Recently in Musings Category

(Mental playlist for this entry: Led Zep's Going to California; Fatboy Slim's Kalifornia; Take California by the Propellerheads; the Royal Gigolos remix of California Dreamin'; close out with the Red Hot Chili Peppers' Dani California).

From the title of this post and the playlist above, you might have figured it out: we're not moving to Seattle, but instead to somewhere in the wild, wild Bay Area. Worse, I'm leaving 3Sharp and joining another company altogether. Shock! Horror! How did this happen?

It's complicated.

Since my dad's death in 2007 I've been thinking more about who I am and what I do. In my early career, I built software, a process that has tangible (and hopefully executable) results. In my current role, I spend a lot of time researching how things work, and the good and bad aspects of various technologies, and communicating my learnings to people in different ways. Over time I began to feel as though I was losing the passion that had made me successful at 3Sharp. I still enjoyed tinkering with new technologies (yeah, Exchange 2010, I'm looking at you), but I felt as though my inner fire was turning into banked coals instead of a roaring inferno.

At the same time, 3Sharp has been growing and changing in some new and exciting ways. Some unforeseen (and very much unwanted) changes in our business meant that we had to lay people off-- people I valued as friends and for whose welfare I felt responsible. That was a hard pill to swallow for me. At the same time, PKS, and its related technologies, have been strong areas for us, as has the work we've done focused on Office and SharePoint. The only way I could help move that work forward was by driving 3Sharp's sales and marketing efforts, but I quickly found that-- compared to the other things I knew how to do-- that I was neither very excited by nor very good at these critical things.

When Acuitus approached me to do some on-site training for them in Monterey, I jumped at the chance because Jim McBee (my longtime friend and a great American) had told me they were doing some interesting things. After the training was over, I flew down to San Jose to talk to them about hiring 3Sharp to do some additional work. During that time I got more hands-on experience with their digital tutor, and learned more about their long-term plans. Instead of hiring 3Sharp, they offered me a job.

After a lot of soul searching, and many long conversations with Arlene, I decided to accept their offer. I'd been approached by other companies before, including competitors of 3Sharp and companies that wanted Exchange talent in-house. This offer was different, though. What tipped the scale is this: I firmly believe that what Acuitus is doing will revolutionize the way computer-based learning works and how it's used. Working there will give me some unmatchable opportunities to build and do things that can make a lasting impact for millions of people. That was too much to resist!

There are a lot of scary parts to this change: I'm uprooting my family to move someplace that none of us have ever wanted to live, going back to working in an office instead of from home most of the time, and having to prove my skills and worth all over again from scratch. Instead of the established support system we would have had in Seattle, we're starting over in a new, and very different, environment from what we're used to. These things are all hard.

The change is hard for another reason. I think of my partners in 3Sharp-- Paul, Peter, and John-- like brothers. Telling them that I was leaving was one of the most difficult things I've ever had to face. I have learned so much from them that I owe them a debt I can't ever repay, not that leaving them is helping to repay it any! However,  I believe in their talent and drive, and I know that 3Sharp will continue to thrive and prosper under their care.

However, sometimes it takes work to move on to the next stage of whatever the Lord has planned for us. That's what I'm trying to keep in mind as we go through the process of looking at ridiculously overpriced houses and figuring out how we'll make the leap to this new environment. I've added a new category called "California" for posts just about the transition, even. Onward...

About two years ago, I bought Arlene an American Standard Champion toilet for Valentine's Day. Not too long after, I added another one in the hall bathroom downstairs. Over time, they both developed odd flushing behavior caused by the design of their flush system. It uses what they call a Flush Tower; it's basically a concentric pair of cylinders where the flush lever lifts the inner cylinder, which in turn lifts the outer cylinder and dumps water through the trapway.

One toilet has decided to just make a loud "clunk" when you flush it. That's caused by the inner cylinder dropping down prematurely instead of engaging and lifting the outer cylinder. The other one flushes, but the outer cylinder drops too soon, so it only releases about half as much water as it should.

I called American Standard's customer service department and spoke to a very pleasant lady who agreed that the toilets were still under warranty (with a 10-year warranty I should hope so!) She told me that the Flush Tower had been redesigned and that they'd be happy to send me two new ones via FedEx. That's the kind of customer service I like (though I'm not looking forward to pulling the tanks from both toilets to replace the towers).

In other, and completely unrelated, news, about six weeks ago. the living room Xbox 360 died with a RROD. I used the Xbox web site to get a repair case opened and sent it off; it came back about two weeks later. In the meantime, I moved the basement 360 to the living room, then we started remodeling the basement, then we went out of town... and so on. Bottom line: I plugged the newly repaired 360 in last night and it immediately failed again. Now I have to send it back, wait for them to fix it, and reinstall it. If only there were a cross-ship option. Or, if only the frigging things wouldn't fail so often in the first place. There, I said it. Now I feel better.

I've been a loyal Chrysler/Dodge owner since I bought my first new car back in 1990. In general, their cars (and especially their minivans) have fit my needs really well, and they've been reliable enough. However, in the last month, our 2005 Grand Caravan's reliability has fallen off a cliff. To wit, here are the repairs it's needed recently:

• a new water pump
• a new set of plugs and wires
• a new shaft and seal for the power steering system
• a new front blower motor, without which there's no heat

That's not including the things that should be fixed but are too much hassle, like the intermittent fault that sets off the alarm about a third of the time when you use the power liftgate. (Update: I forgot to include the oxygen sensor in the above list.)

So, sorry, Chrysler. Bankruptcy or not, the next time I buy a vehicle it won't be one of yours. It will most likely be an American-made Honda. (Update: Missy suggests an American-made Nissan Quest-- something I'll definitely look into.)

I've been a loyal Chrysler/Dodge owner since I bought my first new car back in 1990. In general, their cars (and especially their minivans) have fit my needs really well, and they've been reliable enough. However, in the last month, our 2005 Grand Caravan's reliability has fallen off a cliff. To wit, here are the repairs it's needed recently:

• a new water pump
• a new set of plugs and wires
• a new shaft and seal for the power steering system
• a new front blower motor, without which there's no heat

That's not including the things that should be fixed but are too much hassle, like the intermittent fault that sets off the alarm about a third of the time when you use the power liftgate. (Update: I forgot to include the oxygen sensor in the above list.)

So, sorry, Chrysler. Bankruptcy or not, the next time I buy a vehicle it won't be one of yours. It will most likely be an American-made Honda. (Update: Missy suggests an American-made Nissan Quest-- something I'll definitely look into.)

In January 2004, I posted a note about Wayne Hale, the NASA deputy program manager for shuttle operations. He was taking responsibility for the Columbia disaster. Five years later, he's still stirring things up. Godspeed, Mr. Hale.   

This is very helpful advice, though I don't know where it came from: always fly first class.

From a friend in the Seattle area who wanted to stay anonymous:

• Most of my disasters preparations; food, water, generator, water filters, supplies, etc... are for the days after things go bad. Getting through the first 24 hours in the best possible condition is much more important. How you get through and what you do in the first 24 hours will set the tone for everything that follows.
• Do you know where your community rally point is? Where emergency services will be available? Where to get sandbags? Closest chopper pad?
• Disasters are a come as you are event. I spent the first three hours of the flood in slip on moccasins and sweat pants. No gun, no multi-tool, just my Spyderco knife and a Sharpie. If it isn't on-hand in three minutes or if you don't remember that you have it or exactly where it is, it might as well be on the moon.
• Don't overfill sandbags. 90% full is about optimum. That way, there's room in the bag for the sand to shift, conform to the space to fill in the gaps.
• A wheelbarrow. Its not just for farmers. You can move twice as much material for less effort in a wheelbarrow than by carrying it. I recommend the dual-wheeled models as they're more stable and less likely to get stuck in the mud.
• Energy drinks. Legalized "speed" that will carry you through with extra energy when you need it.
• An American flag, pole and holder. Hanging the flag outside your residence is a good way to signal to aid/rescue that your house is occupied.
• Pre-packed disaster equipment. Hoses with your pumps, extension cords with your generator. Saves time and effort as everything is in the box ready to go so you don't have to gather it up or remember where it is under pressure.
• Physical skills. Do you know how to build a sandbag wall quickly and efficiently? (I never thought about it before now.) Do you know how to drive your SUV through deep water? How deep can you safely go?
• You might be prepared and know what you're doing, but there's lots of idiots out there. Law enforcement and officials are going to assume you're the latter until they see otherwise.
• Hand sanitizer.
• Your most useful tool is the one between your ears.

There's some very thought-provoking advice in the above, especially knowing your community and convincing the local law that you're not an idiot. I know I'll be applying this list to our family's disaster planning.

Here's a great article by Cam Beck dissecting the origin of the Marines' familiar all-purpose exclamation. The best part of the article:

To further demonstrate the indefatigable utility of OO-RAH, I've compiled a top 10 list of possible meanings:

1. I am a Marine.
2. I enthusiastically accept your message.
3. I am excited to be here.
4. Pleased to make your acquaintance.
5. What you ask of me, not only will I do, I will do in a manner befitting a Marine.
6. I expect good things out of you.
7. Good job.
8. I am not supposed to be motivated about performing this task, but I will force myself to express excitement for the benefit of my fellow Marines and to tactfully annoy my superiors who gave me the task.
9. I love being a Marine.
10. I am about to destroy something.

@ihenpecked on Twitter just said he wasn't sure if the Marines would have been right for him. I didn't think they were right for me, either.

Flashback: it's 1986. The Cold War is happening, big time. I wanted nothing more than to fly jets, pretty much for whoever would have me, but I certainly didn't work hard for it. I made a desultory effort to be nominated to the Air Force Academy or Annapolis, but my heart wasn't in it (and neither were my grades, sadly). More or less as a lark, I took the ASVAB and did pretty well on it. That resulted in a flood of calls from recruiters. All the Air Force guys could talk about was missile maintenance, and the Navy recruiters kept talking about subs and nuclear power, neither one of which I wanted any part of; I was firm on going to college and couldn't see putting that aside for active-duty service.

I had no interest in the Army or Marines, and told their recruiters that. The Army guy took me at my word, but the Marine recruiter, bless his heart, was made of sterner stuff. He kept calling me every few weeks, and it seemed like he always knew when we were sitting down to dinner. I finally agreed to go to his office to talk to him, and that was my downfall: he totally sold me. He convinced me of the benefits of serving in the Marine Corps Reserve, and that it was better to "test-drive" military service before making the commitment to get a commission and the obligations that come with it. (Advice that I took, having heard it from my grandfather, a WW II vet and retired USAF pilot.)

I left for boot camp about four months later, two days after graduating from high school. Then the real fun started :)

@ihenpecked on Twitter just said he wasn't sure if the Marines would have been right for him. I didn't think they were right for me, either.

Flashback: it's 1986. The Cold War is happening, big time. I wanted nothing more than to fly jets, pretty much for whoever would have me, but I certainly didn't work hard for it. I made a desultory effort to be nominated to the Air Force Academy or Annapolis, but my heart wasn't in it (and neither were my grades, sadly). More or less as a lark, I took the ASVAB and did pretty well on it. That resulted in a flood of calls from recruiters. All the Air Force guys could talk about was missile maintenance, and the Navy recruiters kept talking about subs and nuclear power, neither one of which I wanted any part of; I was firm on going to college and couldn't see putting that aside for active-duty service.

I had no interest in the Army or Marines, and told their recruiters that. The Army guy took me at my word, but the Marine recruiter, bless his heart, was made of sterner stuff. He kept calling me every few weeks, and it seemed like he always knew when we were sitting down to dinner. I finally agreed to go to his office to talk to him, and that was my downfall: he totally sold me. He convinced me of the benefits of serving in the Marine Corps Reserve, and that it was better to "test-drive" military service before making the commitment to get a commission and the obligations that come with it. (Advice that I took, having heard it from my grandfather, a WW II vet and retired USAF pilot.)

I left for boot camp about four months later, two days after graduating from high school. Then the real fun started :)

I ordered Arlene three things from CafePress: two Twilight-themed T-shirts and a Twilight calendar. They arrived on time, as promised, but she wasn't crazy about any of them (Tim and Julie got Arlene a nicer calendar, and the T-shirts were a bit too small). I e-mailed CafePress to get an RMA. On New Year's Day, they responded in less than 4 hours and told me that they would issue a credit-- and to keep the merchandise! I was amazed at the speed of the response and the lack of overall hassle. I'll definitely do business with them again.

I ordered Arlene three things from CafePress: two Twilight-themed T-shirts and a Twilight calendar. They arrived on time, as promised, but she wasn't crazy about any of them (Tim and Julie got Arlene a nicer calendar, and the T-shirts were a bit too small). I e-mailed CafePress to get an RMA. On New Year's Day, they responded in less than 4 hours and told me that they would issue a credit-- and to keep the merchandise! I was amazed at the speed of the response and the lack of overall hassle. I'll definitely do business with them again.

Mitt Romney makes a very cogent argument against a bailout in today's New York Times. Don't get me wrong; I live in the heart of the Auto Belt, and I have many friends who work in the industry. I don't want to see it disappear altogether. I have owned a series of American-made cars since I was old enough to start buying cars. By and large, they have been good to me (especially our minivans!)

As a taxpayer, though, I can't stomach the thought of sending another $25 billion, or more, to Detroit just to see it ratholed in a useless quest to stem the bleeding. I see firsthand how many mistakes the upper-level management of the ex-Big Three have made, and I can't imagine that just giving them more money is going to solve the problem. Bankruptcy, on the other hand, gives them a well-understood set of tools to attack some of the root causes of their current situation. The medicine tastes terrible, but the eventual cure is worth it.

Mitt Romney makes a very cogent argument against a bailout in today's New York Times. Don't get me wrong; I live in the heart of the Auto Belt, and I have many friends who work in the industry. I don't want to see it disappear altogether. I have owned a series of American-made cars since I was old enough to start buying cars. By and large, they have been good to me (especially our minivans!)

As a taxpayer, though, I can't stomach the thought of sending another $25 billion, or more, to Detroit just to see it ratholed in a useless quest to stem the bleeding. I see firsthand how many mistakes the upper-level management of the ex-Big Three have made, and I can't imagine that just giving them more money is going to solve the problem. Bankruptcy, on the other hand, gives them a well-understood set of tools to attack some of the root causes of their current situation. The medicine tastes terrible, but the eventual cure is worth it.

Tomorrow marks the 233rd birthday of the world's finest fighting force: the United States Marine Corps. Semper Fidelis to all my brethren who have served or are serving our nation as Marines and corpsmen. On this day, I hope you will join me in celebrating the Marines' traditions of honor, service, and duty. Here's the Commandant's annual birthday message to help get you in the mood.

Every Marine knows the name of Samuel Nicholas, the Quaker businessman and farmer who was commissioned as the first officer of the Continental Marines back in 1775. For the rest of you, here's an interesting article on the quiet and little-known ceremony that marks the founding of the Corps each November 10th. Semper fi, Major Nicholas.

I've noticed something over the last few days: many of the web pages I load now show Meijer ads in place of their "normal" banner ads. This seems unusual, given that Meijer is such a regional company. This might be a case of cookie-based ad targeting, or it might be Buckeye experimenting with deep packet inspection for ad insertion. I surely hope it's the former, and not the latter.

Update: duh, I should have looked more carefully at the ads; they all say "Ads by Google" at the bottom. Mystery solved.

I grew up in Louisiana. In a state where people are buried above ground to keep their corpses from floating off, basements aren't very common. My grandparents live in Alexandria, in the central part of the state. Their house had a basement, the entrance to which was a 3' x 6' trap door behind the wet bar. Entering the basement was always a big event. There were all sorts of wonderful things down there: mysterious jars of cannery products, stacks of yellowed old newspapers, piles of ancient National Geographic back issues, and so on. That's what I thought a basement should be like: rare, mysterious, a little scary, but ultimately familiar.

