Yahoo! India lays off 60, to hire 130

Global search engine player Yahoo!, which recently announced a five per cent lay-off globally, is learnt to have asked around 60 employees from its Bangalore-based R&D centre to quit the company.
The California-based company is also planning to hire 130 professionals in India in areas like product engineering.
A company spokesperson, however, declined to comment.
Sources said the recent announcement of Yahoo!'s global layoff, will impact less than 4 per cent of Yahoo! India R&D's workforce, which at present is 1,500.
A significant number of the employees are being laid off on performance grounds, and some of them on account of reorganisation, leading to their becoming functionless. This move would allow the company to focus on strategic priorities and provide flexibility for targeted hiring in key business areas, they said.
Yahoo! would continue to hire in business-critical areas, in India. The company currently has over 130 openings, sources added.
This is the second lay-off Yahoo! India will be undertaking following global announcements. In December 2008, the company had served notices to three per cent of its India workforce due to the ongoing slowdown.
READ MORE - Yahoo! India lays off 60, to hire 130

The latest from Facebook: 'Open Stream API'

A post on the Facebook developer blog announced the big application program interface (API) update from the social network, which it's calling the Open Stream API.


It's the first major implementation of an emerging (read: brand new) open standard called Activity Streams, on which Facebook has been collaborating with developers for the past few months.

Basically, what it means is that third-party developers will have access to a feed of all content posted to news feeds--notes, photos, videos, links, "likes" and comments, and activity from other applications built on the social network's platform.

"We've officially moved away from the Web of just blog posts, which a lot of these formats were originally designed for," said open-source developer and advocate Chris Messina, who has been spearheading the development of Activity Streams for about a year now.

"Over time, what I think will happen is (that) you'll see something toward the type of cleverness and ingenuity that has surfaced around the Twitter community, but in a way that is even more expressive and rich," Messina said. "In the case of Twitter, you're just talking about status updates; in the case of Facebook you're talking about a lot of different activities."

Previously, only status updates--the most Twitter-like part of Facebook--were accessible to developers. That's why this announcement likely makes the biggest difference to the creators of social feed aggregation applications like TweetDeck and Seesmic Desktop.

But because Activity Streams is an open standard, other social-networking and media-sharing applications will be able to use it too. This means that there could be, say, an Adobe Air-based desktop application that brings in updates across photo-sharing applications like Facebook, Flickr, and Photobucket.

Facebook is also targeting different types of developers--specifically mobile and desktop--rather than strictly the Web app developers whose creations made Facebook's platform such a wild success when it debuted two years ago.

"One of the most important stories to tell here is this is the first time that we've ever opened the core Facebook product experience, which was previously called the 'feed' and which we're now calling the 'stream'," Facebook senior platform manager Dave Morin explained to ZDNet Asia's sister site CNET News.com. "We're especially excited to see the types of desktop applications and the types of mobile applications which developer are going to build for the stream. We've sort of never really allowed this before, so we're pretty excited to see what developers come up with."

Facebook has planned an event on Monday afternoon in Palo Alto, Calif., to introduce developers to the new API. Presenting at the event will be representatives from Adobe, which is building a Facebook application in its Air runtime environment, and Microsoft, which is doing the same in Silverlight; contact management system Plaxo and third-party app Seesmic Desktop (which already has unveiled its support for the Open Stream) are also presenting.

The "stream" took front-and-center with Facebook's controversial redesign earlier this year. Inspired by the likes of Twitter, the revamped design marked a shift in strategy for Facebook from static profiles to a real-time flow of information. At the same time, it proved unpopular among some users.

But Facebook isn't the only big social-networking player to be implementing Activity Streams. The emerging standard was behind the upgrades to MySpace's MySpaceID product that the News Corp.-owned service launched in March at the South by Southwest Interactive Festival.

"It was sort of one of the earlier opportunities we had to take a nascent spec and see it all the way through to launch," MySpaceID product lead Max Engel told CNET News, adding that his team first started working on Activity Streams last September. It's what powers a new MySpace "gadget" for Google as well as its feeds' presence on the upcoming Yahoo homepage redesign.

"It's getting where we need it to be, which is like e-mail: where you can write a POP client and know (that) it works," Engel said. "It's not even a full standard yet, so it's sort of exciting to see so many people get behind something so quickly, and it's definitely indicative of the general momentum of people who are saying we'd rather work open than work closed."
READ MORE - The latest from Facebook: 'Open Stream API'

Swedish ISPs vow to erase users' traffic data

Having apparently been scared off illegal file sharing in large numbers by a new Swedish law that went into effect April 1, pirates in that country now have a new safe harbor to escape law enforcement.


Having apparently been scared off illegal file sharing in large numbers by a new Swedish law that went into effect April 1, pirates in that country now have a new safe harbor to escape law enforcement.

Three Swedish Internet service providers, among them Tele2, one of the country's three major broadband operators, have stated that they will erase traffic data to protect their customers' privacy.
"It's a strong wish from our customers, so we decided not to store information on customers' IP numbers anymore," Niclas Palmstierna, CEO of Tele2, told Swedish national news agency TT Tuesday morning.
The information is crucial in investigating piracy. When surveying the Internet to spot computers involved in uploading or downloading copyright-protected material, it's easy to capture these computers' IP data. But to identify the person using the computer, it is necessary to ask for the ISP, as IP numbers normally are assigned dynamically by the provider. The new so-called IPRED law in Sweden, based on an EU directive, gives copyright owners the right to ask for customers' identity from ISPs, if a court agrees.
Strong indications showed that total Internet traffic in Sweden decreased by 30 to 50 percent the day the law took effect, and traffic still remains low, as indicated by traffic exchanged between ISPs in major Swedish network exchange Netnod.
Tele2's decision to erase traffic data follows a similar decision by ISPs All Tele and Bahnhof.
The move in itself is not against the law. On the contrary, European law on electronic communication (PDF) demands that ISPs only store traffic data for a limited time period to handle billing, inter-operator traffic, and security issues. The law then requires them to erase that data as soon as possible.
Copyright owners are upset nonetheless. "It's astonishing that someone who claims to be a serious communication operator wants to assist in crime, which is implied by what (ISPs) are doing" when they erase data, lawyer Peter Danowsky told the Swedish daily newspaper SvD.
Danowsky represented the International Federation of the Phonographic Industry in the high-profile Pirate Bay case. Four men were sentenced to prison for assisting in making 33 copyright-protected files available over the Internet. (The IFPI represented a number of record labels in the litigation.)
"Major portions of the Internet traffic derive from illegal file sharing, which makes it an important revenue source for the ISPs," Danowsky added.
The downturn in Swedish Internet traffic results in lowered costs for ISPs, while revenues remain the same as prescription fees are flat rate. But long-term revenues are at stake, as demand for high bandwidth could decrease.
Other major ISPs in Sweden declare they will not follow Tele2's decision. They say they need traffic data to handle security issues. But data will be stored only for a few weeks.
Telia Sonera, the country's largest ISP, tells SvD that it stores data for "a short period", whereas another major ISP, Norwegian Telenor, says it stores data for a maximum of three weeks. So copyright owners that want traffic data must turn to a court very quickly after securing evidence on illegal file sharing if they want a chance to get at the identity behind an IP number.
According to Swedish police, the operators' move to erase traffic data will also make other cybercrime investigations more difficult, Swedish national news agency TT reports.
Meanwhile, the first case under the new IPRED law drags on. Five audio-book publishers have turned to the law to get at the identity behind an IP number allegedly used for illegal file sharing, but the ISP Ephone refuses to hand over the information, declaring that the evidence is too weak.
The court now says the material from the parties is extensive and that it largely will be up to the parties to decide how long the court's decision will take, according to the daily SvD.
READ MORE - Swedish ISPs vow to erase users' traffic data

Recession bringing offshored work back to UK

As the recession forces companies to become leaner and the comparative savings from offshoring diminish, banks and businesses are considering returning work back to the United Kingdom.


