A services-based model for software

Among the many ways computer science is changing, I think the most important shift is a philosophical one.

For example, in the old days, technicians would design a network with a "File Server" box, an "Email Server", an Applications Server" box, a "Web Server"  box, and so on. A technician's job was to install and maintain various boxes that did various things.

Now, with virtualized servers, a technician is providing file storage, applications, and hosting services. It's no longer about managing boxes, but managing system resources and scale, to provide optimal and sustainable performance for all the services required. It's a service-based philosophy.

Yesterday Google made the news by announcing their upcoming launch of a professional version of GoogleApps. For $50 per person per year, they will be entering direct competition with the much more expensive MS Office, with a word processor, spreadsheet program, and incorporating versions of Gmail and the google calendar program.

This is a truly service-based launch, and I think it's a step forward. No one wants to buy a cellophane-wrapped box and then spend an hour installing software, and then another hour waiting for security patches and updates. Furthermore, in order to keep traditional boxware* secure,  users need to keep updating it with patches. Don't even get me started on the headache involved in entering a 25-digit key code to get the software working, and then keeping it around for reinstallations. Also, with boxware the software license is tied to the computer. If I buy another computer, I must buy another box of software, with another 25-digit key code. This is not fun, and it's not productive. It's wasting time spinning a CD and then consuming lots of local computer resources to run.

Opponents of Google's software delivery model argue that users will be dependent on their Internet connection for performance, and also on Google's ability to maintain their promised 99.9% uptime on the system. I would argue that the potential of a hardware outage, software glitch, or MS Office security hack in the boxware model causing a loss of productivity is about the same as the risk of a Google App outage, if not slightly more risky. This is especially true for mom & pop shops who are running their own systems. I'd trust Google to keep my apps up and running a lot more readily than I would trust my Uncle Joe. (No offense, Uncle Joe, but your one class in computer science in the age of punchcards does not make you superior to Google's tech team.)

Time will tell what will come of this, and I'm sure many companies will be reluctant to shift from the pay-once boxware method and the software they know, to a subscription-method to use less familiar apps. I think, though, that I will be recommending this to the struggling local bookseller, and my retiree parents who were having some trouble running the older versions of office on their ancient computer. The great thing about online applications is that they don't require much from the local machine, which will be good for my folks, who think a computer should last 10 years before retirement.  /sigh.

*I think I may have just coined the term "boxware". I intend it to mean software that comes on a CD, is packaged in a box, and is rendered obsolete by update patches before you buy it.

SETI finds something!!

The Search for Extra Terrestrial Intelligence (SETI) project found something today! Unfortunately, or maybe fortunately, they didn't find an alien. Instead, they found someone's stolen laptop computer. 

http://www.usatoday.com/tech/science/space/2007-02-21-seti-laptop_x.htm

Tips and Tricks

We've all been using Windows for so long that we're in the habit of interfacing with the computer in a specific way. You have built a relationship with Windows and with your computer, which may or may not be a healthy and functional one.

Here are some basic ways you can improve your communication style with your computer, and possibly have a happier relationship with it:

1. Lay off the mouse when you're trying to type. If you're performing a keyboard-intensive task, like entering data in a spreadsheet or writing a long document in Word, odds are that you'll be more productive with both hands on the keyboard.

• Use your keyboard to select text, copy, and paste. To select text you can hold down your shift key and use the arrow key to highlight it. To copy, hold down Ctrl and hit the "C" key. Put the cursor where you want it using the arrow keys, then hold down Ctrl and hit the "V" key. This works in most Microsoft applications, and also in most web browsers, online email and blog interfaces, and so on. It takes a little practice, but can be a valuable tool! You can also cut and paste using Ctrl+X and Ctrl+V.


• Use the Windows button to navigate. If your hands are busy on the keyboard and you want to launch another application or another window, you can use the Windows key, which looks like a wavy set of four squares, probably near the Ctrl and Alt buttons.

2. Try to avoid using the "File" menu so much. If you're in the middle of a document and want to save changes, hit Ctrl+S and keep typing. Ctrl+P will print to your default printer. These shortcuts are listed on the file menu as a reference.

3. Never type out a URL. Try this: Navigate to the site you want. Then click the address in your browser, and the whole thing will highlight. Ctrl+C, then flip to where you want to place the URL, and Ctrl+V. Voila. You can also drag a URL directly from the browser's address bar into your other document. To do this, click and hold down the little icon between "Address:" and the "http://" on your browser's navigation bar. Drag it to the window you want and drop it, or drag it to the right program on the task bar, wait until that program pops up, then drop it. It's very easy.

4. Listen to your computer when it tries to tell you stuff. A PC doesn't communicate like a human, so it's useful to think of the "Computers are from Mars, Users are from Venus" analogy. As an example of bad communication from a PC, think about the ways your computer tries to tell you it has a virus.

• Uploading anything to the Internet without your telling it to do so is a sign that there's probably malware involved.


• The hard drive spinning constantly when the computer is sitting idle.


• Your antivirus software is mysteriously shut down, will not update, or locks up.


• MSConfig and/or the Window Registry Editor will not open.

