OEMs May Be Mad Over Surface, Microsoft Says

As a public company, you have to come clean with Wall Street. Otherwise there are thousands of regulators just itching to set you straight.

So it's no wonder that Microsoft in a recent SEC filing said that OEM partners, who will soon compete with the Microsoft Surface, may not be completely happy, "which may affect their commitment to our platform," the company wrote.

Another problem for Microsoft is the current lack of Metro apps compared to the iOS or Android platforms, though a few million hardware units shipped ought to fix that, tout de suite.


Posted by Doug Barney on 07/30/2012 at 1:19 PM1 comments

iPad Could Be Big by Being Small

If Apple wants to rule the tablet universe completely unchallenged for years to come, a smaller unit is just the thing needed, IDC believes. A smaller iPad  would give Apple a majority share for four more years, the research house believes, despite low-cost Androids and fuller-featured Win 8 tablets that can act as actual PCs.

Smaller iPads have two things going for them: They would presumably be cheaper (but with Apple you never know) and they'd be smaller.

If they ever do one, and if they really are cheaper, I may just have to get my debit card out and buy one, along with a stronger pair of reading glasses! I still can't browse on the iPad without magnification.

Posted by Doug Barney on 07/30/2012 at 1:19 PM1 comments

Next Build Conference Will Focus on Metro Apps

The Build Conference isn't exactly a regular event. Microsoft only puts this developer event on when it has something important to talk about. Windows 8 preview was the subject of the last one.

The next Build is poised to take advantage of the Win 8 buildup, and will happen the week after the OS ships in late October.

This is a huge deal for developers. With Metro, you are really developing more like a Web programmer with the integration of  HTML 5. Of course, programmers have been sort of moving in this direction for a while, using managed code approaches that aren't locked to specific architectures.

Posted by Doug Barney on 07/30/2012 at 1:19 PM1 comments

App-V Beta Built for Office 2013 Beta

App-V, now nearly on version 5.0, is a cool product with a cooler history. Originally called Softgrid, it was acquired from a company called Softricity. Here is the short version of how it was built, as I recall it: Back in the early days of the Boston Computer Museum, there was an exhibit for kids. You know how kids are -- they will beat the heck out of any PC placed before them. The result? One broken PC. The founders of Softricity had to find a way to sandbox or virtualize these apps to keep them away from the registry and Windows DLLs.

Today that is App-V which creates a wrapper around apps, and streams them from a server.

What's interesting about the beta of App-V 5.0 is it can package up the preview of Office 2013.

So if you are bold enough to run beta software on top of beta software, and don't mind a bit of virtualization to boot, you might want to give it a try.

Oh, in case I forgot, I believe you have to be a Software Assurance customer to qualify.

Posted by Doug Barney on 07/27/2012 at 1:19 PM1 comments

Doug's Mailbag: Windows 8 Backup

Readers react to the news of the new backup procedure in Windows 8:

My laptop is my living and backup is critical. I like the sound of this and it sounds like it is something leveraged off VSC. I've use all sorts of different back up programs (including the old NTBackup) and having something that will backup files I have created would be great. Keen to find out more about it.

It actually sounds very cool, although a bit like Mac OSX's Time Machine. At least unlike Mac, it ignores the operating system to get your backups correct and efficient. I like it even though I see no need for Windows 8 in my primary line of work: Civil Engineering and Architecture. Somehow CADD on a touchpad seems useless without a stylus or mouse.

This sounds like Volume Shadow Copy (which has been around since Win XP when connected to a Server 2003 network). For home users, I think the biggest reason for low backup rates is the question of where to store the backups. Not everyone has a spare hard disk or external disk, and CD/DVD backup is slow, flaky and inadequate to store multi-GB file collections -- not to mention installed software with all necessary patches and customizations.

Share your thoughts with the editors of this newsletter! Write to [email protected]. Letters printed in this newsletter may be edited for length and clarity, and will be credited by first name only (we do NOT print last names or e-mail addresses).

Posted by Doug Barney on 07/27/2012 at 1:19 PM0 comments

Is Exchange 2013 all About Management?

Exchange 2013, expected early next year, is now available as a preview -- something Microsoft sometimes calls a beta. In fact, Microsoft has a half dozen or so different terms for beta software, don't ask me why.