Speaking at the FT Global Outsourcing and Offshoring Conference Monday, Ian Cramb, chief operating and technology officer for global consumer group for EMEA at Citigroup, said increasing efficiency at home has spurred the company to review which offshored work could be brought back in-house.
"A lot of the things that we sent away we are looking to bring back because we have made ourselves cheaper at home.
"Whereas [offshoring] might have been 50 percent of the cost [of in-house] five years ago, that number is currently only 15 percent cheaper because we have made ourselves more efficient at home.
"There is a lot of excess fat that has been trimmed off organizations. They have made themselves more efficient and will continue to make themselves more efficient and things will come back," he said.
Aviva Global Services (AGS) has been offshoring the financial services company's operations since 2003 and its CEO Steve Turpie told the conference it has "a very wide range of services that we perform offshore", including claims processing and policy administration.
However, in 2006 it brought part of its household insurance processing back to the United Kingdom and last year also agreed a deal to sell its in-house offshore operations, known as captives, to Indian outsourcer WNS.
"One of the things we have done over the past three years is undertaken reviews of all of the processes that we have outsourced in order to streamline that scenario," Turpie said.
"Is there an opportunity for doing more of that? Absolutely," he added.
AGS is taking a fresh look at its offshoring arrangements--a strategy recommended by Lisa Coles, procurement director for IT services and BPO at BT.
"Do not just assume because you put it there five years ago that this is the right market for it to be," she told the conference.
"There might be another location, or the home market might be the right place for it now."
As well as increasing efficiency at home, other factors could prompt companies to keep work in-house.
According to Citigroup's Cramb, in the short term, public attitudes to rising unemployment and a growing protectionist outlook towards domestic jobs in the West would lead to fewer jobs being offshored.
"People do not want to hear that 1,000 jobs are moving out of the country because unemployment is rising rapidly," he said.
Although the trend towards offshoring will continue when the protectionist mood lightens he said, companies may not always favour old stalwarts such as India.
"The offshoring model will move around, there are certain parts of the United States that are now cheaper than India from an IT perspective. Companies are not going to be looking at the same countries as before," he noted.
READ MORE - Recession bringing offshored work back to UK

Three tips for avoiding project estimating mistakes

Project cost oversights are incredibly common, but IT project managers can avoid estimating mistakes by being well prepared upfront. An expert offers some advice.


Most every IT project manager knows the sick, sinking sensation of unease when first encountering a project cost estimation error. Unfortunately, project cost oversights are incredibly common.

Clients' habit of either neglecting to mention important details, or simple ignorance of systems' configurations or previous band-aid strategies, often place project managers squarely in the crosshairs.

In fact, having prepared, sold, and completed numerous projects, I'm amazed any projects come in on time and on budget. Countless "known unknowns" and "unknown unknowns" work against IT professionals whose jobs it becomes to make old systems, legacy code, and proprietary systems magically work as intended.
Here's one example gleaned from my experience. Say a retail chain with multiple stores is upgrading its financial management platform.

After reviewing an equipment inventory prepared by the client, exploring server and Windows licensing options, researching router and firewall models, preparing project cost estimates, and selling the client on a US$25,000 project, the time arrives to implement the plan.

Imagine the discomfort upon discovering the client inaccurately inventoried existing systems. Learning so late in the process that seven of 18 systems don't meet minimum hardware requirements can kill a project (replacement workstations can easily run 30 percent of the original budget).

You can avoid common costing mistakes by being well prepared up-front; in fact, this is the only defense against "known unknowns". And, by eliminating as many "known unknowns" as possible, you minimize potential project disruptions.

Here are tips for sidestepping the top three project estimating mistakes.

1: Confirm all assumptions (aka Trust No One)
Client confusion often makes IT project managers look bad. Never accept a client or other IT project manager's word as gospel. Know that clients sometimes don't know what they think they know.

How's that?
If a client says he has 25 32-bit Windows XP Professional workstations, don't believe that to be true until you've visited the client site and completed your own inventory. Otherwise, discovering a handful of 64-bit Windows Vista workstations late in a deployment can throw you for a loop the client expects you to manage without extra cost (and programmers can tell you that two OSs can possess significantly different software development requirements).

Or, if a client states the organization already has two servers running Windows Server 2008 with SQL Server 2008 (which will be required to power the platform your company develops), don't accept that fact when factoring new hardware and software purchases or upgrades. You must conduct all hardware and software dependency research yourself (or have a representative of your firm confirm these facts).

Clients simply become confused. I've seen clients who are unable to differentiate between SQL Server 2008 and SQL Server 2008 Express. Don't let such confusion cause major cost overruns with your projects; verify all important project details (including the small ones) when preparing cost estimates.

By eliminating these potential project landmines, you can mitigate "known unknowns" or elements that can commonly trigger cost overruns.

2: Don't expect trouble-free projects (aka plan for "unknown unknowns")
You only have so much information upon which to base estimates. Since project cost estimates include time as well as material, it's important that time be allotted for unforeseen snags, scope changes, incompatibilities, and other issues.

While it's difficult to provide a simple standard or calculation that can be used for all projects, determine the bare minimum amount of time that will be required to complete a project. Then ask, based on years of experience and real lessons learned completing similar projects, which steps or stages are likely to encounter trouble and how long likely delays might require to resolve.

I've seen hardware vendors miss shipping dates; freight companies lose shipments; developers and administrators become ill; and platforms that should automatically integrate fail to do so.

Be sure to build the appropriate time into original project planning documents, recommendations, proposals, and costs to accommodate inevitable problems. While you can't compensate for all "unknown unknowns," you can at least take steps to responsibly plan for contingencies.

3: Specify exactly what estimates include (aka put it all in writing)
Miscommunication is easy. Clients may hear you say a project estimate includes the time, equipment, and software to deploy a new customized database. Clients won't differentiate between back-end SQL Server requirements and client-side Microsoft Access needs. Deployment is a bad time to learn that a client thought her Microsoft Office Small Business Edition volume license agreement included Microsoft Access on 25 machines.

State exactly which items are covered when building project estimates and proposals. Be sure to include language in a contract or project agreement stating additional labor, equipment, and software not covered by the project's cost estimate may be required to complete the project.

For example, for a custom database roll-out, be sure to state that the costs of a new server include one new server with a specific CPU, RAM, disk configuration, operating system, and CAL license count and any additional software. That way, if a discrepancy arises when it's determined the client possesses no Microsoft Access licenses, you're covered (although if you've done the homework discussed earlier, you'll have avoided that potential "known unknown").

Fear itself
Analysis paralysis isn't just for politicians and leaders in other industries--it affects IT managers as well.
There's only so much project preparation work you can do. Efficient projects must also get started quickly, so be cautious of delaying cost estimates out of fear. Take your best effort, trust your skills and experience, and begin work.

If you've done your homework by reviewing dependencies carefully, allowing time for unforeseen issues, and documenting the project's specifics in writing, you'll be much better positioned to accommodate "unknown unknowns" when they arise. Better yet, you likely won't have to cover the costs (time or money) out of your pocket due to your own oversight.

Erik Eckel earned a bachelor's degree from the University of Louisville and completed Sullivan College's Microsoft Engineer program. He holds Microsoft Certified Professional, Microsoft Certified Professional + Internet, Microsoft Certified Systems Engineer, and CompTIA Network+ certifications. He's worked with computers and Internet technologies for 15 years and has written and edited best-selling computer books for such publishers as Coriolis, O'Reilly, and TechRepublic. In 2006 he opened Louisville's first Computer Troubleshooters franchise.
READ MORE - Three tips for avoiding project estimating mistakes

