Ballmer’s famous reaction to the iPhone seems all the more funnier now, looking back. According to claims, Microsoft is planning some changes for Windows Mobile 7:

1. No multitasking
2. Use a push notification for updates
3. Use the iPod Touch ZuneHD interface
4. Force apps to be installed via the iTunes App Store Windows Marketplace

While these changes aren’t confirmed yet, even if one or two of those changes are true, they scream jealousy. Why these changes? Microsoft needs to be able to compete with Apple on speed, battery life, and stability. While I am certainly not in any inner-circles close to this, I’m sure Microsoft is finding that people want stability, responsiveness, and good battery life in their cell phones. I know that responsiveness and stability are top on my list (I haven’t been overly happy with a phone with the exception of my BlackBerry ((no AT&T coverage in my area))  for some time now over those very things).

Whether Microsoft wants it or not, the world is slowly drifting away from do-it-all devices that have to be setup by power users. The world wants phones that they can turn on, install apps, and start using without having to worry about one application slowing down the phone or having too many open causing the phone to crash.

But not to worry, to those now doubting Microsoft, they thought of all of these radical changes all on their own..

• Can Microsoft Dismiss Apple's Marketshare as Insignificant? Microsoft CEO Steve Ballmer talked yesterday about its top competitors...
• How The Microsoft Stores Will Differ From Apple Stores In some serious Microsoft-bashing style, PCWorld had a great list...
• Google Pulls a Microsoft Several PC vendors have come forth and stated to Google...
• Ballmer Picks on Competitors Over.. Cost? Microsoft CEO Steve Ballmer recently talked about Microsoft's virtualization strategy...

• Paving The Way To The Future Of Dating Services Just as little as 20 years ago the way you...
• Windows 7 Complaints Begin [/caption] Windows 7 Complaints Begin by David Goldman Wednesday, December...
• Can Symbian BREW Blackberry? Perspectives of Wireless Marketing Wars Who will Be the Winner?According...
• Ways to Green Your Home There are many different ways that you can green your...

While I can’t say that I’m surprised, I’m a bit frustrated and disappointed in Google over the recent news that they are adding a Twitter-like clutter status to the Gmail interface. While I appreciate fancy new tools built into apps I already use as much as the next geek, I really, really don’t need yet another social networking tool to update, integrate, and look at. Seriously, it’s not new content. Does anyone really put unique content on Facebook, Twitter, Linkedin, and every other social networking site they belong to? I certainly don’t and don’t know anyone who does. My accounts are all inter-twined and I’m tired of having to filter out the duplicate data on those sites. Adding yet another list of the same things from my friends is just clutter in a used-to-be clean interface.

UPDATE:

According to a Slashdot article today, the problem looks like it may be much worse. According to the article, Gmail will be adding Facebook-like photo albums and comment feeds. Fortunately, the Gmail social networking tools are opt-in, so perhaps I won’t have to see the clutter when I don’t want to? We’ll see.

• The Real iPhone Killer: Apple? Ever since the release of the iPhone, other cell phone...
• Beta: Greek for Better? While perusing forums and blogs, I've noticed a trend that...
• Mac vs. PC: How Well Does It Age? Yesterday I took a look at a ridiculous study sponsored...
• HP Acquires LeftHand Networks Hewlett-Packard announced today the purchase of SAN maker LeftHand Networks...

• LG GW620 Brings Social Networking via Mobile Phones to a New Level Are you a social networking butterfly and craves for a...
• Three ways to find a cool deal using Google (This guest post is by Ann Smarty, a search engine...
• From IP network to broadcast network: Understanding the new media landscape [/caption] by Tony O'Driscoll So, how does an unknown anthropology...
• Twitter Tools Here Is An Overview Of The Currently Most Effective Tools...

With today’s announcement that Canonical is changing the default search provider to Yahoo, Apple’s rumored talks with Microsoft, and cell phone providers such as Verizon also jumping to Bing, we may get to see just how big of a role the default settings have on people’s search preferences. Google has been dominating the search market pretty much since the beginning with a significant boost coming from the fact that Google is the default in several of the world’s browsers, though some of it is some good old-fashioned branding and marketing.

