If you are wondering about Azure, there are probably two main question you have: Is it secure and how much does it cost? The first is still hard to answer and largely depends on how seriously the customer takes security. You can't leave it all in the hands of the cloud vendor.
The pricing is easier to fathom, and this month Microsoft will release a fuller price list.
On the low end, a 1-gigabyte database is about $10 month. This really is the low end. Moving up 5 gigs is almost exactly five times the price. Keeping with that model, 100 gigs is a $100 a month, all the way to a 50-gig database for, you guessed it, around $500. Talk about linear pricing.
There are also fees for writing to and from the database.
I'm no database guru, so you tell me if this is a good or bad deal at [email protected].
Posted by Doug Barney on 06/23/2010 at 1:17 PM0 comments
Was it wrong for Google to publicly broadcast a Microsoft security hole? Here's what some of you think:
It was irresponsible for Google to tell people how to exploit the hole (if that is indeed what they did). It is also irresponsible for Microsoft to let a high vulnerability stand once they knew about it (if that is indeed what they did).
As I recall, the last time an XP vulnerability surfaced, you had to be on the local machine to exploit it. If this is the vulnerability to which you refer, it is not much of one if it cannot be exploited without sitting at the keyboard.
That said, Microsoft announced the upcoming retirement of Windows XP in 2007 after releasing Windows Vista. Users demanded that they extend the lifetime of XP. Microsoft responded with Windows XP SP3 and announced a retirement date for XP SP3 for April 2014. More likely than not, XP and SP4 will ship shortly before that date.
Since then Vista SP1, SP2 and (a much improved) Windows 7 has shipped. Users have had three years to prepare for the transition to the NT 6.x kernel.
There reaches a point at which it is unrealistic to expect Microsoft to continue to support Windows XP. If users are too lazy or too cheap to upgrade a nine-year-old OS, I just don't feel very sorry for them.
-Marc
If Microsoft knew about this flaw all along and did not fix it then I think they are almost criminally negligent and should be made to refund the cost of the software, as well as any costs associated with any damage caused by the flaw.
I applaud Google for exposing it so that it would be fixed. That this exposure has caused hackers to exploit the flaw should not surprise anyone.
-Anonymous
It appears that the fellow who exposed the flaw was working with a group of his peers within Google. Unless they are working totally off-the-clock and with NO Google resources (even a copy of a compiler or a notebook controlled by the company) I would qualify this as a Google-sponsored issue.
If that's the case and there is any damage done by hackers, I would go after Google because they allowed the programmer to go public with the information in a reckless way. Also, the employee should also be blameed because he is putting many people at risk.
I'm sure that Google would love to embarrass Microsoft any way they can, but putting thousands of people at risk in the process is corporate irresponsibility.
-Tom
Google is encouraging criminal behavior. Could it be prosecuted for conspiracy?
-Ken
Flaws should NOT be advertised so that hackers may exploit them. The owner of the software or platform should be notified so that they may fix it. Even if they do not, it is better not to tell the world that it exists. If you do tell, every hacker around the world can take a stab at it, if they so desire.
Sounds like Google wanted Microsoft to take a hit over this. I trust Google less than I trust Microsoft.
-Bernie
I am one of those that think that all hackers should be taken out back and SHOT in the head.
Hacking should be a major felony, along with identity theft -- 10 years in federal prison, minimum.
I've been the recipient of these attacks.
Google should have told Microsoft about the problem with a phone call (not over the Internet).
Thanks Google. Stupid...
-Anonymous
Share your thoughts with the editors of this newsletter! Write to [email protected]. Letters printed in this newsletter may be edited for length and clarity, and will be credited by first name only (we do NOT print last names or e-mail addresses).
Posted by Doug Barney on 06/23/2010 at 1:17 PM3 comments
Microsoft, along with the FBI and American Bankers Association, are trying to kill off Internet fraud through the Internet Fraud Alert. The program helps companies know when they've been compromised -- before they would have found out themselves.
Fraud Alert looks for cases where accounts, passwords, card numbers, etc. have been stolen and alerts the victims ASAP.
While I love this kind of thing, I prefer more forensic work so hackers can be hunted down, busted and tossed in the cooler.
