My mother always taught me that it wasn't polite to "toot your own horn," so I don't do so very often - but I figure this news is exciting enough that I want to share it with my friends and readers, so --out of tune as it may be -- I'm going to break out the brass and blow a short song. I've been selected by the Microsoft Security Newsletter as MVP (Microsoft Most Valuable Professional) of the month for November 2006.

Mark Minasi, October's MVP of the Month, is a tough act to follow, and I'm even more honored to be in such esteemed company. Mark has been at this a lot longer than I have, and in fact I cut my Windows networking teeth on his Windows NT books.

In true Oscar winner fashion, I want to thanks those who helped make it happen: Melissa Travers, my MVP lead at Microsoft; Heather Poulson, the managing editor of the Microsoft Security Newsletter; and my husband Tom, without whose encouragement and support I'd probably never have made the career change from cop and criminal justice instructor to IT pro and technical writer.

My MVP article of the month will be published November 6, and I'll provide a link when it comes out. Okay, enough tootin'.

DEBRA LITTLEJOHN SHINDER, MCSE, MVP
deb@shinder.net     www.debshinder.com
Personal Blog: http://lakerayhubbardnet.spaces.live.com

What greater honor could be conferred on an Internet-based writer than to have one of your articles appear on the front page of Digg.com? Well, that happened to me a couple of weeks ago, when one of my WXPnews editorials was dugg. And I was reminded once again that fame has its not-so-pleasant aspects.

Luckily, since the article was hosted on Sunbelt's site, I didn't have to deal with the server/bandwidth overload. But I did see a marked increase in email. My personal address didn't appear with the article, but apparently a lot of people took the time and effort to Google me and track it down. Most of the messages were complimentary, but there were also the inevitable complainers who didn't like something I said (or didn't say).

Emailers, though, are the epitome of politeness when compared with the folks who post comments on the Digg site. If having the article featured on the site had made my ego swell a little, it would have quickly been deflated by all the posters who criticized everything from the length of the article to its title. Umm, folks, it wasn't just a random blog post -- I do this as a job. I'm expected to meet a certain word count. I'm sorry you thought it was too long, but the regular readers of the newsletter seem to like them that way.

Which brings us to another point: these articles are written for a specific group of readers. So sometimes they reference things I've said in past articles, or things that the regular readers of the weekly newsletter already know about me. When the Diggers read them out of that context, of course they think I was unclear or don't "get" certain references or don't realize that the issue they're complaining about me not addressing was in fact addressed in another article two weeks ago.

But hey, I'm not complaining. In the fast paced 'net world, fame is fleeting (thank goodness) and everything is back to normal now. And I could sort of dig being dugg -- so long as I remember not to read the comments next time.

DEBRA LITTLEJOHN SHINDER, MCSE, MVP
deb@shinder.net    www.debshinder.com
Personal blog: http://lakerayhubbard.net/spaces.live.com

My editorial in last week's WXPnews (October 17 issue, www.wxpnews.com) seemed to hit a nerve with a lot of readers. The number of responses was right up there with the deluge we experienced following The Great Rebate Debate a year or two ago. Hundreds of you wrote to tell us your own pet email peeves. The article even ended up on the front page of Digg -- more about that experience in a future blog post.

Since there were way too many great comments for me to quote in my short followup article, I wanted to respond to a few more here. When it comes to quoting entire messages and threads in email responses, we have a lot of folks on both sides of the fence. I admit that I used to agree with those who believe in keeping quotes concise, and would diligently cut and paste only the relevant portion to which I was replying. Working with Microsoft and other large companies cured me of that habit. In most corporate environments, the preference is for email correspondents to include the whole thread -- even when it stretches to a dozen or more messages -- and to always "reply to all" so that everyone stays in the loop. I had to retrain myself to do both.

The other side of that coin includes the people who send responses to messages without including any of the original message. Don't you just love getting a message that says "yes, I think we should go with the second option" when you have twenty projects up in the air and have no idea to which one this pertains or what the second option was/is?

After hearing so many people complain about Out of Office messages for years, I was surprised at the number of readers who told me they actually like getting them and appreciate knowing why their messages aren't being answered. Many noted the importance of software that sends an OoO message only once to an address -- that certainly helps with the problem of being flooded with OoO messages when a mailing list member goes on vacation.

Several readers noted that the alternatives to the OoO are usually much more annoying; for example, there's the guy who sends a message to everyone before leaving for a week to say "please don't send anything until I get back on the 27th." Then you have to keep up with the date.

By far the majority of the responses had to do with the procrastination issue. More than one reader said procrastination is a useful way of dealing with email -- in 90% of cases, the problem goes away if you wait long enough.

Very few folks admitted to pretending they didn't get an email message when they did (but then, those who lie about whether they got the message would probably lie about whether they lie, I suppose). On the other hand, lots of you said you often just don't answer messages, especially those from strangers asking for favors. I can certainly relate to that. As a technology writer, I get emails every day from people wanting me to troubleshoot their computer or network problems, long distance and for free.

