I won't bother espousing the benefits of Twitter;  Scott Hanselman already has, and he did it far more eloquently than I would have. 

Let it suffice to say that, after some prodding from Alan Stevens, I got on Twitter, and I'm having a ball with it.  You can follow me via the "My Twitter Updates" column on the right, or, better yet, get on Twitter yourself and join the community!

My mom emailed me complaining about getting the following error when logging into her Google Calendar:

Oops.  Another calendar has been created for cams.mom@moms-isp.net (not her real address).
Each calendar needs its own email address so friends can send you invitations.

My mom couldn't figure out what this error meant or why she was getting it.  She'd been using Google Calendar for over a year, using the Google account she created with her ISP-provided email address as a login.  And she even contacted her ISP (Wild Blue satellite Internet) at one point, who had no idea what she was talking about.

So I took a look, and I pretty quickly managed to figure out what the problem was.

Her ISP decided to provide Google Apps for Domains for their customers.  They just created user accounts in Google Apps for all of their customersone weekend.  As a result, there were two Google accounts with cams.mom@moms-isp.net as their login - One that was a standard, run-of-the-mill Google account with access to Calendar, Docs, etc., and one that was the domain-specific login to Google Apps.

So the only way she could resolve this was change to a different email address as her login for her standard Google account.  Not a huge deal, since she has a couple different email accounts, but definitely an inconvenience. 

Still, I have two issues with this:

1. Was this scenario not anticipated by Google?  Why not work around it?  Why not merge her old, "standard" calendar into her new, domain-specific calendar?  For what it's worth, that's why I haven't migrated from my Google account to Google Apps for Domains.  I'd love to have my own camthegeek.com Google Apps, but it'd be an all-out migration for my Gmail, Google Talk, and Google Calendar.  Why can't they just tie my Gmail and camthegeek.com addresses together as some sort of alias, so if I'm logged in to Google Calendar as me@gmail, I'm also logged in as me@camthegeek?  That way my friends wouldn't have to change their Google Talk settings to keep in touch with me, and I wouldn't have to migrate my Gmail and Calendar.
   
   
2. What the hell is wrong with Wild Blue that they couldn't train their tech support to anticipate this and properly guide their customers through it?  I understand the allure of Google Apps.  If I were an ISP, I'd put my customers on it.  It's a major value-add.  But in their pre-migration activities, did they really not anticipate that, out of their thousands of customers, one of them might possibly have endeavored to create a Google account with their wildblue.net email address?  Give me a break.

Dear Mom/Mom-In-Law/Grandma/Other,

Please stop using Internet Explorer 6.0.  Just...  Stop.

I know you're comfortable with it.  I know that's what came installed on your computer, and you're not even aware that it sucks.  But trust me, it does.

"But Cam," you ask, "If it isn't broken, why should I fix it?"  Ah, but that's the point.  It is ridiculously broken.  It's the Yugo of web browsers.  Aside from being ridden with security vulnerabilities, and lacking innovations such as tabbed browsing, its CSS standards support is horribly broken and will never be fixed.

My point about security and tabs should be self-explanatory.  The CSS problem, in layman's terms, means that, just this week, a simple web page which should have taken me about four hours to design and develop took me over two days because I had to work around Internet Explorer 6.0's CSS flaws.  That's just...  obscene.  It wastes Corillian's time.  And worse yet, it wastes my time, which I could be using to post videos of your grandkids.

So what can you do to help me?  Convert to a different browser.  A more modern, more standards-compliant browser.  Just about all of them will automatically convert your favorites or bookmarks, history, cookies, and saved passwords.   They're all free.  All you have to do is download them and install them.  And then get your friends and relatives to do the same.  Here are a few suggestions.

• Internet Explorer 7.0.  Microsoft fixed a lot of the problems Internet Explorer 6.0 had, as well as adding some useful user interface enhancements.  I know it looks a little different, but if you try it, you might just like it.  Pros: Microsoft was aware of all the issues with IE 6.0 and fixed most of them.  Cons:  Slight learning curve with the new user interface.
  
