Fellow Windows users have probably had the same experience I’ve had when it comes to Mac owners — listening to them claim that unlike Windows, their systems are impervious to assault.

For years I’ve been telling them they’re wrong, and they rarely listen. But now I have hard evidence.

If there were any doubt that the Mac is far from a fortress, the recent release of an Apple patch fixing 13 security flaws in OS X should put them to rest.

Among the security holes is one that would allow an attacker to remotely execute malicious code, and take over someone’s system. There’s also a spoofing flaw and a way to knock down SSL protection to a less-secure version, among others.

Need more evidence that the Mac is vulnerable? The SANS Institute has listed Mac security flaws among its list of top 20 security issues. The institute notes “Although Mac OS X has security features implemented out of the box…the user still faces many vulnerabilities.”

There’s no doubt that right now the Mac is more secure than the PC. But Vista includes a more hardened operating system, and more security features, and by the time it comes out, I wouldn’t bet that the Mac will be more secure.

As for now…if you’re a Mac user, it’s time to get used to the security patching process.

What do you think about Mac security?

Microsoft’s decision to submit its new Office Open XML document format for Office 12 to become an open standard is anything but an attempt at openness. In fact, it’s a very clever way to try and fight off a true standard — the OpenDocument Format (ODF).

ODF is already a widely accepted standard. So why isn’t Microsoft using that, rather than trying to get a new format accepted? Because ODF is supported by the Open Source OpenOffice.org suite, which competes with Office. Microsoft worries that if it makes ODF an accepted format, rather than the new Open XML, companies may switch to OpenOffice.org.

It’s time that Microsoft accepted that Office is going to have competition again, after many years of being a monopoly. I expect Google to release an Office suite one day, most likely Web-based using AJAX. To fight that one off, Microsoft is going to have to do more than just try to fend off the ODF format. So it might as well get started now, and work on improving Office, not trying to inhibit open standards.

What do you think about Open XML?

Related link: http://www.houseoffusion.com/cf_lists/messages.cfm/forumid:5/threadid:19381#1822…

Some of you may have seen the email floating around entitled “New Rules”. My favorite new rule on the list is this one:

• New Rule: The more complicated the Starbucks order, the bigger the asshole. If you walk into a Starbucks and order a “decaf grande half- soy, half-low fat, iced vanilla, double-shot, gingerbread cappuccino, extra dry, light ice, with one Sweet-n’-Low and one NutraSweet,” ooh, you’re a huge asshole.

Web developers, site architects and content owners could use a few New Rules to observe. Feel free to add your own new rules in the comments section.

1. New Rule: Trying to force me to look at your advertisement by sliding it up and down the screen as I scroll? I will boycott your product for the rest of my life.
2. New Rule: Stop requesting my personal information so often. Do your really want me to fill out another form with false information just so I can download a stupid driver for my printer? Don’t you realize that those 10,000 people named “asdf asdf” in your database are pissed off _former_ customers?
3. New Rule: Stop assuming that I am interested in your flashy graphical display of marketing nonsense. My impression of your company is not based on your ability to render impressive vector art. Please reference Google’s home page if your company needs a role model.
4. New Rule: Search engine technologies are no longer a tool for you to force an advertisement down my throat. When I realize that your site has no soul and was specifically concocted to lure me in from a search engine, I will take every opportunity to slander you in public.
5. New Rule: Expanding drop down navigation menus are challenging and fun, but we now have video games for that type of entertainment. Keep it simple and stop encouraging users to fail.

New Rules: Tell Web developers how to behave…

Related link: http://www.leastprivilege.com/FormsAuthPersistentCookies20RTM.aspx

In ASP.NET 1.1 and 2.0 Beta2 persistent cookie that were placed using RedirectFromLoginPage and SetAuthCookie had a life time of 50 years. I wrote about that here.

In 2.0 RTM, this behaviour has changed. The timeout value of the <forms /> config element is used now. If you have set a 20 minutes timeout, the cookie expiration time will be set to 20 minutes, too.

Thats a good choice IMO; persistent cookies are dangerous, cookies with a nearly unlimited life time even more. Cookies containing a forms authentication ticket are completely self containing and can be easily replayed, even after years. Rudolph Aurajo wrote a paper about that here.

If you really want to persist the cookie (for a longer time than specified in the timeout attribute), you have to create the forms auth ticket yourself and set the cookie and expiration time manually now.

