There's been all sorts of rumor and story-making flying around the Intarweb the past few days about a supposed first virus to attack some new part of Windows Vista (which is the next generation of the Windows Operating System - Vista was released recently in a Beta 1 test version to a closed group of testers and MSDN subscribers).

Well, it turns out that's not quite true.

Now, there might be a proof-of-concept script-based "virus" that takes advantage of a new beta shell technology called Monad. But Monad is not part of the Windows Vista beta, it won't be part of the release when Vista is done, and as such the rumors are inaccurate and based in false assumptions, according to the Microsoft Security Response Center weblog (which, by the way, security and IT professionals should subscribe to).

"There’s been some commentary the past couple of days regarding a potential Windows Vista virus and we wanted to weigh in with some details.  First of all, in examining the details of the reports, there is no Windows Vista virus described in them. Instead, the reports are regarding potential proof of concept viruses in the form of malicious scripts that are developed to affect a new interactive shell codenamed Monad, which is currently in early phase of beta testing.

"Now to be clear, these reports pose no risk for Microsoft customers. The viruses do not attempt to exploit a software vulnerability and do not encompass a new method of attack.  Furthermore, Monad is not widely available for general use. It’s a beta, and we do not recommend or support the use of beta software in a production environment. Microsoft continues to analyze the feedback from testers as Monad continues to be developed.

"But most important, Monad is not included in the beta release of Windows Vista or in Windows Server 2003 R2.

"Monad will not be included in the final version of Windows Vista and there is no relation between Monad and Windows Vista Beta 1. Monad is being considered for the Windows Operating System platform for the next three to five years.  So these potential viruses do not affect Windows Vista or any other version of Windows if Monad has not been installed on the system."

Note that Microsoft did not decide to pull Monad from Windows vista in response to this Monad virus scare/story, and they point out that Monad is an early beta technology, not intended to be used in a production environment. Well, yeah... Duh...

It's worth repeating that last point: Beta versions of commercial software are - by their very nature - not fully tested or officially QA'ed, and as such one has to consider beta code to be less secure in general. That should always be considered in deployment.

This is a great example of rumor run rampant, assumption trumping investigation, and the power of hate amongst those who drink of that darker cool-aid, and who wish for nothing less than harm to befall a great-big software company. If you want to believe something bad enough, if you're waiting in the trenches for something to jump on, if you do that often enough and get crazed enough in the process, you're going to lose your perspective. In my previous career, where I sometimes had to deal with those sorts, they call that a cult mentality.

Anyhow - Point is, it wasn't true. And that's something that should be said.

Skylook marries Skype - the uber-popular voice and text communication app - with Outlook, the ubiquitous mail and personal organizer app from Microsoft.

UPDATE:  After using this program for a day or so and speaking with a couple others who have also used it, I have a few additional thoughts:

• I'd like to be able to increase/decrease the MP3 sampling bit-rate - right now it's fixed at a fixed setting of mediocre audio quality
• I'd like to be able to specify which chats and voice calls are recorded - right now it records them all, which is cumbersome
• Generally, I'd prefer being able to tweak all the little details across the board - give me control while keeping it simple
• There's a real need for a complete, solid, Skype/VoIP recorder that builds in and doesn't have to be rigged together with bubble gum and duct tape.

Another UPDATE: Jeremy Hague of the Skylook team sent along this information (Aug 8):

"I thought that you would be interested to know that we are planning on introducing some new features in response to the customer feedback (mostly from podcasters, which is really cool) we have received in the first week.  We are planning on introducing some advanced configuration options to enhance the MP3 recording that Skylook produces.   In a future version, the user will be able to control the bitrate of the MP3 file, information that Skylook can populate into the ID3 tags… along with support for other audio file formats."

Skylook builds right into Outlook - in the form of a toolbar - and enables you to record your Skype conversations as high so-so quality MP3 files for playback later. This makes it a potentially useful tool for Podcasters, who often use Skype in combination with a spaghetti mess of piping and recording apps to conduct collaborative conversations and interviews over the Internet (NOTE: The audio quality may not be high enough for many podcasters, so allowing users to tweak these settings would be important). Obviously, the major benefit of recording this way is that it enables an easy way to speak with people that would otherwise often not happen. It removes the need to sit in the same room with the other participants while still providing reasonable-quality audio.

It allows you to make Skype calls and start Skype text chats directly from your Outlook contacts and emails. It shows you which of your contacts in on-line in the Outlook toolbar and provides options to review contact details and review previous communications with the contact. Skylook not only records all your voice calls, it also records your text chats to a special Outlook folder.