  
• Mozilla Firefox.  This is the second-most popular browser right now.  It's very fast, reliable, and secure.  It has a really neat feature called extensions, which allow you download free add-ons for the browser that perform any number of useful functions.  For example, I run an extension called Ad Block Plus, which filters out banner ads from my web pages.  In many cases, I never even realize they were there.  Pros: Insanely active open-source community backing, which means frequent security updates, new features, and extensions.  Cons:  There are still a few web pages (very few) that were designed specifically with non-standard features of Internet Explorer in mind.  These sites don't deserve your traffic anyway and whoever told them they should design their site like that should be fired.
  
  
• Opera.  I honestly don't know a whole lot about Opera, but its users are very vocal about how much they like it, so maybe you will, too.  Pros:  I've heard it's really quite good.  Cons:  Same as Firefox.
  
  
• Safari.  This is Apple's browser that comes pre-installed on Mac computers.  They make a Windows version now.  I wasn't overly impressed, but again, this letter is about giving you options.  Pros:  Um...  it's free?  Cons:  Nothing overly compelling about it.
  

With just five minutes of effort, you can take a step toward a better browsing experience for you, and, as others follow your lead, a better development experience for me.  Thank you.

I just got my first greenlit article on the social news site, Fark.com.  For those of you unfamiliar with Fark, what this means is I submitted a link to a news article, including a self-written funny headline, and the users of the pay version of the site (TotalFark) gave it sufficient votes to have it show on the front page of Fark.

I guess you'd have to be there to appreciate it.

Yay, me.

I'm very hopeful that Silverlight will achieve the market penetration of Flash.  Silverlight has so much going for it, like the DLR, the mini-CLR, XAML-based development, and so much more.  And like I said in an earlier post, it's a great example of people in Microsoft getting it, what with the multi-platform support.

The only thing that worried me about Silverlight was the lack of Linux support.  Like it or not, Linux is becoming a viable desktop platform, so it's important that Silverlight have some kind of Linux implementation.  I had heard somewhere that Miguel de Icaza had stated that he was going to have a Mono-based implementation of Silverlight ready by the end of 2007, but I didn't know if that was a reasonable estimate.

Somehow, I think I underestimated the Mono team.  Miguel and his band of crazy coders hammered out a more-or-less functional implementation of Silverlight, called Moonlight, in 21 days.  Holy freakin' cow, that's cool.

I'd also like to point out that Miguel mentions receiving guidance from Scott Guthrie and others in Microsoft.  I'm floored by this.  They're apparently that interested in making it succeed.

Our information security manager recently asked me and a few other resources via email if we could do something programmatically to prevent phishers from using our corporate logo.  One person suggested using JavaScript and/or CSS to trap right-clicks or obfuscate images behind transparent layers.  Unfortunately, all of the mechanisms he mentioned rely on client-side browsers to enforce our bag of tricks, and the average phisher is probably too smart for that.  Whereas IE is effectively blocked from right-clicking via JavaScript, Firefox easily defeats that trick (Click Tools > Page Info.  Go to the media tab.  Voila!  Save whatever image you want).  Even easier for the Linux-based phisher, as he can just use wget to pull down whatever images he wants.

A lot of banks have implemented two-factor and two-way authentications schemes (one of the earliest being Bank of America).  A little known insider's fact:  That's actually due to a regulatory requirement.  If your bank isn't doing it yet, trust me, they will.  So will implementing these schemes across all these banks actually help solve the phishing problem?  Probably, for a year or two.  Then all of your phishing attacks will rely on man-in-the-middle attacks to get around these two-way and two-factor authentication schemes.  Bruce Schneier predicted it, and it’s already been proven and is likely in the wild.  See:

• http://paranoia.dubfire.net/2007/04/deceit-augmented-man-in-middle-attack.html
• http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2factor_1.html
• http://www.cr-labs.com/publications/index.html
• http://www.gpayments.com/pdfs/Bank%20of%20America%20-%20A%20Perfect%20Target.pdf