In its attempt to fend off Google, Microsoft has been considering some very radical proposals — including releasing a free, ad-supported version of Windows.

An internal Microsoft document, published by CNet, says, “As Web advertising grows and consumer revenues shrink, we need to consider creating ad-supported versions of our software.” The document was presented at one of Microsoft’s two-times-a-year “Thinkweek” exercises, where Gates and other top execs meet to discuss the future of the company.

In another document, Chief Technical Officer Ray Ozzie said that the company had to shift toward ad-supported software. “It’s clear that if we fail to do so, our business as we know it is at risk,” he wrote. “We must respond quickly and decisively.”

Most of the discussion within Microsoft centers around software such as Works or Money, although an ad-supported version of at least components of Office could be considered as well. And the company is also considering making the family jewels available as adware as well. The Thinkweek memo notes that Windows brings in $9 per year per user to Microsoft, and then goes on to say, “It seems possible that we could match that revenue via ads.”

Of course, all this is very theoretical, and don’t expect an ad-supported version of Windows any time soon. But just the fact that the company is discussing it shows how seriously it takes the threat of Google.

Do you think Microsoft should release an ad-supported version of Windows?

hehe…

I was a bad boy tonight. Ok, well not really, but with a title like that you expect it. no?

Here’s the deal: I went out on a call tonight. Spent about an hour working on someone’s wireless network. Pretty basic stuff, with no real hiccups. Once I left and started to drive home, I *noticed* my WLAN monitor was still running. Being the curious fella I am, I thought to myself… I wonder how many networks I’ll see between here and home. Home is about 3 miles away.

So… driving the speed limit (40MPH), and keeping one eye on the laptop, I counted about 30 wireless networks that I could see. Naturally there were probably a few more that don’t broadcast, but I wasn’t concerned with them. Of that 30, roughly 6 were “secured” with WEP. I use airquotes here because we don’t know how secure they actually are, but anyway…

Out of the remaining 24, about 10 were using something other than the default SSID (like “linksys” or “netgear”.) This is the part that tickled me the most. Of those 10, at least 2 of them used misspellings of the default SSID (i.e. lynksis.) I couldn’t help but wonder if this was a deliberate attempt to be clever (aka more secure.) LOL Flipping a few letters in the SSID doesn’t help much if you broadcast it to the whole neighborhood. To me, it doesn’t mean you’re clever, it means you can’t spell. LOL

annnnnyway, by this point I was almost home and dying to mention it in my blog. No I didn’t borrow any bandwidth but I did get a few funny looks from people as I was driving home with the laptop lighting up the inside of the jeep. Or maybe it was my laughter that got their attention.

Will I do this more often? I hate to say it, but probably yeah. I’m a curious type. But I won’t be borrowing any bandwidth, since that’s stealing. Not to mention it’s kinda pointless to try and accomplish anything other than scanning while driving down a major highway.

Is there a point to this post? Well if there must be, I guess it’s this: PEOPLE… SECURE YOUR WIRELESS. YOU HAVE BEEN WARNED.

Seriously though, why do so many people expect computers to work like toasters or blenders? It takes 5 minutes to setup WEP on your wireless network, and that’s only if you don’t get it right the first time. My brother, god bless him, is a perfect example of this. Plug it in, turn it on, start using it. If it takes more steps than that, it’s too complicated.

Computers are not appliances. I don’t care what you call them, or how pretty the case is, or if it fits on your entertainment center. Even media center PCs (which are about as close as it gets) are NOT applicances. Do I think they ever will be? Tough call, probably not. But hey, I’ve been wrong before.

Love me, hate me, praise me, berate me. Tell me what’s on your mind.

I’m just pleased as punch to announce that in spite of (or just maybe because of) my anti-Marketing rant a couple days ago, the Microsoft Marketing folks have come through for the ol’ UG.

Today, with roughly 7 hours to go until the Community Launch Event, a big fat box showed up from Microsoft. In this box were the missing NFR products and the exam vouchers, along with another banner, tshirt and balloons.

I immediately delivered the balloons to our breathless intern, who was less thrilled than I was, but still a very good sport.