Some of the questions are simple and if I can dash off an answer quickly, I usually do (in case of queries to my personal email address; there's no way I can do even that with the hundreds of messages per day I get at the WXPnews feedback address). But I'm always surprised at the number of requests I get for full scale consulting work, some with pages of description and attached complex network diagrams. These are problems that would take hours to solve, if they even can be solved without going on-site or logging onto the person's network. Yet many of the most demanding requests don't even include a "please" or "if you have the time." Makes me think I know a little bit of what it feels like to be a public utility.

Dozens of readers noted how much of a battle it is to keep from letting email dominate your life and dictate your schedule.  Most of us don't get paid to answer email, even when the mail occurs as part of our jobs. It's definitely necessary to be able to "just say no" when necessary.

For example, I could go on and on with this topic, quoting everyone who responded -- but it's time to start working on other projects. Nonetheless, I really appreciate all the input we got and I'm glad so many people feel so strongly about email etiquette. Maybe that means there's hope for the future of Internet communications, after all.

DEBRA LITTLEJOHN SHINDER, MCSE, MVP
deb@shinder.net   www.debshinder.com

New Release! Windows Live Writer 1.0 (Beta) Update with Windows Live Gallery

Source: Writer Zone

I've been pleased with Windows Live Writer from the beginning. It makes blogging quicker and easier; it's the first tool that has actually helped me to keep up with blogging despite my busy life.

A new build has been released that seems to speed up performance a bit and includes some changes we'd hoped for, such as the ability to paste into the title field, better image posting support and better support for categories.

One of my favorite features was the "Blog it" button on the Windows Live Toolbar in IE, which lets me highlight text from a web site and automatically paste it into a new blog post along with a link to the source. Now the Live Gallery includes a similar extension for Firefox, so I can do this with either browser. Cool!

There are other new plug-ins, such as the one that lets you insert Live Spaces emoticons in your blog. You can download plug-ins here: http://gallery.live.com/default.aspx?l=8 

DEBRA LITTLEJOHN SHINDER, MCSE, MVP
deb@shinder.net     www.debshinder.com

We've been using VoIP for our primary phone service for quite a while now, and we've had an opportunity to watch the technology mature. It seems lots of folks are still confused about exactly how Voice over IP works, and no wonder -- it's a complex process. There are a number of different sets of protocols involved, some competing and some that work together. And once you get into enterprise-level VoIP deployments, you have to deal with issues such as IP PBX, FoIP (Fax over IP) and VoIP security.

A few months ago, I started doing a weekly column for TechRepublic's VoIP newsletter, and it's been fun delving into many different aspects of the new generation of telephone services. My most recent column addresses some of the most popular protocols used for VoIP, what they do and how they work. You can find it here:

http://articles.techrepublic.com.com/5100-1035-612... 

Meanwhile, we still haven't cut the landline umbilical cord completely. Our security alarm system is tied into the PSTN system and the monitoring company doesn't support VoIP. I've found a few that do, but unfortunately we're bound by a contract that still has another year to run. You can bet that when it's up, I'll be standing in line to switch over. But will we finally cancel the AT&T line and save that 40something dollars every month (for the most basic line possible, with no caller ID, voicemail or other special features and expensive charges if we make long distance calls on it -- in comparison to our $19.99/month VoIP line that comes with a slew of features, including the ability to receive our voicemail messages via email, and unlimited free calls to anywhere in the U.S., Canada or Western Europe)?  Seems like a no-brainer, but unfortunately there are still a few places we talk to where the VoIP line cuts out or where those on the other end complain of an echo effect. It's only a few, but may be enough to deter us from dumping the landline for good -- at least until someone comes up with a solution to the problem.

DEBRA LITTLEJOHN SHINDER
deb@shinder.net  www.debshinder.com

Do you know exactly what's on your computer's hard drive? The average computer user doesn't have a clue. Yet you can be convicted of a crime and sent to prison, even labeled as a "sex offender" for life, based on what's stored on your disk, including email attachments, browser cache and other files you may not even know are there.

As a former police officer, I'm all in favor of coming down hard on true Internet predators, these guys we're always hearing about who use the Internet to find vulnerable children and lure them into sexual relationships. And even if they never actually met or touched the kids, anyone who engages in sexual chat or email with minors probably presents a risk and should be stopped.

However, as an IT professional and long-time heavy user of the Internet, I'm afraid our enthusiasm for justice is causing us to cast much too wide a net on the 'Net. All so-called "sex offenders" are not created equal, whether we're talking about the 19 year old kid who has a consensual relationship with a 16 year old girlfriend and finds himself behind bars and required to register as a sex offender for life, or whether we're talking about the guy who forms an online relationship with a 16 year old who pretends to be 21 or the one who thinks he's downloading (obnoxious but legal) adult porn and instead finds kiddie pictures mixed in with it.

The truth is, the way the Internet works, there is no way that an illegal photograph on someone's computer should be admissible as evidence in court, any more than the results of a polygraph should be. Both are just too unreliable.

