Over and over it's obvious that the vast majority of people I speak with have no real idea what the current financial situation is all about, how it happened and how it works.

It's not often I'll ask people to take the time to listen to an audio show, no matter what. But in this case, I think it's important enough. With all the media discussion about the gloom and doom of the current economic mess, there's been little or no meaningful education about what caused it and where we are now. Panic reporting doesn't prepare anyone. History and analysis does.

So: Listen to two audio episodes of a show called This American Life, which are linked below, and you'll be a much more aware citizen. You'll find yourself much better prepared to think about where we're at and where we're going. Understanding how we got here is critical to understanding where we're going, and why.

I hope this is helpful to at least one person. I know I found the reporting and explanations cogent, thoughtful, understandable, non-partisan and non-political, and - as a result - quite valuable.

• 10/3/2008 - This American Life: "Another Frightening Show About the Economy"
• 5/9/2008 - This American Life: "The Giant Pool of Money"

Let me know what you think.

The Chumby is a cool little Internet-enabled device that sits pretty much wherever you want and does all sorts of cool things. You can check it out here. Today it became even better that before, in a way that I especially appreciate, so I jumped on eBay to see if any were available there (you can buy them online new, too).

So what's this new cool thing that makes it even better in my eyes? Pandora - the Internet "radio station" app that I already use on my computer as well as my iPhone, is now available for Chumby.

I'm looking forward to waking up to my Pandora stations, viewing the latest weather for flying, playing new podcasts when they become available, displaying some of my favorite pictures. I'm sure there are a ton of cool things I'll be able to use it for that I can't possibly think of yet. I'll have to take a look at the Chumby Widgets guide while I wait for it to arrive.

A bit about the Chumby:

Chumby was designed from the beginning to take all your favorite parts of the internet, whether they’re video clips, or internet radio stations, or anime cartoons, or sports scores or the weather, or anything else, and, using your existing wi-fi connection, simply deliver them to you at a glance. Automatically, one after the next. You just leave it on — don’t worry, your carbon footprint isn’t getting much deeper, chumby draws far less power than a light bulb. No need to go to your study and boot up your computer and launch a browser, no need to fish your smartphone out of your purse and launch the browser application (…and wait) to get your favorite bits of online goodness.

Do you have one? What do (or would) you use it for?

DirecTV had an unusual technical glitch sometime in the past 48 hours, and as a result customers with either standard or HD DVRs might experience issues with a "frozen remote" or similar behavior. DirecTV Has emailed customers to let them know (see below).

This is important because if your DVR is in the hung state they describe, you need to reset it, or your scheduled recordings will likely not be recorded.

I had the issue exactly as described the night before last on my HD-DVR, and did a red button reset (RBR) at that time in order to restore it to normal functionality, which is pretty much what the email from DirecTV says to do:

IMPORTANT NOTICE ABOUT YOUR HD DVR OR DVR RECEIVER

In our effort to improve and expand our service, we experienced a temporary technical glitch. If your HD DVR or DVR receiver is not responding to your remote control or front panel commands, you can resolve this issue by pressing the red "Reset" button located inside the small door on the front right corner of your receiver. Please allow about 15 minutes for your receiver to complete the resetting process. Once completed, your picture will return automatically. Unfortunately, any show you may have scheduled to record yesterday will not be available on your DVR.

We sincerely apologize for any inconvenience this may cause you. Our promise is to provide you with the best television experience, and to resolve any issues that might arise as quickly as possible. If you have any further concerns, please do not hesitate in contacting us at 1-800-347-3288.

Larry Dignan posted some interesting charts, graphs and figures today over at ZDNet looking at advertising revenue for the first half of 2008, compared to previous periods. He also asks what will happen to advertising revenue in the faltering economy. Good question.

What I know best is my experience, which is undoubtedly unique since this site is not exactly huge (about 750K pageviews/month). However, over the past few years I have watched my revenue trends from contextual advertising rise and fall. In these most recent "tough" times for the overall economy, my advertising numbers (meaning impressions, click-through rates, eCPM, daily revenue, etc.) have increased somewhat dramatically.

If you think about it, this could actually make some sense. Less discretionary, from-the-hip spending by various types of consumers means the market needs to find effective ways to reach out to buyers. In many cases, where consumers are looking to save a few bucks on a purchase, they will naturally turn to the Internet for better deals. So, maybe the Internet advertising world has a real opportunity.