Canonical’s decision to change the Ubuntu default search engine and rumors that Apple may be soon to switch the default provider on the iPhone (I’m assuming with regular old Safari soon to follow), Google will no longer be the default on most of the major desktop OS’s of our time. Verizon has also struck a deal with Bing and made it the default search provider on its mobile phones. I personally was pretty mad the day that the Bing icon on my BlackBerry, but that’s a story for another day.

Citing concerns over privacy, there have been several who have spoken out against Google as well. Google has even stated that it is considering pulling out of the huge market of China.

Despite these things, Google’s search market share has continued to increase month after month. These next few months will be interesting to see what happens to market share as these talks fall into place. The true test of the Google brand will be for those users who have to go out of their way to choose Google as their search provider, rather than Google enjoying its nice defaults that it has enjoyed over the past few years.

• Does Google Really Need to Worry About Bing? At the end of July, a lot of blogs and...
• Microsoft's New Ad Campaign: Media Player Required? So Microsoft released a new ad campaign yesterday. It's part...
• Google Enters the Offline Client Game Google has finally entered the ranks of its email competitors...
• Google Adds Push Mail to Sync for iPhone, Windows Mobile In a blog post from the Google Enterprise Apps team,...

• Five Ways to Use Leftover Chicken Baked chicken is one of my favorite meals to prepare...
• Google Search Based Keyword Tool Googles search based keyword tool is great for finding better...
• Bing overtakes Google in U.S. market share Microsoft Corp's new Bing search engine gained U.S. market share...
• Would Google be able to rule the roost outside its stellar search? Google is sometimes misled with the term “search,” which is...

Well, I guess Canonical has taken the idea of “minimum virtual machine” to the extreme. The 9.10 version of Ubuntu Server JeOS (F4 + select “Minimal Virtual Machine” at install time) apparently doesn’t include dig in the default installed packages.

I was shocked when my new virtual machine was having problems with connecting to the Ubuntu repositories and I couldn’t do a dig as a test:

-bash: dig: command not found

I’ve never seen a Linux distro without dig installed by default, but apparently it’s not as necessary to others as I would have thought..

Anyway, the package comes with the dnsutils package:
sudo apt-get install dnsutils

• Ubuntu Server Booting in Virtual Machine I have recently been playing with several virtualization technologies and...
• Ubuntu Takes Over French Assembly A blog entry at the NY Times site is reporting...
• Zimbra In an Hour After spending a great deal of time the Zimbra forums...
• Large Storage VMotion and a Little Patience Whilst doing a little storage vMotion using VMware this week,...

• How to Run Chrome OS in a Virtual Machine go.tagjag.com - go.tagjag.com - We've seen some excellent screencasts come...
• How to Choose and Install Automatic Lawn Sprinklers Though it might look like an intimidating project, you can...
• Download the Google Chrome OS Virtual Machine Download the Google Chrome OS Virtual Machine. GeekLad Last week,...
• Intel releases patch for IPMI driver causing conflicts in Microsoft Hyper-V (General Access Denied error) Users of S3000 & S5000V/X/S chipsets running on Microsoft Windows...

It’s no secret that Microsoft’s Internet Explorer has been taking a beating over the past week. After all, Google, the world’s most popular search engine company has blamed a vulnerability in IE for allowing attacks on its systems. After Microsoft admitted it was indeed a flaw in IE that made the attacks possible, the German government released a statement urging people to switch browsers and a similar statement from the government in France soon followed. Microsoft obviously came back with a statement urging users that those governments’ advise was far too strong of a reaction.

Part if Microsoft’s message was spot-on. Switching to a different browser due to a single flaw is a really over-dramatic reaction to the situation. If I immediately stopped using any product that had a vulnerability, I would communicate with no one. Even physical mail can be stolen and has been stolen in the past, therefore one would be forced to live in a hole in the ground, not communicating at all. I would recommend not using IE for far bigger reasons than this single vulnerability, but switching solely because of this is purely sensationalism.