All of these things are martian for "I think I have a virus, please oh please disconnect me from the Internet and call tech support."

5. Use content-based shortcuts in spreadsheets. How often do you insert today's date in a spreadsheet? Ctrl+Semicolon will do it for you. You don't even have to know what today's date is! Ctrl+Shift+Semicolon will insert the current time. ALT+0162 enters the cent character ¢.  ALT+0163 enters the pound sterling character £.  ALT+0165 enters the yen symbol ¥.  ALT+0128 enters the euro symbol €.

6. If you're not using a Mac, you should definitely use the right-side mouse button. Right-clicking things to pop up their menu is a great time-saver, and will help you to stay off the "File" menu.

It might seem counterintuitive at first to try these ideas, but I hope you will give it a shot sometime. Having multiple ways to tell your computer the same thing can make you a more efficient user.

Girls use computers? No way!

For the first time since the award's creation in 1966, a woman is set to receive the A.M. Turing award for computer science.

Benefits and Drawbacks of Virtualization

To virtualize or not to virtualize? That is the question. In short, every organization's needs are unique, and there's no 'canned' answer that will fit everyone. Here are some questions to ask as you're making this decision.

1.  How many 'boxes' do you have right now per staff member, and how many do you think you'll have in 2 years? 4? Will your staffing level be able to keep up with the growth of your server farm?

2. What is your IT funding model? With virtualized servers you have the option to bill back actual computer usage to the department who used it, since you can identify each department's data footprint and CPU usage. If your budget is still divvied up over departmental lines based upon physical boxes, you may need to make some changes in the finance office first.

3. What is the cost of the physical space required for your servers? If you are in a crowded environment and space is at a premium, you may wish to elevate virtualization to a higher priority. If you're in a giant warehouse with ample space to spare, this may not be a concern for you at all.

4. What is your company's overall ecological footprint, and is it important to you to be eco-friendly? If you place a high priority on reducing your power consumption, that may be a vote for virtualization, since your systems and cooling devices will suck up much less power than a box-based architecture. This will also save you money on your power bill each month.

5. What is the size of your network? If you are running a small network of less than 10 servers, virtualization may not give you a good return on your investment. The "sweet spot" for virtualization starts somewhere between 15 and 30 servers, and generally occurs in companies with 100-5000 employees. When companies are much larger than that, they will tend to fragment their IT services into different physical areas, and usually a mix of virtualized and non-virtualized approaches is best.

6. What kind of long-term savings are you hoping to achieve? In truth, virtualization may not help with your software budget at all. Hardware, though, can make a huge impact on your bottom line. Everything depends on what sorts of hardware you were buying in the past, but most companies who virtualize have projected savings of 40-70% on hardware purchases in their budgets following virtualization.  

7. This won't reduce your staffing budget. You likely will not be able to reduce your IT staff due to virtualization. The level of responsibility they have in a virtualized environment is about the same as with a server farm performing the same computing workload.

8. Is up-time important to you? Availability of virtualized systems is the highest of any type of server architecture. If you place a high priority on 24/7/365 up-time, that's a big "yes" vote to virtualize.

9. What is the cost and headache associated with your current disaster recovery plan? Virtualization can alleviate a lot of this concern.

10. What is your vision for IT? This seems to be an abstract concept, but your overall long-term view of what you provide for your organization really does matter to your strategy. If  you view technology as a service you provide for the people in your organization, virtualization can be a great tool toward designing those services and separating them ideologically from hunks of hardware on a rack. If your goal is to impress visitors with the size and splendor of your astonishing 30 racks of servers, virtualization is not for you.

Some drawbacks of virtualization you'll need to be prepared to handle:

1. Your software licensing might get complicated. Though more software vendors are adjusting their approach, historically licenses have not allowed for the way virtualized servers utilize their processors. One example is Oracle, which sells licenses on a per-processor basis. If your virtualized server has 4 servers, and you plan to use just one of them with Oracle, Oracle is still going to charge you for a four-processor license.

2. You have to very carefully manage your system resources when you virtualize multiple servers into one,  because all of those will share the same I/O. You'll need to make sure you have plenty of machine to handle the demands of your users, or you may run into bottlenecks.   

Video Games for Docs

Want to be a great surgeon?

Play more video games. According to an article published in this month's "Archives of Surgery" journal, surgeons who had played video games at least three hours per week made 37 percent fewer errors, performed 27 percent faster, and scored 42 percent better in the test of surgical skills than the 15 surgeons who had never played video games before.

I wonder if this applies to other tasks requiring fine motor skills, visual attentiveness, and eye-hand coordination, like driving a car, or flying a plane.

Social Engineering II: A guide for newbies

I don't mean this article to be condescending. I'm sure the majority of people reading this blog already know their basic Internet safety; it's been 10 years since you were called a "newbie". What about your kids, or your grandma? Last month I spoke with a lady who works as a secretary for a large university, and was just assigned to begin using the Internet last year. As much as it may seem to us that everyone we know has been online forever, that is simply not the case.  So, in the interest of arming you to help them out, here are the basics of online safety.

