When are we going to get serious about computer/network security (Part 1)?

Posted on January 26, 2011 by halberenson

I’m going to start a little series of posts to demonstrate that “we” aren’t serious about computer and network security. By “we” I mean everyone from individual users of mobile phones and computers through to the government, telecommunications carriers, and equipment providers that together are responsible for the backbone of the Internet.

In the last 15 months two members of my family have had their notebook computers stolen. I was one of them. As it turned out my computer was owned by my employer and they mandated use of Microsoft’s BitLocker feature to encrypt the hard drive. Whenever the computer was booted you had to enter a PIN which would unlock the key needed to access the encrypted drive. Without the PIN that key remained locked away in a special chip called the Trusted Platform Module (TPM) and the hard drive could not be read. So when my notebook was stolen I didn’t worry about it. The notebook was a brick from which no one short of the NSA was going to get any of my (or my employer’s) data. Some months later a relative’s work notebook was also stolen, Unfortunately her employer didn’t mandate hard drive encryption and so both their proprietary data and her personal data had to be considered compromised. This is a common occurrence and one that has impacted me personally on a number of occasions. For example, when a notebook containing data about HP Pension Plan participants was stolen.

Now why aren’t all hard drives encrypted by default? I could blame this on Microsoft, Apple, and PC makers but that wouldn’t be completely fair. There is a combination of lack of sufficient push from the industry and lack of sufficient pull from users. The problem is that unless security is “free”, not just in financial terms but also in usability, then end-users aren’t too interested. I already described one usability issue, that you have to enter a PIN to boot your computer, and that is just the tip of the iceberg.

All encryption systems have what is known as “the key management problem”. I won’t go into all the permutations but let me give a simple example. Encryption takes place according to a key that either the user supplies or the system automatically generates. User supplied keys, like passwords, tend not to be very good because they are too short and often guessable. What you really want is a long (dozens of characters or more) randomly generated key. But of course a human being can never remember such a key, nor would they be willing to enter it every time they started up their computer. So one solution is to securely store a long randomly generated key somewhere and then have a short code to unlock the key. The TPM provides that local secure storage. But what happens if you forget the code that unlocks the key in the TPM, the TPM is damaged, or some other system failure occurs? How do you recover the data on the hard drive? Well, you need to have a recovery key stored elsewhere. In a corporate environment using Microsoft Bitlocker the keys are automatically backed up to the organization’s Domain Controller. But what does a consumer do? They have to keep a manual backup of the key, and if they lose it and then need it later the data on the hard drive is lost. I have sitting in a safe printouts of keys from a number of older computers that I used BitLocker on. First of all I don’t know which printout goes with what (no longer in my possession) computer. Second, they are locked in a safe. If my hard drive suddenly became unusable while I’m 3000 miles away I wouldn’t have been able to get the code to fix it.

But it gets worse. Because consumers don’t use features that depend on the TPM computer makers don’t include TPMs in consumer grade notebooks! So where do you store the key in the first place? Well, for BitLocker the answer is that if you don’t have a TPM you have to use a USB flash drive to store the key. Then if the USB drive isn’t attached you can’t boot the computer. I don’t know about you, but I really don’t want to have to plug a USB flash drive in every time I start my computer. Worse, I can assure you such a drive will get left in a Starbucks or on an airplane at some point in time rendering my computer unbootable.

There is another problem as well. Acquiring the PIN and the decryption key from the TPM (or other location) occurs at boot time. Once running a system is vulnerable until a reboot is required. This would seem like a small window of vulnerability except for one thing SLEEP mode. Most of us really like the near instant on capability that SLEEP provides and so our notebooks are set to SLEEP if the lid is closed or power management turns off the system. Just open the lid and you are back in business just about instantaneously! Of course, this doesn’t go through the boot sequence and thus when your sleeping notebook is stolen it is vulnerable. The solution is to change your power management settings so that instead of going to SLEEP your notebook HIBERNATEs. When a hibernating PC wakes up it does go through the boot sequence and you have to enter your pin. Unfortunately coming out of HIBERNATE will take tens of seconds to a minute or more compared to the instant on of SLEEP, and this may be unacceptable to many users.

Given the lack of TPMs in consumer grade machines, and the lack of a decent backup scheme in non-Domain environments, Microsoft leaves BitLocker out of most Windows SKUs. You have to have Windows Enterprise or Windows Ultimate to get BitLocker. Now the chicken and egg problem is complete. Most people don’t use hard drive encryption because the support doesn’t come built-in to their machine, and neither the hardware manufacturers nor OS supplier will provide it by default because users aren’t clamoring for it. The net result is that in many (if not most) cases if a notebook is stolen then the information on it is compromised. Be that the social security numbers of your employees or your own credit card numbers, it is a bad thing.

By the way, I’m not really picking on Microsoft here (other than as part of the overall group of hardware/OS suppliers). Apple doesn’t appear to offer full hard drive encryption for the Mac at all. Nor have the OEMs stood up and put alternate encryption solutions in place. Both Microsoft and Apple offer the ability to encrypt individual folder hierarchies on a hard drive, but this is far less secure than full hard drive encryption. For example although the original files might be encrypted temporary copies may be stored in areas of the hard drive outside the folder hierarchy and thus are not encrypted.

