pennwarrantylitigation.com

View results

“We won’t disclose the issue until all our users have been at least asked to update their phone,” Cannings said.

Microsoft takes a different approach, though, publicly releasing details even before all computers have been patched.

Even Microsoft, which hardly has a reputation for coddling its users, does a better job of keeping people in the loop. It gives a heads up a few days in advance about what’s coming on its next monthly “patch Tuesday” upgrades.

Those who dig around T-Mobile’s forums can find posts from a T-Mobile administrator named Will. “The first rule of updates is: you do not talk about updates,” he joked in one post confirming that T-Mobile had begun sending out the TC30 patch, then only offered a hint about what was in the patch. He was more forthcoming in an earlier post, though.

In a pickle
Google writes the patches but relies on T-Mobile to disseminate them to its customers and to communicate with its customers, said Rich Cannings of Google’s Android security team.

And T-Mobile has been pretty quiet, too. (I’m waiting for comment from the company about its choices.)

T-Mobile’s site says delivering over-the-air updates to G1 customers takes several days, with users selected in random order. Given the philosophy of not disclosing details until everybody has a chance to update, it would be impractical to include update details along with the update itself. Early recipients could simply publish details online.

I’ve been testing a review model of the G1, and an update arrived first on November 1 and then a second a week later. Only by dint of much pestering and more than a week of waiting did I find out from Google what was in those two Android patches.

In short, even if companies are generally looking out for their customers’ best interests, I think it behooves them to keep the customers better informed. It prevents us from feeling like disempowered pawns. It helps us make intelligent choices with our products. And it can even make us happy, when pesky bugs are stamped out or useful features are added.

The G1's request to update its Android software doesn’t share any details about what’s changing or how important it is. (Click to enlarge.)

The security fixes also take place behind closed doors, despite Android’s open-source nature. After the report of the root-console bug that would cause a G1 phone to reboot if a user simply typed “reboot”, Google’s Dan Morrill added a note, “Marking as security problem, which will hide this issue until the fix is public,” though it wasn’t actually hidden.

Cannings said Google will release all the gory details about Android vulnerabilities eventually; the security announcements are automatically sent to the Bugtraq and Full Disclosure security mailing lists, for example, he said.

But that process doesn’t take place on the same schedule as the patches T-Mobile distributes. It’s been 11 days since I received the RC29 patch, and there’s still no word published on the Android Security Announcements group. The only note is an August 18 introductory note with this advice: “If you would like to receive security patch announcements for Android, please join the android-security-announce Google Group.”

(Credit:
Stephen Shankland/CNET News)

Should I lighten up?
But here’s the question: am I wrong to bridle at this somewhat paternalistic attitude? Given that the future no doubt holds updates for
car engine firmware, home wireless network routers, universal remote control, and Internet-enabled stuffed animals, we’ll all have to get more used to them. After all, security is a grave matter, and vulnerabilities lead directly to spam-sending botnets and other serious issues. Should I just relax and go with the flow?

Tell me before I update
Patch ASAP, details later
No worries, I trust you
Other

When it comes to telling customers about security weaknesses, there’s a fine line between alerting customers and inviting attacks. With T-Mobile G1, the first phone to run Google’s Android operating system, I think the companies are erring on the side of inadequate disclosure.

News.com Poll Detailing Android fixes
Google and T-Mobile fixed security issues with the G1’s Android software but have been studiously quiet about details. How would you like to be notified? Chime in with comments below.

But with the Android phone, I couldn’t even tell if the patches were security related, much less how important they are, much less what they actually do. The closest I could come was figuring out what operating system build I had installed, then using that nugget of information to snoop around the T-Mobile forums, the Android bug-reporting system, and assorted Web sites to see if I could piece together what was going on.

Vote in the poll and share your thoughts in the comments below.

I’m not the type to blithely ignore patches. Sure, I’m not convinced the security patches I download for Adobe Reader, Microsoft Windows, and
Firefox are flawless, but I think the odds are good enough they’ll be an improvement that I install them.

Google has taken the same approach of hiding security issues with its Chrome browser, and updates are installed automatically with no option for users to approve the process. Again, it takes the approach that Google knows best, and users are best to trust the company to do the right thing.

Few will have noticed, but Microsoft’s Jim Kellerman just announced that he and a Microsoft colleague have “been cleared to contribute patches again” to Apache, and specifically to the Hadoop project.