My take:  Schemes like SiteKey (BoA's trademarked implementation based on a software package available from RSA) are useful for the time being, but in the long run, provide little in the way of valuable protection.  Unfortunately, many people view it as a panacea and have created a false sense of security around the whole two-factor and two-way authentication scheme.  Banks should not rely too heavily on implementations of two-factor and two-way authentication to ensure customer security.  Instead, I think banks need to step up customer education across all lines of business.  This includes campaigns to help the customer understand:

• Why you should never click on a link in an email
• What to look for in your browser to ensure a SSL connection directly to your domain
• How to use modern browsers’ built-in anti-phishing tools

Personally, I envision all of the above as being part of a strategy to increase corporate transparency.  There have been a lot of so-called corporate blogging sites launched lately, that help to foster a sense that corporations are listening to their customers and are genuinely interested in making them happy and soliciting their feedback.  Some great examples:

• Microsoft
• Dell
• Google
• Amazon
• Intel
• The World Bank

If you look at these, particularly in the conversations created in the comments, it becomes obvious that this is a great way to educate customers, get customer feedback, and make customers feel more empowered as partners.  Wouldn’t it be great if more corporations had a mechanism for this?

Of course, no one in our marketing department has asked me…  I’m eagerly awaiting their call…

(Reiterated disclaimer:  This ain't Commerce Bank's opinion, this is wholly mine.  See the legalese on the right, please...)

One of the first things I noticed about Vista was that they'd included thumbnails on the alt-tab dialog and on the taskbar buttons.  Thumbnails in alt-tab is nothing new.  I've been using TaskSwitchXP for a while now.  What is new is the thumbnails on the taskbar buttons. When you point at a program's button in your taskbar, you get a tooltip with an embedded thumnail.

As if that weren't cool enough, the thumbnail is actually updated in real time.  Observe here, I'm viewing Weird Al's White and Nerdy* and the thumbnail is updating at the same 30 fps as the actual video player (I added the red box for emphasis)!  Well, maybe not the same framerate, but it has to be pretty close.  How cool is that???

* Yes, I'm an unabashed fan of Weird Al.  He's like the patron saint of geeks.  If you don't like it, suck it.

I was playing around with Google's custom homepage today, and I found a gadget for a site called SongTapper in the content listings.  It's a site that guesses what song you're thinking of by having you tap the rhythm using your space bar.  I was only able to stump it with a few obscure Duke Ellington songs, but it still had heard of my songs (just not with my pathetic sense of rhythm).

Google has finally heard my prayers and responded with a calendar app in the same style as Gmail.  It's still pretty early in its maturity, but it's got all the basics covered, including Gmail integration and a nice web invitation feature.  Between this and Gmail, it's safe to say that my home/personal PIM environment (as opposed to work) is no longer hindered by a lack of Outlook .  Besides, for personal data, I prefer the web-based stuff anyway, since it's way more portable.  Leave the work stuff at work, but I want to be able to get to my personal stuff anywhere.

Some things I'd like to see:

1. A to-do list with reminder capability.
2. A desktop reminder agent (integration with Gmail Notifier, perhaps?)
3. Configurable notification addresses, so I could use email addresses outside of my Gmail account (although they DO provide SMS capability - that's a plus!)
   

Having gotten sick of the obnoxious Flash-based ads in MSN Messenger, as well as the unweildy tabs mechanism, I made an effort several months ago to deprecate Messenger in favor of the Windows port of Gaim. Unfortunately, I found myself turned off by Gaim's incompatibility with MSN's video conferencing (how I see my kid when I'm on the road) and the general "industrial" feel of the GTK+ library Gaim is built on.  On my last trip out of town, I found myself going back to MSN Messenger.

The thing is, the interface still bothers me.  The ads are annoying, as is the clutter from the tabs.  Here's my tips on creating a nice, minimalist MSN Messenger environment.