There are any number of third-party solutions available, including hard drives with built-in encryption. I recommend (and also use) TrueCrypt for machines where BitLocker isn’t feasible. It is free, so financial considerations shouldn’t keep one from using it. Key storage isn’t quite as secure as a TPM, and results in the startup PIN being a long (20-30 character) password unlike the 6-8 digits you would use with a TPM and Bitlocker. Recovery key management is similar to Bitlocker in non-Domain environments except that TrueCrypt forces you to create a recovery CD/DVD before it will encrypt the drive. The same problem thus exists, the recovery CD is sitting in a safe and likely rather inaccessible should I ever need it. But given all my critical data is stored in the cloud, I’ll take the (slight) chance of ending up with a dead machine over the pain of having my identity stolen should the notebook get stolen.

So what would happen if “we” were serious about security? All notebooks (and perhaps even desktops) would come with full hard drive encryption on by default. Supplying a PIN would be part of the initial setup. A TPM or equivalent would be included in all computers. Key backup services for consumers would be provided by Microsoft (via Skydrive for instance), other encryption provider, or the OEMs. SLEEP would invalidate the hard drive keys and waking from the sleep state would go through a process to re-acquire them, thus giving a secure (and almost as) instant-on capability.

By the way, Apple almost gets it right with the iPad. All data on an iPad is encrypted. Unfortunately, unless your organization forces it as part of your access to Exchange email, most users don’t use a passcode lock on their iPad. Or if they do, they use simple 4-digit PINs instead of complex passwords. And in either case they don’t turn on the feature to wipe the device after a number of false passwords are entered. And if they do turn it on then IOS allows too many attempts (10) before wiping the device, particularly with a 4 digit PIN. The encryption does no good without a decent passcode.

Posted in Computer and Internet, Microsoft, Mobile, Privacy, Security, Windows | Tagged , , , | 3 Comments

Is it ‘Game Over’ in Smartphones?

Posted on January 23, 2011 by halberenson

The Smartphone war seems to be shaping up to look very much like an earlier paradigm shift in computing.  Sure analogies are imperfect, but let me try this one on you.

It was 1983 and the computing industry was in transition.  Digital Equipment Corporation (DEC), notionally the inventor of interactive computing, was still in its ascendency and it along with other Minicomputer companies were at the heart of the technology world.  IBM, for the first time in well over a decade, was facing an actual threat to its dominance.  The technical workstation market, dominated by Apollo Computer  and newly minted competitor Sun (and later to briefly be lead by DEC) was emerging.  And an interesting little niche known as the Personal Computer was about to start its rise to the head of the computing class.  In 1982 the Personal Computer battle was between the Apple 2 and the IBM PC (running MS-DOS) and their (DEC-like) command line interfaces.  In 1983, first with shipment of the Lisa and later with the introduction of the Macintosh, Apple brought the GUI style of user interaction to the mainstream market.  Microsoft would follow suit in 1985 and with the introduction of Windows 3.0 in 1990 the outcome of the war would pretty much be settled.  Apple had pioneered the market for GUI-based computing, had changed the world if you will, and developed a following that was almost cult-like.  But in the end, although their hardware/software combination offered the cleanest user experience, the variety of price points and capabilities offered by Microsoft’s model of selling through many hardware manufacturers won with consumers.  Choice is good, even if it means making tradeoffs in the purity of the experience.  Various stakeholders in the industry fought back trying to establish their own desktop offerings.  IBM tried to stop Microsoft and Windows with the OS/2 Presentation Manager.  DEC and the Technical Workstation vendors went the GUI route themselves.  But in the end we were left with the Apple Mac still strong in a few niche markets and with its cult members, and Microsoft Windows owning the vast majority of the desktop computing market.

If you map history to today’s players Apple is Apple, Google is Microsoft, Nokia/Symbian is Digital , RIM is Sun, and Microsoft is IBM.  Oh, and HP is HP (who purchased the original technical workstation leader Apollo as it lost out to Sun and has now purchased original PDA/Smartphone leader Palm as it lost to Apple and others). 

Apple once again has stepped in and really created a new category of a mainstream consumer-oriented finger-friendly touch UI (meaning, like with the Lisa/Mac, others originated the concept but Apple was the first to really succeed with it in the mainstream) with IOS.  They sell it just as they did that original Mac, as a hardware/software combination with Apple retaining complete control over the hardware and, now, what software can run on it and what channels can offer it.  Google stepped in with the Android OS, using a business model largely emulating Microsoft, but making it even more open via the open source movement.  As with Windows in the 80s/90s it does not offer as consistent, smooth or elegant a user experience as Apple’s IOS but the variety of hardware and price points has allowed it to pass IOS in market share.  Nokia, RIM, and HP/Palm are attempting to fight back and regain their former leadership positions, but have the dual handicap of having neither Apple’s ability to produce the single best hardware/software combination nor Google’s ability to harness the power of numerous hardware manufacturers, carriers, channels, and application creators. 