The new Exchange has a bevy of features aimed at easing configuration, management and thwarting attacks.

One main issue is a new architecture that centralizes items such as roles and administration. For instance, there are only two server roles available: mailbox and client access.

On the admin side, the control panel and management panel are now combined.

Posted by Doug Barney on 07/27/2012 at 1:19 PM0 comments

SQL Server 2008 R2 SP2 Comes Out

SQL Server 2008 R2 customers better get their downloading fingers ready as Service Pack 2 is now available. There is not much new to report here, and the service pack is mainly a monster roll of all the bug fixes and patches from the past. I guess if you are already up-to-date with all the fixes, you don't have to rush  this update -- but it sure can't hurt.

What is your approach to service packs? School us all by writing to [email protected].

Posted by Doug Barney on 07/27/2012 at 1:19 PM0 comments

Microsoft Promotes 'Self-Service BI'

Microsoft has been pushing business intelligence for years. Much of this revolves around SQL Server, but Excel also in recent years has come into play as a front-end tool.

The strategy became richer and more complex when Microsoft began previewing its 2013 products. The idea is to upgrade to SQL Server 2012 when it ships, and upgrade to Excel 2013 and SharePoint 2013 when they ship (are you sensing a theme?).

You can test betas of all three and get your BI freak on now. On the Excel side, you can use PowerPivot (which has been around a while). A bit newer, so far as I can tell, is a SharePoint Reporting Services add-in called Power View. Power View is an ad-hoc tool for performing data visualization. One new item is that Power View can be accessed through Excel -- at least when Excel 2013 ships.

Posted by Doug Barney on 07/25/2012 at 1:19 PM1 comments

Virt Tool MultiPoint Update Prepped

Microsoft has so many virtualization tools  that it is hard to keep track of them all. One that always slips my mind is MultiPoint Server, a tool that some of you apparently like a lot.

MultPoint 2012 is on the way, and if you are a fan you might want to get on the beta list.

The product is aimed at low-end users -- such as schools or smalls shops. MultiPoint is simple and the name actually refers to how the product works. A single server offers desktops or terminals virtual sessions. The new version will support Windows 8, a feature built upon its existing Windows 7 support.

Posted by Doug Barney on 07/25/2012 at 1:19 PM0 comments

VMware Buys Its Network Virt

VMware is on the move. It just replaced CEO Paul Maritz with EMC insider Pat Gelsinger.

At the same time it announced record revenues, over $1.1 billion in the latest quarter.

Now the company is spending some of its rising cash on Nicira, which does something called software defined networking (SDN).

This is apparently worth $1.2 billion!

SDN, in my mind, is really virtual networking, though not the VLANs network admins used to know and love.

SDN replaces hard-wired networking with software. Right now all this goodness is reserved for high-end service providers. Eventually our own networks will be as virtualized as our servers are increasingly becoming. And this could be all the way down to the I/O level.

There is a good chance that VMware will adapt this technology to the enterprise and, in fact, do for the network what VMware has done for servers.

Posted by Doug Barney on 07/25/2012 at 1:19 PM0 comments

Q&A With Doug Warden: 'Ethical Hacking'

Before Doug Warden, instructor with the Southern Alberta Institute of Technology, leads a TechMentor workshop next month on improving enterprise security, he took some time to discuss  with me why your security policy should be designed from the point of view of an attacker.

Q: What does "ethical hacking" mean?
A: Ethical hacking is using the same techniques and tools as an attacker might use to try to find security holes in your own network. We all do lots of work to try to secure our systems, but it's hard to know if we're successful. It's like trying to get a good picture of Sasquatch or a UFO -- it's awfully difficult to prove they don't exist, and you can only prove that they do exist by getting that picture. But what can you do until that happens? Being breached by an attacker is like that -- you think you're secure and then all of a sudden you're in trouble. Ethical hacking is proactively testing your systems for security flaws that might be exploited by an attacker.

Q: Is it better to hire an outsider to ethically hack your network or develop these skills internally?
A: It depends on a number of things. There's good value in having someone come in who's an expert in doing this sort of thing, but I'm a big believer in internal skill development.

The best approach is likely some sort of hybrid, where you do ethical hacking tests and most of your work internally as part of your securing and testing cycle, and then bring in someone from the outside to test it occasionally.