Mobile marketing takes off in India

INDIA--The mobile phone has emerged as a powerful medium for advertising, and with the imminent launch of 3G and mobile virtual network operators (MVNO) in the country, mobile marketing will help telcos increase their revenue, say industry players.
Navin Khemka, senior vice president of media services group ZenithOptimedia, said it is the reach of the mobile phone in India that makes it significant for marketing efforts there.
In India, there are over 330 million mobile subscribers and the number is growing each day. This has encouraged several FMCG (fast moving consumer goods) companies, banks, magazines and TV stations in the country to extend their promotions to the mobile phone platform.
"No other medium has this reach. Since it's a very personal device, a basic form of advertising like SMS can be effective if used in a more targeted and contextual way," Khemka told ZDNet Asia in an e-mail interview.
For long, marketers in India wanted to do more targeted advertising, but focus on traditional media--such as print and television--stopped them from doing so.
Abhijeet Saxena, CEO of mobile marketing company Netcore Solutions, said now is a good time for mobile marketing.
"Now, everyone wants more punch for the buck," Saxena told ZDNet Asia in an e-mail interview. And mobile marketing gives them just that.
Mobile marketing is not only cost-effective, but advertisers can be sure their ad has been seen by the consumer, which is not the case with TV or print.
Khemka said: "In India, over a hundred mobile value-added services (VAS) and technology companies are working to bring more innovative solutions on the mobile and keep advertisers abreast of new technologies being launched."
Companies like Affle India, Webaroo Technology India, Flytxt, Netcore Solutions and Vakow Technologies provide platforms to advertisers who want to reach the ever-growing mobile population in India.
Today, technology providers have mobile advertising tools that take into account aspects such as the mobile phone user's privacy, and the frequency of sending text messages.
Telecom operators too are partnering mobile technology providers. In February, Reliance Communications announced the implementation of an integrated carrier-class mobile marketing software platform called Neon on its network, as part of its tie-up with mobile advertising and marketing technology provider Flytxt. Neon features a sophisticated mobile CRM (customer relationship management) database and the mobile applications required to conduct large-scale mobile customer engagement programs.
Vinod Vasudevan, CEO, Flytxt India told ZDNet Asia in a phone interview: "Mobile marketing platforms like Neon can help operators increase their average revenue per user (Arpu)."
From advertising to invertising
Though mobile is a powerful tool for targeting consumers, marketers have been cautious about tapping this medium since it often intrudes into the consumers' private space. Besides, the National Do Not Disturb (NDND) Registry of telecom regulator TRAI (Telecom Regulatory Authority of India) seeks to curb unsolicited commercial communications (UCCs). The NDNC Registry is a database of telephone numbers of subscribers who do not want to receive UCCs.
As they tap on this growing medium, SMS marketing companies must also overcome spamming. To do this, they have created various platforms designed to satisfy the needs of both advertisers and consumers.
According to Saxena, there are two ways to ensure no messages are sent to subscribers on the NDNC Registry.
"One, we insist on scrubbing the messages with the NDNC list. Two, subscribers explicitly opt-in to any service or messages. This has been pioneered by us," Saxena said. For instance, if you buy something from a retail store and want to be updated on this product, you "invite" information from the store on new arrivals and it will send multiple SMS messages every month telling you what's new. You can also opt-out of this service.
This concept, known as invertising or invited-advertising, seeks to prohibit spam.
"Consumers have several needs. If a consumer seeks [advertising] information from companies that cater to [that consumer's] needs, then it's termed as invertising," Saxena explained. According to Saxena, many of Netcore's clients use this service.
"One such example is The Economist magazine. Even those people who do not subscribe to the magazine prefer to receive content from The Economist. They can now invite information from The Economist. This way, the magazine gets to create a direct relationship with its potential subscribers," he added.
Vasudevan said: "Mobile marketing solutions can be very effective for banks and retail stores to carry out their consumer relationship programs."
According to a Reliance Communication statement, more than 50 well-known brands in various sectors such as FMCG, finance and automotive have benefited from mobile marketing services on Reliance Network.
3G, MVNOs to cause paradigm shift
Mobile advertising in India is all set to see an increase with the arrival of MVNOs and 3G, say observers.
So far, mobile has attracted low advertising spends because of its format of advertising--simple text SMS or basic pictures.
Khemka said: "With 3G, a paradigm shift is expected in mobile advertising."
Vasudevan said: "3G will open up new avenues for advertisers, such as rich media content and video over the mobile phone."
With 3G, advertisers may be able to subsidize the cost of downloading rich media content by subscribers.
Saxena said: "For example, a song from a new Bollywood film can be put up for download with an ad of a soft drink company as a pre-roll or a mid-roll. Consumers can download this song for free while the soft-drink company pays for the download."
Recently, the Indian government approved MVNOs to operate in India, though the detailed guidelines for this are pending. Generally, MVNOs provide mobile phone services by buying airtime from existing telecom operators. They then market it by leveraging their brand and distribution network.
The MVNOs too will change India's mobile advertising scenario substantially, according to market players. They can help grow the mobile marketing industry as well as the subscriber base in the country.
Citing the Blyk mobile model, Saxena said that MVNOs can even offer the entire mobile service for free if the subscriber opts to receive a certain number of advertisements per week.
Blyk is an operator in the United Kingdom that sells mobile network for free. It gives customers free airtime in exchange for accepting up to six advertising messages per day. Blyk generates all of its revenue from advertisers. The company's priority is to ensure it has a user base that advertisers will pay a premium to reach.
"Since MVNOs will be dependent on VAS and advertising to create a differentiator, it will be an important contributor to the growth of mobile advertising," Saxena said.
Swati Prasad is a freelance IT writer based in India.
READ MORE - Mobile marketing takes off in India

Check out Project alternatives: Basecamp and QuickBase

Learn more about 37signals' Basecamp and Intuit's QuickBase, two highly-capable alternatives to Microsoft Project.

For many IT pros and consultants, Microsoft Project has been the de facto standard for organizing work schedules, timelines and budgets.
Microsoft Project is still an incredibly capable and complex application; the program ties in to back-end servers to power large-scale collaboration and possesses astonishing levels of customization.
But does your next IT project really demand that much firepower?
Overkill is expensive, especially when you have to purchase, maintain, and administer the requisite back-end servers running everything.
As technology professionals, in particular, have become more comfortable working with Web-based applications, it's no surprise that viable new alternatives have arisen. Web 2.0's benefits are clear to most everyone working in a technical capacity.
Microsoft even offers Project 2007 as a Microsoft Office Online component (and includes Web-based connectivity options within its Microsoft Office Project Server 2007 and Microsoft Office Project Portfolio Server products).
Two new options to check out are 37signals' Basecamp and Intuit's QuickBase. Both offer highly-capable Web-based solutions to common project management issues.
Basecamp
37signals first caught my attention a few years ago when I discovered the company's Ta-da List application. I was impressed with the task management software's simplicity, cross-platform compatibility, and approachability.
Many IT professionals will find all the project management, collaboration, and scheduling elements they need in Basecamp. Companies from Trek Bicycle to Continental Airlines and a host of others rely upon the online application to power their project management work.
Just how capable is Basecamp? 37signals advertises comments from Jim Dunnigan (former Product Manager for Microsoft Project) on its Web site in which he is quoted as saying, "Basecamp is the first product I have seen that is truly project management for everyone."
For just US$49 a month, subscribers to the Plus plan receive 10GB of storage, unlimited user accounts, time tracking, and capacity of 35 separate projects. Three other premium plans are available: Basic, Premium, and Max, The Max account (which is US$149/month) provides unlimited projects and 50 GB of storage. A limited free plan is also available that enables the creation of a single project; file sharing features are not included with the free account.
Basecamp simplifies complex projects with the introduction of color-coded projects, easy-to-learn dashboards, integrated to-do lists, and milestone and time tracking. Users also receive file sharing features, reporting functionality, online collaboration tools, and message boards. Milestone information can be exported in iCalendar formats, and e-mail messages can be set for a variety of events.
While Basecamp offers many comprehensive features, its simplicity also makes it easy for less experienced software users to get up to speed quickly. And, the less time a team member spends learning the intricacies of the project management team's software (and the easier the project management software is to use), the more time he or she has to perform core functions.
QuickBase
Intuit, long known for its Quicken and QuickBooks products, offers a project management application called QuickBase. The Web-based project management tool is designed to provide staff with a streamlined program for data collection, project tracking, communication, and reporting.
JetBlue Airways and Ventana Medical Systems are among the larger companies now relying upon QuickBase to empower its project teams. Indeed, Intuit touts the software as being used by almost half of Fortune 100 companies.
At US$249 a month, QuickBase includes 10 user accounts. As with Basecamp, there are no contracts, and subscribers can cancel at any time. Additional users can be added for three dollars per user per month. More pricing information is available on Intuit's Web site.
QuickBase includes several templates to help teams get started managing projects in just a few hours. Since the application is Web-based, the software is also cross-platform compatible and requires only that users have stable Internet connections and a valid user account.
Staff can create their own applications and leverage predesigned templates for a variety of vertical markets (including generalized project management, professional services, sales and customer management, IT management, marketing, process excellence, legal, real estate, and human resources). Customizable reports make it easy to glean needed information quickly, while table views, graphic timelines, and charting features help communicate complicated information in an easily understood format. Reminders and e-mail notifications can be set within the software, and role-based permissions are easy to set up.
Microsoft Project: No longer the only game in town
For some organizations, Microsoft Project (and even back-end Project servers for empowering larger-scale collaboration) may be the most appropriate option. But many offices and small businesses will find all the project management features (minus the administrative headaches) they need in one of these two alternatives. Best of all, organizations can test drive both programs at no charge thanks to each vendor offering a free trial.
Erik Eckel earned a bachelor's degree from the University of Louisville and completed Sullivan College's Microsoft Engineer program. He holds Microsoft Certified Professional, Microsoft Certified Professional + Internet, Microsoft Certified Systems Engineer, and CompTIA Network+ certifications. He's worked with computers and Internet technologies for 15 years and has written and edited best-selling computer books for such publishers as Coriolis, O'Reilly, and TechRepublic. In 2006 he opened Louisville's first Computer Troubleshooters franchise.
READ MORE - Check out Project alternatives: Basecamp and QuickBase

Sun Microsystems debuts new x64 servers

Sun Microsystems on Tuesday unveiled a line of new x64 servers and workstations, in a move to bolster its share of the data center.
The new Sun Fire x64 blade servers, rack servers, and workstations, which are powered by Intel's Xeon processor 5500 series, are expected to carry a starting retail price of US$1,488.
"Our new x64 systems with integrated networking technologies, advanced thermal management, open software and Open Storage enhancements will give the data center an extreme makeover, boosting efficiency and maximizing IT investment," John Fowler, Sun's Systems Group executive vice president, said in a statement.
The lineup of new products includes these servers designed for virtualization, the Sun Fire x4270 server and Sun Blade x6270 server module.
Other new x64 products for the enterprise and Web include the Sun Fire x4170 server, Sun Fire x2270 server, Sun Fire x4275 server, and Sun Ultra 27 workstation, as well as the Sun Blade x6275 server module.
Sun's new servers and workstations are part of its Open Network Systems strategy and will support multiple operating systems, such as Microsoft's Windows, Sun's Solaris, as well as Linux.
READ MORE - Sun Microsystems debuts new x64 servers

New Malaysian premier snubs ICT body

MALAYSIA--Newly-minted Prime Minister Najib Razak has delivered an embarrassing snub to the country's ICT association Pikom, after he not only ignored its call for a single ministry, but also transferred jurisdiction for the local communications sector to a low-profile ministry.