And then there is Microsoft.  Like IBM trying to regain PC leadership with OS/2 Presentation Manager Microsoft is trying to regain leadership with Windows Phone 7.  It is trying to chart a course right down the middle of Apple’s closed world and Google’s wild wild west world, which overall seems like it could work.  The problem I see is that all of Microsoft’s hardware partners are also in the Google Android camp.  And all of them, seeking differentiation from one other, are likely to favor Android-related investments over Windows Phone 7 investments.   They can do more hardware differentiation and more user experience customization with Android.  Yes this leads to fragmentation, and the key question is will choice or consistency win.  Microsoft is betting that consistency with limited choice wins.  Back in 2008/2009 that was the lesson that one got from studying the success of the iPhone.  In 2010/2011 it seems that choice is once again dominating, in which case Windows Phone 7 may suffer the same fate as OS/2 Presentation Manger.

So based on current dynamics and historical perspective I (sadly) predict that Google Android wins the Smartphone war.  I do think things will be somewhat different this time, with Android never achieving the mid-90s percent market share that Windows achieved on the desktop.  The market could easily end up 50% Android, 25% IOS, 25% TBD/Other.

And Google could yet screw this up.  For example, OS/2 started as a joint Microsoft-IBM next-generation OS project which Microsoft then abandoned as Windows gained market share.  Having two competing (or artificially bifurcated) offerings would have screwed up both offerings.  Google has its own OS/2-like next generation OS project, Chrome OS, throwing confusion into the market.  Google could indeed find a way to snatch defeat from the jaws of victory by having Chrome OS pull the rug out from under Android.

So is Microsoft wasting its time on Windows Phone 7?  Not necessarily.  They have a history of keeping up the pressure until a competitor makes a big mistake and then the Microsoft offering takes the leadership position.  And even if Google and Apple don’t screw up Microsoft has a great shot at dominating that 25% TBD/Other .  Do the economics of having a less than 25% market share work out?  Now that is a very interesting question.

What of RIM?  Well Sun did reinvent themselves into a very successful Server company before ultimately disappearing into Oracle.  RIM needs to reinvent themselves.  HP, well the analogy itself tells all one needs to know.  And Nokia?  Nokia needs to stop thinking they can sort-of-own an OS with Symbian or MeeGo and start focusing on being the best manufacturer of Android or Windows Phone 7 devices.  Or they will disappear, eventually acquired by one of the competitors they pooh-poohed for years.  Wouldn’t it just be the icing on the cake to have Motorola rise from its near-death experience and ride Android to the level of success where it acquired a failing Nokia?  Maybe Motorola should have been HP in my little analogy (and then Android would be Unix).  Isn’t this analogy stuff fun?

Posted in Computer and Internet, Google, Microsoft, Mobile | Tagged , , , , , , | 2 Comments

An idea for WP7

Posted on January 19, 2011 by halberenson

I’ve been sitting here staring at WordPress trying to get going on a blog about the state of the Smartphone market.  One paragraph in and I decide to change the approach and delete it.  Start again and a different post comes to mind, this one.  I think it is just a way to put off the one that requires more effort.  Anyway, I think Microsoft needs to take a slightly different path with Windows Phone 7.  It needs to open up the platform.

Microsoft started the WP7 project in an environment where the iPhone had exploded on the scene and was taking no prisoners.  Although they knew Android was coming and would eventually be a threat, the immediate problem was responding to the need for a consumer-oriented smartphone where Apple was setting the parameters.  Microsoft responded with an approach that was friendlier to OEMs and Carriers than the iPhone, but preserved much of the tight control of the experience that Apple had pioneered.  Meanwhile Google took over Microsoft’s former (Windows and Windows Mobile) space of providing a general purpose platform that the OEMs could customize to their heart’s content.

While I like Microsoft’s approach the world is very different than it was at the start of the WP7 effort.  OEMs and Carriers like the ability to more heavily customize the device experience.  And while most end users recognize the value of having a locked down device (from higher reliability to far higher security), a significant minority prefers the ability to load any app of their choosing.  Various reports that about 10% of iPhones are jailbroken attest to this.  My guess is that a far higher percentage of iPhone users really want the ability to download applications that Apple won’t approve for the AppStore, but are unwilling to go as far as to jailbreak the device.  I, for example, was one of those.

Microsoft would gain a huge amount of credibility by tweaking the Windows Phone offering to address the needs of these power users as well as OEMs/Carriers to take control.  I have two proposals:

Proposal #1: Sell an official “jailbreak” for end users.  Sell it for enough money that most people won’t buy it, but those who really want it won’t find it cost prohibitive.  Of course such a mechanism already exists.  Anyone can join the WP7 developer program and gain the ability to side-load apps,  Trim this down to something an end-user would use, lower the cost, and you have a solution that would empower enthusiasts.

Proposal #2: Offer a version of WP7 to OEMs that is far more open than mainstream WP7.  Let them deviate from the Chassis specifications.  Let them make significant user experience changes.  Make them pay enough extra for these capabilities that they will limit this to a subset of their devices aimed at specific user segments while maintaining the baseline WP7 experience for the majority of devices.