1. The built-in configuration options are your friend.  At a minimum, turn off the "Show MSN Today on Login" option.  If you're getting sick of your contacts' display pictures, by all means, disable those too.  You'll note the default soccer ball associated with my wife's entry in the screenshot.  I hate that.  Default images annoy me.
   
2. Kill the tabs.  There's an option to do it in the Security section of the options (on Messenger 7.5).  Find the checkbox that says "This is a shared computer so don't display my tabs" and check it.  If you don't have that option, there are alternatives.
   
3. The ads are a piece of cake to kill.  Using ZoneAlarm to block and log all outgoing connections from Messenger, I quickly deduced that the ads were being served from a web service on http://config.messenger.msn.com.  If you're using ZoneAlarm or another software-based program-oriented firewall, just block outbound HTTP from MSN Messenger to that address.  Alternatively, add an entry to your HOSTS file (C:\Windows\System32\Drivers\etc\hosts on Windows XP) that points config.messenger.msn.com back to 127.0.0.1.  That works just as well.
   

I saw this on Slashdot today, and I have to say, I'm intrigued.  The article, as expected, spawned lots and lots of the usual Slashdot speculation, with plenty of Microsoft bashing just for good measure.

Having run a few Linux distros, I have to say, I really do like Ubuntu, and if Google can make a consumer release version, I think it'll be a lot of fun for us geeky types who like to run Linux.  I don't see this taking off on the home or corporate fronts, though.  People want their favorite app of choice, and they want it to work in a supported environment (not Wine).

Don't get me wrong;  I'm a big Google fan.  I think they've got a corner on "getting it."  But whatever this Ubuntu-based project they're working on is, I seriously doubt it's going to be anything that can compete with Windows.  An internet appliance, I might believe.  A PC operating system?  I'll believe it when I see it.

Scott Hanselman has a funny way of blogging about things right after I start using them.  In this case, he's talking about RSS auto discovery.  I had just been digging around in my dasBlog theme to ensure that I had the right tag for RSS auto discovery earlier in the day.  Auto discovery is a great little mechanism for, if nothing else, alerting the user that you have a feed available (in case they didn't notice your feed icon).

As I embark on this blog project in the hopes of being interesting enough to garner a regular readership, I've done a lot of thinking lately regarding the nature of content syndication and its ultimate place in our society.  I'm a religious user of a RSS.  I monitor about 25 different feeds on various topics using an online aggregator (up until a few days ago I'd been using Bloglines, but now I'm giving NewsGator a try).  I'm an advocate for RSS.  I wrote a whitepaper for Commerce's online banking product management suggesting how we could implement private account information feeds in our online banking site.  Unfortunately, though, the response was lukewarm.  It seems I failed to take into account that only 4% of Internet users knowingly use RSS.

So what's the deal?  Why hasn't RSS caught on?  I've read some ramblings lately of "information overload", and that the feeds are providing data faster than people can keep up with them.  I suppose that may be the case if you have 50 or 60 feeds, but for my purposes, 25 seems to be a good number.  I set my aggregator to only show new items, I skim the headlines, and if the article doesn't seem appealing to me, I let the reader mark it as read automatically.  I don't ever browse the web anymore.  I just check my aggregator to see if there's any new content, rather like e-mail.

So, what's the difference?  Why does everyone use e-mail, yet nobody uses RSS?  Surely, subscribing to a site's feed isn't such a complex notion.  It isn't any more complicated than e-mail.  I think the issue is one primarily of awareness.  When I presented my whitepaper regarding RSS in online banking, the most common response I got was, "What's RSS?"  Obviously, these people are part of the other 96%.  After I explained what it was and what I wanted to do with it, everyone thought it was a really groovy idea, but doubted if anyone would use it.  I bet if it had a sexier name (rather than an acronym), everyone would be using it.

So, as an advocate of RSS, what do I suggest we do?  Spread the gospel.  Show people how your aggregator works and how convenient it makes retrieving your Internet content.  Firefox users may not realize that it uses RSS automatically (via auto discovery) in a feature called Live Bookmarks.  IE users will have a similar feature in version 7.0 (currently in beta).