When my parents moved to Perrysburg, the house they bought had a big unfinished basement. Dad quickly filled it with woodworking tools, a huge L-shaped workbench, and a small finished office stuffed with every kind of ham radio you can imagine. Many of the tools in the basement were familiar: there was the old red air compressor that I'd used for hundreds of hours while refinishing and repainting cars, and the ancient Zenith Transoceanic that we used to listen to the BBC and WWV while out at the fishing camp he built way down on the bayou. There was scrap wood, and an old dresser from my boyhood that had repurposed for component storage, and a bookshelf full of solvents and cleaners and various other hazards. In short, it was a familiar place for both of us, filled with things we understood and knew the measure of. We spent probably a hundred hours building a bed for David (a project which, truth be told, would have taken him maybe 15 hours had he done it without my inexpert help).

Of course, the basement was more than a workshop; it was somewhat of a gathering place. Julie, Tim, Arlene, and I would go down there at Christmas time to wrap presents, safe from the running feet and peeping eyes of the kids. Traditionally we'd go out shopping with the old man on Christmas Eve and come back laden with his selections, which of course he wasn't going to wrap himself. The boys would go downstairs and sit on his lap while he twiddled radio knobs, asking questions so fast that he couldn't finish the answer to one before the next one popped out.

Now, a year after his death, the basement is mostly empty. The woodworking tools are gone, parceled out to people with the knowledge and space to use them. The remaining radios sit silent. The workbench is mostly clean, although both the air compressor and the Zenith remain. I took the tools and supplies that I could use, knowing that as I maintain and use them that I'm preserving some small part of the things he taught me. It's a lonely place now, and one that I avoid. I miss him terribly sometimes, but never more so when I go down those steps, past the framed pictures of Tim and I in dress blues, under the "I (heart) my truck" license plate, and into that basement: no longer mysterious, no longer even familiar.

Wow! This puts Arlene's complaints about my snoring in a whole new light. Apparently, heavy snoring is a risk factor for carotid atherosclerosis, as measured by an Austrian research team. Better keep an eye on that (or an ear!)

It's always fun to joust with my friend Bob Thompson, who is perhaps the most libertarian libertarian I know. Sadly, I think he's flat-out wrong about food allergy warnings. I admit to being biased; my wife is gluten-intolerant and I have other relatives (and friends) who suffer from various kinds of nut allergy.

The problem with the current labeling standard is this: there is no standard. Quick: what's the difference between "may contain", "made in the same factory with", and "produced on the same equipment with"? If I have three products with those labels, how can I tell which one(s) (if any) are OK to bring home? The existing US law, FALCPA, requires manufacturers to label products that contain certain allergens. Manufacturers have voluntarily been adding "may contain"-style warnings to reduce their liability-- but there's no standard for doing so, and this is resulting in a lot of needless hassle for the producers and consumers.

On the gluten-free front, there is an existing EU standard for deciding which products may be labeled as "gluten-free", based solely on measured gluten content in the final product. The FDA is in the process of adopting it, which I think is great: it gives people a tangible indicator of whether something is safe to eat, or not, irrespective of where and how it was produced. Until then, I don't see how standardizing on a labeling phrase could possibly be a bad thing. In fact, if I'm going to have the government spending money on regulations, better they should do it for food safety than on firearms or political contributions.

I'm in coach on a Delta flight from Cincinnati to Seattle. Delta recently started a new food-for-sale program called EATS. The folks over at FlyerTalk seem to like it pretty well. I had Chik-Fil-A in CVG, and I'm headed to a lunch meeting, so I didn't want a full meal, but I did buy a Clif Mojo bar. It's pretty good-- sort of like a light pretzel with some peanut chunks. However, I'm a little disconcerted by the label, which has a blazon proclaiming "70% organic". What does that mean? Is the other 30% inorganic? Did I just get my RDA of aluminum and silicon? Should I have only eaten the first 2/3rds of the bar and left the remaining 33% behind to make sure I didn't eat anything unhealthy?

I don't know who said this, but I agree with it 100%:

A veteran -- whether active duty, retired, or national guard or reserve -- is someone who, at one point in his, or her, life, wrote a blank check made payable to "The United States of America," for an amount of "up to and including my life."

That is honor, and there are way too many people in this country who no longer understand it.

We try really hard to limit the amount of advertising that our kids see. We do this via several measures: limiting how much TV they watch, encouraging them to watch non-commercial programs, and using a TiVo to skip ads. However, in the last week, Matt and Tom have both surprised me.

First, on the way to school, Tom asked who our car insurance was with. "State Farm," I said. "Do they give you a new car if your old one is totaled like Allstate does?" he asked.

I explained that, no, State Farm wouldn't give us a brand-new car; they'd pay the market value (a concept he already grasps from allocating his allowance.) "You should use Allstate," he opined, "because they'll just give you a new car. That's what their commercial says, anyway."

That afternoon, Matt was eating a Nerds rope, which he likes to break into sections. He stacked up two sections of unequal length to make a bar graph, pointed at the shorter one, and firmly said "Dad, you could save money on car insurance like this if you used Allstate."

I don't know what Allstate is paying Dennis Haysbert, but apparently it's money well spent.

Good news and bad news from my favorite local newspaper.

Good news: five Blade columnists have started blogs at the paper's web site. (Thankfully, none of them are opinion columnists.)

Bad news: you can't get RSS feeds for them. Oh sure, each page sports a little orange RSS logo, but when you click it you get this summary page. It offers some feeds, but none for the columnists. (Bonus bad news: the only comment mechanism is to e-mail the blog author.)

So, I give them a B- for their effort so far. All of the columnists had content posted before the official launch this morning, and it's all decent intro material. The grade would be higher if I could actually subscribe to their feeds. I called Kevin Cesarz, who's listed on the masthead as the online editor, to ask him about it, but he wasn't in.

Update: the feed page now lists the individual columnist feeds. Yay, Blade!

Doggone it, this just isn't fair. I was going to go to Lotusphere, but decided not to because I'm already going to Orlando twice this year for other trips.. and who's their keynote speaker? Only the first man to walk on the moon.

The list of past speakers from Lotusphere is pretty impressive: John Cleese; Rudy Giulani, Walter Cronkite... meanwhile, at the flagship MS event, we get... Microsoft executives. Don't get me wrong; I expect to see executives touting their products, and I appreciate Microsoft's efforts to bring in sidekicks like Samantha Bee or Mary Lynn Rajskub to liven things up a bit. However, why couldn't we have an interesting topical speaker? It couldn't be that hard. Warren Buffett would probably be glad to help his friend Bill out. How about Sean Payton? Scott Adams? The possibilities are limitless.

Interesting thread over at Ed's blog: he had a Tumi bag that died, Tumi wouldn't replace it, and so Ed posted about his search for a replacement. Two things happened: Tumi saw his post and replaced his bag with a new one, and Briggs & Riley, the brand he was considering as a replacement, contacted him and offered to let him try one of their bags. I love to see this happen, and not because companies send me lots of stuff (I didn't even get one of those crappy phones that Sprint was slinging around with such abandon a few months ago.)

Clearly both Tumi and Briggs & Riley "get it"; they saw a good opportunity to score some positive marketing for their products at relatively low cost. This is a smart strategy, and one which I expect to become a differentiator between savvy companies that understand how to enter into conversations with the broad community and the old school (which normally just shouts at them à la traditional advertising).

(and apologies to all my readers who saw the word "angels" and were expecting a more spiritual contribution!)

I get some of the best stuff in my press release feeds! Today's winner is a release from the Visa Bureau, an independent visa agency that makes its living from helping people emigrate. Anyway, the release points out that Australia has added network security, Siebel, SAP, J2EE, C#, and Java skills to the Migration Occupations in Demand List (MODL) (along with boilermakers, panel beaters, pastry cooks, and welders).

Turns out that I need a new (or, more precisely, different) set of power adapters for South Africa. Amazon has a set of adapters for $9.99, so I snagged a couple. Taking a tip from Devin, I've put all my power adapters into a big ol' Ziploc bag so they don't scatter at the bottom of the bag.

Last trip, I forgot the USB headset I use with Skype. This time I was going to try using my Bluetooth headset (a Netcom GN6210) with the MacBook Pro; however, after I paired the headset, I kept getting Bluetooth audio failures. The strength of the GN6210 is that it also works with my desk phone, which I use a lot more than my cell phone because I get poor reception in the basement. I could replace it (or give it to Arlene to use upstairs), but I'll probably wait until I move up to the new attic office.

I also got a Verizon "world phone" SIM. At least in theory, this should let me take my US phone number with me when I travel, using Vodafone's GSM network. There's apparently no way to test that in the US because the SIM only works on Vodafone's world-wide network. I'll be taking my newly repaired JASJAR to use as a phone and for demos; I do one really cool Exchange ActiveSync demo where I throw the JASJAR's screen up on the projector using SOTI PocketController.

Amazon also supplied me with a PATRIOT from Wenger Triple Gusset Rolling Case w/ Removable Tote, a fancy name for what looks like a very sturdy rolling laptop case. It will hopefully accommodate both computers and all the other crapola I need to take on extended trips; I'm a little worried because it's way too thick to fit in the overhead compartment of CRJs, and I fly those a lot. I may end up reserving it for double-computer trips like the "Get Ready" events.

Unfortunately, I'm not packed, and I'm not even finished with the work I'm supposed to have done before I leave... guess I've been too busy shopping.

IBM struck first, with their announcement of Sametime 7.5. The new version offers support for BlackBerry, Nokia, and Windows Mobile devices, as well as Office and Outlook integration. It'll be interesting to see how good a job IBM did of these features, given that Microsoft has set an awfully high bar with the Office 2003+Communicator+LCS 2005 stack. (one disquieting note: IBM's SIP gateway apparently requires WebSphere. I hate it when that happens!)

Microsoft's announcement is scheduled for a little later today. I'll have more details on today's announcements once the embargo's lifted; check back here. Update: here are my notes on the MS announcement.

In the meantime, there's an article in the New York Times by John Markoff that goes to great lengths to pooh-pooh what Microsoft's doing (quoting Ken Bisconti and Julie Farris, along with Huntsville homeboy Mark Spencer of Digium) and talking about the complexity of a feature set that, based on the rest of the article, Markoff doesn't quite understand yet. The article freely muddles the already-announced unified messaging support in Exchange with the stuff set to be announced today, but it does such a poor job of describing both that I felt dumber after reading it.

Terrific post by Barry Eisler on time management:

I've done 15 signings in the last two weeks, and a lot of people have asked for advice on how to write a novel. I tell them, "Don't watch television."
There's a common misconception that novels get written in a mad rush over a month or two in an isolated cabin or on a mountain top. They don't. They get written an hour or two at a time, day by day, over the course of many years (eight years, in the case of my first novel, Rain Fall).
"An hour or two at a time, day by day, over the course of many years"... well, that's exactly how people watch television, isn't it?
There are only 24 hours in a day, and only so many days in our lives. If you use those daily hours doing one thing, you can't use them for something else. It's that simple.

Now, of course, I could self-righteously puff out my chest and crow about how little television I watch... but that's not the point. If I were to take the amount of time I spend reading other peoples' novels, I'd certainly have time to write one (or more, given how much I read). Of course, that says nothing about the amount of time I spend doing other entertaining but ultimately non-productive things.

Interestingly, my first several computer books were all written in exactly that way: an hour or two at a time, every night after the kids were in bed. As we added more children, and as they grew, our lives changed, and so did my job; I was able to write full time, every day. Now I'm back to writing columns, articles, and so on in bits and pieces, whenever I can find time. For example, this morning I got up at 0500 and spent about two hours working on a paper. Tonight after the kids are in bed, I'll probably work on a different paper. I guess I should start thinking seriously about whether I want to try writing long fiction (I think I do), and whether I have any interesting stories to tell (well, the jury's out on that one.)

What a great weekend!

First, Friday afternoon I took the boys over to Mom & Dad's for a swim. The pool wasn't 100% full, but that didn't bother them in the least; they were happy to splash around like animals at the watering hole. That night Arlene and I went to Cohen & Cook, one of our favorite restaurants . We had an excellent dinner, but when we came home discovered that our bed was swarming with little tiny red ants. That didn't sit well with my dear wife, so we stripped the bed and decamped to the guest bed. (I think they were Allegheny mound ants, but I'm not 100% sure.)

Saturday I ran some errands with the boys and put a coat of paint on the upper part of the entryway, thanks to some welcome help from Tim.

Sunday the boys surprised (sic) me with breakfast in bed. Unfortunately, I had to get out of bed and eat at the table to prevent a recurrence of AntFest. At church, I had the day off from teaching my class of 8- and 9-year-olds; instead, I got to go to our elders' quorum meeting, where two of my favorite people (hi, John and Ben!) were ordained as elders in the Melchizedek Priesthood. It was really powerful to be in the room as their fathers ordained and blessed them-- something I very much look forward to doing with my own sons when they're of age.

We had a light lunch, then the boys gave me some Fathers' Day loot: a new Nikon Coolpix S6 6MP camera that has built-in WiFi and some other nifty features, a wall mount for our living room projector, and a bottle of Task, a locally-made cleaner/degreaser. Arlene cooked a big turkey breast with rice, gravy, peas, and lemon lush; to top things off, we watched a movie called Duma about a young South African boy who has some excellent adventures while returning a baby cheetah to the wild. I'd never heard of it before, but it was quite good.

Today, alas, it's back to normal...

I've got a ton of work to do, and that's been keeping me too busy to blog (even to say "hey, I'm too busy to blog!") I'm making travel plans to go to Lisbon, Oslo, and Johannesburg over the next few weeks for a new roadshow that Windows IT Pro is putting on in those cities, and I'm trying to wrap up several ongoing projects that all close out at the end of this month. I also have some great info on the Exchange 2007 Unified Messaging server role, and I'll be posting that as time allows over the next couple of months. (Plus, I had to write a cover story on Monad, er, PowerShell, and that took some time to boot!)

In my earlier post, I compared some aspects of the new-to-me T-Mobile MDA with my familiar Verizon Treo 650.

First, about the customizations. I installed the AKU2 ROM (which includes the MSFP DirectPush bits), and I stil love it. Having wireless sync for all my calendar and contact data was extremely valuable when I was in France (although I'm not looking forward to getting the bill for data charges, which are something like $0.015/KB). I also installed a ton of software, including SPB PocketPlus, SPB Weather, and PocketInformant. I'm really impressed with SPB's products, and I like PocketInformant too although it's taken some getting used to. I've also installed a free app called Smartkeys that makes the right softkey double as an "OK" button-- highly recommended.

Second, the hardware. Battery life, even with WiFi and Bluetooth off, has generally been poor. I started yesterday with a fully charged battery; after a total of about 15 min of phone calls and a day worth of DirectPush, I was down to 20% (the first warning threshold) by about 6pm. I've gotten in the habit of turning on flight mode overnight, and that helps some, but not enough. The camera is decent, and I like having the three additional side buttons (I have one mapped to PocketInformant so I get one-button calendar access), plus the two softkeys, plus the red/green buttons, plus the dedicated mail and IE buttons.

The screen is excellent, and I like the ability to switch between portrait and landscape mode. Overall, though, the phone feels a bit slow. It's not entirely clear how much performance is affected by the homebrew AKU2 ROM I'm using; consensus seems to be that it's actually faster than the factory ROM, but I don't have any basis for comparison.

Windows Mobile 5.0 has been quite stable. Occasionally when I press the "mail" button, Pocket Outlook launches and updates the softkeys but doesn't display the message list. This is a little bothersome, but closing Outlook and IE generally fixes it. (Speaking of Outlook: I complained that there was no way to move between messages, but that was just me not knowing to use the 5-way navigator by moving left/right).

There are still some things I miss from Palm OS. For one thing, Palm OS has the concept of numeric fields, so when you go to enter something like a phone number, the keypad automatically goes into numeric mode. Applications can leverage this, so entering things like flight numbers or birthdays is easy. As far as I can tell, there's no equivalent concept in WM. The Palm text entry engine does a better job of correcting some kinds of shorthand entries (e.g. "dont" turns automatically into "don't"); although WM will suggest words, I haven't figured out how to edit the list of suggestions or turn the feature off.