One interesting side-effect of these changes would be a significant increase in revenue to Microsoft.  In fact, Microsoft could probably see from 2-5X the revenue from open devices than it sees from the equivalent number of closed devices.

More importantly, if Microsoft keeps things closed it will see Android dominate the market for enthusiasts and OEMs that, while happy to make a few Windows Phone devices, concentrate their best ideas and bulk of their efforts on Android.  As for Apple, well that is better left for the post I really wanted to make.

 

 

Posted in Computer and Internet, Google, Microsoft, Mobile | Tagged , , , | Comments Off on An idea for WP7

What is wrong with Comcast?

Posted on January 19, 2011 by halberenson

As you might imagine, one of the first tasks in setting up an office is obtaining broadband service.    You’d think this would be easy, but you’d be oh so wrong.

Both Comcast and Qwest are available in this bulding, so I do a little research and conclude that Comcast is cheaper and offers higher performance than Qwest.  I fill in the order form on the Comcast website, except it really isn’t an order form it is basically a request to have a Comcast rep call you to establish service.  They claim that I’ll get a call back within 24 hours and provide an 800 number to call if I don’t want to wait.  The next day I grow tired of waiting and call the number, where they tell me it is assigned to person X but they should be able to handle it.  They take down all the relevant information and tell me I’ll be getting a link in my email to digitally sign for the account.  I’m happy and patiently wait for the link.  I wait 24 hours, but there is no link.  So I call back and they again tell me X is handling this.  They transfer me to X and I get her voicemail.  I leave a message.  No return call.  So I call again and they tell me Y is handling this and transfer me to Y, except I get sent off to the wrong place,  That person does some research and transfers me to Y’s voicemail,  I leave a message, again, and 24 hours later still no call.   Now, almost a week later, I give up and call Qwest.  While waiting for Qwest to call back person Z from Comcast calls!  I explain exactly what happened and let him know that I just don’t see how I could trust my business to Comcast after the runaround and lack of response I got, and tell him I decided to go with Qwest,

The Qwest rep called me back about 10 minutes after I left a message.  Right now he is researching a wiring question with the building owner and promised to call back later today to finalize the order.

I guess Comcast just doesn’t get business.

Posted in Computer and Internet, True Mountain Group | Tagged , , | 1 Comment

The rebirth of True Mountain Group

Posted on January 16, 2011 by halberenson

After I retired from Microsoft in 2002 I started doing some part-time consulting for fun, to keep my hand in the IT world, and of course for a little extra spending money.  I put that business, True Mountain Group LLC, on hold when I re-joined Microsoft in 2006.    Well, since I’ve re-retired it is time to reactivate True Mountain Group.  I’ve leased an office, purchased a new notebook, dragged some hardware for playing with betas etc. out of dusty retirement, and started all the other activities one must in order to have an operating business.

There are interesting technology choices to be made, and the world is quite different than it was in 2002 or 2006.  I ran a Microsoft Small Business Server at home on the first go around, even though it was overkill for a single proprietorship.  I wanted Exchange for calendaring and Exchange ActiveSync so I could use my phone for email, etc..  Now of course I can get those from Hotmail (or Gmail), or use a hosted Exchange service.  I also hosted a web site on the SBS, but why would I ever do that today?  Putting it in the cloud makes much more sense.  In 2002 I installed a second POTS phone line for the business and later converted it to Vonage.  In 2011 I’ll just use Google Voice, Skype, or perhaps Office 365.  I’ve been playing with Google Voice, and of course the price is right.  But after living with Office Communicator/Office Communications Server the last four years I am interested in the latest variant (Lync 2010) that is a component of Office 365.  I find Google’s offering fragmented, confusing, not to mention unproven as to its reliability as a business tool.  Which could also open the door to Skype.  Another big change is that 5+ years ago video conferencing was iffy at best and not culturally acceptable to many organizations, today it is commonplace.  That could change how I do many consulting engagements.

There is also the question of what technologies I should specialize in.  A lot of what I do is technology independent, but I do want to do some deeper technical work.  Should it be in Mobile?  Security?  Databases?  Enterprise Software in general?  All of the above?  I’ve been toying with a few ideas for development projects of my own in both the Mobile App space and in Database Security.  There are also some open source projects that could be interesting to participate in.  So many choices….

While I have plenty of ideas of my own, I’m taking suggestions!  Of course, suggestions that come with a paid engagement do get somewhat of a bump in priority 🙂

Speaking of paid engagements, I’m mostly interested in short (a few concentrated days to perhaps a month if it is really interesting) or sporadic (a few days a month over a longer period of time) engagements.  I’m not interested in multi-month full-time engagements, sorry.  I also have a special interest in advising startups, and will work for stock rather than cash for the right situations.

How’s that for announcing I’m back in business?

