When looking for books I often find myself at Amazon online or Borders where my family hangs out for coffee, smoothies or a mocha. Borders is my favorite brick and mortar books store.
While doing research for this article, I quickly discovered that my favorite brick and mortar store had given up there website fight to Amazon. Now Amazon handles all of Borders Books online book purchases. I was completely shocked! So I am comparing Amazon with Barnes & Noble.
While doing the price comparison there was a sharp difference in pricing that I could not believe. I really do not do price shopping as I have a borders business card and get huge discounts at the store.
I found Barnes & Nobel to have their pricing as list price and you must become a member to get a discount that was not always disclosed. I was very sadness by the great difference in price. Also Amazon offers used books and both hardback and paper back pricing on the same page.
Here is the price comparison of some of the books I own and some that I do not own. I see that I could have saved a lot of money buying directly from Amazon.
1. Microsoft Exchange Server 2003 Unleashed by Rand Morimoto
Amazon: $41.99 Barnes & Nobel: $59.99
2. Microsoft Windows Server 2003 Unleashed by Rand Morimoto
Amazon: $41.99 Barnes & Nobel: $59.99
3. Microsoft Windows Server 2003 Insider Solutions by Rand Morimoto
Amazon: $27.99 Barnes & Nobel: $39.99
4. Biztalk Unleashed by Susie Adams
Amazon: $35.50 Barnes & Nobel: $49.99
5. Microsoft Exchange 2000, Conferencing Server, and SharePoint Portal Server 2001 by Rand Morimoto
Amazon: $33.99 Barnes & Nobel: $49.99
6. Microsoft Exchange Server 2003 Administrator's Companion by Bill English, Walter J. Glenn
Amazon: $37.79 Barnes & Nobel: $49.99
7. Windows 2000 Design & Migration by Rand H Morimoto
Amazon: $29.69 Barnes & Nobel: $49.99
8. Maximum Windows 2000 Security by Anonymous
Amazon: $33.99 Barnes & Nobel: $49.99
9. Microsoft Windows Server 2003 Administrator's Companion by Sharon Crawford, Charlie Russel, Jason Gerend
Amazon: $47.59 Barnes & Nobel: $69.99
10. Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference by Joseph Davies, Thomas Lee
Amazon: $32.99 Barnes & Nobel: $49.99
I do not patron Barnes & Nobel and now I see why with the price robbery. Barnes & Nobel also charges for shipping. Amazon does not charge for shipping.
Amazon was for the most part the first book store online. Barnes & Nobel has copied the look and feel of Amazon to even include the color schema. Both sites were easy to navigate.
Amazon offered more about the book to include sample chapters, index and table of contents. Amazon offers reader reviews both good and bad. Amazon offers the ability to search inside the book.
Amazon also offers the ability for recommending other books that users purchased along with the one you are looking at. They offer editorial reviews, what other books the book cites, other books that cite this book, recommendations of similar books, other books customers viewed while looking at this book, auctions that contain this book, other books by the author, similar categories, similar subjects, recently viewed history, easy shopping cart, easy buying experience, the ability to rate the product, and an inside look at the front and back covers.
Barnes & Noble had little to offer as a comparison.
Jeff Bezos, one of the founders of Amazon, doesn’t consider Amazon as a front runner for selling popular books. I found this surprising, as they beat Barnes & Noble in most all categories hands down in my opinion. He states that they cater to the hard to find books. While that may be true, I found Amazon's website extremely appealing for popular books in the mainstream.
By offering an inside look and searching inside the book, it gives you a pretty good idea of what the book is about. I find this very important as when you are at the book store you can quickly scan through a bunch of books at one time and determine if that is the book that you are looking for and desire. You can not do that at Barnes & Nobel.
In conclusion I found that Barnes & Nobel offered the same titles at a much higher price on average about $10.00 to $25.00 higher, no old book, a knock off Amazon website, with none of the extra features or ability to look inside a book. So why even bother shopping at Barnes and Nobel online.
Tuesday, January 11, 2005
Software Success
How important is management commitment to system success? How important is user acceptance to system success? Why do users not accept an installation? Why do users accept an installation?
How important is management commitment to system success?
If management does not believe in the project it can actually doom the success of the system. Throughout the history of application development the key visionary for the project is the one who was instrumental in making things happen and happen successfully.
Four key players that are industry captain used leadership to help shape the way we do computer today. Those are Bill Gates of Microsoft, Steve Jobs of Apple, Michael Dell of Dell and Steve Case of AOL. There are many software companies that have fallen by the way side because where leadership left or sold out. Atari sold out to Sears. Compaq sold out to HP. WordPerfect has changed owners more than I change my socks. Once leadership is lost the project can be lost too.
How important is user acceptance to system success?
If the people that will be using the system daily can not accept the system (no matter how good it is), it is damned. Two good examples are Backweb and Octopus. Two web companies with excellent ideas, but are no longer heard from again. Backweb collected news from many sources and would popup alerts on the desktop. Users revolted again the system because it used up too many system resources and crashed the computers. It was an awesome idea, but it never got off the ground. In 2004 a better method of getting your news was developed using XML for news sites called RSS (Really Simple Syndication).
Now I get my new like I did with Backweb. However it took 5 years later for that to happen. Octopus was another really cool web based application that allowed you to take certain sections from any website and create your own webpage with bits and pieces of different web pages on a single page. No coding, you just highlight and snatch. They were sued out of existence by the very websites that they were helping to promote. I am baffled by this and I have not seen any technology that is even close to what they did. That was 6 years ago.
Why do users not accept an installation?