I did a quick voice chat this evening with Eric Rice to try it out. We were not using headsets, so we had the inevitable echo, but the Skylook app did a great job. It just did its thing in the background without any problem, and when we hung up, I "magically" saw a dialog on the screen:

I clicked the "Show me" button, and it took me straight to my filed recording:

And it files the text chats right there with the audio, filed all neat and clean just like an email would be. It's really very slick in that regard.

I'll have to give it a shot maybe this weekend, when apparently I will be guest-hosting on a podcast I really like a lot. More on that after it happens.

You can download Skylook here and try it for a couple weeks. After that some functions are disabled, do you can buy it here for $29.95.

Recently I've had a number of interesting (albeit often protracted) conversations with people about processes in business, and how formal, written procedures and established processes can be good (I agree, to a point) and can also be very, very bad.

I'll explain in a minute, and while I'm at it I'll do some tangential opining and show why I think Sarbanes Oxley and other process-intensive initiatives and guidelines don't always accomplish what they set out to do. In fact, in the case of SARBOX, I'd argue it doesn't even come close to accomplishing what it was originally intended for. But that's another story...

First a reminder and a bit of clarity: This is a personal blog, so anything I write is my opinion and mine alone.

Saturday morning telephone support call: Failed process illustrated...

Saturday morning I woke up at a criminally early hour (for a weekend anyhow). Since sleep apparently wasn't in the game plan I decided to call Vonage to see if I could actually get someone on the phone, and if I could convince them to listen to me long enough to troubleshoot a hardware/firmware problem I've been having with my VOIP terminal adapter.

For the record, I like Vonage. A lot. I recommend them. I'll refer you if you email me and ask. But I'll be honest - I'm never too excited about calling them.

But on Saturday morning, that's what I did. After umpteen layers of voice menus and hitting random keys to get pretty much nowhere, calling back after being disconnected (don't hit 'zero' in Vonage's voice prompt system...), and then finally getting someone on the line (whom I could not understand and who it seems could not understand me during the entire painful process of validating my account, name, billing address, etc.), we finally got around to troubleshooting the problem:

Vonage Lady: "Yes, hello mister huge-hess...

Me: (silently) <grrrrrrr!!!>

Vonage Lady: "...how can I help you with today?"

Me: "Okay, so I am having a problem with my Motorola VT1005 terminal adapter, about once a day it loses its connection with Vonage and I have to pull the power plug and plug it back in to get it to work, and several times a day the network data port stops communicating completely so my computers here at home cannot get to the Internet. I have to unplug the Motorola device and plug it back in in order to resolve that problem, too, and then it happens again later, a few times a day."

Vonage Lady: "Okay, so what I understand from you is..." (reads back a different version of what I just said, but leaves out all the key points, like the whole data connection problem, etc)

Me: "That's partly correct, but the worst part of the problem is that several times a day..." (I explain the loss of LAN port connectivity issue again)

Vonage Lady: (seemingly ignoring what I just told her) "Okay, I would like you to go to your router and unplug the wire from the PC port and so you will have the modem and the wire, and the Vonage router and then your computer, and I want you to plug a wire into your computer okay can you do that and tell me?"

Me: (wondering if I - a high-tech IT guy with lots of experience fixing crap much more complicated than this - really understand what she means) "Umm, okay, so... You want me to plug the ethernet cable that goes from the Motorola device on the LAN side into my computer directly then?"

Vonage Lady: (pause, pause, pause) "Uhhh, yes, I need you to put the wire from the PC port in your computer."

Me: (deciding the only logical thing to do is to go with my gut) "Okay, so I have done that, okay I am ready for the next step."

Vonage Lady: (seems to be shocked that the next step is already starting) "Ohh umm, okay, one moment please... Okay, I need you to open your Internet Explorer, and in the address bar at the top of the screen..."

Me: (I'm starting to quietly get a little frustrated now) Okay my web browser is open, you want me to type in an address?

"... I would like for you to type this address in the address bar."

Me: (I'm already on the adapter's admin web page, I think to myself, she's gonna send me there - slowwly) "Okay, ready."

Vonage Lady: "Okay, One-Nine-Two..." (pause, pause, pause)... "No, wait... H-T-T-P --"

Me: "192.168.102.1?"

Vonage Lady: "No, no no. AICH-TEE-TEE-PEEEE, COLON, SLASH-SLASH, ONE-NINE-TWO..."

