Nunit 2.2 was just released this weekend. I'm hearing of more and more developers using Nunit and adopting unit testing methodologies in their development projects.

Adam Field just sent me this link: Microsoft's Antivirus Defense-in-Depth Guide. Covers malware too.

It's official: get Windows XP Service Pack 2 by visiting microsoft.com/protect and making sure your automatic updates are turned on. That's the official way to get it over the Internet. Straight from Frank Shaw, Vice President at Waggener Edstrom which is Microsoft's PR agency (I asked him tonight when I saw him pop up on my IM).

Yes, MSDN Universal Subscribers also can get it right now and not wait until the system gets around to putting it on their machines.

The designers at Stopdesign are pointing out microsoft.com's table-based failings. It'd be interesting to interview the team that does the home page and get their thoughts on these points.

Vincent Flanders, over at Web Pages that Suck, takes some pot shots of his own. Unfortunately he doesn't have archives or permalinks, so you'll have to read it now (scroll down).

Phil Ringnalda reviews MSN's Japanese Weblogs. (Thanks to Dave Winer for pointing us to Phil's review).

He tears into the HTML that was produced (it ain't pretty).

Why does this matter? Connectors. People with authority that other people listen to. Dave Winer linked to Phil. I just did too. Honestly, would you use this blogging system after reading Phil's report? I wouldn't. Maybe my mom would, but then to reach her you gotta either talk someone she listens to into recommending your product, or you have to advertise, which will reduce your profit margins (note, Google got to be a billion dollar business without doing much, if any, advertising. Why? They talked people like me into recommending them by building a best-of-breed product).

Again, how do you get customers? By building something that people will talk about -- in the new world where word-of-mouth networks are extremely efficient you need to build best-of-breed-tools or you won't get market share. Now MSN won't get the customers the low-cost way (er, through word-of-mouth), they'll need to spend money on advertising and hope that no one looks at the HTML generated. Customer aquisition cost is higher. And bandwidth utilitization per customer is higher too (. To top it all off there's very little semantic stuff in the HTML, so MSN's search engine isn't even being helped along. (I spent a lot of time making my HTML semantic, which greatly increased the numbers of visits from Google's users).

Compare that to the way Google's GMail works. Webloggers there, too, looked into the HTML, and found it to be elegant. Tons of hype from the connectors ensued.

Wanna keep up to date on how to make money on the Internet? Read "revenews." Lots of good stuff. Thanks to Tom Pohl (on Chris Pirillo's Braintrust site) for that one.

Speaking of Chris Pirillo. I'm going to be speaking at his Gnomedex conference. I spoke at the first one. Of all the conferences in the past four years this one is the most satisfying from a user's perspective. It reminds me of the user groups of the 1980s that I used to attend.

In fact, that might be why Steve Wozniak is keynoting this year.

If I had one tip for Chris, it'd be: keep users first.

I'd actually like to hold a late-night security workshop. What do you think?

Speaking of that, Tim O'Reilly invited me to his FooCamp this year. I quickly tried to get some other people I knew invited. Man, tickets to that are harder to get than World Series tickets (and, no, mine are not for sale). You can see photos from last year's campout here.

My favorite photos that I took last year were Mena Trott (co-founder of SixApart) taking her first ride on a Segway (being trained by Phillip Torrone) and Sergey juggling (co-founder of Google).

Anyway, I'm honored to be invited again this year (FOO=Friends of O'Reilly). I don't deserve to be there, really. There are a lot better technologists than me who aren't going to be there.

I am disclosing these things, just so you know of any conflict of interest that I may have. I occassionally talk about O'Reilly's books (I love their "Hacks" series, for instance) and it's important for you to know who's inviting me over for dinner and/or if I'm getting any gifts or kickbacks.

I actually am already going to be in Petaluma anyway, to be with my son, so am paying my own airfare that weekend (last year I slept on O'Reilly's conference room floor, not sure what we'll do this year).

Dave Winer and Steve Gillmor had lunch this afternoon and recorded a long audio discussion about spyware and RSS and what Microsoft/Sun/Apple needs to do.

Gillmor had a suggestion for Microsoft: a new kind of RSS Container. Browser being a renderer. Only. No integration deep into the OS. No scripting. At the end of the conversation Gillmor says that Microsoft will be last to get there.

Basically what they are asking for is a new rendering engine that can display stuff in a safe manner. I've been talking with the teams about just such a thing and it's a very difficult problem.