How is the MDA as a phone? Decent. T-Mobile's network coverage isn't as good as Verizon's in the areas I've tested (around Toledo and at CVG and JFK). The phone worked fairly well on the Orange and Bouygtel networks in France, although incoming calls didn't always make the phone ring on my end. Sound quality isn't as good on the Treo 650, and the speaker volume for ringtones and alerts isn't loud enough. (Part of the problem is that Voice Command adds an audio announcement, which it mixes over the ringtone audio, reducing its volume further). When the phone's in its holster on my belt, it's very difficult to hear it ring if there's any kind of environmental noise.

EDGE data speeds are acceptable; by comparison, all I have here in Toledo is Verizon's 1xRTT, which feels about the same.

Overall, I like the form factor of the device quite a bit, but I'm not satisfied enough with T-Mobile's network to switch.

Next up: evaluating the Verizon Treo 700w that I got in yesterday. So far, after a little fiddling with it, I like it a lot.

Update: PhoneScoop just posted their review of the MDA. Their conclusion: it's great if you're using Exchange, but only mediocre otherwise.

Today marks the end of my first week carrying the Verizon Treo 700w as my primary phone. I haven't traveled with it much, which means it hasn't been subjected to the true acid tests that I usually use to judge a smartphone's worth. However, the Treo has been remarkably stable, and it remains considerably faster than the MDA I last tested.

Audio and call quality have been excellent. The Treo line has always had a very good speed-dial implementation, and that's also true of the 700w; it's simple to peck in a few letters of the name you want to call (well, as long as it's not a company name!) and dial it. Palm has obviously spent a good bit of effort on small touches, too; for example, if you turn on the device PIN lock, you can enter your PIN using the number keys on the keyboard without having to first touch the Option key. Palm also includes a Today plug-in for Google searches, which is handy.

When I was in Detroit this weekend, I got to use the 700w on an EvDO network. Subjective performance was excellent. I didn't do any speed tests, but I did tell Outlook to pull down several large attachments that people had sent me and was pleased with the sync performance. Overall, I think it's fair to expect EvDO speeds to beat EDGE speeds consistently, by a factor of 4-5x in some cases.

I used the camera to shoot some pictures and video over the weekend. Not bad, but not super-impressive. I shot two short 30-sec clips at a concert this weekend; at the end of each clip, the phone gave me the spinning Windows busy cursor for a very long time, and now I can't find the videos. I haven't taken the time to re-test in a better-lit, less distracting environment.

Of course, the 700w isn't without its flaws. It refuses to recognize the same 2GB mini-SD card that the MDA happily used. I suspect it's because of the card's size, not because it's a mini-SD card in an SD adapter. The card doesn't work in my Treo 650 either. The MDA has a few advantages, too. I really like the Communications Manager software that HTC includes; because it's mapped to a button, it's easy to quickly turn Bluetooth, wi-fi, EAS, and/or the phone on or off. The MDA has two additional buttons on the right side that can be mapped to different applications; the Treo simulates this by letting you bind app launches to the four primary buttons, plus a different set of bindings when the Option key is held down. This is a little awkward; I think I'd rather have the extra buttons along the device edge. The built-in wi-fi is useful, too, although I'm not sure the tradeoff in battery life is worth it for my typical usage patterns.

Overall, though, I'm very pleased with the 700w; it's a strong contender for the not-exactly-coveted title of "most likely to be hanging on Paul's right hip".

Update: I just saw that Verizon said they're going to allow EvDO phone owners to tether their phones as modems. This is a pretty good deal, since it would let me drop my existing aircard subscription and move over to using a tethered phone.

Wow, looks like RIM is starting to feel the love from Exchange ActiveSync. They're now offering a "free" Express version of BES; it supports up to 15 users, and the first user license doesn't cost anything. In total, BES Express supports up to 15 users, with users 2-15 costing you US$99 each. So, a fully loaded 15-user server costs you $1405, compared with $1099 for the "Small Business Edition" of BES (which then requires CALs @ $99). This is not quite "free", especially since you're still paying the RIM device tax. Having said that, it's an interesting move by RIM to capture a market segment that has historically balked at paying the Big Bucks for the full-blown version of BES.

Yesterday was my first full day toting around a Verizion Treo 700w as my primary phone. A few quick thoughts:

• The screen is only 240 x 240. I don't know why Palm did this, given that the Treo 650 is 320 x 320. I really miss the extra 80 pixels from the MDA (240 x 320), particularly with PocketInformant.
• Verizon's network quality is waaaay better than T-Mobile's, at least in my area.
• The device I got from Verizon didn't include the MSFP update. However, after I downloaded it, Palm's packaged installer made it very easy to update the phone. Oddly, I was expecting to see the Starfield intermediate CA certificate after the installation, but I had to manually install it before DirectPush would work.
• Battery life seems to be slightly better than the MDA; from a full charge, overnight the device ran down to about 50%.
• I much prefer the 700w's full-length stylus to the little bitty collapsible pen that comes with the MDA.

Expect a more detailed review next week, once I get some more time logged with the 700w.

Breathless press release (titled "Spammers Use Bullying and Extortion to Intimidate Members of the Blue Community to Give up Fight Against Spam") from Blue Security, complaining that "spam terrorists" are attacking their users by-- you guessed it-- sending spam. The difference is that the spammers are threatening to send even more spam to BlueFrog users unless they opt out. I don't know that I agree that it's bullying or extortion, but I am certain that it's not surprising.

The US Senate committe on homeland security and governmental affairs released its report on its investigation of the US government response to Hurricane Katrina. This should be required reading for anyone involved in messaging or collaboration systems planning. It's not very pleasant, but it does set out, quite clearly, where they think the problems lay.

Called out for special positive mention: the US Coast Guard. As a Marine, I am honor bound to make fun of the other armed services whenever possible. However, I'll suspend that rule in the case of the Coast Guard.

What a great show! The sessions went well, the attendees enjoyed the sessions, and Nice is a fantastic place to visit. The big news was that PowerShell is now upon us, and that Exchange 12 is now officially named "Exchange Server 2007" (big surprise there; can't believe that was actually under NDA).

There don't seem to be any general repositories of Monad scripts for Exchange yet, so I've added a new "Monad" category to the Exchange Cookbook web site and will be posting Exchange-ish Monad stuff there. If you're interested in Monad, you might want to grab the Cookbook RSS feed.

Educause and the National Cyber Security Alliance just posted the winning videos in its Computer Security Awareness Video Contest. Some of them are pretty funny (here's my current favorite), and all of them are generally appropriate for most non-technical audiences.

Conventional presence (is Paul online? is Missy on the phone?) is useful. Extended presence (when is Peter free to talk? what does Devin's OOF message say?) is even better. Microsoft has done a great job of delivering both of these capabilities in Outlook, Communicator, and the SharePoint twins. However, I want to kick it up a notch: I want to see Plazes-like

I already do something like this, updating my IM status message to say things like "DTW enroute SEA" or "Exch Conn - Orlando" so that people will know not only what I'm doing but where I am. It would be great to make this more automatic, though. You could probably do this easily enough by making Plazes queries for your team then plotting them on Virtual Earth or Google Maps.

Looks like it's going to be a busy summer!

• Rucka, Patriot Acts (no date on Amazon yet)
• Mathews, The Alibi Club (29 August; no idea whether this is a sequel to Blown or a new book)
• Eisler, The Last Assassin (1 June; w00t)
• Silva, The Messenger (25 July; double w00t)
• Dozois (ed), The Year's Best Science Fiction, 23rd Edition (11 July; reliable as clockwork)
• Thor, Takedown (no date yet)
• Mills, The Second Horseman (8 August)

Now, if only Scott Westerfeld would quit fooling around and get the next Risen Empire book out. Or even Specials.

Some differences I've noticed in my first day of toting the MDA. I'll update this as I get more time under my belt with it.

• With SnapperMail on the Treo, I can hit the "mail" button twice and get mail-- once to turn on the device if it's off, and once more to tell SnapperMail to pick up the mail. There's no equivalent on the MDA.
• Speaking of mail: why, oh why, does Pocket Outlook not allow you to easily navigate from a message you're reading to the next or previous message in the message list? This drives me crazy. It's a simple feature that every other mobile mail client I've ever used has.
• It drives me crazy that most apps don't recognize the center button in the 5-way nav pad as "OK". This makes one-handed navigation about 100x harder than it needs to be.
• DirectPush is awesome. 5 minutes of setup and I was wirelessly getting my mail-- first via 802.11g here at the house, then via GPRS at the library. I called the chiropractor, made an appointment, put it into my calendar, and was delighted to see it in Outlook when I got home.
• I created some test IMAP accounts and needed to get rid of them, then I couldn't figure out how to delete an email account. I found the answer, but it wasn't intuitive-- guess I'd better get used to tap-holding things to see what actions are available.
• The built-in apps have some limitations, e.g. not being able to create a task from the Calendar app, that bug me after my long years with DateBk+ on the Palm.It looks like PocketInformant might be worth a try (as will FlexMail, the same company's Pocket Outlook replacement).
• Microsoft Voice Command is super cool. I love being able to have it read me my calendar. I don't quite have it working with my Bluetooth headset yet, though.

What a cool idea! This guy wrote an Exchange event sink to take incoming attachments from Vonage's voice mail service and transcode them using a codec natively supported by Windows Media Player on both the desktop and on mobile devices. I wish I'd thought of that.

I'm waiting for my new T-Mobile MDA to get here. In the meantime, I've gathered a few useful links:

• How to back up and restore ROM images on the Wizard (and still more on the same topic)
• The Wizard tweaks wiki
• This thread on essential free downloads for the Wizard
• A great review of the Cingular 8125 (same device, different carrier), with details on customization and tweaks
• A comprehensive set of notes from a guy who switched to the MDA from a Treo and wanted to customize the MDA for as much one-handed operation as possible

Before the device gets here, I need a new cert for my Exchange FE (some WM5 devices don't like self-signed certs), and I have a few dozen things to download to prep the install :) In particular, my first step will probably be to put an MSFP ROM on the device so I can use DirectPush. That will be invaluable when I travel.

Update: just ordered a 2GB miniSD card for the MDA, which got here about 30 minutes ago. I'm backing up the ROMs right now preparatory to installing the MSFP AKU2 image.

Well, mine are, anyway. (For once, I got this done before Jim McBee... yay me!) The sessions:

• EXC04, Cookbook Reloaded: Cool Exchange Scripting with Monad: a 200-level introduction to the new Monad shell and how you can use it with both Exchange 2003 and Exchange 12.
• EXC10, Improving Your Message Security: an overview of what CIA really means and how to get better confidentiality and integrity for your Exchange environment. One slide on E12 security features.
• EXC17, Using Continuous Backup: coverage of storage- and host-based continuous backup solutions for Exchange, including a discussion of local continuous replication (LCR) and clustered continuous replication (CCR) in Exchange 12.

Wow, busy day yesterday! I got up early, hit the hotel gym (man, I love those elliptical machines!), had a huge breakfast with Devin and Missy, and hit my room. I say "my room" because I was in it for three sessions back-to-back: one on continuous backup, one on Exchange security, and one on scripting with Monad. All three were well attended, and I got a ton of questions in each session. Some of the questions were pretty thought-provoking, too, which is always fun.

Atypically, I didn't spend much time on the exhibit floor; I went to Devin's Sender ID session (which I'll be delivering in Nice), and we had a short book signing at the show bookstore. (Thanks to those of you who came by!) I missed the MVP get-together because I had planned what I thought would be a short trip via water taxi to Epcot for a souvenir run. Turns out that the water taxi takes you to the Epcot entrance on the opposite side of the lagoon from the front gate, and there's no gift shop there. By the time I made it back from the hotel, I was too tired to do anything but order room service (which was excellent) and start working on the list of session submissions for the fall Exchange Connections show. If you've submitted proposals, I hope to let you hear something back by week's end.

A couple of observations: first, I was surprised that no one in any of my 3 sessions (close to 400 people in total) was running 5.5. That's a very good sign. There was a lot of interest in Monad, with tons of questions about what specific tools the Exchange team would be shipping in beta 2. Cemaphore and Mimosa have gained a lot of name recognition since the fall San Diego show. Finally, I didn't win the Harley Sportster that the show organizers gave away. Maybe next time...

Here's an interesting idea: a small, silent spam-filtering appliance for the home. The folks at SpamCube may be on to something here-- if, that is, their filtering works well. For $150 MSRP, it's probably worth a good look, especially if their filtering works. (Their site does some unfortunate handwaving about "AI", which always makes me suspicious!)

Morgan Stanley is in the news again because one of its former employees (who coincidentally was central in the Perelman affair) is suing for wrongful termination. Messaging Pipeline says it best:

A saga of inappropriate, incompetent, and potentially illegal conduct continues to unfold at Morgan Stanley, with the company's own E-mail trail at the center of it all.

Man, I hate it when that happens. The plaintiff, Arthur Riel, claims that he was terminated after pointing out inappropriate emails, including requests by the CTO to fix things so no one except the CEO's direct reports could email him. The company claims that Riel misused his access as head of the company's archiving project to spy on others. I don't know who's right, but it's clear that a) this case will get uglier before it's resolved; b) there are probably other similar Lurking Horrors waiting in other companies' archiving and retention efforts; and c) if I were a corporate counsel I'd be boning up on messaging case law.

Last week, I went to a press briefing to find out what had become of FrontBridge. The answer: a lot!

This press release sums it up nicely; the former FrontBridge services are now known as "Exchange Hosted Services" (EHS). Not a great name, since one of the first orders of business in the briefing was to clear up the difference between hosted Exchange services and EHS. That was easy enough, but imagine having to have that conversation over, and over, and over, and ... well, you get the idea.

There are four EHS components: archiving, filtering, continuity, and encryption. The EHS filtering service combines all of the previously unbundled FrontBridge offerings into a single whole. The other services are, to me, more interesting because they provide pay-as-you-go options for services that formerly would have been required to be self-hosted. For example, the encryption service provides a simple way to send encrypted mail to outside recipients who may not have the capability to receive encrypted mail: you send a mail, the service captures it and sends the recipient an SSL-protected link, and the recipient clicks the link to go to the mail. This is a simple and effective approach that, in the past, would have required a hefty investment in Tumbleweed's products. The continuity component is interesting, too, although I'd have to give the nod to MessageOne's EMS product because it supports calendar and contact data, has better synchronization options, and offers BlackBerry support.

My Exchange UPDATE column this week has more details (I'll link to it once it goes live); the bottom line, though, is that the FrontBridge acquisition is complete, the new EHS products are commercially available and competitively priced, and they offer some interesting capabilities. In fact, you could even use EHS to provide filtering and policy enforcement for non-Exchange systems like Domino and OCS (both of which lack any serious built-in capabilities).

The Anti-Phishing Working Group has posted their phishing trends report for January 2006. The group reports 9,715 unique phishing sites in the month of January, up almost 35% from December 2005. That's pretty scary. It's interesting to see what major collaboration and messaging vendors are doing to address the problem, too: IBM and Oracle are ignoring the problem, while Microsoft's already added anti-phishing features to Outlook 2003 SP2 and has shown both server- and client-based solutions for Office 2007 and Exchange 12.

My main homie Jim McBee has been working on a new e-book for RealTime Publishers: the Tips and Tricks Guide to Secure Messaging. It's available as a free download (registration required) from Microsoft.

Jim also has a new book coming out May 1 -- Microsoft Exchange Server 2003 Advanced Administration (see?) It's basically the second edition of Exchange Server 2003 24Seven, so it's probably going to be worth picking up.

Arik Hesserdahl at BusinessWeek says that Apple needs a security czar. So does Microsoft's Stephen Toulouse. So, I sent Steve Jobs a letter touting my qualifications for the job. We'll see what happens.

I used to have separate categories for posts about Workplace and Oracle Collaboration Suite, but now that I'm starting to work with Zimbra and Scalix, I figured I'd lump all the non-Exchange material into a single category so that people who aren't interested will only have one category to skip. Thus, the new "Non-Exchange" category.

Devin, Missy, and I will be doing a book signing for the Exchange Server Cookbook at the Orlando Exchange Connections show next month. The signing's at 3:30p on 10 April; see O'Reilly's page for details. C'mon by and say hello!