My weblog and the few other site I have don't rely on financial services or automotive industry related advertising, granted. I could be way off base here. Yet I can't help but wonder what the second half will look like. I have at least some confidence it will weather this storm. Time will tell.

Thoughts?

I've lately come to enjoy the relatively new video site, hulu.com, for catching up on television shows I've missed. Decent quality and easy access offered by the site are great. The other day they posted the Saturday Night Live spoof sketch poking fun at Joe Biden and Sarah Palin, and quite literally everyone I know must have gone there to view that specific clip in the past few days.

Tonight, Hulu takes it to the next level with the real candidates by introducing live streaming to their mix. The U.S. presidential debate is their initial undertaking (view here), and they will also live-stream the third debate next week. Tonight's debate airs on NBC and the last one on FOX, both of which are owners or hulu.com.

It will be interesting to see what else they decide to stream live in the future. One would think they might have to limit live streaming to non-advertising-supported content (like these debates) in order to avoid diluting their local advertisers. But I certainly wouldn't mind being able to watch certain shows live from the road, and ads focused based on geolocation or something similar would be just fine with me. Oh, and as a sidenote: We can always continue to hope against hope for a hulu iPhone app.

It's been a fun and challenging week learning to fly. I found a couple good podcasts, and have posted a couple new detailed entries to my new flying blog, Coordinated Flight.

The podcasts I found are The Student Pilot Podcast, by Bill Williams in Arizona, and Uncontrolled Airspace, which Bill recommended. Good stuff.

I have four flight days scheduled next week. I hope the weather cooperates!

Well, true to my own distracted form I realized about a month too late that this weblog turned five years old last month. I didn't get a chance to wish it "happy blogday," so I'll do so belatedly. Five years is quite a bit of time, yet it also seems as if it was all that long ago that I started this thing.

The site has gradually changed in terms of how I "use" it over time. Recently I've written less frequently than at times in the past, but when I do write I tend to write more in one sitting. I'm also writing (and speaking) elsewhere occasionally and splitting my time among a variety of other life activities these days.

Some of my favorite posts are from a few years ago (although some recent posts are on that list, too). My first post was decidedly non-technical (and reading it now I'm not even sure I'd write it today (but I'd probably say something on Twitter)). Well, okay - maybe I would write it. :)

I've gone through the server stress of being "slashdotted" and all sorts of other mega traffic deluges, and have been running dasBlog the entire time, thanks to the influence of my good friend Scott. I've written about some very personal topics as well as random technology tidbits that interest me. In five years I've authored 1,762 posts and people have commented on those posts more than 2,800 times. Somehow I've attracted a fairly large readership and Internet audience over the years (frequently over 600,000 page views a month), and for that I'm grateful and a bit humbled.

At any rate, it'll be interesting to see what's happening here (and on other weblogs, for that matter) in five more years.

I speak English natively. My friend that I want to chat with in IM speaks German. A chat-helper service called MTBOT (Microsoft Translation Robot) allows me to type in English, yet my friend sees and reads what I wrote translated into his native German language. Likewise, when he types in German, what I see is his messages machine-translated into English.

If you use Windows Live Messenger, you too can add mtbot@hotmail.com to your buddy list. When you want to chat with someone who speaks another language, add them to a "conversation" with your TBot. You and the other person are asked to specify your native language, and after that you just start typing.

There are a number of commands you can issue to control TBot's behavior. To see a list of commands, just type "TBOT ?" in the IM window. You'll then be presented with the list of available commands:

Cool stuff. Check out the Translator information posted over at the Live Search blog.

Currently-supported languages:

• English to/from:
• Arabic
• Chinese Simplified
• Chinese Traditional
• Dutch
• French
• German
• Italian
• Japanese
• Korean
• Portuguese
• Russian (Russian to English only)
• Spanish
• Chinese Simplified to/from Chinese Traditional

Call your Congressional rep now (202-225-3121) and ask them to support H.R. 7084, the Webcaster Settlement Act of 2008. Pandora and other similar services need your help.

I called last night and left a message for my Congressman in Oregon, David Wu. If it's your first time, calling just know it's easy: The operator will answer the phone, you ask for your congressman by name, and they transfer you to the correct office.

I left a message for Wu last night stating that I wanted him to support the resolution because it was of a timely nature and it ensured fair ad reasonable competition, and that industry lobbyist attempts to defeat it or stall it were anticompetitive in motivation.

If you use online streaming music services like Pandora or other similar ones, their very existence may depend on this resolution, so make your voice known now. It really does make a difference.