In a statement released last week following the Cabinet reshuffle, Pikom said it was "disappointed" its recent request for a single ICT ministry has gone unanswered. The industry body also revealed it was "caught by surprise" that the responsibility for the country's ICT sector has been transferred to the Information, Culture and Arts Ministry, headed by Rais Yatim, a veteran politician who is regarded to lack substantial experience in the ICT sector.

We have yet to see any indication that Najib will be more generous toward the ICT sector.
Tony Pua, Democratic Action Party
Prior to Najib's Apr. 3 appointment to Malaysia's top political post, Pikom had urged the country's incoming administration to establish a single, dedicated ICT ministry--given the sector's prominent role in the local economy.

The ICT industry was previously a shared responsibility between the Ministry of Science, Technology and Innovation, and Ministry of Energy, Water and Communication.

Pikom noted that such fragmented arrangements pose great challenges--administratively and logistically--in mobilizing requisite resources in an appropriate and coherent manner, due to blurring boundaries, roles and responsibilities.

Pikom Chairman David Wong said in the statement: "Our proposal for a single ICT ministry would see faster, more convenient and informative provision of information. It also quickens the decision-making process, saves cost, increases efficiency and offers procedural clarity for local and foreign ICT companies to prosper.

"We envisage such a ministry would be specifically tasked to actively promote Malaysia's ICT industry, develop constructive policies and guidelines to deal with global ICT deregulation and market liberalization."
Highlighting the significance of ICT, Pikom said statistics indicated value added ICT services contributed 10.8 percent to the country's GDP in 2008, while the overall sector accounted for 26.9 percent of the local manufacturing industry last year.

Najib's decision to transfer oversight of the communications sector to a ministry that essentially deals with the media, culture and arts, has stupefied Pikom.

Wong said: "Pikom was caught by surprise that the communication element was lumped together with the Information Ministry, especially since communication is high on the national agenda with the rollout of high-speed broadband. In this respect, Pikom is disappointed that our call for a single ICT ministry has not been realized."

He noted, however, that the retention of Maximus Ongkili as Minister for Science, Technology and Innovation will provide "continuity in the policies and plans" established for the ICT industry by the previous administration.

"Drifting" under previous government
Najib replaced Abdullah Ahmad Badawi, whom opposition lawmaker Tony Pua said had done little for the local sector.

National publicity secretary for the Democratic Action Party, Pua told ZDNet Asia in an e-mail: "Over the past five years, the ICT sector has essentially been drifting on a free-gear mode... There was absolutely no direction, no emphasis, and little incentives or funding were allocated to the sector--unlike when it was under [former premier] Mahathir Mohamad's administration."

Abdullah's term led to "the relegation of the sector", he said, straying from Malaysia's target of building a knowledge economy, to one that has been "neglected and regarded as irrelevant".

Can Najib then steer policy changes needed to boost the ICT sector? According to Pua, the early signs are not very encouraging.

"We have yet to see any indication that Najib will be more generous toward the ICT sector," he noted. "Even in his last 60 billion ringgit (US$16.6 billion) stimulus budget, there was no allocation or announcement of initiatives that support and promote the local ICT sector."

Driving competition is a key area that the new administration should look into, he added.

Pua said: "ICT is a sector that is necessarily driven by innovation and competition. Without competition, the industry loses its cutting edge. There should be liberalization of competition, particularly for the government sector, which to date, has been restricted to contractors approved by the Ministry of Finance."

He added that funds should also be set aside to encourage qualified software service providers to explore overseas markets.
READ MORE - New Malaysian premier snubs ICT body

Monitor project progress with micro-deliverables

Micro-deliverables allow you to effectively gauge the health of a project. Here are four simple rules to follow when planning for and using micro-deliverables.

Too often failing projects surprise us.
Have you ever had a project that seemed to be going along just fine, and then, when the delivery deadline drew near, suddenly, everyone's two months late? It leads you to wonder, "How could I have missed that this project was two months late?" "What planet was I on where this project appeared to be on time?"
Given that approximately three quarters of all technical projects fail to meet their schedule, budget or feature set goals, you'd think we would be better at spotting groups that are "off the rails".
The reality is that determining when a project is in trouble is not an easy thing, and problems that seem obvious in hindsight are murky at the time that they occur.
Monitoring project progress is an important part of a leader's role. Knowing when and how to intervene in failing projects is critical to the overall health of any technology organization. Whether the intervention is to cancel a hopeless effort, or to correct team skill or resource imbalances, managers need to spot difficulties early in order to prevent issues from becoming disasters.
Of course, projects don't really slip two months in one day. They fall behind a little every day, and the slippage accumulates until we notice it. So the question is how can you notice the problems and fix them when they're mole hills rather than mountains?
Most project methodologies call for monitoring task progress, budget tracking, and hours observations to check on the health of a project. Unfortunately, I find that these are inadequate to gauge real progress.
Estimating task completion is notoriously subjective. The last 10 percent always seems to take 80 percent of the time. Counting hours expended has nothing to do with real progress. Effort rarely equals results. Although knowing how much of your budget has been spent is important, any positive correlation between the percentage of budget expended and percentage of project completed is generally coincidental.
The best method that I've found is to use what I call micro-deliverables. Most projects are planned with series of tasks that lead to major deliverables, the documents, deployments, or code that the tasks create. But these deliverables are usually the result of many people's work over a period of weeks or even months.
Micro-deliverables are much smaller, individual efforts. When you plan for micro-deliverables, each person on a project has responsibility for some physical product every few days. Then you can gauge the health of the project by checking whether the micro-deliverables are done or not. You don't have to wait for months until a big deadline looms to check the health of a project.
When planning for and using micro-deliverables, there are a few simple rules to follow:
1. Never let anyone go longer than a week without owing a micro-deliverable.
Any time a person goes longer than a week without a deliverable, they go into a black hole of unknown progress. You can't really gauge how they are doing, and you are more likely to be surprised.
2. Micro-deliverables are either done or not done.
When measuring progress, there are only two states for micro-deliverables. They are either 100 percent complete, or they are zero percent complete. Progress is marked only by final approval of the item. Otherwise, you get into the subjective world of guessing how close to done things are, which is inevitably inaccurate.
3. Progress is not measured in effort, but in micro-deliverables.
The only meaningful measure of progress is whether micro-deliverables are done on time or not. If they are coming in late, the project is late. If they're on time, the project's on time.
4. A micro-deliverable is the responsibility of only one person.
If the deliverable is owned by more than one person, it becomes a problem to figure out where the real difficulties lie.
Using these simple rules, you can begin to identify project problems quickly and accurately avoiding the surprises that are otherwise all too common.
Paul Glen is the author of the award-winning book "Leading Geeks: How to Manage and Lead People Who Deliver Technology" (Jossey Bass Pfeiffer, 2003) and Principal of C2 Consulting. C2 Consulting helps IT management solve people problems. Paul Glen regularly speaks for corporations and national associations across North America.
READ MORE - Monitor project progress with micro-deliverables

Control where Word hyphenates a word

Follow this tip to determine where Word hyphenates your content.

Microsoft Word

Control where Word hyphenates a word Word doesn't hyphenate content unless you tell it to: From the Tools menu, choose Language, select Hyphenation, check the Automatically Hyphenate Document option, and click OK.
Furthermore, setting the Hyphenation Zone option lets you control, a bit, where Word hyphenates a word. The default setting of 25 percent is adequate for most uses.
But even at its best, Word won't always insert the hyphen where you want--you are somewhat at its mercy. When this happens, insert an optional hyphen by holding down the [Ctrl] key as you press the hyphen character key (-).
If the word falls at the end of the line, Word will use the optional hyphen. If the word doesn't fall at the end of the line, Word won't display the hyphen character at all.
To display optional hyphens on screen, choose Options from the Tools menu and then click the View tab. Select the Optional Hyphens check box in the Formatting Marks section and click OK. In Word 2007, click the Office button and then click the Word Options button. Click Display in the left pane, select the Optional Hyphens check box, and click OK.