On the other hand, the rest of Microsoft’s message was taken to the opposite extreme. They responded by informing users that switching to a different browser would lead them to an even greater threat. Quoting from Cliff Evans at Microsoft (via TechRadar.com):

The net effect of switching [from IE] is that you will end up on less secure browser

The risk [over this specific] exploit is minimal compared to Firefox or other competing browsers… you will be opening yourself up to security issues.

I’m not aware that the vulnerability exists in other products, but those products may have other vulnerabilities.

As much as I want to say that was intended as a joke, it’s not. Yup, instead of using products that might have vulnerabilities that Microsoft’s UK Security Chief “isn’t aware of”, users should feel comfortable using a browser that has known vulnerabilities used in a real life attack. No, I’m not switching up my stance that users should switch purely for this one incident, but to claim IE as the only secure browser in the world is absolutely ridiculous and laughable. IE’s history doesn’t help it much, but I’ll give them the benefit of the doubt on this one and let that part go.

• Microsoft Threatened by Open Source? In Microsoft's annual report released yesterday, it talks about the...
• Microsoft's New Ad Campaign: Media Player Required? So Microsoft released a new ad campaign yesterday. It's part...
• Google Enters the Offline Client Game Google has finally entered the ranks of its email competitors...
• Microsoft: Most Users are 'Starters' Microsoft has announced that it will be selling Windows 7...

• Product review: Microsoft Response Point 1.0 Product review: Microsoft Response Point 1.0 Microsoft's small-office VoIP system,...
• Happy New Year! photo credit: claudmey It's a brand new day and a...
• Google Chrome: the OS. Google announced last Tuesday that it has its sights on...
• Google plan to launch a new Operating System in 2010 Google plan to launch a new Operating System in 2010...

I was a bit shocked and disheartened tonight to discover that my WordPress version was being broadcast to the world without me knowing it. It’s something that I hadn’t ever really given much thought to, mostly because I always assumed that a piece of information like that wasn’t being given out. What was even more disheartening to me was what I discovered as the method for disabling this broadcasting of my version number. The easiest way, by far, was to just install the Secure WordPress extension (or I could dive into a bit of their PHP code and have to make the change with each upgrade, not so much fun). Not so long ago, there was a huge ordeal about a vulnerability in WordPress 2.8.3 that allowed an attacker to reset an admin password very easily. No wonder they urged us to upgrade so quickly – your vulnerability was being broadcast.

The sad part is, broadcasting this version number isn’t something that can be disabled using the built-in settings. I don’t know what the rationale is, but one either has to edit the functions.php file in WordPress directly, or install the plugin mentioned above.

Anyway, this got me thinking about plenty of other open source softwares that I’ve disguised over the years.. For instance, perform a fresh install of Ubuntu 8.04 with the LAMP stack and you’ll see the version listed in the headers as detailed as this:

Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch Server

Yup, there it is, script kiddies. Bust out Metasploit and eat your hearts out. In this case, if one leaves the defaults enabled, the server major version, minor version, PHP version, OS, and WordPress version all are exposed. That leaves a pretty nice little attack vector.

Of course, hiding these things doesn’t mean that anything is secure. On the contrary, one must go far deeper than that. I am just disappointed in so many open source projects that cut down the time needed for any script kiddies to start playing with my public services.

• The Difference Between an Apple and Microsoft Upgrade Like a good little Apple fan, I went out and...
• VMware: A Traditional Licensing Model in a SaaS World With our economy closing in around us, companies are investigating...
• Googles Do It Too Silver bullet syndrome has struck again. This time in the...
• Is Microsoft Supporting Old Products Only When It Feels Like It? It was barely a month ago that the web development...

• How to: Add your Signature in your blog (Blogger and WordPress) Writing a post or an article is like writing a...
• Bring Your Web Site to Life With PHP Bring Your Web Site to Life With PHP By Shelley...
• Why is WordPress the Best Blogging Platform? There are a variety of reasons for why WordPress is...
• Recap US Open Day 13 & 14 Rafael Nadal is going up against Juan Martin del Potro...

I’ve been enjoying reading an interesting conversation at krebsonsecurity.com surrounding news that a security firm in Russia that is disclosing a number of vulnerabilities to a number of web and database server applications. They are releasing details over this week and the next two.

