I got an email message today asking this question, and it occurs to me that there are probably a number of people out there wondering the same thing. Silverlight is a Microsoft technology for developing web applications to support multi-media content such as animation, video playback, and interactive features. To view this content, users need to download the Silverlight plug-in for their browsers. From the user point of view, it's similar to Flash or Shockwave.

With Silverlight, browsers can play MP3, WMV and WMA files without Windows Media Player or the WMP ActiveX control. It uses XAML (the Extensible Application Markup Language) and version 2.0 includes the .NET framework, which enables it to run .NET code.

Do you need it? Right now, maybe. You need it to access some content on some pages.  Will you need it in the future? Probably. If/when it becomes widely implemented, you'll need it to access more and more of the content on more and more pages.

As a user, you probably don't really care much whether content is delivered via Silverlight, Flash or some other platform. For developers, Silverlight provides a new, flexible platform for creating applications for the web. Developers can use Visual Studio 2008 to develop Silverlight applications, and Expression Blend 2.0 to design the user interfaces for them.

To find out more about Silverlight, download Silverlight 1.0 and view a demo of Silverlight 2.0, see http://silverlight.net/ 

It happens every year around this time, but may be exacerbated this year by political events: people are getting email messages purporting to be from the IRS and asking you to visit a website and submit your "refund request form" for quick processing. I had three in my mailbox this morning.

My reaction is "yeah, right." As a small business person, I don't get tax refunds - I get to write big checks every quarter. But with all the news about Congress passing a law giving a rebate to almost all taxpayers (the "almost," of course, referring to those of us who pay the most taxes of all who get nothing), some folks out there may be fooled by this one, or at least tempted.

Just in case you aren't tipped off by the brevity of the message (when did you ever get a letter from the IRS that was less than five pages long?), here's a clue that it's bogus: Hover your mouse pointer over that link that it instructs you to click. Here's what you'll see:

Click the image to enlarge it

Instead of going to some .gov address, the link points to a website in the .ro top level domain - in Romania. Isn't that taking government outsourcing a bit too far?

Hit the Delete key as fast as you can on these. Do not click the link, do not pass Go and - unfortunately - do not collect $268.

deb@shinder.net

As if the U.S. presidential elections weren't scary enough, now malware attackers are getting into the act. The latest threat is a spam message containing what purports to be a link to a video of a Hillary Clinton campaign speech, but in reality clicking it will download a Trojan onto your computer. Ouch.

Of course, computer users should know by now not to click links in unsolicited email. Maybe the prospect of a video of Hillary will prove less tempting than previous similar scams that used the names of Paris Hilton and Pamela Anderson, but in today's politics-crazed world, who knows?

You can read more about this threat here:
http://www.symantec.com/enterprise/security_response/weblog/2008/02/
you_know_its_election_year_whe.html

Over on ZDNet, George Ou has done some more testing on Vista with SP1 RTM installed, and discovered that the speech recognition feature can still be exploited by malicious sound files. The gist of it: If you have speech recognition turned on and are using a desktop microphone and speakers, the input from any file played through the speakers will be picked up by the mic as if you said it yourself, and processed as a voice command. That means an attacker could put a sound file on a web site that plays automatically when you visit the site, which uses the speech rec commands to delete files on your computer or do other nasty stuff.

George rightly points out that although there may not be a lot of people using this feature this way, it's a legit security concern. And speech rec is likely to get more popular in the future. My HP TouchSmart kitchen computer has built-in mic and speakers and its location and function as a family machine for leaving notes, etc. makes it a logical candidate for speech rec - except that I don't really like talking to the computer. That's a personal quirk, though, and lots of people long for Star Trek-like systems with which they can hold a conversation.

Just how big of a problem is it? That depends on your security needs and your normal computing habits. I have to disagree slightly with George that the only thing you can do to prevent exploits is disable speech rec altogether or use a headset. Knowing there's a mugger or rapist on the prowl in your town doesn't mean you have to stop ever going anywhere, but it does mean you'll want to take some extra precautions and stay alert when you're out there. Likewise with this threat.

Just as I can reduce my chances of being a rape victim by staying away from areas that are more dangerous (dark alleys, deserted parking garages, lonely and unlit areas of parking lots, etc.), I can reduce my chances of being victimized by a speech rec exploit by staying away from known risky web sites (warez, MP3, and porn sites), not following links unless I have a good idea where they'll take me, watching out for embedded sound in email messages, and avoiding playing any sound files whose origins I'm not sure of.

The next step is to practice due diligence wherever I do go. That means paying attention to what's going on around me and reacting when something out of the ordinary happens. It also means having a plan and the means to protect myself if I am attacked. On the street, I'm usually armed with both a licensed concealed handgun and a cell phone. A loud whistle is also a good idea, and some people are more comfortable with pepper spray than a firearm. The point is to have a plan.

If a sound file does say "start listening" (or some other voice command) loudly enough for my mic to hear it, I'll hear it too if I'm sitting at the computer, and should be able to take action to stop it from doing more (i.e., hit the Mute button to prevent it from issuing any further commands).

And just as I don't, in today's world, leave my house or car unlocked when I leave lest a bad guy sneak in while I'm gone, I don't go off and leave my computer sitting there unlocked with speech rec turned on, either. It only takes one click to lock the desktop and voice rec can't type in your password and start playing voice files while you're away.

I agree with George that a more secure solution would be to require a password (or maybe a keyboard sequence) to start voice rec listening in the first place and/or to prevent sounds played by the computer from being processed by voice rec. But in the meantime, if you do want to use the feature, it's possible to do so responsibly and relatively safely. Awareness and a few extra precautions are the key.