Microsoft Access

Add a button to an Access form that tells you which version is running If you support more than one version of Access, you may often need to ask users which version is running before you can help them with a problem. Don't have them guess!
Create a button somewhere on their application form that, when clicked, will tell them exactly what version is running on their PC. Follow these steps:
  1. Open the form in Design view.
  2. Click the command button tool in the Form Controls toolbox. In Access 2007, click the Button form control in the Controls Group on the Forms Design tab.
  3. Click Cancel to close the Forms Control Wizard.
  4. Change the button caption to Which Version? (Figure A).
Figure A

  1. Right-click the button.
  2. Choose Build Event.
  3. Type the following code at the prompt (Figure B):
Private Sub Command6_Click()
Select Case SysCmd(acSysCmdAccessVer)
Case 7
MsgBox "This is Access 95", vbOKOnly
Case 8
MsgBox "This is Access 97", vbOKOnly
Case 9
MsgBox "This is Access 2000", vbOKOnly
Case 10
MsgBox "This is Access 2002", vbOKOnly
Case 11
MsgBox "This is Access 2003", vbOKOnly
Case 12
MsgBox "This is Access 2007", vbOKOnly
End Select
End Sub
Press [Alt] +[ Q].
Figure B

Now, users simply have to click the Which Version? button to let you know what version they are using (Figure C).
Figure C



Microsoft Excel

Move a pivot table to another workbook in Excel 2007 You've just created a pivot table in a workbook and would like to publish it to your Web site. However, you don't want to publish the workbook, just the pivot table.
Excel 2007's Move Pivot Table command lets you move the pivot table to any workbook on your network. To move a pivot table to a new blank workbook, follow these steps:
  1. Open the workbook containing the pivot table.
  2. Open the new workbook.
  3. Click Arrange All on the View tab, choose Vertical, and then click OK (Figure A).
Figure A

  1. Click the PivotTable report.
  2. Click the Option tab on the Ribbon under PivotTable Tools.
  3. In the Actions group, click Move PivotTable (Figure B).
Figure B

  1. In the Move PivotTable dialog box, click Existing Worksheet and then click the window shade button (Figure C).
Figure C

  1. Click A1 in the new workbook.
  2. Click the window shade button in the Move PivotTable Dialog box (Figure D).
Figure D

  1. Click OK (Figure E).
Figure E



READ MORE - Control where Word hyphenates a word

10 iptables rules to help secure your Linux box

Mastering iptables could take a while, but if you have a few rules to cover the basic security needs, you'll be well on your way to protecting your Linux system.

The iptables tool is a magnificent means of securing a Linux box. But it can be rather overwhelming.
Even after you gain a solid understanding of the command structure and know what to lock down and how to lock it down, iptables can be confusing. But the nice thing about iptables is that it's fairly universal in its protection. So having a few iptables rules to put together into a script can make this job much easier.
With that in mind, let's take a look at 10 such commands. Some of these rules will be more server oriented, whereas some will be more desktop oriented.
For the purpose of this article, I'm not going to explain all of the various arguments and flags for iptables. Instead, I'll just give you the rule and explain what it does. For more information on the specifics of the rule, you can read the man page for iptables, which will outline the arguments and flags for you.
1: iptables -A INPUT -p tcp -syn -j DROP
This is a desktop-centric rule that will do two things: First it will allow you to actually work normally on your desktop.
All network traffic going out of your machine will be allowed out, but all TCP/IP traffic coming into your machine will simply be dropped. This makes for a solid Linux desktop that does not need any incoming traffic.
What if you want to allow specific networking traffic in--for example, ssh for remote management? To do this, you'll need to add an iptables rule for the service and make sure that service rule is run before rule to drop all incoming traffic.
2: iptables -A INPUT -p tcp –syn –destination-port 22 -j ACCEPT
Let's build on our first command. To allow traffic to reach port 22 (secure shell), you will add this line. Understand that this line will allow any incoming traffic into port 22. This is not the most secure setup alone.
To make it more secure, you'll want to limit which machines can actually connect to port 22 on the machine. Fortunately, you can do this with iptables as well. If you know the IP address of the source machine, you can add the -s SOURCE_ADDRESS option (Where SOURCE_ADDRESS is the actual address of the source machine) before the –destination-port portion of the line.
3: /sbin/iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
This will allow all previously initiated and accepted exchanges to bypass rule checking. The ESTABLISHED and RELATED arguments belong to the "state switch.
The ESTABLISHED argument says, "Any packet that belongs to an existing connection", and the RELATED argument says, "Any packet that does not belong to an already existing connection but is related to an existing connection." The "state machine" of iptables is a means for iptables to track connections with the help of the kernel level "conntrack" module. By tracking connections, iptables knows what connections can be allowed and what can't. This reduces the amount of work the administrator has to do.
Here's how state works. If the local user initiates a connection, that packet (to that connection) is set as NEW in the prerouting chain. When the local user gets a return packet, the state is changed to ESTABLISHED in the prerouting chain. So when a state is set as ESTABLISHED, it can be allowed with the right iptables rule.
4: iptables -N LOGDROP
With this handy chain, iptables will log all dropped packets. Of course, this is only part of the chain. To complete it, you need to add the follow two rules: iptables -A logdrop -J LOG and iptables -A logdrop -J DROP. Now all matching packets (in this case, anything that has been dropped) will be added to the logdrop chain which will log them and then drop them.
5: iptables -t nat -A PREROUTING -i WLAN_INTERFACE -p tcp –dportPORTNUMBERS -j DNAT –to-destination DESTINATION_IP
When you need to route packets from external sources to specific ports on specific internal machines, this is what you want to do. This rule takes advantage of network address translation to route packets properly. To suit your needs, the WLAN_INTERFACE must be changed to the WLAN interface that bridges the external network to the internal network, the PORTNUMBERS must be changed, and DESTINATION_IP must be changed to match the IP address of the destination machine.
6: iptables -A INPUT -p tcp –syn –dport 25 -j ACCEPT
This is the beginning of a SYN flood protection rule. This portion of the rule blocks DoS attacks on a mail server port. (You can change this to suit your mail server needs.) There are three more portions of this rule set. The first is to add the same rule but modify the port to whatever is being served up by whatever ports you have open. The next portion is iptables -A INPUT -p tcp –syn -m limit –limit 1/s –limit-burst 4 -j ACCEPT, which is the actual SYN flood protection. Finally, iptables -A INPUT -p tcp –syn -j DROP will drop all SYN flood packets.
7: iptables -A INPUT -p tcp -m tcp -s MALICIOUS_ADDRESS -j DROP
This is where you can take care of malicious source IP addresses. For this to work properly, you must make sure you know the offending source IP address and that, in fact, it's one you want to block. The biggest problem with this occurs when the offending address has been spoofed. If that's the case, you can wind up blocking legitimate traffic from reaching your network. Do your research on this address.
8: iptables -N port-scan
This is the beginning of a rule to block furtive port scanning. A furtive port scan is a scan that detects closed ports to deduce open ports. Two more lines are needed to complete this rule:
iptables -A port-scan -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j RETURN
iptables -A port-scan -j DROP

Notice that the above rule set is adding a new chain called "port-scan". You don't have to name it such; it's just easier to keep things organized. You can also add timeouts to the above rule set like so:
iptables -A specific-rule-set -p tcp --syn -j syn-flood
iptables -A specific-rule-set -p tcp --tcp-flags SYN,ACK,FIN,RST RST -j port-scan

9: iptables -A INPUT -i eth0 -p tcp -m state –state NEW -m multiport –dports ssh,smtp,http,https -j ACCEPT
What you see here is a chain making use of the multiport argument, which will allow you to set up multiple ports. Using the multiport argument lets you write one chain instead of multiple chains. This single rule saves you from writing out four separate rules, one each for ssh, smtp, http, and https. Naturally, you can apply this to ACCEPT, DENY, REJECT.
10: iptables -A PREROUTING -i eth0 -p tcp –dport 80 -m state –state NEW -m nth –counter 0 –every 4 –packet 0 -j DNAT –to-destination 192.168.1.10:80
If you're looking to load balance between multiple mirrored servers (in the example case, load balancing a Web server at 192.168.1.10), this rule is what you want. At the heart of this rule is the nth extension, which tells iptables to act on every "nth" packet.
In the example, iptables uses counter 0 and acts upon every 4th packet. You can extend this to balance out your mirrored sites this way. Say you have four mirrored servers up and you want to balance the load between them. You could have one line for each server like so:
iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m 
nth --counter 0 --every 4 --packet 0 -j DNAT --to-destination 
192.168.1.10:80
iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m 
nth --counter 0 --every 4 --packet 1 -j DNAT --to-destination 
192.168.1.20:80
iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m 
nth --counter 0 --every 4 --packet 2 -j DNAT --to-destination 
192.168.1.30:80
iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m 
nth --counter 0 --every 4 --packet 3 -j DNAT --to-destination 
192.168.1.40:80
As you can see the server on .10 will be routed every 0 packet, the server on .20 will be routed every 1st packet, the server on .30 will be routed every 2nd packet, and the server on .40 will be routed every 3rd packet.
Other options?
These 10 iptables rules will help you secure your Linux server. Of course, with anything Linux, there are multiple possibilities to achieve the same results. But these rules should serve as an outstanding springboard for Linux server security--as well as Linux security discussion.
Jack Wallen was a key player in the introduction of Linux to the original TechRepublic. Beginning with Red Hat 4.2 and a mighty soap box, Jack had found his escape from Windows. It was around Red Hat 6.0 that Jack landed in the hallowed halls of TechRepublic.
READ MORE - 10 iptables rules to help secure your Linux box

Configuring explicit Run As on Windows Server 2008

 UAC changes how shell interactions are controlled by default. Bringing back the Run As functionality can, however, be straightforward--find out how.