1. Never give out digits to strangers. A stranger can be a guy in a chat room or a web site whose validity you can't verify using offline methods. Digits include any number, of any kind. Your most closely guarded secrets should be your social security number and birth date, your drivers' license, passport information, and account numbers. It is also a good idea to guard your telephone numbers to avoid nuisance callers. If your kids are online, they should never give out their telephone number, address, or school information, since that is one of the ways predatory adults can begin to manipulate them.

2. Avoid chat. If you must chat, try not to chat with strangers. If you must chat with strangers, never reveal truthful personal data. You can never know who you are talking to in a chat interface. That could be a 12-year-old girl, or it could be your mother, or it could be a professional thief in a non-extradition country.

3. Don't create web content without carefully considering it first. Don't post private information, or anything you wouldn't be comfortable telling your boss or your first grade teacher. Web content must be considered permanent. Don't assume you can take it offline and it will disappear. Once it's out there, it's out there. You have to assume that potential employers, your future spouse, your future grandchildren and their college application boards will see what you've posted.

4. Never share a password or PIN. There is not a single legitimate reason for a technical support person or account rep to ask for your password. This is rule #1 in online customer service. If your password has been compromised, report it and change it immediately.

5. Always use up-to-date antivirus software, an up-to-date operating system, and an up-to-date firewall. None of this stuff will protect you if you turn it off or allow it to become out of date. Even though it is a pain to wait for an update, it's critical that you do so.

6. Never respond to online content or messages that make you feel uncomfortable or suspicious without talking to someone about it first. This applies if you are a kid, and someone has scared you, or if you are an adult wondering whether to click the link to update your account information with a strange-sounding bank site. If it's creepy or odd, err on the side of caution. Kids, talk to your parents. End-users, talk to your tech support person. It's not your fault you stumbled onto something fishy or dishonest, and you'll get kudoes for not responding to it.

7. Never agree to meet someone in person that you have 'met' online without proper safeguards. Kids should get their parents help. Adults should make sure to meet in a public place, preferably a busy one, with two or three viable plans for disengagement. (IE: I am 12 feet from my car, and if I can't get to my car I can go to the restaurant manager, and if I can't get to him I can go to the police officer on the corner.)

8. Check with someone before you download anything. Kids, check with your parents. Adults, check with your IT staff at work. If you're at home, and you're wondering if you should download something, try googling "security review x"  to see if anyone has posted a review of "x" software from a security standpoint. If the software is legit, you will usually find something. If it's a notorious hack, you'll find that, too.

9. Obviously, don't do anything illegal. Also, don't be a bad net citizen. Putting someone's email address on a spammer's list is not going to win you points with that person. Engaging in illegal activity doesn't just get you into trouble with other people; it can open you up to security problems, because sites where you do illegal things (like allowing people to download your copyrighted music files) will often open backdoors on your computer which hackers love to exploit.

10. Don't open email attachments unless you are sure of their source. Even if it comes from someone you know, you should think about it and ask yourself whether it is 'in character' for that person to send you that type of attachment. For example, it's a pretty safe bet your grandma did not intentionally send you an "exe" file. Many viruses use "spoof" addresses, and may appear to come from someone inside your company. If you have any doubt at all, send an email back and check with the sender. They will understand you are trying to maintain your security!

USB storage like a cockroach

For the geek who has everything, here is an indestructable USB device. It's designed to survive a nuclear detonation, among other catastrophes. Also, I think you could use it to bop someone on the head in a pinch.

 http://www.irondriveusb.com/

 Not that I advocate head-bopping; but it is possible with this particular USB device.

Social Engineering hacks top threat list

It's an IT staffer's nightmare, and it's knocking on the door. The top PC security threats in the past few days have been 'social engineering' exploits; which means they rely upon the end-user's cooperation to open the door for an attack. The people who design these attacks have studied basic psychology, and they know how to prey upon end-users' curiosity, credulity, or polite manners to gain access to your organization's network resources, data, or money.

This week's news reveals an exploit in IE 7, which will permit a hacker to gain access to the host PC once the end-user has supplied the path for a specific file location.  In an e-mail statement on Friday a Microsoft spokesman said: "In order to be successful, an attacker in advance would have to convince the user to enter the location of a file into an attacker's Web page through social engineering." Microsoft is still investigating the issue and will take "appropriate action," the representative said.

Why are these social attacks such a nightmare for IT staff? Mostly, this is where computer science intersects with human relations, and most technical folks aren't trained to handle that. We can't use software to control Mary the receptionist or John the CEO when they use the Internet. If John has been duped by a site that will allow him to prepare a nice-looking chart of interest rates for corporate loans, he may be convinced to upload a copy of his company's logo to customize the chart. Just like that, he has unwittingly opened his PC to the exploit, and if the hacked web site is running efficiently, his computer could be a zombie selling illegal copies of next week's movies within an hour or two. John might start to wonder what is happening if his computer slows down, or when the hard drive seems to be spinning constantly, but even if he realizes he has been duped, he may be ashamed, and therefore reluctant to admit his mistake to the IT staff. The IT department might notice this hack if the traffic patterns on the network change; but some of the newer, more sophisticated exploits are designed to use a trickle of bandwidth.