For as long as I’ve cared, I’ve always considered myself more of a “responsible disclosure” kind of a person. That is, until I heard an interesting argument that I’ve never seen very clearly articulated before. As a sysadmin, when a vulnerability in a web server (for instance) is disclosed, one can monitor for someone trying to exploit that vulnerability and stop it (or at least log what happens). Without that disclosure, one has no idea what software is vulnerable and known only to some black market somewhere. It’s odd, but humans are comforted in that way. It’s kinda like knowing that a $500 repair is coming for one’s car. It’s a lot easier pill to swallow when one knows about it, say a month or so in advance rather than being surprised by it.

However, there’s still a piece of the rationale behind Intevydis’s stance on immediate full disclosure that I still don’t quite grasp. Quoting from their blog:

You – ABCD company, making N millions per year selling your buggy XYZ product all over the world, why are you asking to give the results of the hard work during many years for free? Instead of wasting your and our time would not it be better to allocate resources to enforce good coding practices for all your amateur software developers?

Okay, so the main argument here is that they don’t want to give away their research for nothing. That is absolutely a fair thing to ask for. Knowledge and research isn’t cheap, so it’s not something that many people want to give away for free. I get it. However, I have to ask: How is full disclosure better than “responsible disclosure” (I’m using the quotes because I’m not sure how responsible so-called “responsible disclosure” is anymore) in that respect? Seriously, you don’t get paid for posting a blog entry about the latest exploit in [insert your favorite CMS here] that allows others to break into those CMSs quite easily every time one is found on the web.

And another thing, exactly who’s time are we wasting here? The developers of the software are obviously not wasting their time since they’re drawing in ‘N millions’ of dollars for the software they created. Yet, the research group is the one disclosing that they’ve found a vulnerability in the software, but they won’t tell anyone what exactly the flaw or bug is. Wait. Who’s time have we wasted now? My time for reading the report and yours for researching, finding, and sort of disclosing the vulnerability? Yes, that’s exactly who’s time was wasted. Of course, if one gets to this point in the game and are wanting money, they’re likely going to be written off as a blackmailer, but let’s be real. Either do work for pay or don’t complain about someone wasting your time for wanting you to backup claims with proof.

I really can’t grasp why full, immediate disclosure of vulnerabilities helps the problem of a revenue stream for this security company over “responsible disclosure”. There are a few indirect ways that these kinds of things can help their revenue such as consulting jobs due to exposure for finding a vulnerability. Of the ways that I can think of, though, there’s still room for a bit more of a “responsible disclosure” strategy than they are acknowledging. Not only that, but they’ve essentially burned a bridge with any software company that might hire them to do a penetration test on their network when they piss off said company.

There a ton more angles to this discussion that I simply don’t have time, nor do I suspect anyone would read much of it. However, I would like to hear from anyone who disagrees or has more to add to the discussion in the comments below.

• Ballmer Picks on Competitors Over.. Cost? Microsoft CEO Steve Ballmer recently talked about Microsoft's virtualization strategy...
• Trojan Hits Macs Through Pirated Software Appleinsider reports that tens of thousands of Mac users have...
• Conflicker is Alive The makers of Conflicker or no longer April-foolin' around. The...
• Microsoft Threatened by Open Source? In Microsoft's annual report released yesterday, it talks about the...

• Call Center Software - Does My Business Need It? Ten years ago most businesses would not have considered owning...
• Dispensing Money Advice (or not) to "Help Resistant" Family and Friends The holiday season is known for joyous celebrations of extended...
• Pros And Cons Of Google Adwords Search engines have always been a part of the Web...
• Dedicated IP Web Hosting   Dedicated IP web hosting, or static web hosting is...

The web is abuzz with all kinds of bloggers and other writers talking of how 2010 will be ‘the year of the tablet pc‘. I have to admit, these devices look really cool, but where do they fit in? I’m getting a bit confused about what these tablets are supposed to replace and what exact function they would serve in my life.

A conversation by the BBC with Microsoft CEO Steve Ballmer said it all for me. During the interview, Ballmer was talking about why the tablet would take off this year after years of trying. Ballmer did raise some good points about technology evolving, however, he raised a big question for me. During the interview he stated that, “These things are not replacement [devices] in every sense.” Meaning, one won’t replace their laptop or smartphone with a tablet. My problem is, where does that leave the tablet, then?