What are your thoughts? Are hackers just misunderstood and deserve our comfort or our worst retribution? You tell me at [email protected].
Posted by Doug Barney on 06/23/2010 at 1:17 PM1 comments
Google is the inventor of the Droid (Android) phone, and I hear it's pretty good. But Google just can't keep away from controversy. It spies more than James Bond. I'm not sure if this is Google's fault, but apparently the HTC Incredible phone, based on Droid, saves what you do on the Web. We're talking screen grabs of things like your banking login screen -- with user name and password of course.
The problem is this data is harder to erase than a bad tattoo.
Do you trust your mobile phone? Send your whys and why nots to [email protected].
Posted by Doug Barney on 06/21/2010 at 1:17 PM5 comments
Google is in more privacy trouble now that it's disclosed that the company actually collected password as it snooped on our WiFi setups to feed its overly intrusive Street View service. Concerned about the collection of computer addresses and data, the French government looked into Street View. A peek at the info reveals that Google grabbed passwords. Google claims it meant no harm and wouldn't abuse the data.
Let's face it: Google is a data company. The more it knows about you and I the more Porsches its executives can buy. Google is the Patriot Act on human growth hormone.
Agree? Disagree? Share your honest feelings at [email protected].
Posted by Doug Barney on 06/21/2010 at 1:17 PM7 comments
Welcome to long-time reader Dave who wrote to Doug for the first time last week and commented on various topics (join in by writing Doug at [email protected]):
I have been reading your work for 5-6 years now, and always look forward to each installment. I am a first-time commenter as a result of the revelation that whenever you ask for opinions, you just might really want to hear them!
First, the silly: In your Friday's Redmond Report, you wrote that you, "wondered aloud how long it would take to exploit [the HPC flaw details released by Google]." How can we confirm this? We can't hear you when you type!
Now, the main "take" that your column asked for: I am not a hard-core gear head. I've been working in IT since 1996, have a handful of certifications and have just completed the bachelor's degree I first started after high school in 1985 (so, I do read with great interest the postings about salary vs. education). The comments on the Web site seem to cover most any angle I could bring up, but there are a couple that seem to have a particular ring to them.
Chris from Lake Mary, Fla. wrote that, "it [isn't] irresponsible to tell hackers how they attach [sic] our software. This is just the way it is." He explains that Microsoft releases details as part of releasing patches. He goes on to cite the SQL Slammer worm as an example of the impact of unapplied patches. I think this is close to Google's actions: They combined announcing a flaw with announcing a work around. However, it isn't Google's product. They certainly have the "right" to suggest how people react to a flaw -- irrespective of by whom it was made public -- but I feel it may be over some imaginary line to (potentially) scare people into using their quick fix. Google essentially said, "There's this really serious problem with Windows -- you gotta do [this] to keep your computers safe." I may be in the dark on this, but how much testing did Google do on their work around before telling people it would work? Is it at all possible that their method would open a computer to some other attack vector, or unduly limit functionality?
I agree with Dan from Iowa that it's, "not [Google's] job to dictate how fast Microsoft responds with a fix." I further agree with the point that their actions blur the color of the hats -- white or black. It's certainly a leap -- and I'm am absolutely NOT suggesting that it is the case -- to couple Dan's comment about who are the "Bad Guys" with the comment by Esteban Gronzy from Tucson, Ariz. that Google just happens to be a competitor --direct competitor in many markets. Again, I'm not spouting off about a "vast, electronic-age conspiracy" (or, hope I'm not), but just how coincidental is it that Google releases details of a flaw in a Microsoft product just as Bing vs. Google vs. Google Apps vs. Office vs. Azure vs. Chrome vs. Android vs. Win Mobile 7...are all really starting to heat up? Again, I utterly disavow any inference that "A" follows "B", but the timing seems to be a marketing departments' dream come true (from Google's point of view).
Lastly, Keith from Bel Air, Md. asks, "But what does Google owe Microsoft?" I believe the answer is, "Absolutely nothing beyond legal business interaction." But perhaps a more fitting question would be, "But what does Google owe the multiple tens of millions of Windows users affected by this flaw?" Here, I believe the case could readily be made that "silence is golden."