So, the Riya service is now in public beta. The point behind the service is that you send it your photos, and it applies some magical image processing to recognize faces and objects. In theory, once I pick out a particular face and tag it, say, as "Matthew", the software is supposed to be smart enough to find all other pictures that have Matthew in them and tag them accordingly. If it works well, this would be a huge improvement over the manual metadata systems that programs like Picasa and iPhoto use now. Does it work well? Beats me; I'm still uploading pictures. The one glitch I've had so far is that in my first batch (350 photos from 1999), the uploader got stuck on the last picture. However, clicking the "cancel" button got rid of it.

Update: a few notes. First, the service certainly does what it says; I uploaded about 1000 photos, and it has indeed auto-recognized a significant number of faces. Cool beans. A few nits, though:

• It looks like the uploader is indiscriminately uploading every file it finds in the source directory-- including .NEF (Nikon RAW) files, thumbnails, and iPhoto's data files. It's not clear whether any of these files are in fact uploaded or skipped, because there's no logging.
• On the web site, I don't see any summary that tells me how many total photos I have uploaded. Oops: there it is, in the upper right hand corner.
• It'll be interesting to see how well the facial recognition works with kids' faces. I trained several different images of Thomas as a baby from 1998 and 1999; now I'm going to feed it some pictures of him from last summer and see how many it catches.

Tag: riyarocks

This is super cool: Microsoft's started a series of Exchange podcasts (in both WMA and MP3, naturally!). This is a very smart move on the Exchange team's part, since it will unlock their webcast content and deliver it to a much broader audience. I was hoping to find the Exchange 12 preview webcasts from last week in podcast form; no word on whether that content will be added later.

The Census Bureau has a page of fun facts about St Patrick's Day. For example, according to Hallmark, 8 million occasional cards were exchanged last year; there are 9 places named Dublin in the US, and there are 34.5 million US residents who claim Irish ancestry (almost 9x as many people as actually live in Ireland!)

Sweet! Microsoft has an annual security conference called BlueHat (see MikeHow's comments on the 2005 version), and this year they've started a blog to cover it. Sadly, the blog is a retrospective, since the conference was actually last week. Still, this should make for intersting reading.

Cool script from the Windows Mobile team blog; it creates a CertificateStore CAB file, containing the root certificate of your choice, directly from the command line.

Man, these are funny: a series of VW ads parodying MTV's "Pimp My Ride" series. German engineering in da house!

I like country music. Let me amend that: I like some country music. I attribute this to my upbringing, where I spent hundreds of hours listening to Sons of the Pioneers, Marty Robbins, Shelly West, David Frizzell, and so on-- you know, the old-school western-style music that used to form the core of country. Then came a persistent liking for Randy Travis, and year before last I ventured to Columbus to see Shania Twain (note: I said "see", not "listen to"). Now I'm at it again; we just bought tickets to see Tim McGraw and Faith Hill at the Palace in May. Should be a fun show, as we're going with several friends in a caravan. I could rant about how much I hate Ticketmaster, but why bother... they're a monopoly and there's nothing I can do about it. Now I just need Big & Rich to come play somewhere near here!

From the Department of Obvious Statements: everyone hates cubicles.

Sage advice from Jesper: don't worry about clearing the page file (I love his list of things to be worried about). The setting to clear the page file at shutdown has always seemed like security theater to me, so I'm glad to see him point it out.

We're hiring! First, I need a good Exchange administrator with strong writing skills. The position's in Seattle. Contact me directly if you're interested.

Second, we need some Office solution developers. Dave Gerhardt's got the full scoop at his blog. (Note that in your cover letter, we want details of a product demo you've actually worked on or built!)

Coming very soon: a week's worth of webcasts on Exchange 12. Harold Wong's blog has the details.

On March 1, Microsoft announced that it was making Exchange 12 beta 1 available to TechNet and MSDN subscribers as a community technology preview (CTP). When beta 1 first began, late last year, it was a private beta restricted to about 1400 Microsoft customers, all of whom had to be nominated by Microsoft employees. MVPs and a few third-party developers were also nominated, but—even including participants in the Technology Adoption Program (TAP)—only a relative handful of the tens of thousands of Exchange-using sites were in on the beta. That's about to change dramatically, since there are more than 200,000 TechNet and MSDN subscribers, all of whom will have access to beta 1.

This isn't the first time Microsoft's offered a CTP; you may remember that Exchange 2003 SP2 was released as a CTP in August 2005. As with the SP2 CTP, the Exchange 12 CTP is being released so customers can get familiar with it in their own environments. It's not supported for production use (obviously), and Microsoft has already told beta 1 customers that they won't be able to upgrade from beta 1 directly to the released version.

As part of the CTP announcement, the product team also announced that beta 2, coming later this year, will be a public beta, so we'll all be able to discuss it to our hearts' content. Until then, both reviewers (which technically means me) and CTP participants are bound by the relevant NDAs and EULAs.

One thing that's no longer under NDA: Microsoft's finally starting to talk publicly about the new continuous replication features in Exchange 12. There are two flavors of continuous replication: local continuous replication (LCR) copies transaction log data to a second local volume, essentially giving you a protected local copy of your data. Clustered continuous replication (CCR) is cooler; with CCR, cluster nodes don't have to share disk resources, meaning that geographically dispersed clusters get much, much easier to design and deploy. Look for more on LCR and CCR in future columns.

Interestingly, the CTP builds will be made available in both 32- and 64-bit versions. This is a smart move on Microsoft's part, because customers that haven't decided on their forward path from Exchange 2000 (or even Exchange 5.5) will be able to evaluate Exchange 12 features (if only in an early state) on the hardware they already have. I don't expect any changes in their previous commitment to release the production version of Exchange 12 as a 64-bit-only product, though.

MSDN subscribers can download the Exchange 12 CTP starting today, while TechNet subscribers will get the bits as part of their March delivery. If you're not already a subscriber to one of these two programs, you can subscribe through Microsoft's web site.

Microsoft today released the new version of their Application Analyzer tool for Lotus Domino applications. It features a new UI, better reporting, and a customizable XML-based system for customizing the analysis it does and the ensuing recommendations. This version of the tool uses the four-phase process that MS has defined and refined since the last App Analyzer release. There's also an accompanying best practices guide. I'm looking forward to seeing customer feedback on these tools; the previous versions of the app analyzer had some shortcomings that I hope the new version fully addresses. In particular, I'm interested in seeing Paul Mooney's take on it.

Microsoft is making two pretty interesting announcements today. Stay tuned for more details.

Update: now you know what the first one is.

Disney is selling Bill Nye the Science Guy DVDs. That's good. Unfortunately, a complete set costs $3,249. That's bad. Hence this petition, asking Disney to offer a more reasonably priced option tailored to families.

The Pittsburgh City Paper has an interesting article on the ongoing labor negotiations between Block Communications and the Pittsburgh Post-Gazette. Of course, the Block family also owns Buckeye Cable and the Toledo Blade; given the fact that the Blade and the Blocks are negotiating a new labor contract, the similar negotiations going on in Pittsburgh-- and the candidness of Allan Block's remarks in the article-- are awfully interesting.

Now this is cool: buy a spot on a Krewe of Zulu Mardi Gras float! Only $1,500, and well worth it if you've never been in the middle of a real New Orleans Mardi Gras parade. Too bad I'm busy that day.

Windows IT Pro is now accepting session proposals for the Fall 2006 Exchange Connections conference. We're heading to Las Vegas for the premier Exchange technical conference, and we'd like to hear from you! We expect the fall event to have a healthy dose of Exchange 12 content, plus our continued emphasis on real-world solutions for Exchange 5.5 and Exchange 2000/2003 administrators. This year, I'm co-chairing the show along with Kieran McCorry and Kevin Laahs, both of HP.

If you're interested in speaking at the show, send your abstracts to me by March 21. We want proposals for regular 75-minute sessions as well as 1/2 day and full day pre-conference and post-conference sessions. Note that we have a limited number of speaking slots, and all participants must be able to present a minimum of three 75-minute sessions.

• Send a minimum of 3 session proposals (4 or 5 is ideal for discussion purposes)
• Include a short bio with your session proposals; if you have prior speaking experience, please include it
• Include any additional pre- or post-con session proposals, if applicable

Please adhere to the March 21 deadline as we need to make speaker and session selections right away.

The Lazy Admin has a great piece on the use of MSH profiles with Monad. If you're exploring Monad, you should check it out, since profiles are the primary customization method for your interactive shell sessions.

Sweet! I just noticed this article on the Exchange team blog-- RSA's SecurID product can now be made to support Direct Push. This is a big win, because many organizations that want to deploy Direct Push also want strong 2-factor authentication.

Actually, I blogged about this on Monday morning, but my local copy of Ecto ate the post and just spit it back out this morning.

Terry Myerson drops science on public folders in Exchange 12 over at the Exchange team blog. High points: public folders will be supported until at least 2016, new apps should use the .NET framework and Windows SharePoint Services v3, and with Outlook 2007 + Exchange 12, you don't need PFs for free/busy. (Interestingly, I don't think that last tidbit has been publicly disclosed before Terry's post).

Wow, I love Monad. That's all I have to say about that.

Somehow I missed this, but MS last week announced the impending availability of a Windows Mobile version of Office Communicator. This may be the app that gets me to carry a Windows Mobile 5.0 device full-time, because having in-pocket access to presence, VoIP, and extended presence data for my contacts would be incredibly valuable. I'll post more once I get the bits.

I'm working on my Exchange Connections presentation on Monad. There's already a good bit of information out there (including the official Monad team blog), but I'm interested in knowing what you want to know about Monad and Exchange. Leave feedback in the comments, and whenever possible I'll work the answers into my presentation.

I've been married for nearly 15 years. During that time, I have never taken a vacation wherein I didn't do some kind of work. Sad but true! Actually, "sad" isn't quite the right word; the freedom to work from the road has let me spend a lot more time traveling with my family than if I had a job that required physical presence in a defined location. However, I'm breaking the mold: for the next seven days, I'll be cruising the Caribbean with no laptop, and thus no email. I will have my trusty Treo, but it only works in 3 of the places we're going to, and I'm mostly taking it so we can call the kids to see how they're doing. I've already turned in my columns for next week, along with some other stuff that needed doing, so I'm free as a bird until 2/13. See you then!

This is interesting: Computerworld's running a story saying that IBM has promised to make good its years of benign neglect by shipping a Mac Notes client that has feature parity with Windows. As someone who had to suffer through writing applications for the Mac Notes clients back in the day, I say "it's about time". Now, Microsoft: how about improving SharePoint support for Mac OS X?

Forbes Magazine has an interesting, if short, interview with Exchange sensei Tony Redmond. For those of you just stepping out of the spaceship, Tony is an ex-DEC, ex-Compaq messaging specialist with an incredibly deep background on messaging in general and Exchange in particular; he's also a VP and CTO of the services division at HP.

Ever want to know how to effectively use limited user accounts (LUA) to run on Windows XP? Me too. Fortunately, MS just released a white paper that details what LUA is (and isn't) and how to implement it on XP desktops. This is very valuable guidance-- try it yourself and you'll see what I mean.

It's not often that I can praise Toledo (which I live near) as a technology leader. However, in yesterday's Blade, a story by Mark Reiter gives me something legit to praise: the local federal district court is using iPods to pass out evidence to defendants for review. I've got a call in to Jeff Helmick, who's quoted in the story, to ask some follow-up questions; check back here for an update.

I’m cleaning out my office (that faint sound you hear is applause from my wife). I have 12 copies each of Secure Messaging with Exchange 2000 and Secure Messaging with Exchange Server 2003 to give away. If you want one, reply via email with your postal address (be sure to tell me which one you want) and I’ll ship it to you. First come, first served.

Update: all of the Exchange 2003 books are spoken for, but I still have a few Exchange 2000 books available.

While searching the Interweb for something else, I found this review of Secure Messaging with Exchange Server 2003 by fellow MVP David Sengupta. Somehow I completely missed it when it was originally published. Duh. It was fun to look back (and, of course, if you haven't bought the book yet, you should read the review and then Make the Right Choice!)

A reader wrote to quiz me about my recent columns on 64-bit Exchange and the performance benefits it should offer. He asked:

In your last e-letter you mentioned the added performance boost putting Exchange on a 64-bit box. For those of us that connect our Exchange servers to an iSCSI SAN, would we not run into bottlenecks at the NIC (1Gb backbone, assuming we were not using a TOE card or maybe even if we do), before a 32-bit setup cut into performance?

I'll trot out my all-purpose answer: "it depends."

First, let's assume that you have a Gigabit Ethernet connection to the iSCSI SAN, with an HBA that has a native x64 driver-- no thunking required. That's just a clarification, but in the end it doesn't really matter. Why? Assuming that you have "enough" RAM (where the precise value of "enough" varies according to the user workload on your server), JET 12 is going to be able to cache a significantly larger portion of the EDB data than it can now, meaning that the amount of bandwidth between your server and the iSCSI cabinet becomes much less relevant from a perf standpoint. We already see a similar effect now; when SAN vendors are hunting for business, they often put lipstick on the bulldog by adding a very large cache to the controller. Of course, this only works until the disks hit 70% or so of capacity, then the cache detunes and performance drops like a rock. That's a problem only because the SAN controller has no idea what the application is doing; it's not a problem for Exchange in this case because ESE is in charge of the cache. Given "enough" RAM, the amount of bandwidth you use for a given set of user behaviors should decrease because you'll be making fewer requests to the actual disk.

What about page size? My gut feel is that the page size change will be a wash; caching will reduce the total number of IOPS that have to go over the wire, but those pages that do go will be 8KB vice 4KB. I'm looking forward to seeing hard data to confirm or disprove this, though.

Why did I say "it depends", then, if the performance news is so rosy? Because one of the key reasons people will be deploying Exchange 12 is to consolidate servers. Obviously if you take four or five Exchange 2003 servers and stuff their mailboxes onto an Exchange 12 server, the new server is going to require a significant amount of SAN bandwidth, and I suspect it'll easily be possible to build configurations that would saturate a GigE HBA. So, don't do that and you should be good to go!

If it's MacWorld week, it must be time for more Mac news here. Today's dose: Research In Motion has licensed IAA's PocketMac product. It'll be made avaialble as a free download on RIM's web site starting in February. This is obviously a good move for IAA, makers of PocketMac, and clearly it's an effort by RIM to remain competitive with Palm for hearts-and-mindshare among Mac users.

It's Patch Tuesday, so you know what that means. This month, there's actually an Exchange patch, although it only applies to Exchange 2000, Exchange 5.5, and Exchange 5.0 on the server side (Outlook 2000, Outlook XP, and Outlook 2003 are all affected too, though). The vuln reported in MS06-003 is a problem in the TNEF decoding engine that can allow remote code execution. Interestingly, MS released security patches for Exchange 5.5 even though it just went end-of-life 10 days ago... and what's up with that crazy Exchange 5.0 patch? That's been out of support for quite a while, and I'd bet the percentage of sites using it is very, very small.

Lenovo and Apple are fighting over my wallet. I'm thinking about buying a new laptop, and the two contenders now are the Thinkpad T60 and the brand-new MacBook Pro. The big variable is whether the MacBook can run Windows, either using VirtualPC (Microsoft isn't saying) or natively. If yes, that's my choice; if no, I'd probably lean towards the Thinkpad. Fortunately, neither one is actually shipping, so I don't have to make a decision quite yet.

Jim McBee says something that I've been evangelizing for a while: turn off outbound SMTP on your network. The only machines that should be able to send it are your messaging servers. Maybe, if you're feeling generous, you might allow VPN users to send SMTP so they can send mail while on the road. That's it, though. There's no good reason why Joe Cubedweller should be able to send SMTP direct from his machine. Worms like Sober use it, as do a number of rootkits/botnet droppers.

I'm finally getting back into my normal groove after an extended vacation. The kids were out of school from 12/22 until today; I took a solid week off, during which I did no work. It was wonderful, and we could not have had a better Christmas-- we were all together, and that made it something to remember. Baby Charlie learned a few new tricks (including patty-cake); we ate like kings, and everyone got to spend time with everyone else in various combinations.