Me: (waiting for more numbers) "... ... ... okay, i got that part, you can keep reading it to me."

Vonage Lady: "DOT-ONE-SIX-EIGHT-DOT-ONE-ZERO-TWOOO-DOT-ONE"

Me: (Thinking to self: Is there an echo in here?) Okay, I'm there.

Vonage Lady: "Oh well, now we need to go to the admin.html page, so to do that please click in the-"

Me: "Okay, I'm there."

Vonage Lady: "Oh, okay... Do you see a button that says Restore Factory Defaults on the page there then?"

Me: "Yes. I have a fixed IP address though, so if we do this it will stop working 'til I reconfigure."

Vonage Lady: "That's okay, push that button and tell me when it's done."

Me: <click>

Vonage Lady: <she's now long-gone due to the fact that she just told me to kill my phone line>

Bad process and procedure? Most certainly. But what's the real problem in this story? Unfortunately it's one that we see happening more and more these days, over and over again with all the emphasis on building deep, complex, wide swaths of processes and supporting procedures.

I'm not here to argue against process. I'm here to argue for thinking.

When process hurts...

People have stopped thinking for themselves and doing critical analysis of the situation at hand. Instead, they read from a script. They follow a written procedure. They stay exactly between the lines, thinking the lines are the end-all-be-all of clarity in every situation. When I speak to people in my field about this, I describe it as being similar to walking around with blinders on.

We're suffering from a deficit of creative thinking and reasoning. But more on that in a few minutes.

What does this result in? Three things mainly:

First of all, people increasingly look at the world and the things going on around them as being bipolar in nature: black and white. In reality though, it's all about the infinite shades of gray. Oh, how simple the world might be if it was all pure black and white in nature, but in the real world it's just not so. Unfortunately, the desire to simplify things cognitively into black/white, us/them, good/bad is probably a greater part of the way people look at things today than it has even been.

Second, people have lost their sense of ownership and don't think for themselves. Pride goes soon after that. More and more the accepted method of teaching people how to do things has become the "hand-me-the-procedure" method. But, absolute processes and procedures are fundamentally flawed. There's simply no way to compute every possible outcome or input to a situation, yet we expect that by creating processes and procedures that *must* be followed, we can solve critical problems. The fact is that while they may ensure compliance most of the time, they can also often ensure lack of compliance some of the time - especially when the procedure or process doesn't exactly fit, but the person applying it doesn't stop to think about that fact. Or, even worse, they're not given the level of permission needed to stop, think, and evaluate situations on their own.

Third, we walk around with a false sense of confidence and safety. By assuming we are creating controls and processes to keep the bad things from happening, we do the one thing that police officers and security professionals have known better than to do for all time: We lure ourselves into that place where we believe everything will be okay, everyone will follow the rules, everything will be out in the open, the checks and balances will all work because the auditor signed a pieces of paper (not like the auditor had any real guidelines to audit against or anything...) and the bad guys won't be able to get away with anything anymore.

But it just won't work. Nope.

I'm sorry Senator, I have no recollection...

Example from the real world: The Sarbanes Oxley Act (SARBOX for short) was terrific for consultants, and lots of people are making lots of money off lots of companies that are shelling out big bucks for something that only minimally does what it needs to do (if that). The fact of the matter is that SARBOX resulted in huge expenditures and rampant development of crippling processes that offer little protection from bad, smart people who want to pull a fast one on investors. Even one of the sponsors of the act says it doesn't really accomplish what was originally intended. Hey, Senator, can we send you an invoice for the costs of this mandatory program that won't do what it's set out to do? Let me know. Thanks.

So, SARBOX is good for consulting companies, and expensive for business, and even though the rules and regs don't really fit small to mid-size businesses, they have to follow them anyhow. It doesn't really prevent another Enron from happening. In the end, it's costing the shareholders it was intended to protect a lot of money, and it's not really doing what it needs to do.

Hmm. That's like going to a store with no knowledge of tools, telling the sales person I need a something to help drive a nail into a wall, being sold a bunch of hard hats and yellow vests and thick gloves, along with a pneumatic nailing system and a whole stack of safety equipment and mandatory classes to make sure I use it right, and a certification that's required to issued by the government before I use it... And then six months later finding out there's this thing called a claw hammer...

Maybe we forgot what we set out to do. Maybe there's a short term memory problem involved. Or maybe too much vague, confuse, poorly-defined process got in the way of building (wait for it...) effective process.