Posted in Computer and Internet, Database, Google, Microsoft, Mobile, Security, SQL Server, True Mountain Group | Tagged , , , , , | Comments Off on The rebirth of True Mountain Group

Short update on my WP7 release cycle post

Posted on January 11, 2011 by halberenson

Well, I can’t say I got a lot out of the CES announcements.  I think Microsoft wanted to reserve the bulk of the Windows Phone news for Mobile World Congress next month but had to say something at CES or risk starting lots of rumors.  So what we got was essentially confirmation of what we already knew.  I can’t even tell for sure if the CDMA support is a separate release from the spring update, although that would fit my alternate scenario.  The bottom line though is that I think my December posting on what the release rhythm will be is still on point.  Hopefully things will be clearer once MWC rolls around.

A number of people contacted me to say “what about multi-tasking in the minor update”?  Some multi-tasking improvements are certainly a possibility, and that could be the one piece of news (other than an availability date) about the minor update that Microsoft has held back for MWC.  For example something limited to allowing third-party background audio apps.  But I’d still peg full multi-tasking as something that will wait for the major update this summer/fall.  The experience with multi-tasking on iOS, where I still see apps with multi-tasking related bugs, suggests that you really need a full “beta” cycle for developers to get ready for a generalized multi-tasking environment.  Just as important, having multi-tasking but having no apps that take advantage of it screws up the user experience as well.   So releasing generalized multi-tasking in a minor update could actually hurt Windows Phone 7.  Yes, lack of multi-tasking is one of those Top-5 kind of knocks on WP7 that could tempt Microsoft to rush a solution to market.  But I hope they don’t.

Posted in Microsoft, Mobile | Tagged , , | Comments Off on Short update on my WP7 release cycle post

Bob Muglia’s departure and what it means for Microsoft

Posted on January 11, 2011 by halberenson

I was shocked yesterday when an alert popped up on CNBC that Bobmu was going to leave Microsoft.  Of course, a little more investigation revealed that Bob was only leaving after Steve Ballmer decided to replace him as head of STB.  On one level that was even more shocking, on another it wasn’t that big a surprise.  As others have noted, Steve and Bob’s relationship has been somewhat rocky over the years.  For a public example just look at how long it took Steve to give the President title to Bob, even though Bob was running one of Microsoft’s 3 big and profitable businesses.  Bob reported to Steve and functioned as a President in all respects, but the recognition.  Contrast this with recent examples where Steve made more junior, and less proven, executives such as Andy Lees (Mobile) Presidents.  Just over three years ago Andy ran Bob’s marketing team.  And while Mobile is certainly a critical area for Microsoft, Andy hasn’t proven he can be successful at it.  In fact, one could argue that it took him a year too long to reset the mobile strategy and bring in new engineering leadership to transform Windows Mobile into Windows Phone 7.  If Microsoft fails to succeed in Mobile, that year will go down as the gap that allowed Android to establish itself as the alternative to iOS and create a two-OS race.  In fact, if one weeds out the noise (WP7, Blackberry, WebOS, etc.) we have a repeat of the classic race between the Mac and PC playing out with iOS taking the role of Mac OS and Android the role of Windows.  We know how that one turned out.  On the other hand, if Microsoft stakes out a position as a peer leader with iOS and Android in the mobile phone space then Andy will be one of the true heroes at the company.

Meanwhile, in all the critical races in the STB space Microsoft has done well.  It established SQL Server as one of only three remaining mainstream database players, and one could argue the only real alternative to Oracle.  The related efforts in BI forced consolidation across the BI industry, and yet Microsoft continues to innovate rapidly in this space.  It blunted the Linux juggernaut and has grown market share despite the challenge (with other OSes losing to both Windows Server and Linux).  And it stopped what looked like an unstoppable movement to Java by bringing the very successful .NET to market.  Even more recent efforts, like Silverlight can easily be declared successes and had HTML5 not stepped in as a game changer I could imagine Silverlight eventually overtaking Flash as the way to build Rich Internet Applications (RIA).  While Bob wasn’t the only one, or even the primary person, responsible for all of this he has played important roles in making it happen and keeping it going.  In addition to Bob, Microsoft CTO David Vaskevitch (who was the original visionary behind what became STB and lead various parts of it in the 90s), Sr. VP Paul Flessner (who ran the server products other than Windows Server), and numerous other executives and partners behind the creation of STB, have left in recent years leaving one to wonder about Microsoft’s future in “the enterprise”.    One of the results of Bob’s departure is that it will hasten the departure of other senior leaders in STB; some who would have left anyway in the next year or two and others who will now decide the grass is greener elsewhere.

At any given time there are several rumors running around Microsoft about executives who are going to leave.  Sometimes these are grounded in fact, more often they are (at least in the near term) just rumors.  Here is a hint to Microsoft watchers:  if you look at a long-time Microsoft executive and figure out when his/her youngest child enters college you can tell when they are most likely to retire.  It’s simple, a lot of what you would do in retirement doesn’t make sense when you have kids living at home.  Travel is the most obvious one.  So even employees who have things they really want to pursue outside of Microsoft (and even if it isn’t 100% retirement, they want control of their time) realize they should wait for the kids to be out of the house.  So, lets say you just shipped a big product .  Do you “sign up” for another grueling 2-3 year cycle or do you pull the plug?  If the kids are at home you say “well, what else am I going to do for 2-3 years?” and sign up.  If the kids are gone you say “I think we’ll spend the next year in Paris”.  Ditto for anything that makes your job no longer fun (as remember we are talking about people who are generally financially independent).  So for me the biggest shock wasn’t an announcement about Bob leaving, it was that his departure preceded a number of other announcements I expect to see.  And now with Bob gone a few people who were on the fence will probably leave, and then once his replacement comes on board a few others will decide they don’t want to be part of the “new” STB.  Ok, new leadership might cause a few people to put off leaving for a while.  As one of my friends who is a bit lower down in the leadership  put it, “this could be an opportunity for me”.  But I think this balances out to more departures not less.