User will not accept a system that creates more work than it resolves. They will not accept it if it is crashing all the time. They will not accept it if it is slow. They will not accept it if there is a perceived problem, even where none exist. Some users will not accept the system not matter how great it is. Some users are highly resistant to change.
Why do users accept an installation?
Users accept systems for the opposite reasons the do not. If it saved them a ton of time they will love it. If it does really cool things, they will love it. If it is fast and stable, they will love it. If it is quick and easy to learn and use, they will love it.
How important is management commitment to system success?
If management does not believe in the project it can actually doom the success of the system. Throughout the history of application development the key visionary for the project is the one who was instrumental in making things happen and happen successfully.
Four key players that are industry captain used leadership to help shape the way we do computer today. Those are Bill Gates of Microsoft, Steve Jobs of Apple, Michael Dell of Dell and Steve Case of AOL. There are many software companies that have fallen by the way side because where leadership left or sold out. Atari sold out to Sears. Compaq sold out to HP. WordPerfect has changed owners more than I change my socks. Once leadership is lost the project can be lost too.
How important is user acceptance to system success?
If the people that will be using the system daily can not accept the system (no matter how good it is), it is damned. Two good examples are Backweb and Octopus. Two web companies with excellent ideas, but are no longer heard from again. Backweb collected news from many sources and would popup alerts on the desktop. Users revolted again the system because it used up too many system resources and crashed the computers. It was an awesome idea, but it never got off the ground. In 2004 a better method of getting your news was developed using XML for news sites called RSS (Really Simple Syndication).
Now I get my new like I did with Backweb. However it took 5 years later for that to happen. Octopus was another really cool web based application that allowed you to take certain sections from any website and create your own webpage with bits and pieces of different web pages on a single page. No coding, you just highlight and snatch. They were sued out of existence by the very websites that they were helping to promote. I am baffled by this and I have not seen any technology that is even close to what they did. That was 6 years ago.
Why do users not accept an installation?
User will not accept a system that creates more work than it resolves. They will not accept it if it is crashing all the time. They will not accept it if it is slow. They will not accept it if there is a perceived problem, even where none exist. Some users will not accept the system not matter how great it is. Some users are highly resistant to change.
Why do users accept an installation?
Users accept systems for the opposite reasons the do not. If it saved them a ton of time they will love it. If it does really cool things, they will love it. If it is fast and stable, they will love it. If it is quick and easy to learn and use, they will love it.
Monday, January 10, 2005
Understanding Databases
Design Specifications for Databases
When you are first wanting to use a database, the developer or user has to determine what the database will be used for such as an inventory database, accounting database, a work order database, a recipe, a maintenance tracking database, or a web blog or other web based database driven application.
Once the usage has been determined; then the need to know the number of users that will be accessing the data and the number of transactions or records that the database will require is next.
These are the basic bits of information that are needed in order to begin establishing and defining the database design specifications. If a user is only going to need to track recipes then a low cost database solution would be an Access Database. If millions of records are needed to be stored, queried and processed then a work horse database like Oracle would be needed. For a business web based solution a Microsoft SQL database would be best suited for cost and the size of the database being queried.
Then the developer needs to determine the number of tables that would be required to meet the needs of the usage. For a contact database that could be just a single table. For a work order database it might contain many tables such as a contact table, company table, work order table, project management table, and a document management table.
Database Organization
A database contains tables, tables contains records like a rows, and records contain fields, and fields are of a certain data type like text or string, integer, Boolean, currency, date, etc.
To eliminate redundant data, like contact information the tables can be linked together and enforced referential integrity with one to many connections called relationships. These relationships are formed by connecting fields called keys. These keys are called primary and foreign keys.
Table relationships can also be established by quires to created views of the data, but have no underling effect on controlling the data in a relationship. This query action allows for powerful ways to exam and review data.
Some database applications make it very easy to integrate multiple databases together to share and exchange information, provide enhanced security and are highly scalable to meet the needs of tomorrow demands.
File Processing verses Database Management
File processing is an old method in which data is contained in separate files. A table for contact information would be in one file and inventory information contained in another file. There are two common methods of file access sequential and random. These determine how the records are organized within the file. Examples of this method are dBase III, Clipper, and DAT files. These are older database file formats. The biggest disadvantage of these types of files are with multi-user and high record transaction rates. They do not perform well and record locking events often occurs, thus preventing the update of data.
A database management system can better manage these types of issues. It consolidates all the tables that would normally be multiple files into a single file or database. It assists in the record transaction process and ensures better data integrity. It is the preferred method. Microsoft SQL has an excellent database management system (DBMS). Access has a decent DBMS and is great for less than 5 users for simultaneous access.
Database Security
Database security is extremely important. It is even more important when commerce is involved. Not everyone needs access to the same information and not everyone needs to modify that information. Security can be very strict or very relaxed. A web blog is built upon a database. It is commonly open for everyone to query, but no one has the ability to modify it. The University of Phoenix has student logon accounts. These accounts only allow the individual student access to his or her data. That data is contained in many different databases such as student records, grades, class information and accounting. However the single security logon allows the students to seamlessly traverse many database systems in a single interface or presentation.
Database Management in My Work Place
In my work place we use a variety of database systems. Our old work order database system was in Access. Now it is in ASP.NET for the web interface language running Microsoft SQL server for its database on Microsoft Windows 2003 servers. My security website is running PHP for the web interface language and mySQL on Linux servers. The University of Phoenix is running ASP Classic and .NET with several SQL servers.
Proposed Improvements
The different databases are used for a specific need. For example you would not want to use a Simi-truck to deliver a post card. Using the database that fits the need is wise economical decision. To improve this better inter database data exchange could occur. This is currently in the works with Microsoft and other database developers with XML. This is a standard language to aid in the exchange of data in an agreed format from one classical system to another with little effort. For example exchange data with and Oracle database and a MS SQL database with the drag of a mouse in a web page. Once we have reached that level new business to business uses with be taken advantage of for the ease of sharing information.