This is starting to sound like "the meeting to plan the meeting."

Anyway, back to Vonage...

I made another call to Vonage (after I set up a fixed IP, reconfigured the TA, etc., and this time without getting disconnected), Communication went a little easier with the support worker I got this time, and within a minute of the same scripted process, I heard him pause for a moment. He stopped what he was doing and said, "Mr Hughes," (thought: do people who put time and effort into pronouncing names correctly also think more for themselves?), "I am going to transfer you to another number because I think they will be able to help you with this. I could go through all of the things I have here, but I really don't think they will help you."

There ya go, now that's thinking for yourself.

Within five minutes, another Vonage rep (who was quite knowledgeable and professional by the way) had deduced - after listening to my technical explanation and asking a couple follow-up questions - that my terminal adapter is pretty much on its last legs, and offer to send me a replacement.

I spent two hours on the whole deal, between the first phone call, phone menu prompt maze from hell, getting disconnected by the voice menu system, the first rep, getting disconnected by my hardware reset,. It took 10 minutes to solve it, as soon as I spoke to a couple people who were willing and able to think about the situation outside the script.

Now, I've picked on Vonage here just because they happened to be the company I called on Saturday. I have tales of woe from a slew of other tech support experiences, too. A friend just IM'ed me to vent about his phone call this morning to Dish Network. I like Vonage, I like their services, and I like their prices. I think they're doing a good job, and they are adding (literally) 10,000 new users a day (got that from the last guy I spoke to on the phone). They have more than a million users now. So don't take this to be a Vonage bashing post - it's not. But I do think it illustrates an important point.

So - what do we do now?

Okay, great so what are we supposed to do about the Blinders of process? It's simple: Let your employees take them off. Encourage them to!

In fact, it might be worth training employees in two basic skills that most people don't get any decent training in: Listening and troubleshooting. Think about how much time we spend learning to read and write, to speak in front of others, to read from the script. How much training in our lives, from school to professional adulthood, is spent learning how to listen well? How much time do we spend learning the nuances of critical thought or effective problem solving and troubleshooting?

Not much. Not enough, for sure.

But we'll have to save that topic for later.

Seen this? It's The News Show. A bunch of quick off-beat daily tech/geek news items. It's interesting and sometimes funny. It's relatively short.

I could maybe watch this once a day, but the f5 ads might convince me to spend money.

But I'll be damned if I can find the RSS feed (and my magical to-remain-unnamed RSS-savvy browser doesn't "see" one on the page either...) No RSS feed???

Oh well... Check it out anyhow.

Over on the Microsoft Office Assistance web site, there's a great video of Chris Bertelson - an long-time Microsoft employee with lots of experience demonstrating software - navigating his way around the features available in Office OneNote 2003.

• If you've never seen or used OneNote, this video will show you all kinds of cool things, and gives a great idea of what OneNote is all about.
• If you're already a OneNote user, don't skip this one! Be prepared to see all sorts of great things that you can add to your personal toolkit to make you a OneNote power user.

This 45-or-so-minute video (see links below) should be mandatory training for OneNote users. It's that good.

I use OneNote every day on my Tablet PC as well as my desktop machine. One thing many people don't realize is that OneNote is not just a Tablet PC application - In fact OneNote was initialy conceived and designed before the Tablet PC was born, and it's a great program for desktops and laptops, too.

Chris covers some serious ground in the video:

• Watch Microsoft OneNote Tips and Tricks (256K) (optimized for broadband viewing.)
• Watch Microsoft OneNote Tips and Tricks Video (110K) (optimized for dial-up viewing.)
• Download the OneNote Tips and Tricks follow-along Word doc

And if you want even more detail, check out the webcasts:

The Webcasts of this demo are available on demand. These are generally more in-depth than the demos because they include audience interaction and questions and answers. You can watch them on your own schedule.

• Microsoft Office System Webcast: OneNote Tips and Tricks - Level 100
• Microsoft Office System Webcast: Tips and Tricks Part I - Outlook - Level 100
• Microsoft Office System Webcast: Tips and Tricks Part II - Word and Excel - Level 100
• Microsoft Office System Webcast: Tips and Tricks Part III - OneNote, Visio, InfoPath and PowerPoint - Level 100

One more dedicated post reviewing the new X41 ThinkPad Tablet and my experiences of the past week, then back to our regular (random) programming. You can read my first two review posts here and here.

