm not holding my breath.

Anyhow, what do people recommend? There are a number of home theater geeks at my work and I am sure they'll each have their opinions and experiences, and I hope to get some more ideas before diving into the water myself. Please leave a comment with your thoughts and experiences, or with descriptions of remotes you may have run across in your own research. Thanks!