Thanks for your time, especially if you made it this far! Thanks, too, for churning out the top-quality materials I've come to expect from all things Doug-related. Please let me know if you would (really) like future comments -- especially if you would really like them to be shorter!! Keep doing what you do.
-Dave
Share your thoughts with the editors of this newsletter! Write to [email protected]. Letters printed in this newsletter may be edited for length and clarity, and will be credited by first name only (we do NOT print last names or e-mail addresses).
Posted on 06/21/2010 at 1:17 PM0 comments
Web editor Chris Paoli has once again found some great stuff on the Web as part of his weekly Friday IT Fun Report. The one I find the funniest is what it's like to be an Apple owner. You can see Steve Job sucking the do re mi from your bank account. As a dad who's bought umpteen Mac and iPods (don't tell my kids there's a thing called the iPad), I've felt that pain.
Posted by Doug Barney on 06/21/2010 at 1:17 PM0 comments
If your boss keeps saying no to your raise, show him/her this! Despite the continuing economic malaise, IT pay went up this year, according to Janco Associates. The winners were IT pros in large companies whose pay went up around $600.
Those in medium-size companies actually went backwards, losing around a grand.
While the Janco report is generally upbeat, they did note that not much hiring is going on. So if you ask for a raise and your boss fires you instead, you could be in for a long wait.
Posted by Doug Barney on 06/18/2010 at 1:17 PM1 comments
I was at Tech-Ed last week in boiling New Orleans, trying to eat as much seafood as possible before it goes away. At the show, there were two topics that really stood out: Privilege Management was huge, as were SharePoint third-party tools.
I didn't get a chance to meet all the SharePoint vendors, but did hit up a few. Some are startups focusing exclusively on collaboration, while others are existing vendors moving into this new space. Companies in this market include Idera, Quest, Metalogix, AvePoint, Tzunami, Vyapin and Axceler.
Areas include migration, configuration, administration, data integration, blog support and storage optimization.
What is your favorite SharePoint third-party tool? Vote at [email protected].
Posted by Doug Barney on 06/18/2010 at 1:17 PM0 comments
Here are a couple of responses to the relationship between VMware, XP and Windows 7:
Your blurb needs some clarification. It's not so much that VMware Player "is faster and just plain better than XP Mode." VMware Player is running XP Mode -- it's Microsoft's Virtual PC that VMware wants you to dispense with! The VMware Player runs under Windows 7 (and runs VERY WELL, I might add) but it is still running XP Mode.
Microsoft wants you to download and install XP Mode and Virtual-PC and run XP Mode natively. (I suspect that this precludes you from running any OS except XP Mode under Virtual-PC under Windows 7.)
If you instead download (for free) and install VMware Player under Windows 7, you can then run any OS you want under Windows 7. (I don't know about Mac OS X, but it poses and interesting possibility.)
If you want to run XP Mode under the VMware Player, just go to Microsoft and download the XP Mode components for Windows 7 and install them. VMware Player will then import the XP Mode virtual machine directly into VMware Player.
I have not tried to work with Virtual-PC but the VMware Player is exceedingly easy to use. It can install any X86 or X64 compatible OS from media or form an ISO image directly into VMware player, just as it if were "bare metal."
I've wanted to experiment with Linux ever since I piddled with Slackware back in the 1990s. I can do that now with any flavor of any Linux or Unix OS without compromising my Windows 7 capabilities or environment -- without resorting to third-party bootstrap loaders -- and without re-partitioning my hard drive.
-Marc
I always enjoy reading your pieces in Redmond Report -- they are "straight" and thought provoking which is no bad thing in today's marketing age! Regarding Win7 and Virtualization, this has been an issue for me on a personal and a professional basis.
On the personal basis, I use an old mail/news product called Turnpike that will no longer run on Win7 X64. A long story, but basically MS has broken how 32-bit shell extensions work in X64 (or should I say do not work on X64). So until I get a new client, I am doomed to run the old client in some sort of virtualization mode. I tried XP mode and was very disappointed. It just felt clunky and flaky. It was slow, and from time to time it was necessary to reboot the VM since it stopped working. It was a very sub-optimal bit of code that I could not wait to get rid of. I then loaded Sun's Virtual Box software and it's been very good. Not perfect...but more than fit for purpose. I have used it constantly for the last six months and am unlikely to ever want to use the MS offering ever again.