Microsoft gets deep into open source and Olson comes out of retirement. This is turning out to be a Very Great Day.

commentary

This is great news for Microsoft, and I think for open source generally. It means that Microsoft just became an open-source insider and may find it more difficult to sling mud as an open-source outsider in the future.

It’s also good to have Microsoft’s heft behind the Hadoop project, an incredibly cool open-source project that got additional help from CloudEra, a new open-source company helmed by former Sleepycat CEO Mike Olson that promises to help companies tap into the power of Hadoop. Who cares about Hadoop? Any Web developer that wants to “write and run applications that process huge amounts of data.”

An even simpler request to Microsoft’s developers would be to let me restrict autocomplete suggestions to addresses that appear in my contacts. And while I have my wish list out, how about making it easier to sync contacts between Gmail and Outlook?

One way to cut through Outlook’s autocomplete clutter is to use the Ctrl-K keyboard shortcut to access the program’s Check Names feature. Simply type the first few letters of the address you want to enter, and press Ctrl-K.

Press Ctrl-K to open Outlook's Check Names dialog box to a specific initial letter.

As I stated then, I’ve come to depend on Outlook’s address-autocomplete feature, though it’s far from perfect. First, editing the list isn’t easy. You can delete an entry you no longer need by pressing Delete after you scroll to the address in the drop-down list that appears as you type the name in one of the above fields. But there’s no simple way to edit the list.

If you don’t find the file in either of these locations, make sure that your system is set to view hidden system files. To do so in Windows Explorer, click Tools > Folder Options > View and select “Show hidden files and folders” in the “Advanced settings” window. (If you don’t see the Tools option in Vista’s Explorer, press the Alt key.)

If only one address in your contacts matches the letters, that address will be entered into the field automatically. If more than one address match the letters, the Check Names dialog box will open (see below). Scroll to an address, and press Enter to place it into the address field of your message.

C:\Users\username\AppData\Roaming\Microsoft\Outlook

Sure, you can use the free NK2View utility from NirSoft to import and export address books, as described by the How-To Geek, but there’s nothing quick or simple about the process.

A couple of weeks ago, I described how to disable the feature in Microsoft Outlook 2003 and 2007 that automatically completes addresses as you enter them in the To:, Cc:, or Bcc: fields.

The clean-slate approach to Outlook’s autocomplete feature
If your nickname file gets out of hand, you can start from scratch by renaming the file, which will cause Outlook to create a new one the next time the program opens. Start by finding the .nk2 file. In XP, the default location for this file is here:

In Vista, the file is placed in this folder by default:

(Credit:
Microsoft)

What I really want is the ability to restrict the addresses that appear in the list as I enter them. For example, an Autocomplete Settings dialog box would let me limit the list to addresses I’ve entered at least twice (or three times, or five times, or any number I choose) to eliminate the one-offs (or three-offs, etc.)

Now simply rename the file. You could delete it, but I recommend keeping the original file around so that you can revert to it, should something go awry. A Microsoft Knowledge Base article provides complete instructions for resetting this Outlook feature.

C:\Documents and Settings\username\Application Data\Microsoft\Outlook

Oracle has sliced approximately 500 positions from its sales and consulting staff businesses in North America, according to a report in The Wall Street Journal.

Oracle declined comment on the reported layoffs.

Oracle’s reported layoffs come at a time when a number of companies across all industry sectors are slashing their workforce by double digits as the economy languishes in a recession.

And while other companies are making staff cuts amid steep declines in their revenues and earnings, Oracle’s last quarterly report in November posted a 6 percent increase in second-quarter revenues and a modest 1 percent decline in net profits.

The positions, which would account for less than 2 percent of Oracle’s North American workforce as of November, were cut on Friday, according to the Journal.

Q: Do you envision Twitter as something that everyone will eventually use, or just news and blog junkies?

Stone: Twitter is a real-time short messaging service that works over multiple networks and devices. It continues to grow popular around the world and become the pulse of what is happening with the people, organizations, and events you care about–delivered immediately, wherever you are. We envision Twitter is something everyone may use eventually.

Are you hiring? Will you have layoffs?
Stone: We are currently hiring and staying the course with regard to our budget and plans for growth.