Default installations of Windows Server 2008 provide the User Account Control (UAC) security component to manage contexts in which applications run.
The default configuration is to Run As the logged in user or simply to Run As Administrator. The issues with the latter option are that it does not specify any username in particular, and it only refers to local administrative permission.
Don't bother pressing [Shift] and needlessly exploring various right-click menus. To get the explicit Run As functionality that you need for best practice permission assignment, you need to go to the SysInternals bag of tricks.
ShellRunas version 1.01 from Sysinternals (which is now part of TechNet) will get the job done. Downloading ShellRunas is straightforward and performing the following one-liner enables the tool:
shellrunas /reg
This command will install the Run As option on the Start Menu for use in the Windows Shell. Figure A shows a Windows Server 2008 server with the Sysinternals tool installed.
Figure A

Figure A
The ShellRunas command can also work without being installed completely for special one-time iterations of the command. Further, it can be uninstalled with the unreg parameter if you want to remove it from certain configurations. Ironically, adding this tool does not modify the existence of the Windows Secondary Logon service, which provides the functionality to use alternate credentials.
Having the ability to pass explicit credentials is really a no-brainer in any good practice of administration. This is especially important for accounts that have domain administrator group membership. The ShellRunas command will allow organizations to keep much of their security practices intact as they transition to Windows Server 2008.
Rick Vanover is a systems administrator for Safelite AutoGlass in Columbus, Ohio. He has more than 12 years of IT experience, and he focuses on virtualization, Windows-based server administration, and system hardware.
READ MORE - Configuring explicit Run As on Windows Server 2008

Roll iSCSI Software Initiator install into mixed environments

Windows Server 2008's built-in iSCSI Software Initiator is also available on prior versions of Windows Server. Learn how you can roll it out into mixed environments.

For many environments, iSCSI storage is a great solution.
One of the foremost benefits is its lower cost on the server side. Unlike expensive fiber channel interfaces, iSCSI storage can be provisioned on standard Ethernet interfaces, which are readily available and affordable.
Windows Server 2008 has an iSCSI Software Initiator to connect to iSCSI storage that is built into the operating system. This functionality is not native to prior versions of Windows Server.
Microsoft recently released the 2.08 version of the iSCSI Software Initiator to download for both Windows Server 2003 and Windows 2000 Server. (Windows XP is also supported for this installation.) This is very helpful, as iSCSI has become quite popular.
And while many admins are implementing Windows Server 2008, plenty of IT pros may want to assign this storage type to their Windows Server 2003 and Windows 2000 Server systems.
Installing this add-on is straightforward, but there is one relevant option about multi-pathing that depends on your storage system. If your storage system has a software driver, you may not want to select that option. These systems would be any software virtualization or management layer for the storage to make the actual disk access "obscure" from the target. You should check with your storage administrator or product support if you are not sure about this question.
Figure A shows this installation option.
Figure A
Figure A
After a quick reboot, the system is ready to connect to storage over the newly installed iSCSI Software Initiator. The beauty is that the configuration at this point is the same for Windows Server 2008, Windows Server 2003, and Windows 2000 Server (and Windows Vista and Windows XP if used); they all have the same configuration engine with this update. Configuration is accessible via the iSCSI Software Initiator applet in the Windows Control panel.
You can get more information about Microsoft's iSCSI Software Initiator in this online document.
Rick Vanover is a systems administrator for Safelite AutoGlass in Columbus, Ohio. He has more than 12 years of IT experience, and he focuses on virtualization, Windows-based server administration, and system hardware.
READ MORE - Roll iSCSI Software Initiator install into mixed environments

Multi-Tasking - the Topsy-Turvy Way

Have you ever handled more than a single task at a time? If yes, then you can easily identify with Harpreet Bhagrath with whom things get so higgledy-piggledy while multi-tasking he ends up turning the world around him topsy-turvy.
There is a reason why, in my household, nobody asks me to boil the milk anymore. They are pretty fearful that if they ask me to boil the milk, I would boil it over.
My problem is that I am one of those people who are always forgetting things with their mind going haywire the moment they have to handle more than a single task. And I introduced the milk motif to launch the talk on my multi-tasking skills. When I am done recounting the rest of my escapades, the milk motif will pale in comparison.
First incident that established my reputation, around my household, as an exceptionally gifted person at messing up things took place when I was still in school. On the fateful day that this unpleasant incident took place, just to fill you in on the chain of events leading to the big blunder, my mom had come from the market place with precious set of bone china wares. As she got busy with my sister, who had just cut her finger slightly while cutting the vegetables, she told me to put the cutlery on the dining table.
This was a simple task; simple enough for a 5-year-old to do without getting confused. All I was required to do was go to the next room and place the wares on the table. Instead, what I did was… I threw the damn cutlery in the dustbin. Ain’t it nuts, for crying out loud! To be able to do a nutty thing like that, throwing the costly cutlery in the dustbin, you have to have a screw loose in your head somewhere.
It so transpired that while on my way to the dining room, I was instructed by my sister, who had just finished cutting the vegetables (and her finger), to pick the white polythene bag containing vegetable waste and throw it in the kitchen dustbin. And I’ll be damned if the cutlery bag was also not of white color. Clever ones from among you should be able to tell by now what might have caused me to treat the cutlery so badly. The rest of you, beg your pardon for being so direct and rude, are lacking it somewhat.
Let me enlighten you on the reason. The bags being the same color, I got confused in which contained what, and hence the goof-up. What happened to the waste bag? I can hear you asking. I give you two guesses… Yes! I placed it carefully on the dining table. You have got to be careful with china bone, right?
My folks say that I am a man with mechanical movements. I go on about executing the tasks in a robotesque manner. The task will be completed no doubt but don’t expect me to use my brain. But what really gets my proverbial goat is the fact that whenever anything goes wrong it’s always due to the machinations of some demonic higher power (I’m a non-believer by the way, except when these sort of goof-ups are happening) that needs some spanking. If only my sister had not interrupted my progress towards the dining table... and if she had to interrupt, if only the sodding carry bags had been of different colors...
At exactly the time crockery hit the bottom of the dustbin, it gave the most irritating and frightening sound (Tnnnkkk!!) and I instantly knew that I made some miscalculation in executing the twin-tasks. I must say I never got so afraid in my entire life span of 23 years and 120 months. To think that both the parties were in perfect kind of mood, mother exhausted and sister wounded, to let loose their furies ran shivers down my spine. Come to think of it, I had no spine left after the full import of the goof-up dawned on me. I thought I was going to collapse.
You should’ve seen my face that turned the color of the carry bags themselves. If you were a photographer and present there, you would’ve done well to capture my frightened face in your camera. Just to make the picture more vivid, what happens when you blow a horn, the one that trains in India have on them, behind a diabetic chap who, in the dead of the night, is trying to fetch some sweets from the kitchen surreptitiously? If you are a photographer, you get the shot of your life, the kind that wins awards.
I shouldn’t be telling you what happened to me next ‘cause in that case the article will assume tragic nature rather than comical. But suffice it to say that the sad end of the cutlery made ma mater’s blood boil and sis was sullen for days over garbage on dining desk.
Another incident, accident I should rather say, that is a recent occurrence may well make you question my intellect. I was drinking milk and reading a PG Wodehouse novel. The doorbell rang. An acquaintance of my father’s had come to wish Happy Diwali with a box of sweets. Accepting wishes from him along with the sweets, I made for the kitchen to pigeonhole the sweets for the moment. As I reached kitchen door, I felt like spitting. Well, not to worry; I could spit in the sink and still manage to deposit the sweets box on the shelf.
So, everything was OK till now with two simple tasks and two things in both my hands – milk and sweets-box. But as I approached the kitchen door, I’ll be damned if the If the bloody phone didn’t let out a tinkle.
Now I had three tasks at hand - answer the phone, place the sweets on the kitchen shelf, and spit in the sink and I was having two things in my hands – sweets-box and glass of milk. Me being me, I got confused while multi-tasking and by the time I reached the sink my mind went haywire and started functioning dysfunctional. I had now only a vague idea about how I was to execute these three tasks.
Throwing, spitting, answering, pigeonholing, sink, spit, ringing phone, sweets-box - all got jumbled in my chaotic mind and I ended up making three mistakes. I knew I was to throw something in the sink, so there went the sweets box. I had to clear my mouth of saliva so there it went in the milk. As to the phone, it kept on ringing till… I don’t know till when ‘cause I was so shocked by what I had done to my milk and the sweets.
That’s all folks! If I were to only list all my experiences or fits of forgetfulness, much less detail them, it would make a book this thick. So, for the moment it’s toodle-oo from me.