When you are first wanting to use a database, the developer or user has to determine what the database will be used for such as an inventory database, accounting database, a work order database, a recipe, a maintenance tracking database, or a web blog or other web based database driven application.
Once the usage has been determined; then the need to know the number of users that will be accessing the data and the number of transactions or records that the database will require is next.
These are the basic bits of information that are needed in order to begin establishing and defining the database design specifications. If a user is only going to need to track recipes then a low cost database solution would be an Access Database. If millions of records are needed to be stored, queried and processed then a work horse database like Oracle would be needed. For a business web based solution a Microsoft SQL database would be best suited for cost and the size of the database being queried.
Then the developer needs to determine the number of tables that would be required to meet the needs of the usage. For a contact database that could be just a single table. For a work order database it might contain many tables such as a contact table, company table, work order table, project management table, and a document management table.
Database Organization
A database contains tables, tables contains records like a rows, and records contain fields, and fields are of a certain data type like text or string, integer, Boolean, currency, date, etc.
To eliminate redundant data, like contact information the tables can be linked together and enforced referential integrity with one to many connections called relationships. These relationships are formed by connecting fields called keys. These keys are called primary and foreign keys.
Table relationships can also be established by quires to created views of the data, but have no underling effect on controlling the data in a relationship. This query action allows for powerful ways to exam and review data.
Some database applications make it very easy to integrate multiple databases together to share and exchange information, provide enhanced security and are highly scalable to meet the needs of tomorrow demands.
File Processing verses Database Management
File processing is an old method in which data is contained in separate files. A table for contact information would be in one file and inventory information contained in another file. There are two common methods of file access sequential and random. These determine how the records are organized within the file. Examples of this method are dBase III, Clipper, and DAT files. These are older database file formats. The biggest disadvantage of these types of files are with multi-user and high record transaction rates. They do not perform well and record locking events often occurs, thus preventing the update of data.
A database management system can better manage these types of issues. It consolidates all the tables that would normally be multiple files into a single file or database. It assists in the record transaction process and ensures better data integrity. It is the preferred method. Microsoft SQL has an excellent database management system (DBMS). Access has a decent DBMS and is great for less than 5 users for simultaneous access.
Database Security
Database security is extremely important. It is even more important when commerce is involved. Not everyone needs access to the same information and not everyone needs to modify that information. Security can be very strict or very relaxed. A web blog is built upon a database. It is commonly open for everyone to query, but no one has the ability to modify it. The University of Phoenix has student logon accounts. These accounts only allow the individual student access to his or her data. That data is contained in many different databases such as student records, grades, class information and accounting. However the single security logon allows the students to seamlessly traverse many database systems in a single interface or presentation.
Database Management in My Work Place
In my work place we use a variety of database systems. Our old work order database system was in Access. Now it is in ASP.NET for the web interface language running Microsoft SQL server for its database on Microsoft Windows 2003 servers. My security website is running PHP for the web interface language and mySQL on Linux servers. The University of Phoenix is running ASP Classic and .NET with several SQL servers.
Proposed Improvements
The different databases are used for a specific need. For example you would not want to use a Simi-truck to deliver a post card. Using the database that fits the need is wise economical decision. To improve this better inter database data exchange could occur. This is currently in the works with Microsoft and other database developers with XML. This is a standard language to aid in the exchange of data in an agreed format from one classical system to another with little effort. For example exchange data with and Oracle database and a MS SQL database with the drag of a mouse in a web page. Once we have reached that level new business to business uses with be taken advantage of for the ease of sharing information.
Sunday, January 09, 2005
Beyond the PC Life Cycle
In both big and small business the life cycle of a computer is 3 to 5 years. We redeploy older systems to other usage as new systems are purchased to squeeze a little more life out of them.
Some systems get used beyond there life cycle. I wrote a program to process remote data access 800 calls for a really big drug company to collect user ID and total minutes online in order for that call to be billed back to the department that the user belong. It was a stop gap program that took me a couple of weeks to write, test and deploy.
It was to be temporary till we could get the bigger more expensive system in place to handle the processing as it processes over $500,000 in charge backs per month to departments. Well that was in 1994 and it is still in place because it worked and I left to go onto other things. I was called back in 1999 to make a couple of minor Y2K adjustments. Today I look back at that code and go, wow I could have written that in 100 lines of code instead of the several 1,000 lines I did. However I didn’t put that effort into it because I thought there was something better to replace it, so why spend the extra time to tweak it.
Another cool story: At a big drug company I installed two IBM XT 8086 PC’s in 1988 each with two fax cards. They faxed about 800 faxes per day per card orders and shipping info. The PC’s were directly connected via a DOS 3270 terminal connection via COAX to the mainframe. I finally turned them off in Oct of 1997 as they were retired and we had a newer system in place in which we migrated to. I was a proud father of those to ole PC’s as they never gave us any trouble at all for 9 years.
So the moral here is even though there is a better system, some companies do not change things.
Some systems get used beyond there life cycle. I wrote a program to process remote data access 800 calls for a really big drug company to collect user ID and total minutes online in order for that call to be billed back to the department that the user belong. It was a stop gap program that took me a couple of weeks to write, test and deploy.
It was to be temporary till we could get the bigger more expensive system in place to handle the processing as it processes over $500,000 in charge backs per month to departments. Well that was in 1994 and it is still in place because it worked and I left to go onto other things. I was called back in 1999 to make a couple of minor Y2K adjustments. Today I look back at that code and go, wow I could have written that in 100 lines of code instead of the several 1,000 lines I did. However I didn’t put that effort into it because I thought there was something better to replace it, so why spend the extra time to tweak it.