Meanwhile, at home, John's Anime-loving teenager is very excited to download a nice screensaver with some vintage Trigun images. Unfortunately, hackers have no qualms about using copyrighted images to dupe kids, so along with images of Vash the Stampede, she downloads a pack of backdoors and the home network immediately becomes compromised. This wouldn't be such a problem, except that John and his wife's laptop computers both connect to the home network, behind the house's firewall. John and his wife may or may not have the necessary skills to detect the problem and prevent its spread to their company laptops.

Both Microsoft and Mozilla, the maker of Firefox, are looking for solutions the security holes social engineering hackers are exploiting this week, but in the meantime, it's important that users are informed of the risks, and practice the new brand of safe computing.  Most importantly, your company's security policies must be codified, and must also be updated quickly as new risks present themselves. Someone must take the lead in adding new items to the security policy frequently,  and ensuring everyone is notified, because the hostile nature of our computing environment renders stagnant policies useless very quickly.

Here are some ideas for problems your cybersecurity policy should address:

What should staff do when confronted with an unexpected pop-up window? 

What security practices should staff use when using their  mobile devices outside the office?

Ensure staff know they will never be asked to give their password to another employee or system administrator.

Rules governing IM clients and file-sharing software.

Guidelines for running Windows Update, Java updates, and responding to various other update mechanisms built in to their systems.

Detailed descriptions of what users should do if they feel suspicious of a web site, phone call, or other type of contact.

Physical security measures preventing outsiders from walking into areas where computers are in use.

A plan for staff to enact the second they think their system or password may have been compromised. (IE: Unplug network cable, call Joe in IT.)

A policy for checking the credentials of anyone contracted to perform work for the company, whether they are a janitorial service or a network technician.

These are just a few ideas; but the overall point is that it's important to communicate with staff. A robust and updated security policy will increase their level of awareness, and therefore decrease the likelihood they will fall prey to a social engineering scheme.

Beyond policy, it is time for IT staff to get out of the server room and build strong relationships with their systems' users. The hackers are many steps ahead of the good guys on the human-relations side of computer science, and IT staff need to step up their efforts to match.  The time for technical staff to look down their noses at users from a position of technical superiority is long past.  The new IT department needs to understand users, relate to them, and communicate with them openly. They also need to develop an excellent 'bedside manner' so that end-users are comfortable discussing potential social engineering threats without embarrassment. The biggest mistake an IT staffer can make at this point is to make a user feel stupid. While in the past I'd have considered that sort of thing rude, I now think it is both rude and risky, since it increases the likelihood a social engineering scam will go undetected.

Armchair World Tourism

After a week of braving the chill, I am determined to spend this weekend wrapped in fleece, guzzling cocoa, and not setting foot outside my house.

How will I avoid the stir-crazies and the quizzical looks of my dog and two cats, while convincing myself that I'm learning and seeing new things? I plan to tour the world with Google Earth. Their new stuff is just plain amazing.

http://news.com.com/2300-1046_3-6149205.html?tag=nefd.gallery 

Time to think about changing the clock...

Everyone knows that daylight savings time comes up in spring, and that we all set our clocks ahead, somehow losing an hour of sleep. We also know that our government has decided that this year we will be losing sleep a bit earlier in the year than ever before. In the past we rolled back our clocks around the first of April. This year we will turn them back on March 11 at 2 AM. At first glance it seems to be no big deal, just another way to try to conserve energy. Yay us.

The thing is, we aren't just talking about the family grandfather clock and the alarm clock next to the bed. Think about how many devices and software packages you use with the time included, and how many of them are programmed to automatically adjust for daylight savings time. (The one on the first Sunday in April, not the one we have now.)

Some of us are already sighing and rubbing our eyes as we recall the absolute joy and anticlimax that was Y2K for IT people.

Microsoft released an announcement which essentially said that users with Vista and parts of Office 2007 are all set! Everyone else (the vast majority of Windows users) will need to put in a little work. Users of XP Pro who have service pack 2 installed will simply need to run Windows Update, no reboot necessary.

If you're still running pretty much anything else, there is a bit more involved. Outlook 2007 and its predecessors, Windows NT, Windows 2000, Visual Studio, and Windows CE, will all require a manual edit to update, including servers, and will then require a reboot. No word yet on Windows Mobile, other than to say that it will require a registry key set to be installed, and Microsoft has released those keys to the OEM vendors for distribution.  

Mac owners, I'm afraid you don't escape from the grief this time. Apple OS will run an automatic update, and will require a reboot.

HP-UX, older versions of Suse, and Red Hat will require patch installs. Solaris and AIX will require a patch and a reboot.

Beyond the operating system, enterprises will need to fix: Exchange Server, Outlook, Dynamics CRM, SQL Server Notification Services, Windows SharePoint Services, Office Live Meeting and/or Microsoft Entourage, according to Microsoft.

Microsoft advises that updates should be organized from the core of the network and move out to the edges. So, companies should upgrade their servers and MS Exchange first, then go through and patch the desktop OS, then patch MS Outlook, then work on mobile PCs. At home, users are advised to patch their OS first, then their applications.