Coincidentally, even after that week was over, I didn't have much to do because I'm waiting on go-aheads for several projects. Things are starting to pick up, though, so I'll be posting here slightly more regularly.

I just sent off three session proposals for TechEd 2006. I didn't bother to submit anything last year, and-- big surprise-- didn't speak. It was nice to take a break and attend without having to speak, but I missed it, so this year I'm back to my normal MO. I'll also be speaking at Exchange Connections 2006 and the newly added Exchange Connections Europe-- more info on those coming soon!

I'm delighted to announce that Microsoft has released updated versions of two of its key security guides: the Threats and Countermeasures Guide 2.0 and the Windows Server 2003 Security Guide 2.0. Devin and I put in a lot of hours updating these two guides to reflect updated settings in XP SP2 and Windows Server 2003 SP1, and there's some very useful new information therein.

Normally I wouldn't mention this here, but it has security relevance. Don recently started blogging. Why do you care? Because he's an attorney who works for a really large software company in western Washington. In that capacity, he's written some amazing stuff that I hope shows up in his blog over time.

I had the opportunity to work with Microsoft's Cliff Reeves earlier this year, and thoroughly enjoyed it-- Cliff is scary smart, quite personable, and really "gets" the collaboration space. I urged him to start a blog, and whaddya know? he did! Check it out at http://cliffreeves.typepad.com/dyermaker/.

I just attended a Live Meeting hosted by Microsoft's Nicole Allen and Mike Lee. Nicole is well known in the Exchange community as being an expert on Exchange performance analysis, and her presentation covered some of the guts of the Exchange Performance Troubleshooting Analyzer (ExPTA). If you haven't used ExPTA, you're missing out; it's a terrific tool for analyzing the performance of your Exchange server and identifying problems, including problems experienced (or caused) by individual users. Mike Lee also did a similar presentation on the Exchange Disaster Recovery Analyzer (ExDRA). (For a good tutorial on what ExDRA does, see Marc Grote's article here.)

The interesting thing to me is the degree of investment that Microsoft is putting into these free add-on tools for Exchange. They fill a void that no third party vendor has effectively exploited, and customers love them because they greatly simplify the process of finding current or latent problems with an Exchange configuration. Between ExBPA, ExDRA, and ExPTA, Microsoft is assembling quite a formidable set of analysis and troubleshooting tools.

I meant to blog this, but with all the other things that've been going on, I forgot. Exchange Server 2003 has passed the evaluation process for receiving the Common Criteria security evaluation at Evaluation Assurance Level (EAL) 4. There's a good article at the Exchange team blog that covers the certification process and what CC certification means. Interestingly, I haven't found any evidence that any version of Domino is CC-certified, but I probably just wasn't using the right search terms (I note that IBM's talked a lot about the EAL-3 version of SUSE Linux Enterprise Server 9).

It's a closed private beta, but there's some good information at their beta 1 preview site: http://www.microsoft.com/exchange/preview. Expect more information after the first of the year...

Last winter, I was out on a teamup with the missionaries and we went to visit a family whose house was heated by a corn-burning stove. That's right; it burned dried corn kernels. It worked great, too; it was probably 80° in their family room. That's nice to consider when it's 10° outside. My interest was recently rekindled by this WSJ article that talks about corn-fueled heating. Here's the kicker:

Calculating the new post-Katrina prices, [Penn State professor Dennis Buffington] figures that to make a million British thermal units of heat it takes $22.64 of heating oil, $33.80 of propane or $16.47 of natural gas. But burning corn can do the job for $8.75. "The truth, in my opinion, is that corn is such a good deal that the data don't need to be hyped," he concludes.

The idea of being able to cut a $300/month winter heating bill to $75 or so is awfully attractive. Oh, and the exhaust smells faintly of popcorn.

The OCS 10g documentation says you create SMTP domains by logging in to the web mail client and using the Administration tab. It also says that you won't see that tab unless the account you use has either domain or system admin privileges. However, it doesn't say that "domain administrator" accounts can't actually create or remove domain objects; you have to have "system administrator" for that.

Thanksgiving was especially good this year.

I took half a day off on Wednesday and ran errands with the kids, then had a blissful and uninterrupted four days of only occasional computer use. No work. No articles, no papers, no competitive work, no nothing. It was great. (I wasn't even distracted by the Xbox 360). On Thanksgiving Day, we had leftover red beans and rice because Mom was still down in New Orleans; I got plenty of time to play with the kids, and I even managed to take a nap-- something that virtually never happens.

Friday Arlene and I got up early and stuffed a 20-lb turkey with cornbread dressing made the previous night. I'm not normally a big fan of dressing-- I prefer rice-- but this stuff was so good that I kept eating it out of the bowl. Arlene really outdid herself. We had a big traditional dinner with Mom, Dad, Tim, and the five of us. (the leftovers were good, too!) How wonderful it was to have everyone together! We went around the table talking about what we're thankful for, and not surprisingly, family and health were among the top items.

Saturday Dad, Tim, and I took the boys to our annual fall pilgramage to Cabela's. Matthew and Thomas love the fish and animals, and David tries to pretend he's too cool for them but only partly succeeds. Oddly, we didn't buy any of our usual Cabela's candy; in fact, I don't even remember seeing it out. Sunday was a quiet day; Arlene had to teach in Relief Society, and I went with our elders' quorum president to give blessings to a couple of people who were sick. Speaking of thankfulness: I'm thankful to be able to hold the priesthood so that I can do things like this.

To really kick off the holiday season, we put up our two Christmas trees, although we only had time to decorate one (mostly because we let the boys do it!) Yesterday, alas, was back to normal; David had his regular 8a school-play rehearsal, basketball practice, homework, and so on.

Thanks to a 0430 wakeup call and an 0510 arrival at our local Sam's Club, I have a brand new Xbox 360. I'm trying to decide if I should keep it or sell it. Each has its pros and cons. In favor of keeping it, if I sell it now I may not be able to get another one until next year. On the other hand, people are selling NIB 360s for crazy prices on eBay, and it's hard to ignore the notion of an instant profit-- I could make enough to pay for a replacement and some games. Complicating things is the demand factor: demand is high now, so I could get a good price. Will demand go up or down as we get closer to Christmas? Only the shadow knows.

Update: I put it on eBay with a ridiculously high "buy it now" price at about 6:20p last night. I then went out with the missionaries to visit a family in our ward. By the time I got back in the car-- less than two hours later-- someone had bought it.

Need a good laugh? Go to this article and check out the targeted ads. Obviously Google is channeling the feelings of people who've worked with OCS.

The folks at SearchExchange have been kind enough to turn chapter 2 of my current ebook, The Definitive Guide to Exchange Disaster Recovery and Availability, into a short "10 tips in 10 minutes" article. Check it out here, or get the entire book (well, the first 6 chapters; I just turned in the final chapter yesterday) here.

My Jasjar wasn't really dead, it was just playing dead. I let the battery run down completely, then plugged it in to my Thinkpad and tried the firmware update again. This time, it worked like it's supposed to. John and I had fun playing around with it at the office; it flawlessly plays video that was encoded for his iPaq hw6315. I have several TiVo-to-Go shows on my laptop that I want to transcode to watch on the device, but WMP10 obstinately refuses to recognize the Jasjar, and since I'm on an airplane I can't check the Internets to see what the likely problem is.

I'm also having problems with ActiveSync 4.0, but that's nothing new. Every version of ActiveSync I've ever used has been troublesome. Come to think of it, so has every version of the Palm OS sync software (man, the stories I could tell about their Mac products…) Maybe that helps explain why Nokia just dropped US$430 million on IntelliSync.

So, yesterday I turned 37. I had a great birthday weekend nonetheless.

It started Friday morning, when the first words I heard from my dear wife upon awakening were "We really need to wash that gray off your temples." Hmm. Maybe not. I earned this gray, dontcha know. Anyway, we had dinner plans with our friends Matt and Anita to celebrate my birthday and Anita's (a week early, but who's counting?), after which we planned to watch a movie on the projector.Mom and Dad agreed to keep the boys overnight so we could make an early-morning trip to the Detroit temple. We had a great dinner at Biaggi's, but I noticed that Arlene was acting a little oddly-- before we left the house, she closed all the blinds, and at dinner, she jumped up from the table and (almost literally) ran off to the ladies' room at one point, and I saw her fiddling with her phone under the table-- usually I'm the one doing that as I check mail or my calendar _ When we got back to our house, I walked into the kitchen and heard an odd sound accompanied by a bright flash of light-- followed immediately by shouts of "Surprise!" I just about fell over; I never in a million years would have expected Arlene to throw me (or, more properly, "us" since it was Anita's party too) a surprise party. I suppose that's what makes it surprising! We had a delightful time with our friends (thanks to everyone who came!) and hit the rack for a 5am wake-up the next morning.

Our temple trip was wonderful. I always enjoy going to the temple, but this time I'd taken the time to prepare better through prayer and scripture study. What a wonderful learning experience! Since we accepted President Hinckley's challenge to try to read the entire Book of Mormon before the end of the year, I've definitely noticed that I have been more attuned to spiritual experiences, and this has made attending the temple much more rewarding. I'll make an extra effort to go to the Seattle temple when I'm there this week.

To top things off, we were able to stop off at the Whole Foods in Troy and load up with gluten-free goodies (plus some more of my favorite potato chips), followed by a delicious in-car breakfast (organic banana, a bottle of some kind of smoothie, and a really tasty raspberry cream cheese croissant). Matt and Anita are wonderful conversationalists, so the trip passed quickly in both directions.

Saturday night we had the Rotary auction, which is always fun. There weren't any good electronics (apart from the ones I donated), but I got some Mud Hens tickets, a year of lawn treatments, and a few other cool odds and ends. The highlight of my evening came when I beat Cory Eckel (our bishop, a former BYU football player who has more athletic talent in his pinky than I do in my whole body) in two games of mini-basketball :)

After two late nights, Sunday was best of all-- we didn't do much of anything, in keeping with it being a day of rest and all. Matt and David were both sick, so it was a fairly low-intensity day.

Monday was my actual birthday; the boys got me some sweatpants and a new bicycle pump (since they broke the old one), and Arlene gave me a much-needed Books-a-Million gift card and a big pot of chicken and sausage gumbo. We also got our outdoor Christmas lights put up. It may seem early to those who live in more temperate areas, but while we were hanging the lights it was about 45 degrees, overcast, with a steady 10-15kt wind. That's as good as it's going to get until April or so.

Breaking news: Exchange 12 will be 64-bit only. I have a lot more detail to post on this, but they're about to close the forward boarding door-- more when I land in Cincinnati in an hour or so. Here's a link to the umbrella press release from IT Forum.

Why the change? x64 technology is already widely deployed, and using it with Exchange reduces the I/O count dramatically-- by up to a factor of 4. This is huge, since IOPS are much more expensive than RAM or CPU. (If you don't believe me, try pricing 16GB of DRAM and a dual Opteron server compared to an EMC SAN and get back to me).

One objection I anticipate hearing is that this will strand customers who aren't on x64 hardware. I'm resistant to this argument, though, because even low-end servers now often include x64-capable CPUs, and this trend is only going to accelerate between now and the time Exchange 12 ships next year. Organizations that are planning to move to Exchange 12 after it ships can easily buy x64 hardware any time between now and the time they upgrade, usually without any increase in cost. Of course, I expect to hear criticism of this move because some customers won't be prepared to move to x64, but the fact is that there will always be customers-- for any product-- who don't want to, or cannot, upgrade when the manufacturer wants them to. Sure, there will be Exchange customers who will cling to their existing versions, but that has always been (and will always be) true for Exchange, Notes, Workplace, OCS, SAP, and any other software in this class.

The big news here, to me, is that Exchange is once again breaking ground in delivering a new technology-- and in this case, it's one that has the potential to radically alter the scalability and cost factors we're used to working with. I can't wait to get my hands on some E12 bits and start testing!

I've been having a hard time getting in the groove the last few months. Some parts of my work are much more interesting than others, and I've had a hard time staying engaged with the less interesting parts. I've also been feeling generally lethargic, so I decided the best solution was a little good old body rockin'. So, I started this week.

First step: the Hacker's Diet. No, it's not pizza and Mountain Dew; instead, it applies time-tested hacker principles (including a fetish for data analysis) to weight loss. Basic upshot: eat fewer calories than you burn, and you'll lose weight. Keep doing it over time and you'll reach your target weight without deprivation or undue cost. My target daily calorie intake should be around 2520 (the average of the range for my height and build, 2240-2800); thus if I take in around 1800-2000 calories per day, I can potentially lose up to a pound a week.

Second step: getting off my lazy butt. I'm trying to run every other day and hit the Crossbow on the alternate days. This will be easiest when the weather's good, but if I establish the habit I should be able to stick with it. I've been running a simple two-mile stretch to and from the boys' school.

Third step: goal setting. I'd like to get down to around 180 lbs, +/- 10%. More importantly, my goal is to be able to run a first-class Marine Corps PFT-- something I never did when I was actually in the Corps-- by May 1. I got this handy PFT score calculator for my Treo and now I'm set. Minimums: 3 pull-ups, 45 crunches in 2 min, and 29:00 or less for the 3-mile run. If you hit those three minimums, though, you'll still fail! As a baseline, I did 53 crunches in 2 min this morning, and if I ran a 3-mile course I'd expect to come in about 32:00, so I definitely have some work to do. I think I can hit 24:00 for the run, 70+ crunches, and 10 pullups-- that would give me 65 + 70 + 64 = 199 points. I'll post progress updates here.

This week's UPDATE column, posted here because I don't have time to write a separate entry on this right now

One of my favorite things about IT conferences like Exchange Connections is going to the exhibit floor to talk to vendors and see their products. Sometimes large vendors like HP and Symantec have interesting things to say (like Symantec's announcement of a new version and pricing strategy of their Exchange security products), but for my money the real goodies are usually found in the booths of smaller vendors. They tend to be more enthusiastic about their products, and more engaging when discussing them. I'll do a broader review of some of the cool things I saw here next week, but with my deadline looming I had to pick one thing to write about, and it's… RSS.

Now, you may wonder what RSS has to do with Exchange. Over the last year I've mentioned RSS a few times, but it's always been as a client-side technology that enables individual users to find the information sources they want and display them in a web browser or a rich client like Outlook. However, there are some problems with client-side RSS use:

• you have to install an RSS client on each desktop; this is a non-starter for organizations that are trying to reduce the number of desktop touches. It also encourages end users to install and manage their own software, another hot-button issue that many firms are trying to clamp down on.
• users make duplicate requests; if you have 500 users, and 200 of them are making hourly requests for the latest content for a particular RSS feed, you're using excess bandwidth to pull the same data over and over. (Of course, the owners of the servers providing the RSS feed might take issue with getting a large number of requests from your organization, which is why heavily-trafficed sites often include a throttling feature that will block requests from IP addresses that are making requests too often.)
• users are left on their own to find the information sources they need. This is an advantage insofar as it allows users to make their own choices, but it makes it difficult to effectively share and consolidate useful information.

NewsGator Technologies has been making client-side aggregators for several years; their NewsGator for Outlook plug-in is my primary aggregator. I run it in a VM to let it collect RSS data that is then published to a tree of folders in my Exchange mailbox; that way, I can access it through OWA, Outlook, Entourage, or even an IMAP client. This addresses the first two of the problems I mention above, but it doesn't do anything about the third, and it doesn't scale well.

Enter a new product that NewsGator is showing on the expo floor: NewsGator Enterprise Server. It's a slick piece of work that effectively addresses all three of these problems by collecting and consolidating feed data in a centralized SQL Server database, then publishing it to users' mailboxes via WebDAV. This eliminates the need to license or install individual client plugins, and it makes the collected RSS data available to any client that can access an Exchange mailbox through IMAP, WebDAV, or MAPI.

This functionality in itself is very useful, but NewsGator architect Lane Mohler surprised me by showing me two other features. First, NewsGator Enterprise Server lets you specify default feed sets for individual mailboxes, or for sets of mailboxes as defined by Active Directory groups or OUs. For example, you can define a default set of feeds for users in your sales organization, and those feeds automatically appear in those users' mailboxes. Add a new employee, and she automatically gets access to whatever content you've identified as most valuable for people in that position. This neatly eliminates the problem of helping new users find the right set of resources when starting a new task or position.