Another cool story: At a big drug company I installed two IBM XT 8086 PC’s in 1988 each with two fax cards. They faxed about 800 faxes per day per card orders and shipping info. The PC’s were directly connected via a DOS 3270 terminal connection via COAX to the mainframe. I finally turned them off in Oct of 1997 as they were retired and we had a newer system in place in which we migrated to. I was a proud father of those to ole PC’s as they never gave us any trouble at all for 9 years.
So the moral here is even though there is a better system, some companies do not change things.
Anti-Virus Software
I recommend Symantec Anti-Virus Corporate Edition for business users. I am not a fan of the Symantec 2003, 2004 software. I think McAfee is better. For those that can not afford the cost of the software you can get a free home anti-virus software from AVG. I run all these on my different systems for testing, knowing and comparing.
Installing Software on Different Scales
There are many different scales of deployment and installation.
- There are large scale SAP or Peoplesoft Installs.
- There are medium scale installs such as critical updates to the server and/or desktops.
- There are small scale desktop application installs.
All of which have various degrees of trip points in which failure can occur.
The bigger the project, the more people, the harder it is to manage and the more points of failure are exposed.
That is why SAP type deployments take years to roll out and it only takes a few minutes for me to update my web page. These are the same concepts but way different scales.
Saturday, January 08, 2005
When to use which Database Vendor
On databases one thing a number of people do not understand is which database vendor to use when. Below I have put together a basic comparison list to give you a better idea of the amount of data by the size and need. The price of each solution goes up as the need to scale and maintain larger data stores.
- File (.dat, .dbf, .xls, .csv) = Car, Motorcycle, walking
- SAM (.mdb (Access), MSDE = Van or large 4 wheeled truck
- SQL (MS SQL) = a fleet of semi-trucks nearing trains
- Oracle = a fleet of trains nearing 747’s
- DB2 (mainframe) = a fleet of trains, 747 airplanes and very large/fast cargo ships
So you use the database vendor for the need, size, cost and ease.
MS Portable Executable
Do you know if the PE approach Microsoft is looking at will affect all the program on the system?
No it will not affect older programs as they will try to maintain backward compatibility. It will require the DOT.NET Framework to be installed. You simply create a folder and copy the files into it. It is ready to run. To delete the application you delete the folder, thus the end of DLL Hell.
They are also work on application level security. This will be in Longhorn only. Today most applications have free reign of your computer and there is no authentication method for the OS to tell which is a good application and which is a bad one.
Once they get that built they will put an end to most of the evil that we have today or at least an end to script kiddy evil.
Friday, January 07, 2005
Why Software Installs Fail
Many businesses do not use the System Development Life Cycle. What is a likely explanation? Why do system installations fail? Is an unfinished system a failure? Why do system installations succeed?
Many businesses do not use the System Development Life Cycle. What is a likely explanation?
The most likely explanation is they do not know what SDLC is. This concept is still in it’s infancy as compared to other business practices concepts and theories. The reason no one knows what it is, because most every development project and development company are dramatically different. The driving forces are money available, costs, people, expertise, experience, budget and timeline.
When I started writing code there were no schools to teach code writing. We just invented things as we went along. Only the very large organizations and veteran programmers that have been dragged through the hot coals of the development cycle really understand what it is and its sub components.
Most development projects are done with small teams that share a portion of a much larger development program like at Microsoft. Most other upstarts and smaller companies are less structured and have more free spirited development teams.
Programming is like being an artist. They maybe a really good painter, but they may not be able to manage a project. Since development is a skill like being a painter not everyone can function in that structured manner or have been trained.
Like the really great artist, programming is something that has to be desired and the person has to have the vision for it. Managing SDLC requires someone who knows and understands both doing development and knowing what SDLC is all about.
Today there are very few managers that understand what the developers are doing and only understand time and money. In the industry SDLC is known, but the term is shortened to development cycle.
Here are a couple of sub components of SDLC that contain their own life cycle.
Many businesses do not use the System Development Life Cycle. What is a likely explanation?
The most likely explanation is they do not know what SDLC is. This concept is still in it’s infancy as compared to other business practices concepts and theories. The reason no one knows what it is, because most every development project and development company are dramatically different. The driving forces are money available, costs, people, expertise, experience, budget and timeline.
When I started writing code there were no schools to teach code writing. We just invented things as we went along. Only the very large organizations and veteran programmers that have been dragged through the hot coals of the development cycle really understand what it is and its sub components.
Most development projects are done with small teams that share a portion of a much larger development program like at Microsoft. Most other upstarts and smaller companies are less structured and have more free spirited development teams.
Programming is like being an artist. They maybe a really good painter, but they may not be able to manage a project. Since development is a skill like being a painter not everyone can function in that structured manner or have been trained.
Like the really great artist, programming is something that has to be desired and the person has to have the vision for it. Managing SDLC requires someone who knows and understands both doing development and knowing what SDLC is all about.
Today there are very few managers that understand what the developers are doing and only understand time and money. In the industry SDLC is known, but the term is shortened to development cycle.
Here are a couple of sub components of SDLC that contain their own life cycle.
Why do system installations fail?
There are infinity + 1 reasons why an installation will fail. Because there are many different operating systems at different stages of patches and critical updates, with hundreds of localizations for a particular country, with 100,000’s of third party software with it own multitude of various versions, different hardware versions, firmware versions, device driver version levels, different levels of user knowledge about the products and systems and billions of lines of code running on trillions and trillions of billions of transistors. There is never the perfect installation for all cases and all situations. The best that you can hope for is the vast majority of your target audience.