If you don't know who your Congressperson is, you can look them up quickly here. All you need is your ZIP code.

Note: While I'll likely cross-post the occasional flying post here (or maybe I'll just mention a few highlights), I've started a whole new blog called Coordinated Flight where I'll publish all my flying-related stuff. That way this blog won't get overloaded with long, detailed flying stuff.

The past couple days I've spent a little time down at Twin Oaks Airpark, a small private airport located on the far west side of Portland, Oregon. Yesterday I spent an hour there, and today I went for about two hours. Both days I learned and flew with my new flight instructor, Kelly. I've always wanted to learn to fly and over the years I've spent quite a bit of time in small aircraft. But now I'm going to put the time and effort (and expense) into learning and practicing everything one needs to know to safely fly a small aircraft.

Yesterday was what they call an introductory ride. Kelly met me and we went to the airpark office, where we chatted with Betty Stark. The Stark family owns the airpark which is on an old dairy farm and has a single runway, several hangars, classrooms and a fuel station. Then we went to our aircraft for the day, a Cessna 150. Kelly showed me the aircraft and together we went though the walk-around checklist. The Cessna 150 is a two-seater and is a smallish aircraft, but is a very common trainer. After checking out the aircraft we climbed in and started the checklist for starting the aircraft. I turned the key and the prop started spinning. Kelly explained some more necessary details about the controls and told me what was going to happen. And then we were off.

We taxied from the ramp to the end of the runway and did the engine run-up and final checks on the list. Kelly radioed the local traffic to let anyone flying in the area know we were departing, and he told me to put my hands and feet on the controls so I could feel the aircraft as we departed. He explained each task he was doing as he performed them, from the time we walked up to the aircraft until we were in the air. I think I've found a great instructor. He clearly knows his stuff and is confident. That gave me a feeling of confidence, too.

Once we were in the air, he told me he was going to hand the controls over to me. The next thing I knew I was flying the airplane. Of course, Kelly was still there, light on the controls in case I screwed something up. He didn't overwhelm me with information, but instead balanced the doing, the explaining and the having fun and looking out the window. We spent about 30 minutes in the air (and a little rain from the clouds that were well above us) and then returned to the air park. I learned about the traffic pattern for Twin Oaks (it's a left pattern with a 45-degree entrance). It was a lot of fun, and probably just the right mix of time, information and experience for a first flight.

Kelly gave me a quick-read intro book with some basic information to learn: Controls, attitude, parts of an airplane, climbs and descents, turns. He assigned it as homework and we arranged to meet again the next day at 3pm for two hours - starting with a quick ground lesson followed by some time in the air.

When I arrived today, we went into the small classroom and Kelly explained some of the performance numbers I need to start getting familiar with. It clear to me that there are a lot of pieces of information that will need to become second nature. Today's classroom lesson focused on common airspeeds and engine RPMs for different basic flight maneuvers, plus an introduction to flying the traffic pattern and the proper aircraft configuration for landings. I had a chance to ask questions and took some notes and we headed out for the aircraft (another C-150, but not the same one).

Today our time at the aircraft was a bit different than yesterday. Kelly handed me the checklist and rather than having me following him as we did the first time, he followed me as I did the walk-around inspection, checking the aircraft from nose to tail, top to bottom. He told me that the next time we meet, he may have me do the pre-flight walk-around on my own (I'm sure he'll check my work, too). After the outside inspection, he then moved the plane to a safe spot on the ramp and we climbed in. Once properly buckled up, we returned to the checklist and started the process of making sure everything was working, properly configured and ready for flight. I turned the key and Kelly showed me how the ground controls work. It's pretty counterintuitive to get out of a car and climb into an airplane: To steer in the ground you use the two foot pedals (and toe brakes when needed). If you put your hands on the control yoke (wheel), nothing happens on the ground. I'm sure looked pretty funny when my brain automatically told me hands to turn the wheel left or right. I had to force myself to use my feet. Once I took my hands completely off the yoke, however, it got a little easier.

I was taught how to do turns on the ramp, with and without brakes. After that, Kelly had me taxi the plane down the taxiway to the end of the runway, where we then entered the runway and taxied all the way to the end, did a couple turns, and then did the same thing all over again. It was a good opportunity to try to get my brain around driving the aircraft on the ground with my feet. I think some future practice will be helpful in overcoming some of the counterintuitiveness.