The other cool new feature is called clippings. It addresses the problem of sharing relevant information by allowing any user to select an individual article and add it to their clipping set—to which other users can subscribe. I think of this like a librarian-in-a-box. Say you have someone in your company whose job it is to find articles about the company or its competitors and share them with appropriate groups. They probably do this by mailing URLs or articles to people, but the same task is more easily accomplished by using clippings; as the librarian finds relevant articles, he can add them as a clippings that are then automatically published to the appropriate users and groups.

What really gets me excited about the potential of NewsGator Enterprise Server is that it works with any kind of RSS feed, not just blogs. You can produce RSS feeds from SharePoint data or other back-end systems, making it easy to slip notification or status data automatically into users' mailboxes—a very cool potential that I expect other vendors to exploit.

Wow, this is interesting! Apple has a new product named Aperture that's targeted at professional photographers-- and squarely at Adobe's Photoshop. Arlene has been hitting some of the limitations of iPhoto, like its inability to work with RAW files. She doesn't need Photoshop, but something like this might be the perfect workflow solution for her. There's a comparison of Photoshop and Aperture here-- it definitely bears looking into.

I got a reader question asking whether you can install Exchange 2003 SP2 on Small Business Server 2003. On first reflection, I couldn't see why not; a quick query to Susan Bradley (SBS MVP and mistress of all SBS knowledge) netted a link to this article by Vlad Mazek, which explains the installation procedure in great detail.

It's live! Exchange 2003 Service Pack 2 is now available for download. This is great news, because SP2 adds some very welcome message hygiene, mobility, and management features. I'm working on an article on the mobility features now, and as soon as that's done I've got plans for a lengthy post exploring Sender ID support.

Update: here's a list of the bugs that are fixed.

This year, we finally said "enough" and told the boys that we wouldn't be participating in any fundraisers at school. This has been quite liberating, especially given the number of fundraising events in the Perrysburg elementary schools. There's Market Day, and the Scholastic book sales, and Sally Foster, and the American Heart Association... and the quarterly fundraisers at Wendy's and McDonald's... and probably some other ones, the memories of which I'm repressing.

I don't mean to sound stingy, but we pay hefty property and city income taxes already, and the notion that I have to let my kids pimp wrapping paper, candy, or anything else to buy "extras" rankles. It's made worse by the fact that many of these fundraisers offer ticky-tack prizes for the kids; that just raises the noise level, and in the end the schools don't get much of the money anyway. So, we just said "no". This Detroit News story outlines a third option: some parent-teacher organizations are just asking parents to write checks if they want to opt out of the fundraisers. I'd be happy to do that.

It's live! Exchange 2003 Service Pack 2 is now available for download. This is great news, because SP2 adds some very welcome message hygiene, mobility, and management features. I'm working on an article on the mobility features now, and as soon as that's done I've got plans for a lengthy post exploring Sender ID support.

Exchange Connections is only a couple of weeks away, so I thought I'd post my final speaking schedule. Because Donald Livengood from HP has had to cancel, I've picked up his three sessions, leaving me a total of five:

• Tuesday @ 2:15p: Deploying Rights Management Server with Lessons Learned


• Wednesday @ 10a: Exchange Security: Tips and Tricks


• Wednesday @ 2:15p: Multi-Forest Deployments


• Wednesday @ 4p: Layered Anti-Spam with Exchange


• Thursday @ 11:45a: Fun With Global Settings, Message Limits, Recipient Policies, and Connectors

Thursday at 2pm, I'll be busy collapsing from exhaustion.

(A shout out to Jim McBee, who graciously agreed to take my place on the Exchange 5.5 migration panel with Kieran McCorry and Missy Koslosky; it's scheduled at the same time as Don's RMS session.)

It's official-- from a Microsoft press release:

Today Microsoft also announced plans to release Microsoft Antigen anti-virus and anti-spam security software for messaging and collaboration servers based on the technology from recently acquired Sybari Software Inc. Adding to the defense-in-depth strategy inherent in Microsoft Antigen, Microsoft will add its own anti-virus scan engine. When it is available, customers of the Microsoft Sybari product line will benefit from the addition of the Microsoft anti-virus scan engine at no additional charge throughout the length of their contracts. In addition, Microsoft Antigen for Exchange recently completed Microsoft’s Security Development Lifecycle review process, which has been shown to achieve measurably improved levels of security for numerous Microsoft software solutions. Microsoft Antigen for Exchange is scheduled to be available in beta to customers in the first half of 2006.

Wow, this is great-- a new Microsoft white paper on the recommended best practices for using the Volume Shadow Copy Service (VSS) with Exchange 2003. This is long overdue. VSS is a terrific backup mechanism when properly implemented. If you're at all interested in VSS, check it out. (Hat tip: Ross Smith)

I'm at the Microsoft MVP summit in Redmond this week; today and tomorow are the "heavy" days that focus on specific technologies. Yesterday we had some executive keynotes in the morning, followed by some platform technology sessions. I got to see Jensen Harris' very cool presentation of the new Office "12" user experience (which I think wasidentical to what he showed at the PDC). I also got my first detailed look at the new Monad shell. Jeffrey Snover did the demo; there's a video of a similar demo here. I was blown away by Monad's elegance and simplicity; although Jeff didn't show any Exchange functionality, it's easy to see how features like the "-whatif" switch (which runs your script and shows that the output would be, but without committing any writes) could be useful. More interesting (at least to me) is how composable Monad is; you really can combine a wide range of cmdlets to take complex actions. I'm looking forward to learning more details about this today.

I'm not making this up. From this morning's email, an announcement from SANS of an upcoming Exchange security webcast. Here's an excerpt from the announcement:

A Microsoft Exchange Server is often found as one of the most important collaborative assets to current organizations of all sizes. With so much dependency on a reliable e-mail and collaboration system, many organizations are faced with the problem of how to secure those communications. This webcast will introduce listeners to Exchange messaging protocols and discuss strategies to secure those communications. This webcast will focus on Microsoft Exchange Server 2003. Miles Stevenson has spent the last five years working as a Linux network administrator. He worked in both commercial and government sectors specializing in low-cost Linux solutions. He currently works as a full time network administrator for the SANS Institute and directs the SANS Assessment program.

Now, I don't mean any personal disrespect to Mr. Stevenson. However, I don't understand what in his background as a Linux admin qualifies him to talk about securing Exchange. Securing any enterprise messaging system requires a fair bit of specialized knowledge, including a good understanding of the underlying OS. I wouldn't expect an Exchange administrator to be able to talk knowledgeably about Linux security, for example. I'm curious about what exactly will be covered in the webcast, but I'll be on a flight when it's being presented-- if you monitor it, leave a comment here and let me know what you thought about it.

See, I told you the Entourage blog was about to spring back to life. Today's entry: the details on the Exchange hotfixes suggested (but not required) for using Entourage 2004 SP2 with Exchange 2000 and Exchange Server 2003.

Today Microsoft announced that it was releasing Service Pack 2 (SP2) for the Macintosh version of Microsoft Office. Apart from the usual bug fixes to all of the Office apps, the big news here is that SP2 makes some major-- and welcome-- changes to Entourage's Exchange support.

There's a long list of tasty new Exchange goodness in the SP2 release, including:

• A new model for calendaring and address books. Previous versions couldn't support calendar or contact public folders; this release does. In order to enable that support, the dev team changed the way calendar data is stored and managed. Now you'll have a calendar on your local machine, plus a calendar for each Exchange account, plus any calendar public folders you have. For most Exchange users, this will be a huge improvement. For the small number of users who'd defined multiple Exchange accounts in the same Entourage identity, you'll notice that now Entourage doesn't automatically sync events from every calendar to every other calendar.
• Much, much better sync performance with Exchange accounts. (They also fixed that annoying bug where the Progress window would pop up even when you'd previously closed it.) Public folder browse performance is greatly improved too.
• Support for setting permissions on Exchange items. That's right-- you can now grant permissions on any folders in your mailbox, just like you can in Outlook. You can also open other users' shared folders, provided you have permission to do so.
• You can create private calendar and contact items.
• There's much better support for delegation, including the ability to assign other users as delegates.

There are also some less obvious, but perhaps more welcome, changes. For example, Entourage now honors the Thread-Index and Thread-Topic headers that Outlook uses. That means that conversations with Outlook users will be properly threaded. Entourage also includes a new Conversation view type that properly threads mail messages-- a feature that's long overdue (though you could simulate it by creating your own custom view). You can also do a "get info" on any folder to see how much space it's taking up on the Exchange server-- something I use all the time, given the mailbox limits applied to some of my accounts.

SP2 is available for download from Microsoft's Mac website; as far as I know, it will update either the RTM or SP1 versions of the Office suite, and you'll need to install it separately on each machine unless you're using a software distribution system. Microsoft has also promised to make it available through their automatic update mechanism for Mac Office, but it doesn't seem to have shown up there yet.

Update: Gerod reminded me that you need an Exchange hotfix to enable sharing and delegation to work; I'd forgotten all about that. (Also updated the links to point to live content)

Update: John Welch has tons of screen shots in his article on SP2.

Did you know that there's a blog maintained by the Entourage team at Microsoft's Mac business unit? Me neither. But they do, and a little bird tells me that they're going to start updating it much more regularly. Drop by and add it to your aggregator if you use or support Entourage.

Cool stuff from the PDC: the developer roadmap for E12 was unveiled at PDC today. Terry Myerson has a post on it at the Exchange team blog, or you can just go straight to the PowerPoint deck from the session. I've got a lot of catching up to do, since the Cookbook depends on WMI and CDOEXM.

Let's say you wanted to set every calendar in your organization to grant all users "reviewer" rights. This makes it easy to see detailed calendar data instead of just pure free/busy information. There's no direct way to do this through CDOEXM or WMI, but Glen Scales has come up with a solution that uses the Exchange 5.5 acl.dll. Check it out here.

I actually had real work to do this week, so I couldn't attend the PDC. That's too bad, because there's a lot of interesting stuff happening there. For example, MS today took the wraps off Windows Workflow Services, their platform for workflow integration. There are some interesting touches that I think will help distinguish their offering from their competitors, including integration with Visual Studio and a marketplace for workflow actions (which MS is calling "activities".) When I get some time, I'll have to dig into this and see what's what.

In related news, MS also started talking about changes to InfoPath (hint: no more requirement for a client-side application) and their new Office server platforms. It's very interesting that they're focusing on BI and content management as first-class tasks in the new release; we'll have to wait and see what capabilities they're able to get in for the 1.0 release.

There's a fascinating article in the most recent issue of RISKS Digest about anomalies and Byzantine failures in flight control systems. I can't explain it nearly as well as Peter Ladkin, who wrote it, so I won't try. Although Exchange and Windows aren't generally vulnerable to Byzantine faults, it's a fascinating area of study in security-critical systems: how do you design systems that keep working when their inputs are lying?

The Wood County Sheriff’s Office Citizen’s Police Academy fall classes will begin Monday September 19, 2005, and Wednesday September 21, 2005. Classes will start at 6:30pm and end at 9:30pm. The classes will end the week of November 13, 2005. Sign up begins June 1,2005 and will continue till classes are full. Maximum class size is 16 people per class. To sign up please call Deputy Dirk Fenimore at (419) 373 – 6519, or send email.

Mark was instrumental in running a similar citizen's academy for the Perrysburg Police Division. I attended it last year and had a blast-- so if you've got the time, I think you'll find the sheriff's edition well worth your time.

I’ve been heads-down on some deadline-critical work, so I hadn't followed the Notes/Dominio 7 release as closely as I evidently should have. I woke this morning to find out that— oops— IBM isn't shipping DB2 support in Notes 7. See Ed Brill’s page for his take on it, including the news that you can apply for access to the DB2 functionality. I have to wonder whether there are secret criteria for the application process; I guess I'll find out when I apply. It's too bad that this feature didn't make the cut, although IBM had a tough decision: slip to keep the feature or ship without it. Given the customer uncertainty over the impact of moving to DB2 as part of Workplace, I'm sure they would have liked to ship this feature on schedule.

Interestingly, the reason Ed cites for not shipping the feature is that not enough customers were testing it. Microsoft has worked long and hard to build a real-world customer testing program, the Technology Adoption Program (or TAP). TAP customers run pre-release builds of Exchange in production, with full support from PSS. Of course, MS also dogfoods new releases in their own environment; between the TAP and internal MS users, my recollection is that there were about 150,000 mailboxes running live on Exchange 2003 during the latter part of its dev cycle. I expect to see the same thing-- probably with bigger numbers-- for Exchange 12. Perhaps IBM should consider a similar approach.

Pace this ZDNet story, which describes how MessageOne has seen a spike in workload with the unwanted arrival of Katrina in the New Orleans-Biloxi-Gulfport-Pensacola strip. The article makes an excellent point: the time to get a recovery or continuance solution in place is before the bad weather starts. Just like flood insurance, if you wait too long you won't be able to get protection in time.

All I can say is "wow!" There are a ton of new features and enhancements-- very impressive for a point release. Please let me know if you find anything that doesn't work properly.

Wonderful news: Microsoft's Jesper Johansson is blogging. (You may remember him as the guy who said it's OK to write down passwords). Check it.

Microsoft is making a "community technology preview" (CTP) of Exchange Server 2003 service pack 2. This is pretty cool. Get it from this link (which should be live shortly). I'm particularly interested to see how people put the Sender ID tools to use.

Update: the Exchange team blog has a list of FAQs about the CTP. Note well that the CTP build isn't supported by PSS and shouldn't be run on production servers.

Great news: CIS has finally released their benchmark for Exchange 2003. It's a fairly comprehensive assessment and hardening guide for Exchange Server 2003 (see these FAQs for more details). It was developed by CIS with input from NSA, MITRE, Microsoft, and various parts of the Exchange community. I think it will be of great benefit to most organizations now running Exchange (of course, I should have asked them to include the book in the bibliography :) )

Devin Ganger, my cow-orker at 3sharp and coauthor of the Exchange Server Cookbook, is on the scoreboard again-- this time with an ebook on discovery, compliance, archival, and retention. The first chapter's now available, so go check it out.

I've been asked several times about ways to disable the use of removable storage devices to protect against pod slurping and related attacks. XP SP2 has a way to prevent writing to USB devices, but there's another solution that's described in this MVP-contributed KB article.

From an article I'm working on, the difference between high availability and business continuance succinctly expressed:

Availability measures how much use we get out of a system before it fails, or between failures. Business continuance (BC) is different; it means being able to continue business operations (possibly with some degraded capacity) while a recovery operation is in progress. A simple example might help: if your building has an automatic emergency generator, that's HA. If you have to bring in your own generator from home, that's BC.

Last year, I wrote about US v. Councilman, a court case in which the initial ruling seemed to indicate that it was OK to intercept others' email under certain conditions. Yesterday the First Circuit Court of Appeals issued a new ruling, essentially reversing the old one. Councilman was indicted in 2001 for violating the US federal law covering wiretapping because he was using procmail to copy inbound messages to hosted users on his server. The case was originally dismissed based on Councilman's claim that the messages he copied were in "electronic storage" (which has a narrow meaning under the 1968 wiretap law), and that what he did wasn't technically "interception" as defined in the law. The government appealed, and now the Court of Appeals is siding with them. Read their ruling for yourself; after I have time to dig into it a bit more, I'll have more to say (bearing in mind, of course, that I'm not a lawyer and don't give legal advice.)

Finally! Microsoft's released Microsoft Messenger:mac 5.0, which can use both the MSN Messenger service and Live Communications Server 2005. It fully supports TLS and Kerberos (although you'll need to read this reskit paper to turn Kerberos on). It also supports PIC for LCS if you're using it. In my tests over the last few months, I've found it very stable. It just works. If you're using a Mac, give it a try. (now, if we could only get a new version of the suck-a-delic Windows Media Player for Mac...)

See above: how much would you pay for a solution that actively prevents people from using "reply-all" to mass-distribution mails? (RMS does lots of other neat stuff, too, that I'll be writing about in the future.)