The recent XP Service Pack 2 installation is a classic example. Microsoft has reported that there have been over 120 million downloads of XP Service Pack 2. The Gardner Group (an industry watch dog) is reporting that 10% of all XP SP2 upgrades will result in failure. That means that 12 million installations of XP SP2 have failed.
Is an unfinished system a failure?
NO! Software is one of the few products that you cailing, out of disk space, not enough system resources, file corruption, and all the items listed about under why installs fail.
Why do system installations succeed?
LUCK! LUCK! LUCK! And LUCK! System installs can be successful if they are very simple and not complicated. Testing, Testing and Testing and more testing on the various versions of your largest target audience will give you the largest base of success.
You will have has failed installations due to odd ball reasons, such as the computer is infected with spyware, the hard drive is failing, out of disk space, not enough system resources, file corruption, and all the items listed about under why installs fail.
I was introduced to Microsoft’s long range vision for software installations back in 2001 at Redmond, WA. Future software installs pulls out a chapter from the old school book from the DOS days. Back then to do an install, you just created a directory and copy the files into it. Microsoft will be doing future installs with the .Net platform OS’s with what is called Portable Executables (PE).
The install will create a folder and copy the files into it. To uninstall you just delete the folder. What a concept! Today’s software installs are so complex it is a miracle that we have successful installs. Thousands of files are copied to hundreds of locations, with hundreds of registry entries, often times over writing newer entries and with older versions of files.
It is a nightmare called DLL HELL. Microsoft is making great strides in this area to eliminate it. However it is taking much longer than I expected it before PE becomes a reality.
MS Anti-Spyware Software
We are getting a lot of enquires about the new Microsoft Anti-Spyware software. They released it yesterday. It is BETA1 which means that there are two more releases to come before the final release. The next two are RC1 and RC2 then the final release.
We ask that you NOT download and install the software unless you are having serious spyware issues. It is BETA software which is buggy and has issues per the internet buzz. Please wait for the final release for your business and home computers.
With that said, we have tested it in the lab (under ideal conditions) and have found it to be impressive as to the finding and proper cleanup of the registry, left over files and finding things that the others anti-spyware did not find. It has a bunch of new features that are going to be really nice and welcomed in the fight against spyware.
Please be patient as I do not think the testing cycle will last very long. It is nice as a BETA application and if you are having serious spyware issues then it is worth a try to kill the evil.
Here is the link to the BETA software:
We ask that you NOT download and install the software unless you are having serious spyware issues. It is BETA software which is buggy and has issues per the internet buzz. Please wait for the final release for your business and home computers.
With that said, we have tested it in the lab (under ideal conditions) and have found it to be impressive as to the finding and proper cleanup of the registry, left over files and finding things that the others anti-spyware did not find. It has a bunch of new features that are going to be really nice and welcomed in the fight against spyware.
Please be patient as I do not think the testing cycle will last very long. It is nice as a BETA application and if you are having serious spyware issues then it is worth a try to kill the evil.
Here is the link to the BETA software:
Thursday, January 06, 2005
When Your PC Crashes
Poor oh Bill Gates demonstration of the latest media center software crashed while doing a live demo at CES yesterday. So the next time your PC crashes be glad that you are not the founder of Microsoft doing a live demo in front of millions of people. That should ease the pain a little.
Shopping Online
If you are doing product comparison shopping please look at the shipping, warranty & return policies, taxes and the site ratings before making a purchase. Sometimes the cheaper price is not always the better prices after purchase.
Sales ethics online are not always as they appear.
Sales ethics online are not always as they appear.
Wednesday, January 05, 2005
Is IM Annoying You?
MSN Instant Messenger, is it annoying you? Is it launching when you do not want it to. I suspect that IM is launching when you open Outlook Express. Just go into Outlook Express under Tools, then Options and on the General Tab. The fourth one down uncheck “Auto logon Windows Messenger”. That should make that issue go away.
Tuesday, January 04, 2005
AOL Install Hell
Are you frustration with one of the most famous offenders of software development?
You are not alone. AOL should not be in the business of software development. They just can not follow a few basic rules in Windows development.
At one point we banned any business computer that had AOL installed as was actively being used. In the old days they really had their head up something. They tried to redo Windows networking and changed in the registry key location of files and created their own version of the WINSOCK.DLL which handles most all the TCP/IP communications for Windows applications. AOL is the poster child of DLL Hell.
It wasn’t until Microsoft and AOL started working together did they finally get the networking thing straighten out. Now that they are divorced AOL is falling back into their old ways.
There are hundreds of case studies that I could write about AOL. One would be “This is how not to write code”. The fact they shot to the number one ISP baffles me.
You are not alone. AOL should not be in the business of software development. They just can not follow a few basic rules in Windows development.
At one point we banned any business computer that had AOL installed as was actively being used. In the old days they really had their head up something. They tried to redo Windows networking and changed in the registry key location of files and created their own version of the WINSOCK.DLL which handles most all the TCP/IP communications for Windows applications. AOL is the poster child of DLL Hell.
It wasn’t until Microsoft and AOL started working together did they finally get the networking thing straighten out. Now that they are divorced AOL is falling back into their old ways.
There are hundreds of case studies that I could write about AOL. One would be “This is how not to write code”. The fact they shot to the number one ISP baffles me.
Friday, December 31, 2004
Fighting Spam
Spam is out of control and there is little that can be done.
Changing your email address and not using your primary email address for buying things on the web, post info to website or having it listed in text format on your web site or any web site helps eliminate most all spam. List the email address as an image instead on your web site. You can check to see where on the web it may be listed by doing a Google search on your email address.