If you are a heavy calendar user (not using an online calendar app, but one on your PC) Microsoft advises that you should go online and download a small program known as "tzmove" - Time Zone Move - that can retrofit all previously booked appointments to the new daylight-saving rules. Other vendors offer similar tools for their systems. This will fix the appointments which were entered prior to the time change bug.

The fun doesn't stop there, however. There are also a lot of nuisance bugs related to the time change. You're probably going to have to figure out how to fix your car yourself, or simply live with the clock being wrong for four weeks per year. Then you get to go home and figure out how to fix the clock on your entertainment system, camera, phone, and thermostat. At least none of these devices is going to change all your appointments to the wrong time. I think I'm just going to leave my Xbox and Playstation alone; the time isn't displayed on screen that often, and I'm therefore just going to settle for knowing they are wrong.

If you're scheduling an international conference call, you should probably not rely on any automated systems, instead agreeing to use Greenwich mean time for planning purposes. There may also be some issues with late-night financial transactions being posted on the wrong day, so this isn't a good time to conduct time-sensitive funds transfers at the last second.

Public Health Tech Conference

It's in the works! DCC will be attending Michigan's Public Health Technology conference in East Lansing this March. We're putting together packets and tweaking our cookie recipes as we ramp up for this exciting event. Surely the kindly folks who administer vaccines to all Michigan's baby residents will be cool people to meet. I can't wait! 

Amazing new gadget for Gidget

Here in chilly Michigan, it's hard to become a surfer. When our teeth are chattering and there's a foot of snow on the ground, however, some Michiganders dream of Hawaiian waves, the beach at Coronado, and other great and toasty spots. As a Michigan native, however, I have been spoiled by the shark-free splendor of the Great Lakes.  Sharks are salt water animals, and cannot survive in Michigan's freshwater. This means that my efforts on the surfboard have thus far been limited by my own chondricthyes inexperience and Hollywood's anti-shark propaganda. Surely the people in Hollywood know better than I, since they live so close to the Pacific, right?  No big surf adventures for me.

My interest was therefore peaked when I saw today's latest and greatest gadget...   The Shark Shield. It mounts on your board and harmlessly zaps the sharks so they can't snack on your limbs.

Yay for modern R&D!  Big barrel here I come!

Power Consumption

The Berkeley National Laboratory is scheduled to release a report today on the amount of electricity being guzzled by our nation's servers. The report, according to Cnet, will say servers and their cooling gear in the U.S. consumed 45 million kwh's of electricity in 2005.

To put that number into context with similarly large power drains, Mississippi and 19 other states consume less power than that. (Stephen Shankland, Cnet, Feb. 14, 2007.)

Researcher Jonathan Koomey, who is the author of the study, says most of this new power drain is guzzled by a large number of lower-end servers.

Obviously, for large enterprises, this power-sucking black hole in the server room must be making an impact on the bottom line. Beyond the costs, however, is the natural resources problem, since the DoE reports 86% of power consumed in the US is derived from petroleum, coal, and natural gas, none of which is a renewable resource.

The industry has started an energy star movement, but the government began to address the issue as recently as December, 2006, so it will be a while before the EPA is on board with those little "star" stickers we've all been sporting on our refrigerators for a decade.

In the meantime, many companies have spotted ways to decrease power consumption at the desktop level. Laptops use less juice than workstations, and mobile PCs use less than that. Ergo, mobile computing saves energy. Keeping documents electronically and not printing them also saves energy. Flash memory rather than spinning hard drives saves energy, too. These are no-brainers.

What can we do about our servers, though?

The only current answer I've been able to find that makes sense is virtualization. By using one processor to perform the work of many, virtualization reduces the number of 'hot' points in the server room, reducing the enterprise's power consumption.

In the future, however, we may have more options. Rambus's experimental Loki device can perform at 6.25 gigabits per second and pass information at 2.2 milliwatts per gigabit. Similar products on the market now can transfer more gigabits per second, but they operate at around 15 to 30 milliwatts per gigabit.  Perhaps Rambus is on to a new technology that will allow us to keep ramping up our processing speeds without installing private power plants in our company's backyard. It seems, though, that a real-world implementation of the Loki technology is a long way off.

Great Mouse for Nanook of the North

Remember last week I mentioned the warming mouse?

It arrived at my house last night. It came in a brown bubble-pack envelope with actual stamps someone in the UK had to lick in order to ship it, so I guess they really aren't marketing them very much in the US. The total cost to me was $26, which isn't that bad for a very accurate optical mouse with scrolling. Since it is bitterly cold here and we are expected to get 4-6 inches of snow today, the first thing I did at work this morning was plug it into my Thinkpad and turn on the heat!

I love it and I am never, ever, going to turn it off.  (Well, not until summer, anyway.)  The heated mouse gets downright toasty, but not too hot to hold comfortably. It is about the same temperature as my hot coffee mug when the coffee inside is fresh and steamy. As a mouse it seems to work just fine, although I had to tinker with the click speed a little bit so that it could tell the difference between my single- and double-clicks. Two thumbs up!

Not sure whether this is a good thing or not.