Here's an interesting tidbit: Scalix announced today that they're going to ship a wireless solution for their messaging product, based on Notify's product. Pricing and availability weren't announced; from a functionality standpoint, Notify has a pretty nice solution in terms of the range of devices and OTA methods they support. However, this may add significantly to Scalix' "flyaway" cost, making them potentially less attractive compared to Exchange 2003. No word yet either on whether Scalix will require device or mobile CALs in addition to mailbox CALs. Developing...

Bruce Schneier is a smart guy, but he also has a strong anti-Microsoft bias. That's why it's no surprise to see this article, in which he lambasts Microsoft for "building in security bypasses". What's he talking about? A quote from Microsoft's Martin Taylor:

For example, this new feature tool we have would allow me to tunnel directly using HTTP into my corporate Exchange server without having to go through the whole VPN (virtual private network) process, bypassing the need to use a smart card. It's such a huge time-saver, for me at least, compared to how long it takes me now.

Of course, that's our friend RPC-over-HTTPS. I think Schneier missed the point because he misunderstands the intent of the feature, which is to allow mail-only access from remote systems. It's true that VPNs allow for secure remote access to many different types of resource, often using multi-factor authentication. It's also true that many VPN systems (particularly the clients) are unstable and difficult to use, particularly from locations like hotels and airports where the network provider may not be clueful. The RPC tunneling feature allows secure access to email only without a VPN. This is actually a security benefit.

Why? Think of what happens when you connect a remote computer via VPN: you're allowing it unrestricted access to your entire corporate network. That means that when Joe Executive's home machine connects via VPN it has free roam of the network. That places a mighty high premium on ensuring that the remote machine is uncompromised, hence the interest in network access protection (but that's a solution for another day). As an admin, if I have users who only need email, I'm perfectly happy for them to use RPC-over-HTTPS instead of VPN because then I know that their machines are very unlikely to be able to cause damage to other machines on my intranet, no matter how crap-infested they may be. Couple RPC tunneling with an application-layer RPC scanner (like the one in ISA Server 2004) and you're better off than you would be with a pure VPN solution.

Some of the comments on Schneier's post make good points about the tradeoff between usability and security, including one guy who asks why VPNs are so hard to use. That's for another post, unfortunately.

The MS SQL Server 2005 and Visual Studio 2005 teams have a hysterical site called "Escape from Yesterworld" that casts IT development as something out of Flash Gordon. The overall site design is brilliant, and there are some extremely amusing video clips there, including:

• Evil Wears a Cape
• I.T. From Ages Past
• Repetitive Tasks of Doom
• Change Orders of Death
• Terror on Two Wings

Well worth a look-- I give it two thumbs up.

Yesterday I wrote about Simon Butler's quest to prevent individual users from sending messages via MAPI. In related news, the Exchange team blog has a great post today explaining how Exchange 2003 SP2 gives us the ability to block individual users from using MAPI. The good news: because the MAPI blocking is added to the existing ProtocolSettings mechanism for blocking other protocols, you can use the same script to block or allow multiple protocols at once. The bad news: as with Simon's original question, this method doesn't stop existing connections; it only blocks new ones. Still, this is a valuable new capability to have.

Wow, this article made my head hurt. David Berlind of ZDNet documented all the stuff he had to do to get his XV6600 to work via Bluetooth as a modem for his laptop. I admit that I never bothered to try this while I had a loaner XV6600, fearing that it would be too hard to be worthwhile. Here's Berlind's conclusion:

OK, now that we're done, and some of you now have the best step by step you'll ever find for getting a DUN connection working with Bluetooth, what does it tell you that takes nearly 40 distinctly separate screen shots or photos to document something that should be a lot simpler?

Exchange MVP Simon Butler posed what seems like a simple question: how do you stop a user from sending mail? The answer is deceptively complex; we've been debating this on an MVP list for a few days now.

Say you have a MAPI user. You disable the associated Active Directory account, either by disabling the account or by changing the password. In either case, the user can still submit mail to the information store! In the case of a password change, the user will be asked to authenticate again, but if she cancels the password dialog, she can still send-- she just can't receive new mail! That might be a problem in case of an employee who's leaving (voluntarily or not), although a measure of physical access control will help.

You can kill the MAPI session, but that doesn't do anything to stop the user from reconnecting from the client side, at which point you're back to square 1: the user can still send mail. (This doesn't seem to be true if the user quits and relaunches the client after you kill their session, though).

For other protocols, it's easy to prevent users from connecting and sending mail. For example, for IMAP, POP, or HTTP connections, you can just remove the user's ability to use those protocols by using the Exchange Features tab in AD Users and Computers.

If you want to block all users, you can do that too; KB 288894 describes how to limit MAPI connections to a particular version of Outlook (so just set the regkey to deny from the current version (which I think is 11.0.6352.0) backwards. For HTTP, you can either set an IP address restriction on the Exchange vdir (thanks, KC!) or stop the w3svc, although this will have other effects. For that matter, if you want to prevent all client access, stopping store.exe will do the trick nicely at the cost of a service interruption.

Perhaps MS will fix this in Exchange 12.

I leveraged McDonald's wireless service when I was in rural Louisiana, but it looks like I'll have a tougher time getting connected while I'm at Sturgis. The nearest McD locations to Hill City, where we're staying, are in Rapid City, and none have Wi-Fi. Verizon's coverage map shows no coverage for Hill City, although the surrounding areas have digital service-- hopefully I'll be able to use my aircard. There's a local ISP, RapidNet, that may be able to help, too.

Interesting press release this morning from Blue Security, touting their new "Do Not Intrude Registry". The basic concept is simple: you sign up for their service and install an agent on your local computer. Blue creates honeypot mailboxes, which it then monitors. If spammers spam those mailboxes with messages that don't comply with the CAN-SPAM law, Blue asks the spammers to stop. If they don't, the Blue agent (which they call a Blue Frog, after the blue poison arrow frog) starts spamming the spammers by posting junk data to their order form. This is no big deal if only one agent does it-- but the agents are cooperative, so if the spammer sends out 10,000 messages, they get 10,000 junk order submissions.

The PR calls this "ethical and effective". I disagree on both counts; it's nothing more than a botnet in disguise. If it's wrong for J. Random Attacker to mount a DDoS against a website they don't like, it's wrong for Blue to mount DDoSes against spammers. Despite the fancy language deployed by Blue's CEO in this InformationWeek article, it's pretty clear that this is a clear-cut DDoS approach-- Blue is trying to hit the spammers where it hurts by degrading their operational capacity to take orders.

I don't condone spammers, but descending to their level isn't an ethical approach. In a remarkable coincidence, most of the sentiment on /. seems to agree that this is a bad idea.

Update: but don't take my word for it; legendary guru John Levine has weighed in with his thoughts (including the interesting fact that Blue tried to get sponsorship from a number of anti-spam orgs, all of whom rejected the idea).

So, now there are two challengers for Orrin Hatch's seat in the US Senate. Despite the fact that Hatch is nominally from Utah, he's getting a lot of attention in the upcoming race because of his persistent anti-technology stand (here's just one example). Now there are two challengers. Yesterday, Doc Searls mentioned Steve Urquhart, the Republican majority whip in the Utah House; he's going to challenge Hatch in the Republican primary. Boing Boing mentioned Democratic challenger Pete Ashdown yesterday, too (although so far they haven't responded to my email pointing out Urquhart's candidacy).

Interestingly, both candidates blog. However, on Urquhart's blog, he links to news stories at the original source. On Ashdown's site, he's copied most of the articles to his own server and modified them by removing ads. I asked Ashdown about that, and he said that he had permission from the reporters, but he hasn't answered my follow-up question about whether he has permission from the rights holders- a critical distinction.

Neither candidate has defined his platform in much detail; Ashdown seems to be saying (in this article) that he'll position himself as "not-Hatch" and choose whatever platform seems to resonate with potential voters. Urquhart has a slightly better defined platform, going after Hatch's anti-tech attitude and his support for stem-cell research, among other things. It'll be fascinating to see how these two tech-savvy candidates use the Internet to mobilize support both inside and outside Utah. After all, since both are gunning for Hatch based in part on his support of DMCA and copyright extensions, it seems to me that both will be fighting over the same support dollars from organizations like the EFF and Downhill Battle. We'll have to wait and see...

I missed this in all the hubbub here at el rancho, but Alexander Nikolayev posted a terrific treatment of the Exchange 2003 SP2 anti-spam process at the Exchange team blog. He covers how the new SPF/Sender ID filtering process works in conjunction with the existing filtering features. Exchange 2003 SP2 is the only spam filter that Microsoft's using for their 90,000+ worldwide mailboxes; I think that's a pretty strong endorsement of its capabilities.

Just got the press release: Microsoft is buying FrontBridge, a hosted message hygiene service provider. This is primarily interesting because of FrontBridge's strength in compliance solutions; they have a broad range of services built around compliance for email and IM. Their hosted anti-spam services got good props from eWeek, but I think the combination of their data centers (which promise a 99.999% uptime SLA) and their compliance services opens the door for MS to diversify beyond Windows OneCare into a broader scope of direct service provision. I can't wait to see what part they play in the promised Exchange 12 updates for better compliance and message hygiene.

Unless you read the "Book of SP1" very closely, you might have missed out on the fact that Windows 2003 SP1 enables auditing of metabase object access. The IIS documentation for the feature is of little help, since it's missing some steps. This can be very handy for Exchange administrators, given how much heavy lifting the IIS core components do. IIS MVP Ken Schaefer has written a simple explanation of how to configure metabase auditing here.

Discovery HD is showing the documentary "Trinity and Beyond" on Saturday. Now I won't have to buy it.

Here's an interesting development: IBM made a Notes-related acquisition, buying PureEdge. PureEdge makes a set of XML-based forms tools-- not too dissimilar from another familiar XML tool, InfoPath. Could it be that IBM is feeling the pain of having a relatively poor XML story in Notes and Domino? Are they trying to play catch-up? Maybe.

Microsoft is widely reported to be preparing a server-based version of InfoPath, which would give them a pretty complete story for form management on the client, the server, and the back-end (via WSS, SPS, and BizTalk). Looks like form-based application development will become another front in the IBM-MS platform battle. I'll be interested to see how (or if) IBM integrates the new solutions into its products; clearly it's too late for Domino 7.x, so I'd expect these to be part of a future Workplace technology release in some form.

Ever get tired of trying to explain (or, worse, remember) the difference? Check these handy diagrams: RAID-10 and RAID-0+1.

Update: edited to fix a bad link for the first diagram (thanks, Devin!)

Now I've heard everything: this article describes (with a straight face, I'm sure) how to set up a Linux box running VMware to use Postfix as the SMTP front-end and Exchange 5.5 as the mailbox store. Why you'd want to do this is beyond me. For an encore, I hear the author's going to write an article on how to run Lotus Notes 4.0 on a PlayStation Portable.

John Denker has written a superb essay on why ID "theft" shouldn't be a problem, and how we already have all the tools to prevent it from being one. Excerpt:

it shouldn’t matter if somebody knows who I am. Suppose somebody can describe me -- so what? Suppose somebody knows my date of birth, social security number, and great-great-grandmother’s maiden name -- so what?

It’s only a problem if somebody uses that identifying information to spoof the authorization for some transaction.

And that is precisely where the problem lies. Any system that lets identifying information serve as authorization is so nonsensical that it is hardly worth discussing. I don’t know whether to laugh or cry.

He goes on to draw the distinction between entity authenticaiton and transaction authentication, and goes on to propose a couple of schemes for breaking these into two separate mechanisms instead of the conflated mess we now have. Well worth a read for anyone interested in security.

Ironically, my last two UPDATE columns have been on mobility topics-- and now I'm somewhere with no mobile access!

So here I am in Farmerville, Louisiana. What's there? Not much (rimshot). Seriously, I'm here with my family visiting the beautiful Lake D'Arbonne State Park for our annual family reunion-style get-together. Whoever the State of Louisiana hired to build this place did a terrific job; the scenery is beautiful, the cabins are clean, spacious, and comfortable, and the wildlife is abundant. One thing's missing, though: connectivity. Ideally, I wouldn't have to work this week, but I do, so I've been arranging my schedule to work when everyone else is asleep. The problem is getting information to and from the people I work with.

Last year, we stayed in the same place, and I noticed that my Verizon cellphone worked fine. I figured that my aircard would give me data service. Problem #1: Alltel is actually the local network provider, as I found when I noticed the "Extended Roaming" indicator on my Treo. No aircard, and no data service on the Treo. The local public library has a few Internet terminals, but they're a) unstable b) locked down and c) on a network that won't allow me to plug in my laptop. Last year, I was able to cadge a few minutes from the nice lady who owns the local Radio Shack franchise, but that clearly wasn't a scalable solution. I didn't think she'd welcome seeing me twice a day every day, no matter how many batteries I bought.

The solution came from an unexpected quarter. I asked the lifeguards at the park pool, the folks at the public library, and the staff at the Radio Shack whether there were any public Internet points or cafes nearby. No one had a clue. While racking my brain to think of local businesses from which I could beg bandwidth, I remembered the McDonald's at the corner of La-2 and Bernice Highway-- a mere five miles from the park. A quick call to Devin netted me the information I sought: the local McD's did in fact have Wayport WiFi. Last night I rolled in, opened the laptop, and downloaded the 400+ messages that accumulated since I got here on Saturday. Today I made a grocery store run and stopped off for a Quarter Pounder and some email; I'll be heading back later tonight for another delivery.

I guess that means that I have to officially retract all the crap I gave McDonald's about their food. It's still not my favorite, but I'm willing to put up with a lot for the ability to keep my customers happy by delivering my work on time. It says a lot about their franchise consistency that even a small town like Farmerville rates WiFi in the store.

I blame this on Ed Bott; he posted on the "music shuffle" craze sweeping the Internets. You're supposed to fire up your MP3 player and list the first 20 songs it plays. So, here's my list: song title, band, and (album)

• "Little WIng", Stevie Ray Vaughan (The Essential Stevie Ray Vaughn)
• "Digital Man", Rush (Signals)
• "The Weekend", Michael Gray (Ultra iDance 03)
• "God Made Me", Chantal Kreviazuk (Under These Rocks and Stones)
• "Concerto #5", Bach (Brandenburg Concerto #5)
• "Back in Black", AC/DC (Back in Black)
• "We Belong", Pat Benatar (Best Shots)
• "Eye on You", Billy Squier (Best of...)
• "Too Weak to Fight", Clarence Carter (The Golden Age of Black Music, 1960-1970)
• "The Slam", TobyMac (Welcome to Diverse City)
• "Fibber Island", They Might Be Giants (No!)
• "Call to Love", Crooked FIngers (Dignity and Shame)
• "Haunted", Evanescence (Fallen)
• "Andante", Bach, (Brandenburg Concerto #1)
• "Sweet", 311 (311)
• "Free WIll", Rush (Permanent Waves)
• "Hillbillies", Hot Apple Pie (Hillbillies)
• "For an Angel (PVD Angel in Heaven Radio Mix)", Paul van Dyk (Machine Soul)
• "Personal Jesus", Johnny Cash (American IV: The Man Comes Around)
• "Red Tide", Rush (Presto"
• "The Unforgiven", Metallica (Metallica)
• "Miss Elaine", Run-DMC (Tougher Than Leather)

On this day, I'm reminded of the title of Sam the Eagle's portion of Muppet-Vision 3D: "A Salute To All Nations, But Mostly America."

I'm thankful for this country. It has its flaws (or, more precisely, we Americans have our flaws), but there is no place I would rather live. I am grateful for those who have sacrificed to build it over the last 229 years: not just for those who fought in our wars, but also for those who built something for future generations. I appreciate the fact that I can worship how I please, without fear of government interference or persecution, and that all citizens are guaranteed a basic set of rights that are still the envy of the rest of the world.

Are there some areas that need fixin'? Yes (starting with: Mr. President, don't you dare try to appoint Torture Boy Gonzalez to the Supreme Court!). Nonetheless, I still love this country and what it stands for. Happy Fourth of July!