If you are still using your old email address and that address is receiving all the spam, you can set an Outlook rules wizard to route that email to another folder that you can call spam. That will clean the inbox, and makes it easier to review the spam and delete it. Note: I didn’t say stop it…
When receiving spam the best things to do are: Do not respond to it, don’t preview or open it. Previewing it only lets the spammer know that you are a valid address. Inside the spam are hidden images that point back to the spammer with your email address letting them know that you opened/previewed the spam email.
These evil spammers do send all kinds of graphic, sick adult related material and right now there is little technology or the legal system can do about it.
There are some counter measures that I can take on your server to turn up the heat to reduce some illegitimate spam spoofing such as a reverse lookup on the sender before accepting the email. However, this will deny email from company’s that do not have there email systems configured correctly or an ISP doesn’t have their DNS servers configured correctly. It is estimate that some 35%+ systems are not configured correctly, hence the reason why it is off by default.
Turning it on will result in a partial reduction in spam, but will deny some legitimate email which will lead to additional costs for our time to investigate why a sender can not send you email as we track down where the issue is. I do this research all the time and it does take a little time, but takes more time coordinating with the senders ISP to correct their DNS configs so they are not spoofed by spammers.
Another option is having multiple email address. Use certain addresses for certain functions. Since you own your own email server you have an unlimited amount of email address variations that you can use. Having multiple address allows you to track and route inbound email.
A company called GFI has several products worthy of using. Their Mail Essentials is a great Bayesian anti-spam product. Using it along with the Mail Security will help curb virus bombardments as evil email. I really like these products.
Changing your email address and not using your primary email address for buying things on the web, post info to website or having it listed in text format on your web site or any web site helps eliminate most all spam. List the email address as an image instead on your web site. You can check to see where on the web it may be listed by doing a Google search on your email address.
If you are still using your old email address and that address is receiving all the spam, you can set an Outlook rules wizard to route that email to another folder that you can call spam. That will clean the inbox, and makes it easier to review the spam and delete it. Note: I didn’t say stop it…
When receiving spam the best things to do are: Do not respond to it, don’t preview or open it. Previewing it only lets the spammer know that you are a valid address. Inside the spam are hidden images that point back to the spammer with your email address letting them know that you opened/previewed the spam email.
These evil spammers do send all kinds of graphic, sick adult related material and right now there is little technology or the legal system can do about it.
There are some counter measures that I can take on your server to turn up the heat to reduce some illegitimate spam spoofing such as a reverse lookup on the sender before accepting the email. However, this will deny email from company’s that do not have there email systems configured correctly or an ISP doesn’t have their DNS servers configured correctly. It is estimate that some 35%+ systems are not configured correctly, hence the reason why it is off by default.
Turning it on will result in a partial reduction in spam, but will deny some legitimate email which will lead to additional costs for our time to investigate why a sender can not send you email as we track down where the issue is. I do this research all the time and it does take a little time, but takes more time coordinating with the senders ISP to correct their DNS configs so they are not spoofed by spammers.
Another option is having multiple email address. Use certain addresses for certain functions. Since you own your own email server you have an unlimited amount of email address variations that you can use. Having multiple address allows you to track and route inbound email.
A company called GFI has several products worthy of using. Their Mail Essentials is a great Bayesian anti-spam product. Using it along with the Mail Security will help curb virus bombardments as evil email. I really like these products.
$500 Mac!!! for Everyone?
If this story is true reported by CNN that Apple will be selling iMacs for about $500 in 2005, I think there will be a lot of people switching over to the the Mac. Price has always been a issue with switching to a Mac for many users. For the same money or less the buyer could get a Windows computer that had more horse power and cheaper accessories. A $500 Mac would put a halt to that mind set and give Windows PC's a run for their money.
I am not a Mac user now, but at $500 I would buy a Mac.
I am not a Mac user now, but at $500 I would buy a Mac.
Thursday, December 30, 2004
Anti-Spam Detection Algorithms
There are two basic methods of SPAM detection algorithms Heuristic and Bayesian.
Heuristic is a fixed algorithm that guesses at the email if it is SPAM. It is not updatable. Once a Heuristic algorithm is defeated it becomes worthless in detecting SPAM.
Bayesian has to learn over time what it SPAM and what is not SPAM, but is adaptable and updatable. Spammers are constantly changing the way they send spam such as v1agr@. They have 1.000’s of new ways to try to get around detection.
Hotmail is a good example. They have deployed a new Heuristic SPAM filter that that completely stops all the junk from getting into my inbox. Well that lasted for about 2 months. Now I still don’t get the old junk mail, but because a spammer has figured out how to defeat it, I am getting 30 identical SPAM emails a day on that account.
Bayesian is better as it allows you to adapt as the spammers adapt.
Heuristic is a fixed algorithm that guesses at the email if it is SPAM. It is not updatable. Once a Heuristic algorithm is defeated it becomes worthless in detecting SPAM.
Bayesian has to learn over time what it SPAM and what is not SPAM, but is adaptable and updatable. Spammers are constantly changing the way they send spam such as v1agr@. They have 1.000’s of new ways to try to get around detection.
Hotmail is a good example. They have deployed a new Heuristic SPAM filter that that completely stops all the junk from getting into my inbox. Well that lasted for about 2 months. Now I still don’t get the old junk mail, but because a spammer has figured out how to defeat it, I am getting 30 identical SPAM emails a day on that account.
Bayesian is better as it allows you to adapt as the spammers adapt.