Kelly then had me stop on the ramp at the end of the runway, where we did our engine run-up and other checklist items. Then he made the radio call and told me to taxi onto the runway and line up on the center line for take-off. I managed to line it up and then let it point left a bit. After correcting for that (I bet it looked pretty dumb from outside the plane, heh), Kelly walked me through applying full throttle and he controlled the plane with his feet as we sped down the runway. "Okay, you feel that? We're doing a wheelie now," he said as the nose started to lift. A little pull back on the yoke and we were in the air, climbing out. When you depart to the south out of twin oaks, you have to start a turn soon after departure due to a noise abatement area (you'd think if you buy or build a house next to an airport you'd know what you're getting into, but oh well). So after a gradual left turn we straightened out and continued climbing. The airport is at about 270 feet above sea level, and we climbed to about 2200 feet.

The main in-air lesson consisted of progressively moving through various maneuvers and maintaining proper attitude of the aircraft: Climbs, gradual turns, medium turns, descents, trimming the aircraft for hands-off flight, and then combination maneuvers: climbing turns and descending turns combined with ending each of the turns on specific compass headings and returning to straight and level flight. It was really fun.

We were almost right on top of the airport before I even recognized it. That whole awareness-of-where-you-are thing comes with time, they say. For now, it;s enough to pay attention and apply what my instructor tells me.

By the time we were ready to enter the landing pattern, my brain was on the edge of overload. 45 minutes of information and sensory load was enough for my feeble brain I guess, so it was good that Kelly was handling all of the landing. I just kept feet on the pedals and fingers on the yoke to feel the controls move. Kelly explained what he was doing as we followed the landing pattern (upon passing the end of the runway on the downwind leg turn carb heat on, throttle to 1500 RPM, flaps to 10 degrees (three seconds pressing the switch), add nose-up trim... then on turn to base leg, dial in 10 degrees more more flaps, engine speed will increase as work load decreases so a little less throttle to maintain RPMs, maintain 70mph, look for the end of the runway on your left and prepare to turn to final... then your final turn, check airspeed and ensure you're moving straight for the numbers on the end of the runway (that they're not rising or sinking), add or subtract throttle as needed and line up... after that, work some voodoo magic, flare the aircraft a bit and put the wheels on the ground without breaking anything - I figure the details will become more clear as I get more experience, heh... then keep the aircraft moving straight down the runway with your feet (back to those feet again) and when all the tricycle wheels are on the ground and it's safe apply a little gradual brake as needed to slow the airplane and taxi off the runway...)

Now I have my first textbook in hand, which is the basis of the ground school lessons (which I am looking forward to). I took a ground school class several years ago at Portland Community College when I was thinking about learning to fly helicopters (I then did the financial math and decided maybe I should wait), and I am hoping some of that will come back and help me this time around. I'm flying to Philadelphia this weekend for a family get-together, so I'll have plenty of time for reading the first couple chapters and answering the questions for each - while on the plane.

I borrowed all the pics here from the Twin Oaks web site. Sometime I hope I'll get comfortable enough to be able to take some quick pics of my own (but for now all I can really think about are the tasks at hand in flying that chunk of metal through the air).

On Wednesday morning (September 24th, that is) at 9 a.m. Pacific time, Ed Bott will be joining Microsoft Technical Fellow Mark Russinovich and others for a live IT Springboard panel online discussing Windows Vista performance, a topic of interest to many and (based on my observations) understood by few.

You can ask questions live or email them to the panel ahead of time. The panel should be located here when it happens. The Springboard Virtual Roundtable Series is a great IT resource, worth keeping an eye on. Here's some detail:

Springboard Series Virtual Roundtable
Under the Hood: Windows Vista Performance…Need Answers?

Join Mark Russinovich and a panel of industry experts for a LIVE virtual roundtable to explore your top of mind performance issues, common misconfigurations, and tips on how to fix them. From boot times and applets to disk performance and battery life, find out how to optimize Windows Vista and what you can do to improve overall system performance.

Submit your performance questions live during the event or send them in advance to vrtable@microsoft.com.

Save the date!
Wednesday, September 24, 2008
9:00am Pacific Time

It's Talk Like a Pirate Day (as happens every September 19th), and Google's jumped into the fray with Pirate search. Try it here. Enjoy.

I wasn't going to write anything about the new Microsoft commercials, which I really like, despite the fact that I wrote about the two Seinfeld/Gates commercials.

But then I realized that the PC Guy in the commercials is Sean Siler. He's a real tech guy who actually works at Microsoft for a living - as opposed to being a professional actor. Here's his TechNet blog.