READ MORE - Multi-Tasking - the Topsy-Turvy Way

Monitor project progress with micro-deliverables

Micro-deliverables allow you to effectively gauge the health of a project. Here are four simple rules to follow when planning for and using micro-deliverables.


Too often failing projects surprise us.

Have you ever had a project that seemed to be going along just fine, and then, when the delivery deadline drew near, suddenly, everyone's two months late? It leads you to wonder, "How could I have missed that this project was two months late?" "What planet was I on where this project appeared to be on time?"

Given that approximately three quarters of all technical projects fail to meet their schedule, budget or feature set goals, you'd think we would be better at spotting groups that are "off the rails".

The reality is that determining when a project is in trouble is not an easy thing, and problems that seem obvious in hindsight are murky at the time that they occur.

Monitoring project progress is an important part of a leader's role. Knowing when and how to intervene in failing projects is critical to the overall health of any technology organization. Whether the intervention is to cancel a hopeless effort, or to correct team skill or resource imbalances, managers need to spot difficulties early in order to prevent issues from becoming disasters.

Of course, projects don't really slip two months in one day. They fall behind a little every day, and the slippage accumulates until we notice it. So the question is how can you notice the problems and fix them when they're mole hills rather than mountains?

Most project methodologies call for monitoring task progress, budget tracking, and hours observations to check on the health of a project. Unfortunately, I find that these are inadequate to gauge real progress.

Estimating task completion is notoriously subjective. The last 10 percent always seems to take 80 percent of the time. Counting hours expended has nothing to do with real progress. Effort rarely equals results. Although knowing how much of your budget has been spent is important, any positive correlation between the percentage of budget expended and percentage of project completed is generally coincidental.

The best method that I've found is to use what I call micro-deliverables. Most projects are planned with series of tasks that lead to major deliverables, the documents, deployments, or code that the tasks create. But these deliverables are usually the result of many people's work over a period of weeks or even months.

Micro-deliverables are much smaller, individual efforts. When you plan for micro-deliverables, each person on a project has responsibility for some physical product every few days. Then you can gauge the health of the project by checking whether the micro-deliverables are done or not. You don't have to wait for months until a big deadline looms to check the health of a project.

When planning for and using micro-deliverables, there are a few simple rules to follow:

1. Never let anyone go longer than a week without owing a micro-deliverable.
Any time a person goes longer than a week without a deliverable, they go into a black hole of unknown progress. You can't really gauge how they are doing, and you are more likely to be surprised.

2. Micro-deliverables are either done or not done.
When measuring progress, there are only two states for micro-deliverables. They are either 100 percent complete, or they are zero percent complete. Progress is marked only by final approval of the item. Otherwise, you get into the subjective world of guessing how close to done things are, which is inevitably inaccurate.

3. Progress is not measured in effort, but in micro-deliverables.
The only meaningful measure of progress is whether micro-deliverables are done on time or not. If they are coming in late, the project is late. If they're on time, the project's on time.

4. A micro-deliverable is the responsibility of only one person.
If the deliverable is owned by more than one person, it becomes a problem to figure out where the real difficulties lie.

Using these simple rules, you can begin to identify project problems quickly and accurately avoiding the surprises that are otherwise all too common.
READ MORE - Monitor project progress with micro-deliverables

SSL: Broken even more

Lately, security conferences have been bad news for SSL. At this year's Black Hat, independent security guru Moxie Marlinspike explained how he was able to completely bypass SSL security.

In January I wrote an article, SSL: Really broken this time, in which I described how forged certificates could be created if the signing Certificate Authority used the MD5 algorithm for signing.
That wasn't too difficult of a problem to rectify; it just required Certificate Authorities to use SHA-1 instead of MD5. Even so, most people in the know realized that it won't be too long before SHA-1 has the same problem as MD5.
SSLsniff
Well, I'm afraid that cracking SHA-1 is the least of our problems.
You may remember Moxie Marlinspike, he's the developer of a sophisticated hacking tool called SSLsniff. The application exploits vulnerabilities in Internet Explorer, allowing Man-in-the-Middle (MitM) attacks even if SSL connections are used. Microsoft eventually fixed the vulnerabilities by disallowing leaf certificates to act as signing certificates.
Even with the vulnerability fixed, SSLsniff is still a powerful tool. As evidence, SSLsniff was used to demonstrate MitM attacks by the group of cryptographers who discovered the MD5 exploit I mentioned earlier.
SSLstrip
Marlinspike's new and improved tool is called SSLstrip. Quite simply, SSLstrip allows an ill-intended attacker to capture sensitive personal information without even worrying about encryption.
He decided to sidestep the encryption process once he realized that users almost always request Web pages using the http (unencrypted) prefix. That's even the case for the more confidential Web sites like those provided by financial institutions as shown below:
After the initial portal page is brought up, https is enabled after some user intervention as the following image shows:
SSLstrip is simply a MitM proxy that advantages this flaw/oversight in the https process by stepping in between the user and in this case the bank's Web server. Let's look at the process using me as the guinea pig:
  1. I enter the URL http://www.usbank.com into the Web browser.
  2. I then type my user name in the appropriate box and hit enter.
  3. SSLstrip captures the URL and my username.
  4. SSLstrip connects to the USBank Web server and provides my username.
  5. SSLstrip then returns the new Web page provided by the bank Web server to my computer.
  6. I provide my password and hit enter.
  7. SSLstrip once again captures that information and transmits it to the bank Web server. As far as the bank Web server knows, I'm officially logged in.
  8. SSLstrip once again passes the new Web page provided by the bank Web server to my computer. I then go about my business.
Something is wrong though, how come the "s" is missing from http in the URL? I thought the bank's Web site was secure. It's not there because the SSL connection was setup between my attackers' computer and the bank's Web server. I was getting all the correct Web pages sent to my computer, but not over secure channels. Guess who now has my log in credentials?
I realize that an observant user would more than likely be aware of the sleight of hand taking place here, but then I suspect that many more will be fooled by this. For more details about the exploit, please view Marlinspike's Black Hat presentation New Tricks for Defeating SSL in Practice (pdf). He did a great job explaining the entire process.
Even sneakier
In Marlinspike's presentation, he points out a few other techniques that can be applied to make the unsecure Web page look more convincing. Most Web browsers display the favicon supplied by the Web server right next to the URL in the address bar. What SSLstrip allows you to do is replace the favicon with one of your choosing.
By doing this many more people will be fooled as they have been told to look for a closed lock and if it's there then they can be assured that they are safe.
It's even possible for the attacker to supply a real SSL connection to the requesting computer with a URL that's almost identical to the one asked for. The difference being a few extra characters at the end. Moxie Marlinspike explains in the next slide:
Change the Web browser
We humans are creatures of habit; I doubt that anyone would argue that. Knowing that, I honestly can't say that I'd catch the deception every time myself. One good thing is that this dilemma has been talked about by others. I was fortunate that TechRepublic's managing editor Jason Hiner alerted me to George Ou's article HTTPS Web hijacking goes from theory to practice.
The article explains that developers need to give Web browsers enough intelligence to know whether the connection should be SSL encrypted or not and if encryption isn't occurring to disallow the connection. George also mentions that Google is working on this very problem in their early versions of the Chrome 2.o Web browser. Hopefully other Web browser developers will follow suit.
Final thoughts
First, I'd like to thank Black Hat for the use of their logo and Marlinspike for the use of his presentation slides in this article. I also admire his wanting to make everyone aware of this potentially serious attack vector.
I realize that this exploit is one that requires inattentiveness on our part. Fortunately, most people I talk to mention that they wouldn't get caught by this. Just to test that theory, think back to the last time you went to a Web site that used SSL. Did you check the URL? Were you sure that the traffic was encrypted? I didn't.
Michael Kassner has been involved with with IT for over 30 years. Currently a systems administrator for an international corporation and security consultant with MKassner Net.
READ MORE - SSL: Broken even more