We should be thanking George for raising that awareness.

http://www.dallasnews.com/sharedcontent/dws/bus/ptech/stories/
020908dnbuspolaroid.2074eca.html

All my life, one of my very earliest memories has been a family gathering at which my uncle showed off his new camera - a Polaroid that took instant photos. Well, almost instant. You had to wait a minute (exactly a minute, so you needed a timer or watch with a second hand) and peel off the picture, then you had to coat it with a liquid from a tiny vial in order to keep it from fading away. According to relatives, I was about three years old at the time.

The reason this little scene stuck so hard in my mind, I think, was the utter amazement of everyone at this magical device. If I was three, this was the late 50s, and although instant photography was invented by Edwin Land and the first such cameras introduced in 1948, the Polaroid Land Camera was still a bit of a rarity amongst the "common folk" a decade later.

This was one of those big old models with a folding bellows (not sure of the model number, but I remember it looking something like the model 80A pictured here). I would become familiar with many other models over the years. I got deeply into photography in the 70s and had a collection of Nikons and a few medium format cameras. I also had a top of the line Beseler color enlarger and did my own darkroom work. I spent thousands on good equipment, but I always had at least one cheap Polaroid camera around, too. You just couldn't beat the ability to see the picture right there in the field, and make lighting and exposure corrections in response.

The digital camera was bound to make instant film photography obsolete (and, indeed, has almost done the same to film photography in general). Although the price of the cameras themselves were always reasonable, taking Polaroid pictures was always a fairly expensive proposition because of the cost of the film, generally at least a dollar per picture. Digitals give the same instant gratification (and it's even more instantaneous) and you can pick and choose which pictures to print (if any). The cost per usable photo goes way down, and of course you have the option of printing your pictures in whatever size you want, instead of being stuck with the size dictated by the film.

I haven't used a Polaroid in years (although I think I still have at least a couple stored away in a box somewhere), but I was sad to hear that the company was finally ceasing to make instant film for those legacy cameras. I love my digitals, from the inexpensive but amazingly sophisticated pocket cams to the DSLRs, but I don't think anything I've produced with them can ever replicate the anticipation and excitement of waiting for a Polaroid print to develop.

Of course, there were eventually other companies that made instant cameras - but just as "Xerox" will always represent the copy machine to many people, "Polaroid" will always be synonymous with instant photography.  I'm sort of glad Mr. Land isn't around to see the demise.

Meanwhile, the company (which filed for bankruptcy in 2001 and was reformed by a subsidiary of Bank One) is now reinventing itself. It will now make digital cameras and other electronics, including a fantastically small inkless portable printer. It's a very Polaroid-like product.

So after getting my kitchen Media Center PC running great, and getting TV running on my primary desktop computer with the great OnAir Creator, yesterday we wake up to find - no cable signal. Knowing that cable isn't the most reliable of technologies, we wait a while to see if it comes back up. Nope.

Next step is to check the GFCI outlet on the outside of the house that the cable amplifier plugs into. We only know to do that because this happened once before and that was the culprit. But the reset button on it isn't popped out, and the pool lights, which are on the same circuit, still work, so that doesn't appear to be the problem this time.

So I guess there's no other choice. I have to call the cable company. I wade through the menus, pressing 1 until I get to the part where the automated voice tells me she's going to check my account. Then she comes back and says "We have no indications of an outage in your area" and gives me the choice to hang up or press 0 for a customer service rep. Well, yeah, I think I'll take 0. Duh.

Then I descend into Hell On Hold. My estimated waiting time is said to be 5 to 10 minutes. It's "only" 9, but it seems much, much longer. I understand having to hold - but why must I listen to commercials for the entire time? How about just elevator music, or better yet, blessed silence until someone is free to talk to me? And if I must listen to commercials, must it be the same four commercials over and over and over? Five minutes into it, I'm ready to pull my hair out. I put it on speaker and go back to work. Because the silly thing is blathering away all the time, at first I don't hear when a real person finally does come on the line.

"Hello? Is anybody there?" Oops - I grab the phone. "Sorry, I've been waiting on hold for about a week," I say. "How long???" She asks in a horrified voice. Calm down, girl. Just a figure of speech. "Never mind. I'm having trouble with my cable service."

Well, of course before she can help me, she needs to know my phone number (a big, fancy, rich company like Time Warner apparently doesn't have caller ID), then my name and address, then the last four digits of my social security number (which I gave them against my better judgment because they insisted on it when I set up the account). Then she asks if I wanted to set up a PIN to use instead of the social security number. Well, that would've been nice to do in the beginning but they already have the number now so I'm not sure what great good it will do. Nonetheless, I opt for the PIN.

Finally we can get down to business. I describe my problem (static on all channels) and she schedules someone to come out on Monday between 11 and 2 (actually a fairly decent window; last time I needed service from the phone company it was "sometime between 8 a.m. and 6 p.m."). She still seems a little wary of me - I guess the "on hold for a week comment" won't be forgiven. By the time we hang up, I think she's as relieved as I am that the call is ending.

So now I wait. And once again consider switching to FiOS, if only because their customer service people are always so nice. Then once again reject the idea because I don't want to have to deal with set top boxes that don't work nearly as well with the Media Center (and I certainly don't want to have to have a set top box in the kitchen, too).

And meanwhile, no more TV on my desktop, and we missed recording Stargate: Atlantis last night. Now I remember why we quit watching TV at all for five years.