This month the One Laptop Per Child project will be shipping laptops to some of the poorest developing countries in the world. The laptops cost $150, and operate on a pull-string or hand crank so that they don't require a battery. I love the technical innovations involved; these laptops use flash memory drives instead of spinning hard disks, and run on very little energy.  I like the idea. Computers can bring kids the entire body of world literature at a click, in a place where they can't afford textbooks. They inspire kids to be creative, to explore other cultures and their own, and store information on everything imaginable.

This sounds exciting, doesn't it? But then I started to wonder if this is really what the kids in question need. Let's take the children of Rwanda, for example. According to the World Bank's data (from 2005, which is the most recent I could find) the gross national income per capita in Rwanda is $230 per year. They represent the one-fifth of the global population living in abject poverty the likes of which no one born in the US could possibly imagine. According to the CIA Factbook, taking into account the excess mortality caused by AIDS and infant mortality, the life expectancy of a child born in Rwanda in 2006 is 47 years.

If I were the average Rwandan mother, according to the Factbook, I would have 5 or 6 kids to feed, clothe, and shelter, and I'd have to do all of that on less than $1 per day. As a US citizen I can't presume to know how that would feel; but logic and common sense dictate that if had a laptop, I would sell it in a heartbeat to buy food and medicine. It's a no-brainer. If I'm asked to choose between a device that allows my kid to read Shakespeare and a year's supply of food, I choose food. (And I like Shakespeare, too.)

I don't think it's entirely wrong to want to share technology with developing nations; but I think these things need to happen in some sensible order. Before we provide the Internet and an e-book, the global community needs to address the increasing gap between wealthy nations and the poorest ones, where daily life is a horror show of disease, war,  and crushing poverty.

The gadgets are neat... but they aren't a basic human need.

IM-Speak in the classroom

I'm not sure if I think this is funny, sad, or simply a sign of times to come. Students are getting into trouble with their teachers by slipping into "IM-speak" in their written schoolwork...

http://www.cnn.com/2007/TECH/02/09/chat.lingo.ap/index.html

The Increasingly Mobile World of Computing

Once upon a time IT staff didn't have to worry about people from their company walking home with sensitive data in their pockets, or leaving it in a hotel room after check-out. Those days, however, are long gone.

This week's technology news will no doubt be absorbed with the 3GSM World Congress in Barcelona. 60,000 people will crowd together to see the latest and greatest in wireless networking. Many new devices will be revealed; there are already leaks concerning Samsung's rival to the iPhone, and the latest business model of the Blackberry. Microsoft is also rumored to be releasing Windows Mobile 6 this week, its most capable mobile OS to date. With this version, users will be able to run SQL at the palmtop level.

These devices are, of course, capable of continuous internet connectivity via an ever-expanding network of wifi coverage, not to mention wireless internet connectivity included in cellular phone contracts, such as Cingular's Edge networks, and the pervasive 3G wireless network.

Pundits are calling this the era of "pervasive computing", and they aren't wrong. Unfortunately, I have yet to see a smartphone or PDA with voice print, fingerprint, or some other biometric identification technology, so I suspect IT teams are going to have to find a way to secure these mobile devices with some sort of policy-based security plan. I'm also concerned that there doesn't seem to be much emphasis on finding a way for mobile devices to transmit data securely.

By default, mobile computers are not password-secured. This means if one of these handheld devices is lost or stolen, the data can often be read by any five-year-old or career criminal who picks up the device. Remember how resistant everyone was to passwords when they first became a policy? We will have to overcome that hurdle all over again, as users of mobile devices have become accustomed to instantly accessing information in the palm of their hand. We will have to impose strong password policies just as we do with laptop and desktop PCs.

Also, in the vast array of mobile devices on the market, no one has developed a cryptographic standard for the transmission of handheld computer data to a central network. It is up to the IT staff to find some method of creating a secure pipe, so that packet sniffers can't simply browse the data as it flies through the air.

Apathy is the enemy in this case. Although IT staff are already stretched thin keeping abreast with new infrastructure technologies and staying on top of an increasingly hostile networking environment, I'm concerned that wireless and mobile devices could be the achilles' heel of many corporations' security stances.

There are some companies with solutions for the mobile user, and my hope for this week's 3GSM World Congress is that those companies will step up and knock our socks off. I think they would be filling a great need if they did.

Oh, no! China loses a bit of its humorous charm...

In preparation for the 2008 Olympics, Beijing officials are removing some of the funniest signs from their streets.

http://online.wsj.com/public/article/SB117063961235897853-U_f3y5c3vvlXGKCWb14Va6aDj6E_20070212.html?mod=blogs 

Professor Chen Lin, a consultant on the job, says "Beijing will have thousands of visitors coming. We don't want anyone laughing at us."

That's really too bad; I think he's missing Americans' emphasis on ironic humor, and the fact that most of us would probably find a street sign that says "Show Mercy to the Slender Grass" both comical and endearing.

I guess we'll have to get our laughs while we can.

Our New Building!

Here you go, long-awaited photos of our new facility. I went outside when it's -3 degrees outside for these photos, by the way...

 Our building and sign:

 

The view across our street:



Our reception area:



Work area:

Front Desk

Our reception area

Where we Work

One of our office clusters.

Industrial Park Court

The view across the street

Our Building

DCC's Farmington Hills home.