E-medical record must be about business

SINGAPORE--Run an electronic medical record (EMR) implementation project like a business project, not an IT initiative, advised a top executive from a healthcare organization.
Steven Yeo, vice president and executive director of HIMSS Asia-Pacific, said such projects should be regarded as a "business initiative with an IT component".
Healthcare organizations that fail to do so will end up placing their EMR projects on a lower priority to other business implementations that are driven by the executive board, Yeo said, during his address at the inaugural Hospital Build Asia 2009 conference here Thursday. Founded in 1961, HIMSS, or Healthcare Information and Management Systems Society, is a global healthcare industry group focusing on healthcare IT issues and currently has over 20,000 individual and 350 corporate members
Projects of large scale such as EMR implementations, need CEO involvement and cannot be driven solely by the CIO, unless the CIO is also managing director on the board, Yeo said. Even then, it may not guarantee the success of project, he noted.
Raymond Chong, managing director and CEO of Thai hospital group, Samitivej, said hospital administrators cannot look at technology deployments as the basis of how their healthcare services should evolve.
"Technology shouldn't influence healthcare decisions," Chong said. "We should look at where we want healthcare to be and develop [technology] toward that [direction]."
The industry should, therefore, look at how technology may evolve to support its aspirations, he said. as a result, Chong expects technology to play an increasingly bigger role in healthcare.
Yeo said spending on IT within the healthcare sector is much smaller than that of the industry's overall expenditure, but is expected to ramp up. This is aided in part by global governments' fund injections, such as U.S. President Barack Obama's pledge to set aside funds for healthcare, he said.
According to Frost and Sullivan statistics provided by conference organizer IIR Asia-Pacific, the total healthcare revenue in the Asia-Pacific region was US$239.9 billion in 2008, with the industry expected to grow by 5 percent to 10 percent this year.
In 2007, Singapore announced plans to build an EMR system in a bid to consolidate patient medical records, and enable such data to be shared securely between doctors in public and private sectors. It joins other regions including the United States and European Union, that have also embarked on EMR initiatives.
Singapore's Ministry of Health Holdings CIO, Dr. Sarah Muttitt, said last year the country's EMR system needed improvements, and that the Singapore needs to push digital investments up to 4 percent to 5 percent of total spend for the next five years to keep up with technological advancements.
READ MORE - E-medical record must be about business

Mobile just one leg of Microsoft's three-screen strategy

Microsoft had little new to say about its Windows Mobile phones at CTIA 2009, but reinforced its intention to play in all the future arenas of personal computing.


Robbie Bach, head of Microsoft's Entertainment and Devices Division, ran through essentially the same news that his boss, CEO Steve Ballmer, presented about six weeks ago during the Mobile World Conference in Barcelona, Spain. The company demonstrated how Windows 7 has built-in software for connecting to 3G wireless networks, showed off some of the features of Windows Mobile 6.5, and played a quick video highlighting its mobile application store, Windows Marketplace for Mobile.

The demonstrations were all geared around Bach's central theme of the "three screens": the PC, the television, and the mobile phone. Microsoft intends to make sure Windows is able to give people access to their personal data, information, and services on all three of those screens.

Microsoft spent as much time showing off how HP's Mini 1000 Netbook is capable of connecting to 3G wireless networks with software built into Windows 7 as it did demonstrating Windows Mobile 6.5, and barely mentioned Windows Marketplace for Mobile during a week when mobile application stores are a big topic.

But Bach promised that Windows Mobile phones will be the subject of Microsoft's next big advertising push, and said the company's partners will have 10 phones running Windows Mobile 6.5 ready when that operating system arrives in the second half of this year.
READ MORE - Mobile just one leg of Microsoft's three-screen strategy

Conficker postmortem: Hype distracted but threat is real

April 1 has come and gone and in the minds of many people the Conficker worm turned out to be a joke instead of the major Internet security event that might have been envisioned. Was the hype good, or bad, and who is to blame?
"I'm not sure what to think," said Bruce Schneier, chief security technology officer at BT, who is usually critical or pessimistic. "In a sense, the whole Conficker thing just puts a name on a general problem."
The problem is that there are tons of malicious programs and attacks out there on the Internet every day and people don't do enough to protect their computers, experts say. People need to be vigilant in patching their systems and updating their antivirus and other security software all the time, and not just when there is a virus outbreak. This isn't new at all.
Lots of other worms and botnets are doing real damage, experts say, but Conficker garnered the media attention because it was configured to activate on a certain date. The fact that the date happened to be April Fools' Day only lended to its mystique.
"You need something with a name and a date to make the news. Today, the problem is just as serious, but there's no news," Schneier said.
A member of the Conficker Working Group, a consortium of companies and experts formed to eradicate the worm, had this to say: "The focus on April 1 ignored the fact that malware is out there and it is not detected easily and it has counter measures," said Dave Dittrich, an affiliate researcher at the University of Washington.
People tend to blame the security vendors for hyping viruses so they can sell more products. But in this case, everyone ZDNet Asia's sister site CNET News.com talked to about Conficker downplayed the digital disaster scenario and said things would likely be fairly quiet on April 1, as they were.
Media culpability
That leaves the media. In a spoof on the media frenzy, Wired ran a humorous fake live blog from the "Conficker Worm War Room" and pointed out that "The New York Times called it an 'unthinkable disaster' in the making. CBS's 60 Minutes said the worm could 'disrupt the entire Internet,' and The Guardian warned that it might be a 'deadly threat'."
Surprisingly, Dittrich and others were somewhat forgiving. "Tight deadlines make it hard to get a good story out without the hype taking over," he said. "There was a known deadline of April 1 for some behavior changing, but it wasn't clear what that behavior was going to be."
But just like the boy who cried wolf too many times or Chicken Little after the sky didn't fall, the experts said they worried that conflated expectations that are not met could mean people will ignore legitimate threats in the future.
Simple concepts of good and bad are easy to understand, while complicated issues and relative conditions, which underpin security, aren't. For instance, Dan Kaminsky, director of penetration testing at IOActive, said he often finds himself trying to talk people down off of one of two "ledges" of thinking.
"It's either 'nothing is going to happen', and that's not true, or it's 'the world is coming to an end and computers are going to explode in some technological Ebola equivalent', and that's not true either," he said, echoing comments he made in a post on his blog. "Concern, but not panic, is really the appropriate engineering response to the problems of this nature. But concern doesn't sell nearly as well as panic."
Hype is one thing. Public awareness is another, and if nothing else, all the attention Conficker garnered can be seen as a benefit if it means that more people were prompted to secure their systems.
"When you see your neighbor with a cold, you think about washing your hands," said Chris Wysopal, chief technology officer at Veracode.
"The main lesson is that reactive security is always bad," said Wysopal. "This is the case we're seeing here. Once the botnet is spread it is really difficult to clean up and the command-and-control (aspect) is getting more sophisticated and using sophisticated encryption. Once it is in place it is harder and harder to dismantle and remove."
"I find it a bit discouraging that after SO many years of these dire warnings of a virus/worm that will 'bring the Internet to its knees' that executive management STILL doesn't get the fact they shouldn't be depending on media stories to shape their security program," Carole Fennelly, director of content and documentation at Tenable Network Security and a former security consultant, wrote in an e-mail.
Conficker alive and well
Meanwhile, Conficker remains a menace. The worm spreads through a hole in Windows that Microsoft patched in October and also spreads via removable storage devices and weakly protected network shares.
So, millions of infected computers didn't launch denial-of-service attacks on Web sites or download password-stealing software on Wednesday. But they could have, and they still can at any point in the future. In fact, the risk is greater now because Conficker-infected machines can distribute updates or instructions via encrypted peer-to-peer technology as opposed to communicating to command-and-control servers at domains that registrars have been pro-actively blocking.
"It's not like it's gone," said Kaminsky, who worked with The Honeynet Project on a way to detect infected computers using a flaw in Conficker's code. "We're looking at a massive, amorphous network with a command and control that we don't have the means to block anymore. Things got worse on April 1 for the remaining infected nodes."
And now there is no signal for researchers to watch for with Conficker. This actually makes sense for a botnet because their creators usually tend to operate under the radar so they are not thwarted.
"We believe they decided to do nothing to tip their hand," said Paul Ferguson, an advanced threats researcher at Trend Micro. "But the functionality can be updated at any given point in time. All it takes is a button click on a mouse from the people pulling the strings."
The April 1 date could have been designed to distract people from other activity. For instance, researchers saw updates to existing botnets that also use auto-domain generation, including Mebroot, which is also known as Torpig and Sinowal, according to Ferguson. That Trojan infects Windows computers in "drive-by downloads" as they Web surf and steals bank log-in data and other sensitive data, among other things.
"I'm not saying these are connected, but it sure is funny in a coincidental way," Ferguson said.
So, what's the moral of the Conficker story?
"The moral is there are big worms out there and criminals that do a bunch of things," said Schneier. "One of them happens to have a name and a date."
The Conficker Working Group has a test to if a computer is infected on its Web site and another test is on the University of Bonn Web site.
READ MORE - Conficker postmortem: Hype distracted but threat is real