Scobleizer Weblog

Daily link Thursday, August 19, 2004

New magazine coming for IT types who use Microsoft stuff: Redmond.

Hmm, maybe my brother Alex should write for that magazine. He's an IT guy at a Silicon Valley lawfirm that's using lots of Microsoft stuff. On his blog he regularly writes about his experiences keeping lawyers' technology up and running. Today he is writing about a document management system.

2:18:35 AM    comment 

Another audio blog comes up (Halley Suitt is now doing the MP3 thing). Interviews Joi Ito on the first take.

2:06:44 AM    comment 

Everytime I talk with David Janes about his news aggregator named "Jäger" I think of Jager Meister (the alcoholic drink).

I don't know why, but the new version that David just released has lots of new stuff. Here's the official blurb: "Jäger is a "one-panel" syndication reader that uses the user's browser to display weblog content. Version 1.4 features offline content reading (including aggregating many weblogs together on a single page), full-text searching, a simplified user interface and a price tag of $0."

2:02:01 AM    comment 

Oh, I gotta buy one of these shirts cause I'm definitely a blog addict. Too bad that site is French, though. Anyone know where we can get one in USA?

1:57:27 AM    comment 

I'm starting to get interested again in buying a new SmartPhone, so was happy to see Chris De Herrera put up a SmartPhone and PocketPC phone comparison list.

1:54:47 AM    comment 

Jeffrey Richter, one of most respected developers (he regularly got very high ratings at the C++ conferences I helped plan for Fawcette), is now blogging over on the new Wintellect blog. Oh, he's talking up the Tablet PC too! Hmmm, I wonder what he's gonna develop for the Tablet PC?

1:21:12 AM    comment 

I don't know if you knew, but I haven't been using IM much lately. Why? Because I couldn't add anyone new to my contact list. I complained to MSN about this (I wasn't the only one) and Jeff Wilkes told me they just doubled the size of the list limits on MSN Messenger. So, let's fill it up. I'm

By the way, the backend is now running on SQL Server. Over in one of the buildings that MSN is housed in they have an electronic sign that shows how many people are using MSN Messenger. It's an amazingly high number. Nice to know that SQL Server is handling the load.

1:18:07 AM    comment 

Stewart Butterfield, founder of Ludicorp, announces Organizr for digital photos. I'm speechless. The same folks who brought us Flickr, a photo sharing service.

I just watched the videos, but in talking with Stewart, I know this rocks. I'll try it out over the weekend. Anyone already using it?

1:11:43 AM    comment 

OK, first redesign candidate is now coming up. It was done by Derek Lakin. Over the next couple of weeks I'll put a different one up every day or so. Take a screen capture. Then decide which one I like the best.

If this is any indication, wow.

1:03:00 AM    comment 

Dan Gillmor, of the San Jose Mercury News, tells everyone to wait on updating their computers to Windows XP Service Pack 2.

Dan makes a good point. That new stuff brings uncertainty -- I've certainly been bitten by new software in the past. But, let's try to get over that fear -- XPSP2 has already been installed by a lot of people (NeoWin alone distributed more than 200,000 copies in the first few days of its release -- and I'm sure that 30x more have downloaded it already from Microsoft's own servers). And, if there were bad things happening the newsgroups, Channel 9, Neowin, and my weblog would be overrun with complaints.

They are not.

Yes, there have been a few, but considering the numbers of machines involved the problems we've been seeing are so small that the risks of waiting (cause you might get a virus or worse) are far worse than the risks of installing. Go ahead, count the complaints. There aren't very many of them and even many people over on Slashdot who are usually very anti-Microsoft are saying to install it.

Look at Dave Winer. His machine doesn't have spyware on it since installing XPSP2 and it is running faster too (he couldn't get rid of it before upgrading). Dave isn't known for being friendly to Microsoft.

My own experience? I've installed XPSP2 on a dozen machines already without a single problem and so far my machines are running faster than before. I'm in the middle of a test too to visit a ton of sites that are known to have nasty stuff on them. So far no spyware or popups or things getting through the firewall. This is a HUGE HUGE HUGE improvement over the way things were before (I had some sites that I could just visit and get weird stuff from). I don't want to set expectations too high, though. But clearly we're much better off with XPSP2 installed than before.

Also, Microsoft has internally been pushing this to all of its employees. 57,000 of them. We're being forced to install XPSP2 by September (all of my work machines were automatically upgraded). I have been watching the SP2 and security aliases internally and the number of problems being reported are very few considering how many people are getting upgraded.

One problem I had with Dan's writing is when he says this: "The XP firewall isn't perfect, but it's a lot better than nothing."