For me personally, I’m sick of having more gadgets. I’ve got a BlackBerry, an iPod, a MacBook, a Wii, a DVR, and a desktop computer. I’ve like the idea of having a Kindle and maybe a GPS device, but I’ve been turned off about the idea of having yet another device to throw into my backpack or pocket. If a tablet PC can’t replace one of my gadgets (hopefully a gadget that’s larger than the tablet), then it definitely has no place in my home. In addition to that, I’m not sure what economy these people are living in that we can afford all these devices plus purchase another one that doesn’t let us not purchase either a phone or a laptop.

The closest thing that I’ve heard of a tablet replacing is a netbook. That may be the case, only time will tell. The problem with that logic in my mind, however, is that the tablet PCs will likely be significantly higher-priced than netbooks have been so far which might make them cost-prohibitive as replacements for netbooks.

Of course, only time will tell, but I’m not yet convinced that these tablet PCs will see nearly the market share that we’re being led to believe. If Ballmer is right (I believe he is here) and these devices are just add-ons and not replacements for traditional laptops or smartphones, the tablet is doomed to be a niche product forever.

• Windows as a TV-Tuner Commercial So I recently saw a Microsoft commercial about how Windows...
• Why Windows Needs 'the Cloud' To Fail Buzzwords and hype aside, the world is moving towards a...
• Microsoft to Refine Netbook Definition to Manufacturers.. And Charge More for Not Being Small Enough? Ugh. Microsoft is at it again. Reportedly, Microsoft is going...
• SSH (and tunnel) In One Click of a Mouse I can't believe I haven't seen this tool before. Worse...

• Screen Door Repairs You may be surprised to learn that the repairs for...
• Microsoft and HP show off 'slate' PC at CES 2010 [/caption] Microsoft and HP have teamed up to introduce a...
• Google Trends Google unleashed a new service called Google Trends yesterday. This...
• Save Money and Time with a Bathtub Remodel You've heard of a bathroom remodel, but what about a...

Whilst doing a little storage vMotion using VMware this week, I got a little lesson in patience from VMware and thought that I would share my experiences to help a few others who are looking at doing storage migrations of larger VM’s. My experiences are with VMware ESX 3.5 and Virtual Center 2.5. Not the most recent, I know, but we haven’t had time yet to upgrade to vSphere 4.

The point of my migration was to get a particular vmdk off a slower set of disks and only a faster set of disks. Due to the fact that ESX 3.5 doesn’t directly support moving only one vmdk at a time, I had to do a little dance to get the one vmdk that I wanted to move, moved. I had to move the virtual machine itself and ended up moving a couple of extra disks in order to to get it to move.

Near as I could figure, Storage vMotion (with ESX 3.5) has the following stipulations:

1. The virtual machine files must move.
2. The virtual machine files must move to a datastore that is large enough to hold the largest vmdk.
3. Apparently, the host needs enough memory free as the size of memory allocated to the already-running virtual machine (during the move, memory usage spiked which caused all kinds of problems for me since this was a large virtual machine, but not really the point). I haven’t verified this requirement yet, but that’s what my initial thoughts are after seeing the behavior.

Seeing the migration options for vSphere 4, I wanted to cry on how difficult my life was made by these requirements, but that’s another story. We’ll be scheduling that upgrade shortly.
Anyway, I ran the Storage vMotion. At which point, I managed to bring the virtual machines on my host to a screeching halt, not knowing number 3 right off hand. After killing a few virtual machines and moving a few others away from this host, we were back under way.

Near the end of the Storage vMotion (at 90% to be specific), the interface stayed at the same percent for several minutes and I was greeted with this friendly error:

A general system error occurred: failed to reparent/commit disk(s) (vim.fault.Timedout)

Uh-oh. A quick Google serch found this VMware knowledgebase article.

Unfortunately, I missed the “Incorrectly” throws a timeout error message and panicked a bit. I started digging around in the destination and original datastores and found tons of “DMotion” files everywhere. While desperately looking for solutions around the web, my Virtual Center screen refreshed with the new datastores being associated with the disks and moved over. Yup, while I was freaking out, the whole thing just took care of itself.