I spend most of my time as a trainer and in the classroom. Hyper-V is harder to manage than I'd like. For everyday use (almost all of my work involves running and using multiple VMs), the lack of power management is a deal breaker. For a few classes, I have found a way around the issue (I dual boot back to Server 2008 R2 using boot from VHD) and run Hyper-V but as soon as the class is over I reboot to Windows 7. And for some classes I use VMware Workstation. Now that was the product MS should have bought. It's stable, fast and about as perfect as can be -- the only downside is that it is not free!
To my mind, what MS should have done was to create a stripped down version of Hyper-V that is power management aware (and can handle compressed VHD drives) for use in Win7. Hyper-V is a great product and I run it on three machines in my home network. Very stable (well, the version in Server 2008 R2!) and performs well. Great for the data centre, but no use on client systems. Instead we get the old Virtual Server code which, to my mind, was never a real contender. MS really did buy the worst of the two products when it bought Connectix -- and Virtual PC/Virtual Server. Unfortunately, in their focus on the data centre and the cloud, MS has left the desktop virtualization offerings largely as they were. I find it sad that MS dropped Training as a key scenario for Hyper-V, even though MS's official training courses require us to use it.
Anyway -- to your question: I have tried just about every virtualization product out there. For use on Win7, I prefer Virtual Box -- it's fast, reliable and free. If VMware were to give away Workstation, I'd probably use that. But XP mode/Virtual PC 7 are products that can remain on the DVD.
-Thomas
Share your thoughts with the editors of this newsletter! Write to [email protected]. Letters printed in this newsletter may be edited for length and clarity, and will be credited by first name only (we do NOT print last names or e-mail addresses).
Posted by Doug Barney on 06/18/2010 at 1:17 PM0 comments
On Monday I told you how Google publicly disclosed an XP Help flaw that had yet to be patched. As of then, there were no reported attacks, but I wondered aloud how long it would take to exploit this now well-known and understood hole.
It didn't take long -- Microsoft now says hackers are now going after the flaw which allows for remote code execution.
Some of you were on Google's side, arguing that Microsoft has no real motivation to fix a hole if no one knows about it. Others believe it is irresponsible to tell hackers how they attack our software. The latter group seems to have some pretty good evidence on their side.
What is your take? Let me know at [email protected].
Posted by Doug Barney on 06/18/2010 at 1:17 PM14 comments
Here's part two of your responses to the individual suing Google after being injured from blindly following the company's map directions:
In the immortal words of Forrest Gump, stupid is as stupid does. Lauren Rosenberg was STUPID. She doesn't deserve one red cent of money for being stupid either. Anyone who goes walking down a road with a high amount of traffic is just plain stupid for doing so. She has eyes and ears -- and should have had enough common sense to NOT walk down a busy street that doesn't have a sidewalk for walkers to safely commute. Would anyone have debated the idea of her suing if Google Maps had told her to walk off the end of a pier to cross a body of water? NO! They would say only a moron would do such a thing. Well, only a moron would walk up a busy street without a sidewalk beside it.
This is just another case of a frivolous lawsuit where someone is trying to get out of taking personal responsibility for their own stupidity. And Google should not have to pay the price for Rosenberg's actions.
-Charlie
Personally, I feel you have to be careful when using these tools. She should have just turned around and went back from where she started if the roadway was dangerous. This is similar to the woman who says she burned herself with McDonald's Coffee and got paid. NO...Lauren should take responsibility for her own actions.
-Pasquale
Lauren is an idiot -- let's only hope she does not reproduce.
-Anonymous
Someone has to keep the Darwin awards alive. The quickest and shortest route might be to dive off a cliff...at least you'd be cushioned by the pile of lemmings at the base of the cliff.
-Dan
Let common sense rule the day!
As children we depend on our elders for guidance. As Adults, one MUST take responsibility for their own actions!
Judges should be allowed to Bi^@h slap those who bring up these frivolous lawsuits.
-Thomas
Share your thoughts with the editors of this newsletter! Write to [email protected]. Letters printed in this newsletter may be edited for length and clarity, and will be credited by first name only (we do NOT print last names or e-mail addresses).
Posted by Doug Barney on 06/16/2010 at 1:17 PM0 comments