Walk into an aiport or a coffe shop and start writing on your screen. You'll get "the look." Tablet PCs tend to attract and grab the attention of people who have not seen one before. They're also of interest to gadget freaks, of course.

I spent a few hours Saturday with some "new media" geeks, hanging out in downtown Portland. Several of them asked if I brought along the new ThinkPad X41 Tablet PC I've been using this past week. Well, of course I did. Several of those present said they've been thinking about possibly been getting a Tablet PC for their next computer, and wanted to see one. Others were simply curious about what IBM has done with their initial foray into Tablet-Land.

Of course, Josh Bancroft wanted to take pictures, heh. Many wanted to hold it in their hands, see how it feels, and to learn about what you can do with it. I've noticed one of the huge selling points of these things (with geeks and their wives and girlfriends, anyhow) is how the thing feels in your hand. Once I rotated the screen and placed it in their hands with the extended battery as a sort of "book spine" grip, that Tablet PC realization kicked in and you could see the expressions change on each of their faces. When people start using the pen, the "ahhhhhhh's" come out and the questions start. The main difference this time around is the X41's an even better example than most of why Tablet PCs are so darn cool.

Anyhow, I have been making a quick little list of things I'd like to see IBM/Lenovo to do to improve this thing, because while it's a terrific machine and I'm definitely won over, it's not quite perfect.

Use the hard drive protection gyroscope for screen orientation
I've been playing with it for a while now, and as far as I can tell, this model has a gyroscope (or similar) device built in that's used for real-time awareness in order to protect the had drive from shocks. You can even open the active-protection configuration applet and move the computer around and watch the picture of the thing on the screen move around just as fast as you can make it. But it doesn't appear the IBM software is connected in any way to the software switches that control screen orientation. Why not? If I'm holding the thing in my right hand with the battery on the left, use that technology to make sure the display isn't upside down, for gosh sake. Or, if I am missing something and the capability's already there, tell me, please.

Better stylus/pen
I wrote about this before. The pen has no "eraser" end on it. As expected, I was able to verify that any standard stylus that does have an eraser end works just fine with the T41 (I used an Acer pen for the test)... So, hopefully IBM will ship a new pen that has the eraser end, and I will buy it. Honestly, it's driving me nuts every time I work in pen mode. But that's okay, I'll live. For now, anyhow. I just wish the Acer stylus was the same size and shape as the IBM model, so I could just swap them out. No such luck.

Fingerprint software loses focus when Windows has been console-locked
This is a software nit-pick, and I am not sure if the problem exists on non-tablet versions of Windows XP or not (and I don't have a computer to test this with), but when the computer is "locked," the fingerprint reader dialog (they replace the regular Windows "This computer is locked" dialog with their own) often loses focus, and swiping your finger does nothing until you click on that Window to bring it into primary focus. I am wondering if it's because of the on-screen virtual keyboard, since it appears to have focus on the screen. I'll have to check on that and figure out how to turn it off, if that's the issue. Anyhow, it's a usability issue, and should be addressed one way or another.

Your mother is a hamster; Your father smells of elderberries
Just seeing if you're paying attention. Are you? Hmmm... If you can read this, you're too close. No, I mean you're doing fine. Yes, fine, thanks for asking. No, sorry I am busy tonight. Move along, nothing to see here. Maybe lunch though? Oh, oops...

So - All in all, not much to gripe about. If those are the worst things about this computer, then hey - it's a pretty darn good machine.

There are (of course) also a number of things about the computer that I really like over others I have used. So, to tie this thing up and put it to bed, a couple of them are:

The wireless networking software and hardware is pretty much rock solid
They got it right some time ago, and I really appreciate the reliable, easy to use and easy to count on wireless networking setup. I especially appreciate the fact that the ThinkPads are among the few computers  that load the wireless drivers right up front, so when I log onto the Windows domain, the login scripts are able to run just like I was plugged into the wire.

Sturdy, very light, and everything is right where it should be
From the pen location (front left side edge, right up front) to well-placed slate-mode controls (the fingerprint reader is on the monitor frame along with special Tablet PC buttons for rotation and common keyboard buttons as well as CTRL-ALT-DEL), they put stuff right where it works well. It's super-light, and no rickety construction here. The real point is that IBM waits til they know they've got it nailed down before they release it to the market. We've seen them do this before, and I remember talking to and IBM rep over a year ago when they told me IBM was working on a convertible Tablet PC overseas, and that it was definitely coming, but not to expect anything for about a year because there was no way they were going to get it wrong when they actually released it.