Update: two bonus links: the 4th of July is the deadliest traffic day of the year, and how to snip a 5-pointed star with only a single cut.

Microsoft today released version 2.0 of the Microsoft Baseline Security Analyzer. Among its many other new features, it can scan for Office security updates (among other products), it works with WSUS, and it presents more data on potential vulnerabilities. Go get it now.

From this morning's Wall Street Journal: Microsoft settles their antitrust dispute with IBM by paying them $775 million; in addition, MS is giving IBM "credit" of $75 million towards deployment of MS software at IBM. This essentially resolves all of IBM's claims of harm to OS/2 and the SmartSuite products, but it still leaves open potential claims by IBM for harm to their server software. It does set the clock for claiming damages forward, though, to June 30, 2002. Interesting...

From this morning's Al's Morning Meeting:

150 million: Number of hot dogs (all varieties) expected to be consumed by Americans on the Fourth. (That's one frankfurter for every two people.) There's about a 1-in-4 chance that the hot dogs made of pork originated in Iowa, as the Hawkeye State had a total inventory of 16.2 million hogs and pigs on March 1, 2005. This represents more than one-fourth of the nation's total. (Data on hot dog consumption courtesy of the National Hot Dog and Sausage Council.) Data on hogs and pigs at http://www.usda.gov/nass/.

6: Number of states in which the revenue from chicken broilers was $1 billion or greater in 2004. There is a good chance that one of these states -- Georgia, Arkansas, Alabama, North Carolina, Mississippi, Texas -- is the source of your barbecued chicken. http://www.usda.gov/nass/.

Better than 50-50: The odds that the beans in your side dish of baked beans came from North Dakota, Michigan or Nebraska, which produced 58 percent of the nation's dry, edible beans in 2004. Another popular July 4 side dish is corn on the cob. California and Florida together accounted for about 45 percent of the value of sweet corn produced nationally in 2004. http://www.usda.gov/nass/.

One-half: Amount of the nation's spuds produced in Idaho or Washington in 2004. Potato salad and potato chips are also popular food items at July 4 barbecues. http://www.usda.gov/nass/.

Nearly 69 million: Number of Americans who said they have taken part in a barbecue during the previous year. It's probably safe to assume a lot of these events took place on Independence Day. See Table 1238, 2004-2005 edition.

I've decided to take the plunge into podcasting with a new series of podcasts for Windows IT Pro. The idea was hatched more or less out of the blue while I was sitting at TechEd with Karen Forster and Amy Eisenberg, so I offered to do a trial run of podcasts to see what kind of reader, er, listener reaction we got. I'm trying to do one 'cast a week on average from now until September, at which point we'll see what kind of listener numbers I can post. (In a transparent attempt to raise those numbers, I registered my podcast feed at Apple's new podcast directory; maybe that'll help).

Buy.com is selling the Verizon version of the Treo 650 for $175 to new customers; it's really $399, then you get $225 back via mail-in rebates. Still, that's a good deal for the Treo. Notably, palmOne hasn't released a firmware update for the VZW model, although there are updates for both the Sprint and unlocked-GSM versions that they sell.

Wow, what a great crop of summer books! A new book from Richard Morgan (Market Forces), author of two of my favorite hard-boiled SF books (Broken Angels and Altered Carbon); Dan Simmons' sequel to the excellent Ilium (Olympos); the yearly Year's Best Science Fiction, and two new Neal Stephenson books (co-written with Frederick George): Cobweb and Interface).

Of course, the fall isn't looking too shabby either: Morgan has a third Takeshi Kovacs book (Woken Furies) due in late September, and John Birmingham has Designated Targets, the sequel to his excellent Weapons of Choice (which somehow I forgot to review). S.M. Stirling even has a sequel to Dies the Fire, The Protector's War, that I'll plan on reading.

And, doggone it, Barry Eisler somehow managed to sneak out a new book in his John Rain series (other reviews here), Killing Rain. That's going straight to the top of my reading list.

The Exchange team just released version 2.1 of the Exchange Best Practices Analyzer (ExBPA). There's a lengthy list of improvements over at the Exchange team blog. My favorite new feature: the rule that warns you if only a single GC is present.

This is cool: a multimedia feature on the NY Times website featuring four or five LDS missionaries now serving in New York City. Unsurprisingly, all of them seemed to love serving in NYC; I'd guess that if there were any small-town Utah boys who hated it that they weren't invited.

Amazon is now shipping the Exchange Server Cookbook. The book is now ranked at 8,930 (not bad for a debut title), and it's holding steady at #17 on the "computer early adopters" sub-list. Thanks to all of you who pre-ordered! If you haven't ordered your copy yet, now's a good time :)

Even though the the DC circuit Court of Appeals struck down the original broadcast flag rules, the entertainment industry is still trying to clamp down on the devices we all use. I got an "action alert" email from EFF asking people to call Senators on the Senate Appropriations subcommittee that owns technical issues. Apparently the forces of darkness are trying to sneak a broadcast flag amendment into an appropriations vote. If you value your ability to use devices like iPods and TiVos, call or email your Senator right now. It only takes a minute to do, and the subcommittee markup is at 1400 EDT today, with a full committee vote on Thursday-- not a lot of time.

Now here's an interesting development: VERITAS announced yesterday that IBM has agreed to resell VERITAS' Cluster Server and Storage Foundation products for Linux and for Windows. It'll be interesting to see what impact this has on the adoption of Storage Foundation in the Windows market; it's a very capable product that has been hampered by VERITAS' difficulty in effectively selling non-backup WIndows products.

Wow, this is unexpected. Verity, which makes both the UltraSeek and K2 Enterprise search tools, announced today that they're making one-year licenses for UltraSeek free for collections of less than 25,000 documents. If you have more than 25,000 documents, you can buy a four-year license for US$75,000; while this sounds expensive as all get-out, it's considerably cheaper than their original pricing. UltraSeek's strength is that it's designed to be an install-and-forget search product that delivers a user experience not dissimilar from Google's Internet search; Verity is throwing in access to their classification engine and their extension API, both of which used to be extra-cost options. This is an interesting move, and one which I think will help solidify their presence in this space by getting them into some doors they otherwise wouldn't have been able to cross. The missing piece is still desktop search, where Google and Microsoft have significant leads that Verity will be hard-pressed to match-- we'll have to wait and see what happens.

Clusters are like nuclear weapons: they're expensive; they're dangerous if misdeployed; people who don't have them frequently envy those who do, and they offer some key advantages that aren't easily matched by other technologies. (Also, they can cause significant amounts of fallout.)

Wow, this is great news: Charlie Stross has released his newest book, Accelerando, under the Creative Commons license. That means you can read it for free.

I've turned off trackbacks for all posts older than 5 days. I'm tired of having to clean up spam every single day. I sure with the MovableType people would add better (== supported) antispam tools.

David Berlind asks "Who broke the Apple news?" He points out that the Wall Street Journal wasn't the first to break the story, as Steve Jobs claimed during his WWDC keynote. However, Berlind credits C|Net's June 3 story. However, more than a month beforehand, Paul Thurrott broke the story in this April 26 column, although he didn't cite sources until May 23rd-- the same day the WSJ printed their story. I'm disappointed to see the widespread lack of recognition for Thurrott, because he was the original person to break the story. And no, saying that David Coursey predicted this in August 2002 doesn't count as prior art, since that was a prediction and not a report of the actual transition.

{ed: updated to add a trackback to Berlind's original article}

From the "sounds dirty, but isn't" department, the newest security threat to corporate America: pod slurping. Abe Usher wrote a small executable that can be run from an iPod connected to a PC. When run, slurp will find and copy all of the document files it sees in subdirectories of c:\documents and settings. I hate it when that happens.

Scoble's raving about how sexy the new Lenovo Thinkpad X41 is. He's right, but here's the weird thing: where's Lenovo? In Ballmer's keynote yesterday, the X41 was on stage for a total of about 90 seconds. Instead of showing it, it got a brief mention and then Ballmer took it off-stage. The script surrounding its appearance sounded like a bad TV commercial. This would have been a perfect opportunity to showcase what makes the X41 special, or at least to include it in a demo of some kind. We've had a great deal of success including the Tablet in our line-of-business demos; for example, BJ Holtgrewe could have showed his stuff on a Tablet and then disconnected it to roam around the stage, just to highlight his claims about what Maestro and the Outlook managed-code support in Visual Studio could do. I know that IBM's former Thinkpad marketing folks now work for Lenovo, but suddenly they seem to have gone tone-deaf. What's up with that?

Update: I spent a few minutes playing with an X41 Tablet at IBM's booth. Terrific form factor, and it has the same solid feel as my T41 (and its predecessor T30, and the T20 I had before that, and the 600E I had before that). I think IBM's going to sell a lot of these.

Opening riff: Samantha Bee interviewing people in the audience. Medium-funny. We all want to give information workers a wedgie!

Paul Flessner onstage, "interviewed" by Bee. "This morning, he's the Techie Show's special senior connected systems correspondent."

Flessner: IT's a tough job. Budget's always cut. Clinton imitation: "I feel your pain." Bee: "Can you honestly echo his quote that he didn't inhale?" Big laughs. Funny story about accidentally powering down a rack of 3380s.

Now Flessner's presentation starts. "You might be asking yourself, what's a connected system?" Interesting slide showing progression of connectivity from first telegraph msg to first transoceanic cables to radio and TV to ICs and the Internet to the 2000 release of .NET.

Talking about the change in business application architecture from mainframe (monolithic, multi-function) to mini (monolithic, multi-function, with separate client). Wrong factoring for large-scale async applications. Refactor multiple functions of monolithic apps into cloud of web services, each offering well-defined independent services that are atomic and don't share context or state. Clouds of composite applications that federate data ("Federated data-- I'm not advocating it, but it's sort of a fact of life") and identity. "I'm not saying that you have to throw out your existing systems and rewrite... but it is something to think about. Think hard about breaking down into atomic services."

Three pillars: highest developer productivity, mission critical abilities, better business decisions. Have to enable both data and process.

Update: SQL Server 2005: integrated with VS and .NET to deliver integrated debugging / development. "No one in the world who wants to ship SQL Server 2005 more than me." Develop and debug code on client, midtier, and back-end from directly within VS. CLR now deeply embedded in SQL Server. Service broker (async queuing and messaging), cache sync, native XML database support. [ed: nothing new here that I can see, and I don't know much about SQL Server 2005]

Update: BizTalk Server 2006. Integrated with SQL and VS 2005, one-click deployment. Big win: simplified setup [ed: that's one of the biggest pains with BizTalk 2003-- it's extremely difficult to set up and get going] "You're going to get a lot of stuff for free in terms of ?? or SQL Server".

Announcing: RFID infrastructure from Microsoft. [ed: I got it wrong yesterday-- I thought the demo was supposed to be yesterday-- no demo yet, though] Partnership between Symbol, Printronix, and MS. No timeframe; "you should sort of expect it in the 2006 timeframe."

Update: Visual Studio and VS Team System. [ed: this is super cool and is MS' attempt to kick Rational in the butt] Load testing, profiling, test coverage, other QA tools integrated into a "more sophisticated and more scalable" source code control service. "We're super excited about it... A lot of partners already plugging in and extending this".

50-75% code reduction for most scenarios of web dev and smart client dev. Better perf and offline experience for web apps; ClickOnce for smart client apps. CacheSync provides local caching of back-end data under developer control. "It will be difficult to buy a non-64-bit machine in, say, 24 months."

Demo: Brian Keller, PM for Visual Studio. His mom's in the audience! Demoing app showing counts of attendees in various locations via RFID. Now showing graph of number of attendees vs number of proctors in hands-on labs. [ed: cool, but scary; this isn't really anonymous even though they keep saying it is] VS 2005 supports smart tags [ed: great feature!] Large library of "code snippets" "that you don't have to develop or test". Demoing RFID monitoring of a piece of equipment as it moves around.

[ed: I see something that looks like a BattleBot on stage] Sure enough, that's Flessner's missing hardware. It runs on the .NET Compact Framework. The 'bot is delivering a Portable Media Center. "First RFID raffle ever". [ed: I didn't win]

Announcing: $50K Connected Systems Developer Competition. No real details.

Video featuring Xerox application developers. [ed: Borrring.]

Update: Samantha Bee again demoing the SQL Server 2005 Technical Benefits Translator. First benefit (availability): "Downtime is for suckers" [ed: my new email signature!] Second benefit (security): "Hey, hackers, bite me!" Third (scalability): "SQL Server 2005 is like spandex pants." "No matter how big you get, they still fit!"

Update: Flessner's back. Safe synchronous database mirroring or async replication. Online indexing, fine-grained online undo/repairs.

Talking about security now. "I apologize for [Slammer] again today." Showing critical security bulletin count of SQL vs Oracle. 2002: 11 for MS vs 20 for Oracle; 2003: 2 vs 13; 2004: 1 vs 74; 2005: 0 vs 2. [ed: source for this is vendor sites, osvdb, and Secunia]

Key security measures: surface area reduction, enhanced security (native encryption, cert mgmt, password policy enforcement, auditing & authZ). SQL Best Practices Analyzer ([ed: great! the Exchange BPA is a terrific tool].)

Rockin' TPC numbers: $5.38 TPC-C and $54 TPC-H (1 TB), compared to $6.49 and $119 for SQL 2000. Same hardware for SQL 2000, SQL 2005, and Oracle: Oracle is $8.33 TPC-C and $68 TPC-H. [ed: lots of fine print on this slide detailing the exact HW config and results]

Update: Francois Ajenstat, GPM for SQL Server, coming onstage to demo. Cool moving-bars perfmon application showing SQL 2000 vs SQL 2005 on identical HW. 64-bit version of SQL 2005 on Win 2003 x64. [ed: No surprise: much better perf due to much larger cache.] Here comes the BattleBot; it's attacking the network switch that connects the SQL Server 2005 32-bit demo machine. [ed: it's all pyro, no actual metal was bent] Failover worked well, though.

Update: Samantha Bee again with the head of "None of Your Business". "We follow the IBM/Oracle model... You pay to put information into a database, and if you really need it back, you pay to see it again."

Update: Back to Flessner. "Business activity monitoring is to business what BI is to data." Integrates SQL reporting services and "Office Scorecard Accelerator". Integrate, then analyze, then report. Announcement: SQL Server Reporting Services will be available in all SQL 2005 editions.

Demo: Donald Farmer, GPM for SQL Server. Stopwatch demo: Farmer has 8 minutes to do some reporting. Data mining over the output of a conditional split. [ed: Lots of clicking, so I can't follow step by step.] Prediction value of data seems low-- 0.26 or thereabouts. Showing wizard for creating report based on analysis. Flessner: "Kind of ugly, isn't it?" Farmer: "It does look like a report done in 5 minutes, doesn't it? Typical real-world scenario: he asked me to clean his dirty data, I did it in half the estimated time, and he's still not happy." Lots of applause and laughter.

Now showing visual report builder to prettify the report appearance.

Announcing: SQL Server 2005 launches week of November 7. BizTalk 2006 CTP starts now; SQL Server 2005 CTP starts June. Free Standard Edition of SQL Server Standard Edition for all TechEd attendees.

Gartner revenue market share numbers 2004: IBM 34.1%, Oracle 33.7%, Microsoft 20%. "sort of an option to port to Linux; haven't discussed that with Bill lately". IDC's unit share numbers: IBM has 7%, Oracle has 25%, Microsoft has 41%. "We took share" from IBM and Oracle. "How does IBM have the #1 revenue share and the lowest unit share? Let's take a look." Enterprise unit share: 9% IBM, 29% Oracle, 34% Microsoft.

Pricing: base product, 1 CPU, base price for enterprise edition of base product. Oracle $40K, IBM $25K, Microsoft $25K. Upcharges for manageability, availablity, clustering, BI, and multi-core. Final price for dual-core with all options: $232K for Oracle, $330K for IBM on AIX (they don't charge for multi-core on x86/x64).

Announcing: SQL Server Migration Assistant. Automates Oracle-to-SQL Server migration. Claimes to reduce manual effort by over 80%. Contest: most exciting Oracle conversion wins a custom chopper.