Twitter co-founder Biz Stone answered questions from me over e-mail. But I’m still not sure where the revenue will come from.

Do you believe Twitter will be a standalone business in five years, a feature of another company, a standard feature on several sites, a backend service, or what?

Stone: Twitter will be a sustainable business that folks around the world can depend on for reliable communication. Our API will certainly grow as well so that speaks to Twitter finding its way into other sites and the idea of a backend service.

How has the credit crunch affected your business? Are you cutting costs?
Stone: Twitter prepared for the current economic climate when we raised our last round of financing. We’re fortunate that we can stay on the course we have laid out for the company. That being said, we will certainly be sensitive and cautious where appropriate.

Biz Stone's Twitter tag.

I took the announcement of the CEO job swap at Twitter as a reminder that I need to bug the company about its future and its business model. As I wrote in 11 troubled Web companies, I love Twitter and want it to succeed. But I’m not sure it’s on the right track to do so.

Updated: One question and answer added to the end.

When are you going to turn on a business model, and what is it?

Stone: We’ve watched with interest as commercial usage of Twitter has taken off and really started growing. We think there are some very interesting opportunities so we’re modeling some scenarios there as well as other opportunities.

By the way, what’s with your name? Short for something?

Stone: It’s a name from when I was a little kid. I couldn’t say “Chris-to-pher” properly. I said “Biz-ah-bah.” My parents thought it was funny and took to calling me that. Then kids at school found out and I’ve pretty much been Biz ever since.

How much cash/runway does Twitter have?
Stone: We don’t disclose numbers like this except to again say we planned ahead and we have the runway we need to execute our plans.

For the first time ever, the president’s weekly address to the nation will be delivered via video as well as radio.

Delivering the radio addresses via online video is a logical step for the first president elected in the era of YouTube. The Obama campaign uploaded more than 1,800 videos to its YouTube page.

On Thursday evening, Obama’s transition team co-chair Valerie Jarrett posted a YouTube video, shown below, to the site explaining the lobbying restrictions for Obama’s transition team.

President-elect Barack Obama, the Washington Post reported, will begin by taping this week’s Democratic address at his transition office in Chicago on Friday, and the video will be posted on Saturday to Obama’s transition site, Change.gov, via YouTube. Other members of the Obama administration will post online videos as well.

The tradition of the president addressing the public directly via radio dates back to President Franklin Roosevelt’s “fireside chats” in the 1930s. Archived audio recordings of all of President George Bush’s weekly radio addresses can be found at the White House Web site.

The product works by taking a folder of photos, trying to rank which photos seem most important, detecting faces, finding key points of interest, and then rotating and resizing the photos to create the final collage, which can then be saved or printed as a 4×6 or 8×10.

(Credit:
Ina Fried/CNET News)

I tracked down one of the folks who worked on the project from Microsoft’s research labs in Cambridge, England. Software architect John Miller works as part of an incubation team that helps create products out of ideas from the research lab there. What attracted him to the collage tool, he said, was the fact it “combined really interesting technology and something I would be able to talk to my mom about.”

As someone who is interested in both photography and collage art, Microsoft Research immediately caught my eye this morning with an announcement about a new tool called AutoCollage 2008.

It’s not the first time Microsoft Research has sold its technology directly to end users, but it is not a frequent occurrence. There is one other research project currently sold, a product called Microsoft Automatic Graph Layout 2007 for .Net. Microsoft also used to sell a game called Allegiance, which was developed in part by Microsoft Research chief Rick Rashid. It now provides the game and its source code freely.

Here's what Microsoft's AutoCollage tool made out of a few pictures from last week's ASANA World Series in Seattle.

Like many projects, though, Miller said it was something that took a lot of work to make into a shipping product. Hence, the decision to charge for it.

AutoCollage also seems indicative of a broader effort in the company to make sure it is getting return on its research dollars. While the company’s first goal is to transfer its technology to product teams, Microsoft has also been looking for ways to license to start-ups some of the technologies that it doesn’t plan on commercializing.

But what really struck me is how much Microsoft Research sounds like other product groups these days. First, there was the name, AutoCollage 2008. That sure doesn’t sound like something from the labs. Second, to get the program, one has to buy it for $20 from Windows Marketplace (there is a 30-day free trial version, but it stamps a big watermark on the resulting collages–see above).