Turns out that as you turn up the richness knob you open yourself up to more and more security problems.

Look at phishing. If all you have is plain text, it's much harder to phish (fake email) someone. Why? Because the URLs are there in plain sight and the email doesn't have a logo (your brain is a very powerful pattern recognition engine, and it accepts logos and pictures and makes a judgment that it's an official email from those things. If you don't have logos or pictures your brain needs to look at the actual text for patterns it recognizes).

Now you know why I hate sites that push down logos and color and fonts in their RSS feeds. It's actually more secure to let me just look at plain text.

Gillmor and I have talked about this before (we met again at the recent BlogOn conference) and we discovered we both love plain text and full text feeds. Why? Because you can read the feed offline and you can email it around and it's more secure because the chances that a security problem are included in plain text feeds is very small (yeah, they might still get me to click on a URL with a bad payload included there, but the chances that that will happen are very small).

There's one problem with full text and plain text feeds, though.

"What's that?"

Advertisers don't like them. Corporations don't like them. People who want to make money off of their feeds don't like them.

Think about it. USA Today and the Wall Street Journal both have spent millions of dollars on their "brands." Fonts. Column width. Page design. Logo design. These things have been developed over dozens of years at great expense.

My brain can instantly recognize a USA Today, even from across the room. And the corporations that run these media properties want to deliver the same emotions and recognition directly to your RSS News Aggregator.

So, over the next year, we're going to see these two philosophies bash heads once again. The "branders" versus "the users."

This is where Microsoft's earlier attempts at syndication went wrong. In IE 4.0 we had CDF, which looks a darn lot like RSS. Except we catered to the branders. The big media companies. IE 4 had a Channel bar. One problem: it only catered to the "branders." Everything there had a colorful logo.

Users, however, like me, like plain text for a whole lot of reasons. Here's some:

1) I can choose my own font. Everyone's eyes are different. Some people like sans serif fonts. Some like serif fonts. Some like small fonts. Some like big fonts. Some like Cleartype or anti-aliased fonts. Some don't. Look at this blog. Did you know you can change the font on it? I haven't forced your browser to pick a particular font. You get to choose your own in your browser's options. That's the way I like it.

2) No color backgrounds to slow down readability. Readability research shows that black type on a white background is most readable for most people (which is why almost every book in the world uses black type on white paper). I don't send down a CSS file with my RSS. The color of both the font and the background is your choice. That won't be true when the "branders" get involved.

3) No blinky things. In my RSS feed I don't push down animated GIFs or Flash movies (although I'll link to them, especially when they are fun to visit like Burger King's Subservient Chicken site). Why don't I put blinky things, or lots of colored ads around my content? Because it reduces readability of my text.

"You're an a%%h@@e," I can hear the "branders" saying. Why would they say that? Because they make money off of delivering the above three things to your eyeballs. Look at the average Web site. This Flight Simulator site, for instance. They make their money off of selling ads. You can instantly see those ads (they are the ones that are colorful, and blinking).

So, there's the condundrum. How do we serve the "users" and the "branders" at the same time?

Simple: we need a new advertising model. Content providers should have a way to get paid for linking to things. Actually, Amazon.com is showing the way here. Its associates program is paying webloggers back for linking to Amazon. That's an effective way to make money (note: I do not use affiliate programs on my blog -- if I link to something I am not getting paid for doing so).

The problem is that there's a large amount of money chasing a limited amount of content. So, there's pressure on both the professionals to put ads on pages and force users to come to a Web page where an advertisement can be served, as well as on amateurs who need to find ways to pay their bills and get a little bit of cash out of the blogging hobby.

Who will win? Well, here's the rub: users today have so many choices about where to get their content that they have a chance this time around. Already I've found I've unsubscribed from feeds that didn't offer content in them (like Microsoft's own Slate feed). CNET's News.com tried going to headlines only for its RSS feeds, but quickly changed back to a synopsis after a bunch of bloggers like me complained and unsubscribed.

You want an innovator's dilemma? This is a doozy. Full text or synopsis or headlines only? Plain text or blinky stuff?

How will you choose? More importantly: how much "branding" should aggregators support?

Slashdot is pointing to speculation that there might be a new Internet Explorer released before Longhorn.

So, I go to Google, type "IE Blog" in, and find the IE Blog done by the IE team is already #1.