That’s the good part. The bad part isn’t so much bad as just squarely in the “can’t win ‘em all” category. There was something else in the box. The attendee resource DVD. (I know, I know… I can hear you all asking yourselves, “but Chris, isn’t that what you’ve been burning copies of non-stop for the last 3 days?“)

Well, I thought I was burning the attendee resource dvd, but apparently I wasn’t. Regardless, we now have 50+ DVDs to give away, and we’ll make the best of it. We also have ONE copy of the attendee resource DVD which we will burn “by request” for anyone who asks. Just not today, or tomorrow, or the next day. Maybe by the December meeting.

That wasn’t necessarily anyone’s fault. At least, I’m not taking or assigning blame for it. Mostly because I’m exhausted. Yep. Beat.

So anyway, tonight is going to rock, and it’s going to rock EVEN MORE than before because Microsoft came through for us and overnighted the stuff that was missing and got it here just in time.

So let me publicly thank all the marketing pukes (err… I mean, wonderful, professional people) and again reassure the great state of Montana that I have nothing against them.

DHL, on the other hand, apparently has a different definition of OVERNIGHT than the rest of us, but that’s a story for another day. 39 hours is NOT overnight by my watch.

Love me or hate me, praise me or berate me. Bring it on…

Like most of you, I’ve lived with Microsoft .doc files forever. After Word decimated its competitors, .doc became the de facto standard for Windows-based word processors.

There was one good thing about Word’s .doc become the word-processing standard. No longer did you have to worry about converting files between formats, with all the errors and messiness that entailed.

But .doc has outlined its usefulness. The OpenDocument Format (ODF) is a widely accepted Open Source standard, and Microsoft should support it in the upcoming Office 12. By merely supporting the standard — allowing Word to save in ODF and read ODF files — Microsoft won’t be giving up its use of .doc files. People can still use them. All it will do is give people a choice.

Microsoft has repeatedly said that it won’t support ODF in Office 12. That decision may come back to haunt the company. As I’ve written in a previous blog, the Commonwealth of Massachusetts s announced that as of January 1, 2007, the state government would have to use applications that work with the OpenDocument format. That rules out Office.

Although Microsoft has said it won’t support ODF in Office 12, it’s also given itself a way out. It often issues vague statements noting that it will consider any new feature for Office that its customers ask for.

Now is the time for Microsoft to take that way out, and support ODF. No single company should own a standard for something as ubiquitous as word processing files.

Do you think Microsoft should support ODF?

Over a year and a half ago at DevDays 2004, I got my first look at Whidbey, the codename for the software that eventually become known as Visual Studio 2005. That day, I walked away with a Community Technology Preview (CTP) DVD.

That night, when I first installed it, I was totally amazed buy the advances made in ASP.NET 2.0. Master Pages and the login controls alone seemed like it would make my day to day work a million times earier.

I couldn’t wait to start developing in it.

Today, I watched the live webcast of the Visual Studio Launch, which included both Steve Ballmer and a performance by Cheap Trick. Cheap Trick played a song and Mr. Ballmer refrained from dancing or any other on stage antics.

VS 2005 was released to MSDN subscribers last week and during that time, I’ve had a chance to play around with it. Unfortunately, I’ve not had a chance yet to do much professionally with it.

Between March 2004 and last week, I’ve downloaded, installed, and tinkered with countless CTPs, Beta’s and Release Candidates. When Beta 2 came out, Microsoft did something somewhat unprecendented: a Go-Live license on a beta 2 product. The anticipation was building.

The reality was that no client wanted to assume the additional risk of building on top of a beta platform, no matter how stable Microsoft said it was.

Now that the 2005 suite of tools and toys are out, surely, this will change, even if not overnight. Most of my ongoing projects will switch over in the next month or two. Any new projects from this point on will likely start with VS 2005.

So, what’s another month or two, if I’ve already waited this long.

So, when do you think your first professional VS2005 project will start?

The official launch of Visual Studio 2005, SQL Server 2005 and Biztalk 2006 was today. We know this because King Steve, the Ballmerian, gave a rather dry 90 minute presentation on the subject.

That’s not what this post is about, although it is on a related topic. You see, my local user group… excuse me, I mean my local .NET user group, volunteered to host a community launch event.

Microsoft & INETA (that’s the International .NET Association) sent out a letter to all the UGs (that’s a hip abbreviation for User Group) asking if we wanted to be a part of this momentous occasion. In return for participating, we would get a boatload of free swag to give away, and lots of support (wink wink) from Microsoft to make it a big success.