That leads one to believe that he has proof that there's a hole in the firewall. When he says "not perfect" that means that he believes it has a flaw that'll let an attacker in from the outside. That simply IS NOT TRUE. The world's top security researchers have been banging on this sucker for weeks. A hole has not yet been found. But Dan doesn't tell you that.

Now, Dan, are you refering to the fact that XPSP2's firewall only blocks threats coming from outside your computer (and not ones that are already inside trying to get out)? If that's the case, why didn't you say that? Instead your writing makes it seem like there's defect that lets hackers in from outside your computer.

By the way, XPSP2 even warns you when things are trying to open ports to the Internet (admittedly it won't cover all kinds of attacks from inside your own computer -- if you stick a floppy disk in your drive that's infected and get an advanced trojan horse you are better off with a firewall that is a bit more advanced -- but that risk is very low today while the risk from not using any firewall is very high).

Dan, can you please let me know what you mean by "not perfect?" That's pretty specific language and it sounds like you have some information that your readers should have access to.

By the way, if you want a firewall that'll block things coming from inside your computer you can download one from (look for the Computer Associates anti-virus/firewall package -- there's a 12-months-for-free version on that site that I'm using on one of my computers).

If you believe that a "block-everything-from-the-outside-but-not-everything-from-the-inside" firewall is inadequate to protect your systems, there are plenty of other choices too, many of which are free. Sygate Personal Firewall, for instance, is a free nice two-way firewall.

Flexbeta, for instance, has already done extensive tests on the firewall that's included in XPSP2. Nothing they sent from the outside got through the firewall. How is that "not perfect?"

Another thing I had issue with is when Dan tried to drag privacy arguments into his anti-XPSP2 stance. Whoa. Those two things are completely separate. In fact, if you want to keep the government and corporations off of your computer, the number one way to do that is to put up a firewall! And make it harder to run software that could be used for privacy-stealing purposes (which is exactly what spyware and many attacks do).

So, while Dan starts out with some sound advice (go slow on installing software to avoid most of the risks) he goes overboard when he calls XPSP2's firewall flawed and when he tries to pull in privacy and fear of big corporations to his original argument.

One thing Dan does say that I agree with: "Instead of building security and privacy into everything at the outset, we continue to bolt it on later. That's always the inferior method."

But even there, this is revisionist. Much of Windows architecture was designed before 1995. Before Netscape. Before the Internet. Before 9/11. Before email. Remember, when I started in this industry back in Jim Fawcette's office in 1992 we didn't even have email (we printed out memos and handed them out). That was, what, 12 years ago? A sliver of time in the overall scheme of things. And you wanted engineers back then to understand the threats that would be hitting in 2004? OK, quick, tell me what threats will be hitting us in 2016. My son will be 22 and in college then. What will computers look like? What will the criminals look like? What kind of tools will they have?

But, I know how that sounds like excuses. So, let's step back. The world is what it is. Let's fix the problems together and move forward. That means installing XPSP2 as soon as you can. It means getting over your fears.

How can I help you do that?

Another point of view? Larry Seltzer, in eWeek, takes on a report of a flaw in XPSP2.

One last thing. One of my readers said "well, I'm behind a corporate firewall so I'm safe and I won't install XPSP2." That's all fine and good until you take your laptop to Starbucks and hook up to their network. Or, even more scary. Let's say your coworkers take their laptops to Starbucks, get infected, then come back and hook up to the corporate network. Now you have a virus too -- all because you didn't install XPSP2.

Translation: the risks of installing XPSP2 are far smaller than the risks of not installing it.

Or, am I full of it? So, why aren't you installing XPSP2?

Update: I've opened a thread over on Channel 9 to give people a better way to report troubles they are having with XPSP2.

12:11:24 AM    comment 

August 2004
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        
Jul   Sep

(On Bloglines)
(From NewsGator)
(On TextAmerica)
Naked Conversations
(Book blog)
Main Feed
Link Blog
Microsoft's Channel9
Comment Feed
Referer Page

Click here to visit the Radio UserLand website.

Click to see the XML version of this web page.

© Copyright 2005
Robert Scoble
My cell phone: 425-205-1921
Are you with the press?
Last updated:
5/11/2005; 12:56:37 AM.

Robert Scoble works at Microsoft (title: technical evangelist). Everything here, though, is his personal opinion and is not read or approved before it is posted. No warranties or other guarantees will be offered as to the quality of the opinions or anything else offered here.

Be the first to comment! Free real-time blog alerts via MSN Messenger, mobile, or email.
Technorati search