But, nothing about this speculation is yet on the IE Blog. That's to be expected. Corporate policy is that we don't comment on rumors or speculation.

That said, I'll put a plug in for Channel 9 since we have an interview coming up this week with Dean Hachamovitch, the guy who leads the IE team. I tell ya, I have no idea why I'm getting so lucky with timing. It's gonna be a good week.

Brad Daily, in my comments responded "I agree that transparency is good business, but there has to be results to back it up. It is encouraging to see you be open here, see videos over at Channel 9 and even the IE team is blogging. This sets a bar for MS to meet in the coming years as they release longhorn, new releases of IE, etc etc....If they don't, the transparency won't make much difference. Here's hoping for a little follow through..."

Oh, yes! I asked Iain McDonald, the guy who ran Windows XP's war room (bug triage meetings) whether he'd like to see Longhorn use the MSDN Product Feedback Center. He said "absolutely."

A couple of weeks ago I interviewed Marie Hagman, a program manager on Visual Studio's program management team. She showed me some of the suggestions and bugs that customers have sent in. Really awesome stuff and you can see the team's response to each of these suggestions.

Every team at Microsoft should do something similar.

JamesJayTrouble, in my comments, says I'm psychologically damaged. Tells me to get a life and learn something about relationships. But then he asked: how'd something so stupid as "transparency" get to be the big buzzword in the first place...? Bloggin' mebbe. Listening to re-runs of Doc Searls, perhaps, like from YOU, The Scobleizer...??

Well, we've noticed a few things.

1) People will give better feedback to product teams when they know the guy or gal in charge is actually getting their feedback. Five years ago if you wanted to give feedback to a product team here you'd have to leave it in a newsgroup, or email it to an alias like mswish@microsoft.com. Seriously. Unless you knew the program manager (and the only way to do that is to live up in Redmond, or attend conferences that cost $2000 to attend).

Today, say you want to give feedback to the MS Build team, you just open up Google or MSN Search and type "MS Build Blog." There you'll find a guy who actually works on the team. You can leave a comment, or you can send Alex an email. Think this isn't resulting in better products and happier customers? I have tons of evidence that it is.

2) Strong customer evangelists are built by involving customers in your internal business processes. Remember Amy, the customer evangelist I met at Christopher Creek winery in Sonoma? Why was she such a great evangelist? Because she knew everything about Christopher Creek's business. She knew how many cases of wine they produced. How they produced them. What vines grew the fruit. Which years had the best crops. Who the owners were and what were their beliefs.

Now, bring that into the software business. Who are the best evangelists? The ones who know why a particular bug was marked "by design?" Or one that doesn't know anything about how the team built the product? Which one is most likely to send us feedback and tell us when we're screwing up? Which one is most likely to talk about us at their local user group? Or in their classroom?

3) Transparency brings about more moral businesses. Tell me, would Enron have happened if they were sharing their thoughts in blogs the way Mark Cuban, the CEO of the Dallas Mavericks, does? Would Microsoft have run into the trouble with SmartTags if the team that designed them had had a blog and explained what they were, how they could be used, and showed an implementation of such before Walt Mossberg did in the Wall Street Journal? (That feature later was pulled from Internet Explorer due to the PR firestorm that resulted). Would Martha Stewart have been in jail if she blogged the minute she sold her stock and revealed why she was doing it? She might still have gotten heck about it, but it sure would have been harder to put her in jail if she was up front about what she was doing.

So, whether you call it "transparency" or "getting closer to the customer" or "listening to Tom Peters" or building better customer evangelists" or "getting on the ClueTrain" it's simply good business and I'm glad that Microsoft is leading the way here.

I just was setting up a computer here at home while I was blogging. Did you know that Computer Associates is giving away a free 12-month license to their anti-virus and firewall program if you visit the Microsoft Protect site? I just used that site to protect this new PC and it was really great. Turned on the firewall automatically, and did some other stuff too. Highly recommended that you visit this site from every computer you own (and email it to your friends, especially the ones that keep getting spyware and viruses).

Microsoft has two pages about spyware:

Fight Spyware.

Spyware and Deceptive Software.

Slashdot points to an analysis of Spyware. Interesting reading and demonstrates how it works and how it gets on machines.

Quick hits from my "blog this" folder (people email me cool stuff and sometimes I put it up on the blog here):

FastCompany magazine holding contest about "how can this brand be better?" Yeah, Microsoft is one of them. Thanks to Rick Hallihan for pointing me to that.