We were all asked to submit our community launch dates months ago, and most of us dutifully complied. I say most of us, because I really rather doubt that we ALL complied, but I did, so hey…

We were then assured (assured, I say) that we would receive oodles of training, and materials to make this a big success. We were to nominate a launch event presenter to take this training and in return, we would receive 6 copies of Visual Studio 2005, SQL Server 2005 and Biztalk 2006 (1 for the presenter and 5 to give away). We would also receive 6 exam vouchers (again 1 for the presenter and 5 to give away.)

Now, let me just pause and ask if you really think I would be writing all of this if things were going smoothly?

Needless to say (and yet I say it anyway), things are not going as advertised. Our Communiy Launch Event is in 3 days, and we just received our “kit” today. The kit consisted of a really cool looking box, some balloons, a tshirt that is two sizes too small for ANYONE in my UG and a pretty flashy banner.

There were also 4 DVDs which we are expected to burn copies of (at UG expense) for each attendee. (I feel compelled to mention at this point that we have 46 people signed up to attend.)

Last of all, and most importantly, there was a letter stating that all the other stuff that was supposed to be in the box was not, in fact, in the box. That’s right, no swag. No NFR (Not For Resale) products, no exam vouchers, NADA, ZIP, Zero, Zilch…

It was approximately 4:45 this afternoon when I uttered a string of expletives so long and profane that the nearby Naval Station decided to take the rest of the day off.

So… with less than 3 days remaining, I have to make 46 copies of these attendee DVDs and come up with a fairly compelling reason not to drive to Redmond and scream at someone until blood vessels start bursting.

I also have to come up with some nifty vouchers for the free swag we promised our attendees that some of them would go home with… and nifty excuses like “I’m sorry, Mr. This is my first AND LAST UG meeting, we’ll be sure to mail your swag to you. No we didn’t lie, Microsoft screwed us over.”

You see the problem here is that MS (that’s a hip abbreviation for Microsoft) already has a black eye the size of Montana in most circles. Most people don’t have a clue who INETA is, and this isn’t their fault anyway. BUT… it’s the UG leaders who really end up looking like jerks.

So thanks guys… and gals… If I ever needed a reason to dislike or distrust the almighty marketing machine, I’ve got one now.

Oh and no offense meant to the great state of Montana. I’m sure it’s a lovely place to live. Please excuse me while I change the DVD in my burner, only 42 more to go.

Feel free to comment. Talk amongst yourselves, I’m getting verklempt…

With great fanfare the other day, Microsoft announced two new web-based services, Windows Live and Office Live. The initial hype made it sound as if the company was going to make Office and parts of Windows available for free over the Web.

That’s not the case, however. Office Live doesn’t really have much to do with Office, and Windows Live doesn’t have much to do with Windows. Office Live will be a set of free services for small businesses, such as Web hosting, email, and collaboration tools. And Windows Live is in essence a personalized home page, much like Yahoo and Google now offer.

The announcement came only a day or two after CNet reported that Google was hiring programmers to improve OpenOffice.org, the Open Source alternative to Microsoft Office. This spells bad news for Microsoft. If Google can use techniques such as AJAX to create a free, Web-based alternative to Office, I think you’d see plenty of people balk at paying the high prices Microsoft charges for Office.

By themselves, Windows Live and Office Live aren’t enough to fend off Google. It appears both are very worthy services and are great ideas. But if Google can really find a way to offer OpenOffice.org for free over the Web, Microsoft will have to come up with something else to fight the search giant.

What do you think of Windows Live and Office Live?

Related link: http://myitforum.com/blog/osug/archive/2005/10/12/15803.aspx

Don’t miss the November 3rd meeting of the Ohio SMS Users Group!

Prepare yourselves for:
Great Presentations!
Great Food!
Great Prizes!
OSUG Karaoke was a huge hit at our last meeting. Don’t forget to bring your favorite SMS tips & tricks.

Here’s the details:
November 3rd, 2005 9:30am - 4:30pm
Grange Insurance Headquarters
650 S. Front Street
Columbus, OH 43206

Derek Hartung from 1E and Tev Sanders from Microsoft will be presenting.

Check out this link for more information and to register:
Ohio SMS Users Group Fall Quarterly Meeting