Just today, I clicked on a Google link while looking for the solution to an error message that was occurring on a laptop computer. Before the Help forum page I was trying to access, an advertising page appeared. That happens a lot and usually it's just annoying. This time the ad was for a porn site and it was disgusting. It wasn't child porn -- but it could just as easily have been. And then that picture would have been in my browser's cache, and if I were a technically unsavvy average user, it might have stayed there for months. And if I worked at a big company or a university, tech support personnel working on my computer sometime in the future could run across that picture, turn me in, and cause me to lose my job, my liberty and my future because of it.

Think that sounds far-fetched? Think it's never happened? I think, given today's laws and today's technology, it would be naive to imagine that it hasn't -- or that you couldn't be the next victim of this popular form of "zero tolerance."

 According to a post on ZDnet this morning by Mary Jo Foley, who does a good job of keeping up with all things Microsoft:

If your copy of Vista does not pass Microsoft’s anti-piracy sniff test, you won’t be able to use the Aero user interface, Windows Defender anti-spyware and ReadyBoost memory-expanding technologies that will be built into the premium versions of Vista.

Source: » What Microsoft still isn’t saying about WGA and Volume Activation 2.0 | All about Microsoft | ZDNet.com

Software piracy is a problem. There are an awful lot of stolen copies of Windows floating around out there -- many of them on the machines of people who paid for the operating system, only to have a computer repair person wipe their disks and reinstall with an invalid product key. They are victims, just as Microsoft is.

The problem with anti-piracy technology is sort of like the problems with our criminal justice system. If you try to crack down hard on the criminals -- something that most law abiding citizens are in favor of -- you risk having innocent people get caught up in the system and hurt through no fault of their own. It's a balancing act, and one that's hard to keep in balance.

I've heard a lot of people complain that WGA identified their software as pirated when they thought it was legit. There are actually two different ways that can happen:

In the first scenario, WGA screws up. The software really is legit but the system misidentifies it. This is like when the police arrest someone who had nothing to do with the crime, perhaps because he happened to look like the real perpetrator.

In the second scenario, the software is pirated, but the computer owner didn't know it. The pirated software was installed by the computer vendor or a computer repair shop and pawned off on the customer as legal software. This is like when someone passes you a counterfeit hundred dollar bill and then you try to deposit it in your bank account and the bank says no.

The solution in the first case is obviously to make the WGA software - and the police investigative process - better and more accurate. When an innocent person goes to jail -- or is unable to use his legitimate software - it should be corrected as quickly as possible. The person should be freed; the use of the software should be restored. Further restitution can be sought through civil lawsuits, but often that process isn't worth it.

In the second scenario, both the software vendor and the computer owner are victims of piracy. Once the bank finds out you didn't intentionally try to pass a counterfeit bill, they may be sympathetic to your plight, but they're still not going to credit your account for $100. Basically, it comes down to a "buyer beware" situation.

One way to look at it is that the software industry is just catching up to the way the rest of the world works. If you unknowingly buy any other type of stolen property and it's tracked back to you, you're out the money you paid for it and the property gets confiscated. Your only recourse is against the one who sold it to you in the first place.

Microsoft actually goes a step further. If you report the piracy, including the name of the vendor who sold it to you, and have the disc, they'll replace your pirated software with a real copy.

Still, lots of people are upset at the efforts of Microsoft and other vendors to detect pirated software and deactivate it (or some of its features). And many of those who are upset are not users of pirated software (at least, not knowingly). Rather, they're afraid of getting caught up in the system -- just as many of the people who oppose red light cameras aren't against them because they want to run red lights; it's about the invasion of privacy and the possibility of getting "accused" by a machine that supposedly doesn't make mistakes.

Both sides have legitimate arguments and concerns. Meanwhile, if someone has a better method for preventing software piracy, I wish they'd come forward with it. WGA as is (and as will be in Vista) leaves a lot to be desired.

Businesses in New York’s Westchester County that offer public Internet access, as well as those that conduct their own business over wireless networks, must now install a firewall or other computer security measures, under a new law.

Source: FOXNews.com - New Law Requires Businesses to Safeguard Networks - Small Business

Now using a firewall to protect your network isn't just smart business; it's the law -- at least, in one jurisdiction. No doubt other localities will pass similar laws, the trend will spread to state legislatures and eventually to Congress, so that someday it'll be a federal crime to connect to the Internet without the proper security measures.

Is this a good thing? On the one hand, unsecured networks and systems on the public 'net pose risks to everyone, not just themselves. On the other, it's a little like passing a law requiring everyone who has sex to use a condom because of the potential to pass on AIDs and other STDs and create a public health risk.

On the other other hand, experience shows that a large percentage of the population won't voluntarily adopt practices to protect themselves unless they're required to do so by law; seatbelts are a case in point.

But our attempts to legislate ourselves into a safer world are quickly legislating away what little freedom we still have.

As you can see, I'm adamantly ambivalent about this one.