The real question on the table is what will become of STB?  There are two kinds of leaders that Steve could put in charge of it.  One would be charged with milking the non-cloud businesses to become more successful in the cloud.  This would keep Microsoft targeting the portion of the market it currently addresses but shift the platform.  The other would be to put in an executive with a broader charter of expanding Microsoft’s enterprise business, with the cloud as a mechanism for doing so, and giving that executive leeway to propose and execute an aggressive investment program.  The truth is that to hire someone who is an “upgrade” from Bob from the outside it probably has to be the latter.  A senior executive at this level, someone who probably aspires to be a F500 CEO or similar, isn’t going to take the job if they are going to be placed in a straitjacket.  This suggests something else for Microsoft watchers…if Steve picks an insider it is most likely to pursue the former strategy.  If he picks an outsider it is most likely to pursue the latter strategy.  Of course, Steve could do something like he did with E&D and break up STB or shuffle things around the other businesses.  I can think of 3-4 scearios that make sense, at least for some definition of “sense”.

Overall I’m going to miss Bob’s presence at Microsoft and consider this a big loss for the company.  I enjoyed working with, and at times for, him over the years.  From my first meeting with Bob shortly after I joined the company in 1994, to my occasional meetings with him while I was in my first retirement, to the last product review a few weeks before I left last October, it has been a pleasure.  Ok, that first meeting was really strange.  And I did go back to my boss and say some very unkind things about Bob.  Fortunately that first impression didn’t last 🙂  Bob, good luck in whatever your post-Microsoft endeavors are and keep in touch.

Posted in Computer and Internet, Microsoft | Tagged , , , | 5 Comments

It’s all about the rhythm

Posted on December 20, 2010 by halberenson

(Note: I reveal no Microsoft secrets here.  I don’t have any on this topic to reveal, and I wouldn’t if I did!)

I’ve always been amazed when reading blogs or articles written by Microsoft watchers how little many of them seem to really understand the company.  I’m seeing a lot of that in regard to potential updates to Windows Phone 7 (WP7).  Even when they might have a solid lead on something, they seem to misinterpret the clues.  Is it an attempt to gain attention by sensationalizing the facts, hoping they’ll be remembered if they hit a home run and everyone will forget the strike outs?  Or do they just not think about the realities of the situation?  To help the curious really think through what might happen with Windows Phone over the next year I offer some clues as to how to process the leaks and speculation.

The rumor mill is full of speculation about their being two Windows Phone announcements early in 2011, one at CES and one at MWC.  They are probably right.  The speculation on these announcements run from announcement of availability of a minor update such as copy-paste to a major update of WP7.  Moreover, they confuse the idea of an announcement with the idea of availability.  So some reports have us all getting one update delivered to our phones in January and another in February.

Let’s start with the idea of end-users actually seeing two WP7 updates one month apart.  VERY unlikely.  Anyone who has done large-scale software development knows that design and coding are the small parts compared to “the end-game”.  The end-game are things like all the internal testing of late and final builds, giving builds to developers, testing by the device manufacturers, testing by carriers, testing the thousands of apps already in the marketplace to see if they work on the new OS version, etc.  This process takes months and it is difficult to pursue on two releases in parallel.  Even if Microsoft were to devote enough resources to run two parallel end-games, most of its partners could or would not.  The reality of the end-game is that Windows Phone, or any other non-cloud product, is not likely to be updated more than once every 3-6 months.

What about Minor vs Major updates?  Some rumors had a Major update coming in February.  Given that a Major update is going to have a lot of changes for developers Microsoft will want to give developers several months to prepare.  You see this with IOS all the time, and with decades of history around Microsoft products.  So how could we have a major release in February without it already being in the hands of developers?  You can’t.  So let’s think about two things.  One is what we have pretty reliable data on, and how to think about Windows Phone releases overall.

There are four items we have really good statements on from Microsoft or its partners suggesting near-term (1H2011) availability.  All four have minimal on-device developer impact, and thus it is reasonable to assume they could appear in (what to the outside world at least appears to be) a minor update.  Those four items, in order of the likeliness we’ll see them in early 2011, are:

– Copy/Paste – The only thing Microsoft has explicitly talked about for early 2011

– CDMA Support – Leaks from Verizon and Sprint point to early 2011

– In-Browser Flash support – Adobe execs have been talking about this since WP7 was originally revealed; SteveB hinted at it as well.

– In-Browser Silverlight support – I doubt Microsoft would release Flash support without also releasing the Silverlight support.