Apparently, when working with Virtual Center, one must always have a bit of patience and remember to double-check timeouts inside Virtual Center with the ESX hosts directly. I suppose I should have known better as I’ve seen this kind of behavior while working with snapshots in the past. If you come across this post while searching for this error, take a few minutes to relax and let VMware do its thing in the background while Virtual Center shows stupid error.

• VMware: A Traditional Licensing Model in a SaaS World With our economy closing in around us, companies are investigating...
• Fog Computing Cloud computing and virtualization has been all the hype over...
• Deploying Linux Just Got Easy with SUSE Studio Deploying Linux out to hundreds of desktops or as a...
• Constant Disk Activity from MythTV Last night I was playing with my MythTV box setting...

• The Weakonomist Buys a Computer I'll get this out of the way first. I love...
• Download the Google Chrome OS Virtual Machine Last week, Techcrunch reported rumors of the release of the...
• Cutting Telecom Costs by Using Fax Servers For the better part of 20 years, companies the world...
• More Tips for Your Tennis Game These tips should help you improve your tennis game in...

It really is a sad day. I used to think of the main Mozilla projects, Firefox and Thunderbird, the pinnacle of open source. I’ve always recommended Thunderbird as a mail client to those who prefer not to use the web client available from their provider. I was extremely disappointed today when I had to help someone setup an email account on a server that didn’t use their domain name as part of the hostname of the mail server. I see what they are trying to do (and indeed, it made setting up my email account using mail.whatan00b.com as the server incredibly simple), but if one has to not use fairly predictable settings, said one is hosed.

The below screenshot is of the server info as detected by Thunderbird when I put my email address in:

Note that the outgoing mail server is a drop-down.. populated from.. where, exactly? Now, I realize that you can just go ahead and create the account and go back, but one can’t create the account without “re-testing” (validating) the config. So.. it has to be correct before creating it, but yet it won’t let me correct it. Yup, it’s that awesome.

Next, changing the protocol in the drop-down didn’t change the port number. When Thunderbird didn’t find the correct mail server (which is going to be the case almost every time when one’s email is hosted in a shared, hosted environment), Thunderbird automatically populated the protocol with POP. Not a horrible thing, but changing the port when changing the protocol seems like a pretty obvious thing to do in order to avoid frustration with users (and indeed would have helped with some frustration for us tonight).

The last frustration that we ran into was that when selecting the “Manual Setup” option, things weren’t quite so.. er.. manual. It was more like some automatic settings that couldn’t be overridden after clicking the manual frustration button. Since it defaulted to POP when it couldn’t figure out the server settings, simply hitting the manual setup button created a POP account.. Not so bad if you could easily switch the protocol. Of course, not so. To get that corrected, one has to remove the account, create a new account, type in your name and login info, let it try to figure out the settings for you, manually edit the settings to change the protocol, and create the account by hitting the “manual setup” button (intuitive, eh?). Then, you can finally edit the server name to put in the correct info. Ugh.

At the end of it all, I would still recommend Thunderbird to others from a usability perspective, but now with the disclaimer that it’s nasty to setup the first time if you don’t use a mail.domain.com or similar server. I just really wish that we didn’t have to sacrifice power and easy customizations for alleged ease of use.

• Migrating Mail from Zimbra Desktop to IMAP Server The Zimbra Desktop mail client is a great mail client...
• Zimbra In an Hour After spending a great deal of time the Zimbra forums...
• Insecurity by Non-Obscurity I was a bit shocked and disheartened tonight to discover...
• Google Enters the Offline Client Game Google has finally entered the ranks of its email competitors...

• Setting Up Your E-Mail Accounts Before you can use Outlook to send and receive e-mail,...
• Creating and Hosting Blog Carnivals When it is done properly, creating and organizing your own...
• ZULTYS: Increasing the VALUE of Telecom  ZULTYS: Increasing the VALUE of Telecom A white paper by...
• Automatic e-mail account setup Outlook can automatically configure some e-mail accounts. This works for...