Birthday Cake

Lori dished out the cake today!

Happy Birthday Angela Wolf!

Angela is a customer service representative here at Dynamic, and we're all wishing her a happy birthday. That's Lori dishing up the cake!

Pretty funny stuff...

If you have somehow missed the "GetAMac" ads, you really ought to check them out. They are pretty funny, even when viewed on your PC.

http://www.apple.com/getamac/ads/

Virtualization for Security Purposes

Our industry's model for data security has not changed in a long time. We peg down our perimeter, and keep a current backup of our data so that when our network is compromised, we can get things back on track as soon as possible. The problem with a perimeter-based defense, as scholars dating back to the Art of War will tell you, is that people engaged in perimeter defense tend to focus their attention outward, when their most vulnerable points are on the inside. We’re all aware that the software on our computers tends to have vulnerabilities, but there is often a large gap between discovery of a vulnerability and the hot-fix to handle it. Employees also tend to download the wrong software, click the wrong hyperlinks, and tape their passwords under their keyboards. All of these problems occur inside the perimeter, and our software solutions may or may not be equipped to detect these compromises with a routine scan operation.

Security industry leaders know that they need to make changes.  In yesterday’s interview, RSA president Art Coviello said, "As an industry of security vendors, we've been too self-righteous and smug--focused more on our challenges than on trying to perfect security. We've been motivated largely by threats, and we've been chasing after them while looking over our shoulders and muttering to everyone 'We warned you' like a bunch of latter-day Cassandras," said Coviello, referring to the mythical Greek soothsayer whose prophecies were ignored. The solution, Coviello argued, is to worry less about individual threats and focus more on ensuring that the most important data is kept properly secure, perhaps through strong encryption. This requires data to be properly tagged and stored. Pattern-recognition systems could also be built into a company's infrastructure, to detect and respond to suspicious behavior.  (Graeme Wearden, Cnet News.com 2/7/2007).

I really like the idea of detection systems focused inward to detect improper behavior. I think it’s the missing piece of our security puzzle.

Until the software companies present a behavior-based solution, I think our best bet for handling security is to be creative with our storage solutions in a way that protects our data. I believe server virtualization is our current best bet. Through virtualization, some of these futuristic security ideals can be used today:

1. Virtualization can isolate programs in a way which limits an intruder’s capabilities. An example of this comes from VMware, which promoted the concept of Virtual Appliances, launching a Browser Appliance: an operating system in a virtual machine just for Internet-related tasks, like surfing, reading emails, chatting, or using P2P networks. Attacking software cannot interact with the underlying host operating system, and cannot gain access to the rest of the network.


2. Recovery on a Virtualized system is very fast and reliable. Instead of saving files, backup solutions working at host level can copy the whole virtual machine, in some environments even if it is running, which appears as a unique file, which will take much less time to restore than re-installing the operating system and restoring data.

VMware is already working on a self-defending storage solution, in which an entire virtual layer will run security applications, which can access virtual machines and correct security problems without human intervention. This will be a breakthrough technology, and I can’t wait to try it out.In the meantime, IT folks are finding innovative ways to use virtualization for security, even at the workstation level! Baker Hill, a subsidiary of Experian, has been using VMware Ace to secure desktop and laptop PCs containing sensitive financial data. Check out this article for more details: http://www.networkworld.com/news/2006/010906-virtualization.html?page=1

Dodging the Lodge

This information might be useful to folks in the Detroit area:

http://www.michigan.gov/dodgethelodge

It's a new Michigan government web site intended to help you get around the huge chunk of freeway they have closed for repair until next November.

It's nice when the plan works!

Last night CNN reports there was a massive influx of traffic targeted at the DNS root system. The attack, which seems to have originated in South Korea, spectacularly failed to cause any problems for us at all.

The DNS system as it stands today has so much built-in redundancy that the good guys won this time! It is nice to hear that proactive system design can work for such a large and critical target.

It is difficult to budget and design proactive solutions, even on a smaller scale. It is always a guessing game; how will intrusions and attacks happen next? 12 years ago the chief concern for office-level security staff was email-borne virus attachments. It's safe to say that the types of computer threats have diversified and intensified since then, and will likely continue to do so.

Can we look to our government for protection? Yesterday both the Senate and the House introduced revamped versions of failed bills to address Internet security. Both bills seem to focus on punishing companies who attempt to conceal breaches after the fact. I suppose this indirectly discourages them from allowing a breach to occur in the first place, but it seems odd that the bills are focused on the defenders, not the attackers. One important exception is the Cyber-Security Enhancement and Consumer Data Protection Act of 2007, which criminalizes attempts to gain access to private data:

"Section 1030(a)(7) of title 18, United States Code, is amended by inserting ', or to access without authorization or exceed authorized access to a protected computer' after 'cause damage to a protected computer'."

The interesting word in that paragraph is "protected". While the bill doesn't define a "protected" computer, it seems to suggest that an uprotected system is fair game for the hackers and thieves. I hope that is not the spirit of the bill.