The latest issue of the Microsoft Architects Journal has just been published (the architects I know say it's quite good). While we're talking architecture stuff, MSDN has an Architecture Center with lots of new info on software factories. Thanks to Arvindra Sehmi for emailing me this.

Developer.com is tracking popularity of programming languages. I think this is bogus, but am linking to it just to see if it sparks some conversation.

Mark Goodstein has been telling me about improvements to the X1 search engine. I'm reinstalling everything on my Tablet PC this next week (now that the XPSP2 beta is over, need to get my machine up to a clean state) and I'll try it out. I loved the previous version, so if this one is tons better, as Mark claims, it's gonna rock.

The Tablet PC's coolest application, Art Rage, has gotten a sizeable update. Lots of new stuff. Thanks to Christopher Coulter for sending that one. Speaking of Tablet PCs, this is a good reason not to have more kids.

My work neighbor, David Weller, talks about the politics of benchmarking. Need an example of how blogs are changing the way corporations talk to their customers? Here's a great example.

Macintosh fans: a coworker told me about Delicious Library which is a cataloguing app to keep track of your personal collections of DVDs, music, games, books, etc. Cool visuals, but the coolest thing, he says, is that it scans the UPC code of each item using your iSight camera and uses Amazon Web services to do a lookup of the info on the item and adds it to your library automatically.

MSN has a new Web Messenger, where you can instant message your friends with just a Web browser.

Wired News talks about how porn blogs are manipulating Google.

Ever wondered what a Microsoft Company Picnic looks like? Jonathan Poon has some nice pics.

Wired has an interesting article on the changing world of advertising to 18-to-34-year-old males: the Lost Boys.

MSN, in Japan, is offering blogs. Unfortunately only in Japanese, but you can look at the one I setup.

The Drunkenblog is doing some interesting blogging about the iPod lately, among other things.

Bob Muglia does some new thinking on Longhorn and Linux in an Australian developer site's interview. Bob is tasked with building Longhorn server.

Jeremy Wagstaff wrote a nice review of OneNote for the Wall Street Journal.

Jon Udell, in Tech News World is taking the long view on Longhorn.

Rick Klau says all politics is local, all politics is RSS. He's doing some interesting things with RSS in the political world. RSS and blogging let you build relationships in a way that no other technology has before. Perfect for politics.

I just wanted to say that Russell Beattie's blog is one of my favorites. Its design is easy to read and predictable. His writing is interesting. And he includes pictures which catch my eye.

Aaron Margosis blogs about why you shouldn't run as an administrator (and how to do it).

And with that, I'm off to bed. Still got a ton stored up, though.

Did you work on San Jose State University's school newspaper, the Spartan Daily? Well, on Friday, September 10, they are having a 70th anniversary reunion. Unfortunately I can't make it, but I'm really bummed about that. If you want to attend, get ahold of Mack Lundstrom at mlundstrom@casa.sjsu.edu.

Marc Canter, the guy who started Macromedia, has been doing some interesting blogging lately. Yesterday he was calling for more "hypermedia blogs."

I'm totally down with that. After all, look at Channel 9. It's a lot like a video blog.

Aside: one member of the Channel 9 team, Charles Torre, hates it when I call Channel 9 a blog. Hey Charles: you haven't updated your blog lately. I'd love a post from you about why blogs suck. Let Carmine come out to play! (Carmine is Charles' alter ego).

Anyway, back to multimedia blogs. One dirty little secret of the industry: if everyone had a multimedia blog like what I do on Channel 9, the whole blog thing would fold over and die. Why?

No one can afford to give you the bandwidth these things take. You should see the bandwidth that Channel 9 takes. Thankfully Bill Gates is paying our hosting bills. But, most people don't have those advantages.

Most people will host on a small company's servers (my blog is on UserLand's, my brother's is on Six Apart's) or they'll be on a huge company's servers (Blogger is on Google, MSN is playing around with blogs, I bet there'll be more too).

But, for both huge companies and small companies the question is "how do we pay the bills?" Increasingly that means "can we sell enough advertising to pay the bandwidth bills?"

With text-based blogs the answer is increasingly yes. But add video or audio to the mix and that answer dramatically changes.

So, why can Doug Kaye and Dave Winer and a few others do audio? Well, they have either deep pockets, or business models that let them play around with a little bit of this kind of stuff. But, is it possible to give everyone a video blog? No way. Not yet.