In fact, Sean epitomizes the "I'm a PC" message. We interviewed him not too long ago for RunAs Radio on the topic of IPv6 (he's the program manager for IPv6 at Microsoft). I thought you might be interested in hearing what Sean had to say at that time. He's wicked smart and a fun conversation.

It sounds like it's been an interesting evening for Sean, but he took the time to exchange a couple emails with me, which was cool of him. Congrats to Sean, and to Microsoft. Good start!

So, here you go - Our interview with Sean from a few months ago:

RunAs Radio #53: Sean Siler Sets Us Straight on IPv6! (download MP3)

And here are the three new commercials. Personally, I like 'em.

Oh and if you send an email to Sean's address as listed in the three videos, you'll get a reply. I'd post it here, but it'll be more fun if you do it yourself. :)

It's really the classic case study in information (in)security and the need for strong authentication. With all due respect to the good people at Yahoo!, this opportunity to review Internet security mechanisms is too good and too useful to pass up.

By now, we all know Republican vice-presidential candidate Sarah Palin's Yahoo! email account was broken into on Tuesday night (read the link to get the details). Apparently (and fairly obviously), access was gained via the forgotten password mechanism on the Yahoo! webmail interface, which allowed the malicious person to reset the profile's password with just a few pieces of information about the Alaska governor (birthdate, ZIP code and a piece of info related to where she met her spouse) that could be easily discovered by searching Google. That fact that so much of Palin's life history has been documented on the Web makes her that much more vulnerable to knowledge-based security mechanism hacks. It should also be noted that some security questions are better (or stronger) than others, so it's important that questions you choose for online protection are not ones that can be answered with information available on the Internet.

We security folk frequently talk about something called "multifactor authentication." By "multifactor" we mean an authentication process that requires two or more of the following:

• Something you know (passwords, user names, answers to questions)
• Something you have (token, device, phone, etc.)
• Something you are (physical fingerprint, voiceprint, or other biometric measure such as a verifiable, non-spoofable behavior (some call this "something you do"))

Most multifactor auth systems are pretty easy to recognize. You know them when you see them. Those key fobs or cards with the revolving digits that you have to provide at login are a common example. They're also fairly expensive and complicated. Some multifactor technologies are easier to use than others. There are a variety of behind-the scenes systems that track user behavior and other markers to determine if the person accessing an account is the legitimate user or a bad guy, for example. A well-designed and well-implemented system balances usability with security strength, and some systems yield higher results in that regard than others.

In this particular case, the bad guy was able to leverage only things he knew (found via a search engine) to change the password on the account and gain access to the Yahoo! Mail account. No other verification or mechanism was required. That's simply weak security in this day and age.

I walked through the account password reset system on my Yahoo! account, just so I could get a first-hand look at how it works and how simple it is to reset an account there. Honestly, it was a little too easy. Here are the details (you can click each image to see them full-size):

First of all, I selected the option on the login screen that says, "Forgot your ID or password?"

Next I was prompted either to supply an email address for reset, or to choose the option to reset without access to a registered email account (which to me was an immediate red flag). Obviously, I chose the latter.

This is where the security mechanism breaks down. I'm immediately asked to answer a "secret" security question. This process is called knowledge-based authentication. It's an additional layer of validation in a single-factor authentication scheme - I have to provide "something else I know." Even in my case it's information that could be fairly easily discovered (assuming I answered the question accurately). It should also be noted that in order to change my security question, I need to contact Yahoo! customer support (which I did).

Once I supply the correct answer to a single question, I'm immediately allowed to change my password. At this point it should be noted that if I was prompted to answer multiple questions in this validation workflow, using some randomization of questions and setting a time limit to answer each one, that would at least make it more difficult for someone to gain unauthorized access. Systems are available to do exactly that (I know, I used to manage a team that built one such authentication app).

I'm asked to verify my ZIP code and country (just for profile information), and that's it. Note that other analyses of this process seemed to say that providing the ZIP code and Country was required to reset, but that was not the case in my review. In fact, it appears the bad guy is just being handed that information after changing the password, for free. Take that info, stick it in your Google and smoke it: More search accuracy for the next phase in your attack. Not good.

I'm then notified that my account is now "up to date." I also got an email notifying me of the changes that were made to an account I had tied to the Yahoo! profile for communication purposes. At least I can rest assured that I'll get an email before the bad guy goes into my profile and removes that address from the account.