When you bring someone in they don't know your network like you do, and it's possible that you wind up paying for consultants that you become totally dependent on, without growing your skill set. Security is a constant cycle -- you can't just set up a firewall, dust off your hands, walk away and never look at it again. You need to constantly plan, implement and reevaluate your systems. New exploits are constantly coming out and once something is secure, there's no guarantee that it will stay that way.

Q: How do you make sure the ethical hacking skills you've developed in your shop remain ethical?
A: Strict guidelines should be in place regarding what is acceptable behavior. What administrators and testers can -- and can't -- do needs to be clearly outlined in your security policies. Consequences of violating these policies should also be laid out. As techies, we might dislike documentation, but it's really important for the proper operation of any network. Using ethical hacking skills is sometimes a fine line. Using a tool like a protocol analyzer -- such as Wireshark, which I would consider a critical troubleshooting tool -- without proper permission can be frowned on by some companies. You need to be careful about having permission for the tools you use every day as well as where and when it's OK to use them.

Q: How do make sure the hacking techniques you use are the new ones you might be attacked by?
A: This is a fundamental problem. It's very difficult to know what an attack might look like, and the reality is that it's extremely difficult to cover every possible attack, which is what a full-on penetration test will hopefully expose. Like water running downhill, an attack will generally follow the path of least resistance -- but it might also come from some entirely unexpected source, which is why we need to stay on our toes.

My experience is that security is a lot about protecting the low-hanging fruit. It's mostly the easy things we should all be doing to secure ourselves that get missed and leave us exposed. When you do ethical hacking it generally highlights the best practices that we're missing, but it's impossible to know for sure what someone might do when they attack. It isn't very sexy, but making sure things like system updates are done, antivirus is working and installed, and Group Policies are covering fundamental concerns are a lot more important than covering yourself from complex, obscure attack vectors.

Q: Could some of these techniques backfire and leave you exposed or corrupted?
A: If you install a Trojan or backdoor to see if it's possible, you should absolutely make sure they're removed, and be extremely careful about doing any sort of testing on live machines.

The type of ethical hacking I'm generally involved in is the internal sort of testing that we mentioned earlier, and my interest is in more of a "How would this work?" sort of approach. I find that once I've researched how an attack might happen and tried it using an attacker's perspective and tools, I gain a much deeper understanding of both the attack and the way my systems work. When I'm doing this sort of testing I always do it on a test network, not a live machine, and then apply what I've learned to securing my real systems.

Q: How do you make sure the hacking tools in your shop are only used by trusted employees?
A: You need to be vigilant. In addition to the security policies you have outlined defining what is acceptable behavior, you also need to be watching your own network. A common error in securing networks is to focus on the periphery of the network, and not worry about doing intrusion protection or setting Access Control Lists between trusted networks. Studies show that most security breaches are caused -- or performed -- by credentialed employees, rather than by shadowy attackers from the outside. Anything that you detect not coming from a trusted employee should be treated as an attack, whether it comes from inside or outside your network.

Want to learn more? Doug will be speaking at our TechMentor 2012 conference, being held at Microsoft HQ in August.

Posted by Doug Barney on 07/23/2012 at 1:19 PM0 comments

Win 8 Backup Sounds Brilliant

Almost nobody uses Windows client backup, and Microsoft thinks it knows why: because it ain't very good. Of course backup vendors (and nowadays, cloud backup vendors) love this as it gives them plenty of room to sell their own solutions. Microsoft says that fewer than one in 20 Win 7 users use the built-in backup.

With Windows 8, Microsoft found a very simple new approach -- one that I am sure to use as soon as I upgrade. File History backup does just what the name implies. It ignores all the junk you don't need, and backs up the files you actually create and work on. Genius! This tidy little backup file is just what the doctor ordered. And since it tracks changes, you can get back earlier versions of a file. So if you cut and deleted a magnificent swath of text, just go back to an earlier version. It may not have every single tweak, but the bulk of your brilliance will be there.

Thank you, Microsoft. A simple, sweet idea.

Am I giving Microsoft too much credit or is this as cool as I think it is? You tell me at [email protected].

Posted by Doug Barney on 07/23/2012 at 4:59 PM9 comments

Subscribe on YouTube