I don’t think there is anything else out there with enough backing to suggest they could appear in the first minor update to WP7.  And despite it being a minor update, those four items would represent a huge customer value proposition improvement.  There could be some surprises in both directions, other minor functionality that we don’t know about.  And Flash/Silverlight in-browser is actually pretty speculative.  But those 4 items do make a tasty update, don’t they?

So what about all this talk of a major update?  Well, stop thinking you’ll have something in your hands in early 2011 and start thinking about the rhythm that Microsoft might be trying to establish.  There are two really good times to hit the market (at least in the U.S.) with consumer products, the Christmas (etc.) holiday season and Back-to-School.  For 2010 Microsoft targeted the Christmas holiday shopping season to introduce WP7.  To achieve that it made an initial announcement at MWC in February, brought developers on board at MIX10 in March, and released WP7 to manufacturing (RTM) on September 1st.   I would expect a very similar rhythm for a major release in 2011.

It would be hard for Microsoft to break out of a rhythm of delivering major releases in late summer because of the need to refresh the product for the Christmas holiday season (both for their own sales purposes and to align with the carriers’ need to offer customers with expiring contracts an enticement to extend another 2 years).  And they need to give developers, device manufacturers, and carriers a few months to work with a new major release before it actually hits the market.  I think this suggests an overall release rhythm that Microsoft will maintain for years to come.  We’ll see a minor update in late winter and a major update in late summer.  The minor updates will come with little advanced warning as to what is in them because of minimal to modest developer impact.  The major updates will get an initial reveal around the same time as the minor update ships, with builds in the hands of developers in early spring followed by a late summer RTM.  Consumer availability will be late summer/early fall, allowing for a new wave of devices for the holiday season.

So what should we expect in 2011?  I’ve already discussed the minor release, but what about the major release announcement?  Of course it will contain any of the four items I mentioned above that don’t make the minor release.  Beyond that it is very hard to say.  The one thing Microsoft has telegraphed is that it could include support for an additional chassis (something I wouldn’t expect in the minor update because of extensive developer impact).  And I’d expect some tweaks to Chassis 1 to track hardware advances.  Beyond that I’m sure it will include items to address competitive weaknesses, and just to flesh out the platform.  For example there are capabilities already in the platform that Microsoft ran out of time providing APIs for and I imagine the major update will include a lot of new APIs for developers to access existing WP7 functionality.

I will mention one caveat to my position about not having multiple minor updates in early 2011.  CDMA support is so isolated from everything else that Microsoft could actually do a second update with just that in it without the full impact of another end-game.  But I really think it unlikely unless they absolutely can’t get the CDMA work done for the minor update but feel they also can’t possibly wait for the fall of 2011 to bring Verizon and Sprint on board.

I’m looking forward to the announcements in January and February as much as anyone.  But I sure don’t expect to be running production bits for a new major release on my Samsung Focus for another 9 months or so.

Posted in Microsoft, Mobile | Tagged , , | 2 Comments

SYSWAN or Cisco?

Posted on December 20, 2010 by halberenson

For many years now I’ve been suffering with a low-speed (1.5Mb/s) DSL connection that prevented me from enjoying today’s Internet.  It was a nice step up from our previous Internet connection, Hughesnet, but didn’t allow streaming of movies, reliable video conferencing, etc.  A couple of months ago I was able to remedy that with WiMax from local company Kellin Communcations.  So far that link has been reliable, but we have yet to experience real winter weather, so I’ve retained the DSL line for now as a backup. That lead to the question, how can I automate switching to the backup DSL line in case the WiMax link fails?  And can I use both simultaneously?

The answer to both questions is yes, using a router that supports Dual-WANs (Wide Area Networks).  Unfortunately there are no consumer-grade Dual-WAN routers; I mean how many people have multiple Internet connections coming into their homes?  But I did find a couple of options aimed at small business that had prices in the range of consumer devices.  One is the SYSWAN Duolinks SW24 Dual WAN Loadbalancer.  The other is the Linksys (now Cisco, as Linksys’ small business products have transitioned to their parent company) RV042 4-Port VPN Router.  Having had a recent failure with a Linksys product I decided to give the SYSWAN a try.

SYSWAN is a small Oregon-based company and there is little information available about them or their products.  What I did find suggested that they made a very good product but that it was somewhat hard to use, had poor documentation, but good technical support.  Although I’m not a “networking guy”, I do have modest knowledge and a willingness to learn, so I wasn’t too worried about the quality of the SYSWAN documentation.  I ordered one and when it arrived a few days later proceeded to install it.  My first impression was, wow, this thing has lots of settings!  But within a few minutes I had it up and running with both the WiMax and DSL line connected.