I think you're starting to get the picture. The authentication mechanism is only as strong as it's weakest part, and the fact that I have an option to reset without ever having to leave the browser window is a problem. Even changing the system to require that I receive an email (which is already the standard reset mechanism) would be better. As it stands today, that's an option, but not a requirement.

Many will argue that hey, it's just an email account, and that Yahoo! can't be expected to implement stronger security on their site as a requirement. I say that's flat out wrong (and what the account was or wasn't used for isn't particularly relevant to this analysis). Email is the number one mechanism used to move information - both innocuous and sensitive - among people. The fact that it's not the best mechanism for doing so ignores the fact that it's how people do things. There are a variety of options available to help ensure only authorized users can get access to email accounts. The fact they are not regularly implemented is a sad state of affairs.

There are many options to strengthen the identification and authentication processes. We can't discuss them all here, but a couple on my mind are described below.

Physical tokens - Making the jump from only having to remember a user name (which is usually the email address, so hardly a secret ) and a password to a scheme where one must carry a token and provide information from it in order to log in is quite a leap (carrying yet another piece of technology around doesn't exactly appeal to me), but it works. The costs associated with fulfilling, supporting and maintaining such a system are very real, and for Yahoo! may not be realistic. But there are systems available to those who know and choose to use them that can substially improve your authentication profile. Check out Omar Shahine's recent blog entry describing how he's securing his accounts in a few ways, including with an OpenID-integrated single-sign-on token system from Verisign.

But, even if you use an OpenID to sign in, what if your OpenID is a Yahoo! ID or other identity that you can reset with a single piece of discoverable knowledge? It still needs to be protected from unauthorized changes and access.

How to do that? There are several ways. I have a couple of favorites, but please feel free to share yours.

Require security changes to take place out of band - One option, probably quicker and less expensive to implement than physical tokens, is using something like an automated telephone call or text message to require the owner of the account to verify a change should be allowed. By registering one or more phone numbers when the account is created and requiring a unique secret be provided via that channel to authorize a change, one can sufficiently secure the account. Vidoop uses a system like this for resetting information on their OpenID accounts. It's simple and it works. It requires me to have the correct device (my phone), uses a different communication channel (the phone network, hence "out-of-band") to contact me and then verifies I am a legitimate user. It requires me to interact as part of any change.

But the technology options get even better: JanRain's myOpenID, for example, now has a feature called "CallVerfID" that equips your myOpenID for two-factor authentication via the phone. It's quick and easy to set up and instantly protects every login with a multifactor authentication mechanism. I found I was not able to use it with a couple phone services due to the way they answer the call (I should provide feedback about that, added to my to-do list), but when set up for my cell or home phone it works as advertised.

Expect more of this class of technology in the future. Think, for example, about voice biometrics: Is that really you that's answering your phone? That kind of technology would be very cool if it was reliable. It's a complicated but useful technology that's being refined even as we discuss this.

I would guess that "review of all Internet email accounts" has been added to every campaign manager's list of things to do deal with early in the vetting process (not to mention the Secret Service's list). Any of the technologies above would likely have prevented the malicious bad guy from accessing the Yahoo! email account.

In the security world, change only happens when enough people make enough noise, a regulator gives an order, or enough companies feel enough financial pain. This looks like one of those cases where noise is the better option. It's certainly better than regulatory mandates (which tend to create collateral damage), and waiting on big companies to suffer is not exactly a reliable plan.

So... Feeling okay? How safe is your account, really?

The third wave of official beta apps under the Windows Live name have been made available a bit early for download. Full information and download links are located over at liveside.net. The updated Windows Live apps are:

• Messenger v9
• Windows Live Movie Maker
• Mail with Calendar synchronization
• Writer
• Photo Gallery
• Family Safety
• Outlook Connector

There are also non-English versions listed on the site and a few individual reviews posted at liveside.net:

• Wave 3: Windows Live Movie Maker Beta
• Wave 3: Windows Live Mail - Calendar, Calendar, Calendar (and more)
• Wave 3: Windows Live Writer – A First Look
• Wave 3: Windows Live Messenger 9 Beta – What’s New- A Comparison With 8.5

The most noticeable change is a whole new UI scheme for the apps, but there are a number of other changes in there, as well. Messenger's look and feel is very different. I see Live Writer now has direct YouTube integration - nice move and probably one that took some serious discussion to make happen (understandably). Time to start digging in and seeing what else the new apps offer under the hood.