Wednesday, December 29, 2004
Geek Cruises
Are you looking for an education vacation? Check out Geek Cruises. They have digital photography, Mac Mania, iPods, Linux, Perl, Web and Windows Cruises. The next up cruise is on The Queen Mary 2. The largest cruise ship that is three times the size of the Titanic.
Geek Cruises--computer education for geeks & consumers
Spies Among Us
1. Identifying the problem.
This past weekend while troubleshooting several customer computers a horrible discovery was made that has dealt a sever blow to the war on spyware. Utilizing the three alternatives together from our paper it has been determined that it is still not enough to combat spyware, due to recent deployments and changing landscapes of anti-spyware software. The latest versions of anti-spyware software will no longer detect and remove certain well known and notorious spyware applications. In fact not only do they no longer detect key spyware, all references on the anti-spyware vendor’s websites have been removed about the known spyware. Commercial and Freeware anti-spyware has become completely useless in the war on spyware, and there is tremendous loss in trustworthiness in these products. We now have to seek new ways to combat against the epidemic menace that is plaguing everyone’s computers.
Spyware is technical slang for Adware. Adware is software the phones home and reports the actions of the user where the software is installed. Adware attempts to deliver targeted advertising based upon what the user is currently doing. Adware is called spyware because of its monitoring type of behavior and it methods of collecting data. Spyware is typically software that is free and is supported by advertising. However a number of companies have taken this concept beyond simple ad placement. Some spyware software tracks the user, what applications they use, documents they write, web sites they visit, products they buy, credit card numbers, user names and passwords, parses the users address book and monitors over all computer usage. The spyware companies claim that this is done in order to deliver targeted advertising to the user.
2. Defining the criteria, goals, and objectives.
A computer user should be able to surf the internet and do personal computing without the hassle of ads constantly popping up trying to get you to buy Viagra. Today’s computer operating systems are really stable as compared to years past with the constant normal crashing of Windows 98. With operating systems such as Windows XP being more stable that ever, it has allows the rapid propagation of malicious software. This software is often poorly written, unstable, degrades systems performance and causes systems to crash or reboot.
The objective and goals are to allow the user to enjoy the stability of their operating systems and be more productive in there work. The criteria is to completely prevent malicious software from gaining access to the computer and denied it the opportunity to conduct its evil business.
Since desktop based anti-spyware has become less affective in the war against spyware, alternative means must be identified, tested and deployed along with the other methods of spyware prevention as a total combined solution.
3. Evaluating the effects of the problem.
Spyware is not only an unwanted invasion of your personal privacy, but can damage and destroy personal data. For example during the routine maintenance of a computer, one of my techs was asked to uninstall some old junk software. The tech did as she was asked to do and rebooted the computer. The computer attempted to reboot, but was hung in a continuous reboot cycle and failed to start in any mode, normal mode, safe mode or advanced recovery mode. As a result the tech was left with no choice but to reload the computer from scratch as that was the fastest and most economical way to recover from the problem. It was later determined that the computer was infected with spyware called “Blazefind” as it known to cause this very problem as it was not written with the fore thought that a user might uninstall certain software. As a result the spyware cause the continuous reboot, because it could not find the dependent program that it has become a parasite to use.
Spyware also degrade system performance to a point in which the user is waiting for programs to load and process on an otherwise lighten fast computer with the latest and greatest hardware.
The direct results are a loss in user productivity and system stability. This increases labor cost, support costs and an immeasurable amount of loss in intellectual property and trade secrets.
4. Identifying causes of the problem.
The current issue of trusted anti-spyware software not detecting known spyware is being caused by the anti-spyware vendors themselves. Through much testing I have determined that the anti-spyware companies have silently removed from their applications the abilities to detect and remove known spyware from a user’s computer. Also all references to the spyware have been removed from their web sites and can only be found by searching the archives of Google.com’s cached websites. Desktop anti-spyware applications such as Ad-Aware, Spybot, Webroot, and Pest Patrol no longer detect the following list of top 5 spyware applications that we tested in our labs:
· GAIN also known as Gator and Claria http://www.gator.com/
· Hotbar http://www.hotbar.com/
· New.Net http://www.new.net/
· MySearch http://www.mysearch.com/
· SaveNow http://www.whenu.com/
In some cases such as SaveNow this spyware promotes itself to be spyware free and champions the cause to fight spyware. When indeed it is the very evil it declares that it is not. Ad-aware has a web page that defines what it declares to be spyware at their Threat Assessment Center (TAC) http://www.lavasoftnews.com/ms/tac_main.shtml.
Out of curiosity in our labs we decided to test to see if the notoriously well known spyware listed above actually met the TAC criteria, and that maybe the new versions of the software listed above might have stopped their old spyware ways.
We used third party network packet monitoring tools and SPY++ a Microsoft utility to monitor inter program communications and a process monitoring utilities to monitor hidden processes. This process monitoring tool was developed by one of the anti-spyware companies for this type of use on the local desktop to monitor for spyware like activities and communications. The results were no change in spyware behavior for all the listed applications according to the guidelines set by Ad-aware’s TAC.
Having spoken with my attorney about the matter, he concluded that it could be that the anti-spyware companies which are for profit were legally pressured by the spyware companies to have their products removed from the anti-spyware blacklists. This is a big blow to the war on spyware.
5. Framing alternatives.
Since we are losing the battle on combating spyware, desktop anti-spyware software is no longer detecting and removing known spyware, it is imperative that we find other means to combat against the problem.
To recap the three solutions from my learning team paper were stronger server based security policies deployed to the user’s desktop, desktop based anti-spyware, and end user education on spyware awareness. These three methods were recommended to be used as single solution. However one of the alternatives has been dramatically weakens and has become less affective. Other alternatives need to be implemented to strengthen the barriers of entry to spyware infection.