Maybe it is merely restating the fact that we're on our own in terms of data security. This could be the next iteration of American individualism. The pioneers in the 1800's were theoretically protected by the laws of the land, but they advanced west more quickly than the 'long arm of the law', and were in effect on their own.  Perhaps to some degree, modern data security comes down to individuals making the decision to protect their own, since we have run so far ahead of our government's ability to protect us.

Proof that the Internet makes money...

It just goes to show that a truly innovative entrepreneur can laugh at the cynics and turn the Internet into a great opportunity:

http://www.cuteoverload.com/

I thought this was a joke until I saw their rather impressive list of recommendations here: http://www.cuteoverload.com/press.html . Only on the Internet can a someone make a living sharing photos of bunnies and puppies.

Virtualization and Funding

I heard a bizarre argument against server virtualization yesterday.

I spoke with a colleague in higher education, and when the subject of virtualization came up, he laughed and shook his head. He works for a large public University, which tracks inventory based upon the funding source used to purchase the hardware. If funds were obtained via a grant proposal, and one of the items requested in the proposal was a "server", the University would expect a physical box with a bar coded tracking device to be part of its regular inventory. In this way they hold researchers accountable for the proper allocation of funds.

I'm sure there must be a better way to handle this than to avoid virtualization altogether. Surely the cost-savings involved in virtualization justify some changes in the way spending is tracked. There was an article in Network World magazine last May with the following example from a college in Maine:

"Davis says 58 per cent of Bowdoin's applications run on virtualized servers. The 15 HP blade servers cost $93,000. VMware's ESX pricing for the education market is $3,000 per server, which can each support multiple virtual machines, for a total of $27,000.

Antonowicz says that to support the new applications deployed, 57 additional physical servers would have been needed. But as a result of using virtualized servers, Bowdoin bought none apart from the blades. Antonowicz estimates the 57 boxes would have cost $356,250."  (By John Cox, Network World, May 2006)

So, the trusty calculator says that in this case, Bowdoin saved $236,250 through virtualization. Surely the public University could realize similar savings by finding a simple way to track multiple grantors' investment in a blade array.

Perhaps they need to change the language of the grant proposals, inserting a paragraph explaining that servers are virtual. Maybe the IT staff who are managing the network can come up with a standard cost for everyone, and it can become part of the 'administrative overhead' in the grant proposals, rather than a physical item to be purchased.

I'm sure I don't have the answers, but I am also sure that it's a mistake to stumble over an inventory system at the cost of so much efficiency.

Cold weather gear for techies

It is bitterly cold here in Michigan today, with a wind chill far below zero. Here are some amusing USB solutions for staying warm!

A  warming mouse is an optical mouse with an added heat element. Come to think of it, I may order one. It's pretty cold today!

A  warming mouse pad fish thing, which is another handwarming approach, albeit an odd one.  You put your hand inside the fluffy fish to keep it warm?

An electric blanket  for a totally immersive USB warming experience.

All of these products are made overseas, and don't seem to be marketed here in the USA. Perhaps Dynamic should start offering some warming mice! USB-heated bunny slippers might be nice, too.

The Evolution of the Interface

It seems that the hottest topic in technical news for the past couple of weeks has been the iPhone, which is a phone/palmtop computer/iPod in one device. At first glace I thought it was strange that there is so much hype surrounding the iPhone when it isn't all that revolutionary; but then I realized that convergence isn't the key feature of this device. Apple's designers are following the same strategy they used to dominate the media world with the iPod. They are simply taking the interface forward a few steps. As they proved with the iPod, that is all it takes to make people fanatical about your product. 

One of the iPhone's updates is the visual voicemail display. This allows you to view all your messages and select the one you want to hear first by pointing your finger. No more listening to each message in order, or trying to skip through them using a number pad while trying to hold the phone to your ear. It makes every kind of sense.

This doesn't seem like a revolution in itself, but it is a great example of the type of thinking that has kept Apple going all these years. Yes, they have good devices that function smoothly; but they have proven time and again that people are willing to pay just a little more for a better interface.

Microsoft has often attempted to replicate Apple's interface successes, and I believe with Vista they are trying to get ahead a little bit. While I am not a proponent of early adoption of any OS (let them shake the bugs out first) I am interested to see how the 3D window design and zoom navigation will work for me.

I think this is the natural evolution of customer service. While the front lines of good service were human beings in the past, it seems that the interface has taken over. Tech companies are using the interface to anticipate people's wants and needs, and fulfill them before they think to ask for fulfillment.

About

Dynamic Computer Corporation was founded in 1979. Since then we’ve steadily grown to become a full-scale network solutions provider with over $23.9 million in annual sales.

We’re a Small Disadvantaged Business delivering big advantages to any organization whose success depends on innovative IT or RFID solutions. We build long-term relationships with our clients and champion their interests above all things.

If you'd like to contact us, here are the many ways:

http://www.dcc-online.com

email: info@dcc-online.com

snail: 23400 Industrial Park Court

          Farmington Hills, MI 48335

phone: 248-473-2200

Welcome!

Welcome to Dynamic Computer's first-ever company blog. Starting on Monday February 5 we will post all kinds of things here; from industry trends to technical tidbits. As always, you can contact us at 248-473-2200, email us at info@dcc-online.com , or check out our web site at http://www.dcc-online.com .