So the good news with the SYSWAN was that initial setup was easy, however that is just the start of the story.  Shortly after my excitement over now having an automatic backup Internet connection wore off I realized that my AT&T Microcell was no longer working.  Now the Microcell is a strange networking device in that AT&T tried to make it as much of a black box as possible.  In other words, there are absolutely no settings and no way to see what is going on inside of it.  It is all supposed to work by magic, and if it doesn’t then there are a few settings you are supposed to change on your router to make it work.  I tried them all, not that it was easy.  The SYSWAN used different terminology and hid things in different places than most other routers.  Nothing worked!  Finally I decided to try the one thing that had to work and place the Microcell in the router’s DMZ.  This would effectively get the router out of the way and make sure the Microcell could communicate with AT&T.  Well, to begin with I’m sure I’ve lost many of you.  And that is precisely the problem with the SYSWAN.  The fact that I even have to talk about these things means that the SYSWAN isn’t intended for anyone other than a networking expert to deal with.  In fact, I could write pages about what I did to open up ports, change packet sizes, write rules, etc. trying to get it to work.  And oh how much time I wasted.  But now I’d solve the problem using the DMZ.  Except this is where the design of the Microcell and the design of the SYSWAN conflict.

On all routers you specify the IP address of a server inside your LAN to put it in the DMZ.  This means you either have to configure the server with a fixed IP address, or use a feature in the router’s DHCP server to reserve a specific dynamically assigned IP address for a particular server using its MAC.  Essentially you use DHCP to make a dynamically assigned static IP address.  Since the AT&T Microcell doesn’t allow you to configure it (with a fixed IP address or in any other way) I configured the SYSWAN’s DHCP server to assign a specific address to the Microcell’s MAC address.  However, when I tried to place the Microcell into the DMZ the SYSWAN complained about the use of the DHCP-assigned IP address.  Damn, it will only put a server with a true static IP address into the DMZ.

Before I finish the SYSWAN story I should mention that a few days before trying the DMZ option I’d sent SYSWAN Support an email describing my problem and asking how to configure the SW24 so my AT&T Microcell would work.  I never got a response.  So now I’ve put several hours into trying to solve the problem and have exhausted my options.  The SYSWAN is so unknown that the typical BING it and someone else will have posted instructions didn’t work (and yes, I tried Google as well).  All that was left was the prospect of a phone call to SYSWAN support.  I picked up the phone and dialed.  And discovered that their support line closes at 5PM Mountain time (which yes, if you are on the west coast means 4PM).  Of course it was only 4:50, so despite their limited hours I should have squeaked through.  But I guess they went home early that day.

Faced with waiting for the next day, and then likely spending an hour or more only to be defeated by the clash between the SYSWAN and the Microcell’s lack of configurability, I went to Amazon and ordered a Cisco RV042 with 1-day shipping.  It arrived, I swapped out the SYSWAN, spent about 2 minutes on configuration, and tested that failover between the Internet links worked.  I then plugged back in the AT&T Microcell and waited.  A few minues later it was up and running with no special configuration on the RV042.

I’m sure the SYSWAN SW24 is a great small business router if you have some special needs that it supports and are willing to pay a networking expert to setup, tweak, and tune it to perfection.  If I were actually trying to review the two for small business use I’d do a capability comparison and try to identify the situations where the SW24 excels.  But that wasn’t my intent.  Certainly for consumer or SOHO use, the Cisco RV042 makes a lot more sense.  It’s too bad I didn’t start out with it.

Posted in Computer and Internet | Tagged , , , , , | 6 Comments

Microsoft Office for those who really don’t need Microsoft Office

Posted on December 13, 2010 by halberenson

I recently had a very pleasant experience when purchasing a new PC for my Mother.  She’s basically a user of email and instant messaging.  Plus, she writes about 10 letters (e.g., “please change my address…”) a year in Microsoft Word.  Word 2003 that is.  I was a little apprehensive about spending ~$100 for a copy of Microsoft Office Home and Student 2010 just so she could write a few simple letters.  Fortunately, when I set up her PC I discovered it came with Microsoft Office Starter 2010 installed.  This version of Office includes ad-supported reduced functionality versions of Word and Excel.  PERFECT!

I had my mother give Word 2010 a spin and she was very happy with it.  In fact, because she really didn’t know Word 2003 at all it turned out she liked the Ribbon interface.  That makes her the first person I’ve ever met whose initial reaction to transitioning to the Ribbon was positive!  Second pleasant surprise of the day.

I don’t know if the Starter edition is really doing anything for Microsoft’s Office business,   but it does keep consumers with only minimal need for word processing or spreadsheet capability from moving to alternatives such as Open Office or Google Apps.  Lets face it, spending $100 on top of your $350 PC to write a few letters just doesn’t make economic sense. 

There is something else to like about Office Starter 2010.  If you do need more capability, for example because you start a home business, you can just buy a key to enable full Office functionality.  My Mother doesn’t need this, but I know a lot of people who do.

Of course this isn’t the only way to get Microsoft Office for little or no money.  Employees of large organizations can usually get a full copy of Office Pro for $9.95 through the Home User Program.  And I love that I can use Office Web Apps for free, no matter what PC I’m on, to edit documents stored in Windows Live Skydrive.

The bottom line is that I don’t know how well all these programs serve Microsoft shareholders (though they sure haven’t hurt them as of yet), but they are fantastic for consumers!

Posted in Computer and Internet, Microsoft | Tagged , | Comments Off on Microsoft Office for those who really don’t need Microsoft Office