Alternative A: We can do nothing and keep doing things the same old way and continue to trust the anti-spyware companies as they should know what is and is not spyware. However we proved in our lab that the spyware not being detected is still behaving like spyware.
Alternative B: We could develop our own anti-spyware software to detect software that we do not want our users to download and install. The estimated budget to do a project like that would be somewhere between $100,000 to $500,000 in development costs with no guaranty that it will work, or be stable. Venture capital would be required in order to begin development and the development cycle maybe years away before it is ready for use.
Alternative C: We could seek other methods to stop spyware such as using a gateway server that can filter web content. A content web filtering server has a database that can be manually updated as well as subscribe to a service bureau for auto updating. Most content web filters server applications are used to prevent users from going to adult website such as porn sites. They could easily be adapted and updated to block known spyware websites such as http://www.hotbar.com/. Thus the user never makes it to the spyware application’s website. No desktop changes have to be made and most companies only have one entry onto the internet.
6. Evaluating the impacts of the alternatives.
Alternative A: Doing nothing is not a good solution. The spyware problem is getting worse and not having the proper tools to fight against its propagation will greatly impact a company’s bottom-line.
Alternative B: The expense is too great and would take to long to develop and deploy a customer software solution. There is no guarantee that it will work and no guarantee of a return on investment. In the meantime the overall companies will continue to lose productivity and labor cost and support cost could double the price of the self development of the anti-spyware applications.
Alternative C: Using existing security software applications and adapt them to fight a new problem will be a more cost affective solution and the return on investment is an immediate reduction on the loss of productivity, a reduction in labor and support costs. This solution is easy to deploy and will pay for itself in a short period of time. The only negative impact would be the in adverting blocking of legitimate web sites. This is easily overcome by approving the needed web site in the security database.
7. Making the decision.
Alternative C to utilize and adapt existing security software is the most cost effective and complete manageable and trustworthy technical solution to the replacement of the failing desktop anti-spyware software solution. The effort to find, test and deploy this new security software should begin immediately.
8. Implementing the decision.
Once a software package has been decided upon, all customers will be notified of the new option to fight the war on spyware. Once approved by the customer, it will be scheduled, installed, tested and maintained by our techs.
9. Measuring the impacts.
The measurement of success is easy as there will be immediate reduction of the loss of productivity, a reduction in labor and support costs. Additional success will be less user frustration, a peace of mind, secure and protected environments and a better bottom line. This success will ensure that there are no spies among us.
Wednesday, December 22, 2004
What is a Blog?
The term Blogs (not my favorite word) is slang for web log. It allows rapid content publishing. They are only a couple of years in the making in its current form, but have been with us since the beginning of the web with Tim Burners Lee. They became popular during the last gulf war and were catapulted to legit journalism status during the recent elections.
A blog gives the writer the ability to say exactly what they want to say the way they want to say it without an editor censoring their thoughts. The political blogs during the elections exceeded traditional news sources in readership. The traditional news sources were caught off guard by the popularity of the blogs. It puts a whole new meaning on the meaning freedom of speech. Now there are millions of blogs on just about everything that you can imagine and some that you don’t want to know about.
The current blogs are very easy to start by anyone and do not require any technology knowledge. Content is king that is why Google bought Blogger.com and set it up for free.
Administering a site like http://security.efsnm.com is a blog site and a lot of work. It runs on a Linux server and uses the server config’s to maintain the mySQL server that is the database engine for the site. That site took minutes to setup and start using. However, you can spent days learning their syntax and modifying the site design. So you may spent more time on site design and navigation than on composing the content.
At blogger.com http://technutz.blogspot.com/ setup up this blog took minutes. I used one of their templates and tweak the site settings. I already had the content from class that everyone has read. Form the time I setup the site, edited and posted the content that it currently there only took me about 3 hours. I am sure others would take longer, but I was really please with the blogger.com blog site.
The blogger.com site has everything I was looking for as it is easy to use, very nice templates (that are able to be changed) and it is FREE.
As a business one would think how could Google offer all that for free? Easy, they would like you to use their Adsence product. It is not required, but I already had the account and post it as a way to get a pay back for the content. Content is king, otherwise why would someone come to your site…
A blog gives the writer the ability to say exactly what they want to say the way they want to say it without an editor censoring their thoughts. The political blogs during the elections exceeded traditional news sources in readership. The traditional news sources were caught off guard by the popularity of the blogs. It puts a whole new meaning on the meaning freedom of speech. Now there are millions of blogs on just about everything that you can imagine and some that you don’t want to know about.
The current blogs are very easy to start by anyone and do not require any technology knowledge. Content is king that is why Google bought Blogger.com and set it up for free.
Administering a site like http://security.efsnm.com is a blog site and a lot of work. It runs on a Linux server and uses the server config’s to maintain the mySQL server that is the database engine for the site. That site took minutes to setup and start using. However, you can spent days learning their syntax and modifying the site design. So you may spent more time on site design and navigation than on composing the content.
At blogger.com http://technutz.blogspot.com/ setup up this blog took minutes. I used one of their templates and tweak the site settings. I already had the content from class that everyone has read. Form the time I setup the site, edited and posted the content that it currently there only took me about 3 hours. I am sure others would take longer, but I was really please with the blogger.com blog site.
The blogger.com site has everything I was looking for as it is easy to use, very nice templates (that are able to be changed) and it is FREE.
As a business one would think how could Google offer all that for free? Easy, they would like you to use their Adsence product. It is not required, but I already had the account and post it as a way to get a pay back for the content. Content is king, otherwise why would someone come to your site…
Subscribe to:
Comments (Atom)