Then, add into it the fact that it's harder to consume video or audio content (I can scan about 200 blog items in the time it takes me to watch one Channel 9 video, for instance) and the fact that search engines like MSN or Google don't do a good job with indexing multimedia content, and the fact that most users don't know how to create that kind of content (everyone knows how to type, but how many know the difference between Windows Media Format and Quicktime, or how to create either?) and you'll see it isn't as easy as it might sound.

Anyway, I hope to see more. It's amazing what you can do with a $450 digital camcorder now. I wish we'd see more video and audio blogs.

Getting together with other geeks has been part of this industry for more than 30 years and it's no less important today than it was back in the mid 70s when Wozniak showed his Apple I to the Homebrew Computer Society in Silicon Valley.

Today I had another example of that.

They are a way to warn companies and insiders of things that they are doing wrong.

Several discussions today centered on phishing, spyware, malware, viruses, and worms. Dave Winer said something real important "I can't trust my computer anymore." I hope I'm quoting him correctly, but he's recently been hit with spyware and can't get rid of it. Unfortunately I didn't get a look at his computer this week, so couldn't debug it.

Chris Pirillo, in his blog "why Microsoft is going to lose the OS wars" nails it home again.

Dan Appleman is one guy doing something about it. He has a quiz that very few people in this industry get completely correct. It sure shocked me (and at the geek dinner a week ago where he gave a talk it shocked most of the people who came). His book, Always Use Protection: A Teen's Guide to Safe Computing, opened my eyes to what is really going on out there and just how much work we need to do (it's a book that everyone should read, but probably won't).

Yes, Windows XP Service Pack 2 improves things quite a bit, but you still need to practice safe computing. Appleman's book shows that teenagers are actually turning off their firewalls (to play networked games) and getting their identities stolen at a huge rate (and in a way that you might not expect -- teenagers share computers with other teenagers quite readily) because of the way that they use their computers and also because of their familiarity with computers.

One thing I'm doing is learning about "good enough" security. Dan Appleman and I have spent a bit of time recently talking about what that is. Dan says that if computers are houses that most people's computers are run akin to leaving the door open and putting a sign on the front lawn saying "I have cool stuff, come in and get it." He thinks it is far more important to simply get people to lock their doors and windows at night than to build Fort Knox around your computer, the way many security experts want you to.

Also, Dana Epp, another great security expert, has been yelling and screaming at me for running in administrator mode, so we're going to do a "security makeover" on me soon.

One other thing I learned recently: if at all possible keep a hardware firewall (or a NAT, like what I'm using here) between you and everyone else. That's hard to do at Starbucks or hotels, but I've been hearing of people buying new machines, plugging them into the corporate network at where they work, and getting viruses. Why? Because those are unpatched machines and corporate networks are open to the public Internet. Dan says that university networks are far worse, too, so if you're sending your kid off to school this fall you need to make sure they are protected.

How about you? Who's doing the best security work out there today? What rules do you follow? How do you protect yourself? Certainly visiting microsoft.com/protect is a good start, but we need to do more. What's even more troubling is that as our computers get more secure the bad guys are switching to social attacks like phishing. I've gotten emails that look exactly like they were from eBay or my brokerage house -- but they weren't, they were fake emails aimed at fooling me into clicking on them and putting in my passwords and personal information. So, not only do we need to become computer security experts but we need to be far more educated about what to believe and what to click on.

Oh, and yes, I expect the "switch to Macintosh or Linux" comments. But that won't protect you from a phish (social) attack, and those systems have security problems that are exposed every week too, so that clearly isn't the answer. Heck, I linked to Chris Pirillo's post where he said to switch to a Macintosh above. I'm not switching, though, and anyone in the same boat as me needs to be protected.

Dan told me that we need both education and infrastructure changes. He likened computer users to drivers. Drivers, he said, in the early days didn't need to worry about safety laws or traffic limits. There were none. But, as more cars got on the road the world became a more dangerous place. So, drivers needed more education to safely operate their vehicles. Automakers, too, needed more safety mechanisms built in. I remember as a kid that some cars I was in didn't even have seat belts. Today my car has three point seatbelts for all passengers and airbags all around.

Anyway, I'm talking to everyone I meet about this stuff. Both inside and outside of Microsoft and I'm watching the blogs for interesting tips or discussions. Let me know if you see anything along these lines.