Becta’s report on Vista and Office 2007: wise advice, or mere polemic?

I read Becta’s report on Vista and Office. Becta is a UK government agency supporting IT in education. The report is a ponderous affair and tells us that XP still works, so why bother with Vista; and that Office 2007 saves by default in a tiresome new format that few other applications can open; and that free office suites like Open Office work well so why pay for something else?

All this is fair enough; but I’m surprised that Becta didn’t spot a couple of other things. One is that Office 2007 can easily be set to save by default in the old Office binary formats that pretty much everything can read. The other is that while ODF is indeed an ISO standard, it is also pretty awkward from a compatibility point of view.* So I’m surprised by this recommendation:

When specifying new systems, schools and colleges should normally insist on the desktop having access to office productivity software that is capable of opening, editing and saving documents in the international standard ODF, and setting it as the default file format.

I suppose the idea is that if kids come home with their homework on a USB key and find that their documents will not open on the home PC running Microsoft Office, that they just download and install Open Office. Fair enough I suppose; but why not just use .doc and .xls?

The report adds:

Becta did not conduct technical assessments of the merits of either the existing international document standard (ODF) or the proposed second international document standard (OOXML).

There is however a lengthy discussion of the inadequacies of the half-baked ODF converter add-in which Microsoft has sponsored. I agree; but I’m not sure why it merits so much space.

I would have found it interesting to see a bit more examination of the merits or otherwise of the ribbon UI in Office 2007; better, worse, or indifferent for education? What about overall usability and functionality versus Open Office? It would also have been good if Becta had considered the large market share Microsoft Office enjoys, especially in business. Like it or not, it is relevant to this discussion.

I didn’t see much attention given to security, which is perhaps the biggest single reason for adopting Vista versus XP (it could also be a reason not to use Windows at all). This is not only a matter of Vista being more secure, if it is, but also that it aims to fix the insecurity of Windows long-term by fostering well-behaved applications that will enable future versions of Windows to be more tightly locked-down. Not interesting in education? I’m surprised, since when I talk to IT people in education, security is one of their chief concerns.

I find myself wondering whether this is really a document aiming to offer wise and objective guidance to schools, or a more polemical report promoting ODF and open source in education.

I reckon there is a good case for promoting open source in education. However, considered as a report on Vista and Office 2007 this is a poor effort.

*PS: It is interesting to see what Asus has done with its Eee PC, which  actually gets an oblique mention in Becta’s report:

We have also noted the emergence of low-cost innovative ‘mini-notebooks’ that have been brought to the market running a version of Linux and a range of Linux-based applications including OpenOffice.org.

On my review Eee, which was supplied by RM for the education market, Open Office is set to save in the Microsoft formats by default. I imagine that Asus wanted to make the Eee fit seamlessly into a Microsoft environment if necessary. It must have been a conscious decision, since an untweaked Open Office install uses the Open Document formats by default.

Technorati tags: , , , , ,

Trying out SqueezeCenter and Jive (updated)

I took a look at Logitech’s Jive, a platform for smart remotes that link with its SqueezeBox players and SqueezeCenter (formally SlimServer) music server. Incidentally, it looks like all the names are getting the Squeeze treatment; even Jive is to become SqueezeOS. Personally I prefer Jive, but there it is.

So what is Jive? Let’s start by saying that it is the firmware for Logitech’s new remote, the SqueezeBox Controller, which is “coming soon” for $299.00. A hefty price; but Logitech is betting that users will love the new gadget. It is a world away from an infra-red remote that just sends commands to a SqueezeBox. This is a handheld computer which connects by wi-fi (no need for line of sight). You can browse through album art, tune into Internet radio, even run applets which might be games (Space Invaders anyone?), enhancements such as lyric display, or other utilities.

Long-term Jive is intended to have its own audio capability. In other words, you could plug headphones or speakers directly into the controller. Apparently the initial release of the controller will have an audio-out socket, but it will not be active.

It’s not much of a stretch to consider this as a (potential) portable MP3 player that could access your music from anywhere in the world, provided you have a fast wi-fi connection. All the main pieces are in place.

Although Jive can be called firmware, it is somewhat decoupled from the hardware. You can run it on a PC or Mac, and Logitech is thinking about implementations for other devices such as Apple’s iPhone. That will be an interesting test of Apple’s resolve in opening up its hardware to third-party applications.

Trying out Jive

I don’t actually have a Jive-capable remote, but got it un and running on a PC. It is all bleeding-edge stuff right now. Jive requires SqueezeCenter, also known as SlimServer 7.0, which is still pre-release. Furthermore, you cannot yet download Jive binaries, you have to check out the source and build it yourself. It is open source, as in “you can download the code”, but the license is more restrictive than with SlimServer, a fact that has prompted considerable debate. Jive makes heavy use of other open source libraries, including Lua, an embeddable scripting language.

I opened the provided solution in Visual C++ 2008 and it built first time, so no complaints there. See here for a guide.

The new SqueezeCenter looks smarter than its predecessor, and Jive looks good too. The user interface in the current build is clean and uncluttered. I used the arrow keys to navigate the menus. You can play audio stored in your SqueezeCenter library, or from the Internet. SqueezeCenter optionally hooks into an iTunes library, and everything is fine provided you don’t have any DRM-encumbered purchases from the iTunes store.

Jive is great if you want to control your Squeeze clients from an expensive remote, but it has competition from another strong feature of SlimServer SqueezeCenter, which is that you can use it from any old device with a web browser – like an Asus Eee PC, for example, or a SmartPhone. Finding the music you want is a lot quicker with a full keyboard, than with a remote. There’s no inherent reason Jive can’t support a keyboard as well, though you need a controller with a (soft or hard) keyboard. But note this little menu in SqueezeCenter:

This lets you use an alternate skin for SqueezeCenter, including some that are suitable for small devices.

I’m not alone in liking the keyboard input offered by the browser UI, but Jive fans in the Squeeze community point out several benefits to the new controller:

  • You pick it up and it just works
  • More responsive
  • Does not require SqueezeCenter to be running (for Internet radio etc)
  • Less geeky
  • Can be used one-handed

I suspect the Jive-based controllers will be popular, even if a few of us still prefer the browser.

There is still space for alternative rich clients for SqueezeCenter. The communication protocols are all public and as far as I know anyone is free to use them.

Editorial note: I’ve revised this article extensively since the first draft

Postscript: On the subject of alternative rich clients, I’ve just discovered Moose, which looks promising. Especially in conjunction with squeezeslave, which makes in effect a player as well as a controller. Snags: Windows only, and search is a bit clunky.

8GB Asus Eee PC from April 2008, Windows or Linux

RM has announced an upgraded version of its popular miniBook, also known as the Asus Eee PC. The details:

  • 1GB RAM (up from 512MB in the current version)
  • 8GB solid state drive (up from 4GB)
  • Same 7″ screen, webcam and built-in mic, speakers
  • Prices “in the region of” £229 + VAT for Linux, £259 + VAT for Windows XP Home
  • Available from April 2008

I would assume that the same machine will also be available from other vendors, with small price variations.

The Eee is already a great machine and having more space is nice, though it’s a shame that the biggest weakness of the Eee is not yet being addressed: the limited 480 pixels vertical resolution of the screen. This makes some applications and web sites hard to use, since few are designed for this size of screen. In some cases dialogs appear with no buttons; in other cases there is little working area left because of the space taken up by toolbars or header and footer panels.

Why Windows? RM says:

The introduction of the Windows based miniBook means that schools that already have curriculum software which is Windows based can add this to the miniBook. Also, schools with Microsoft Volume License agreements have a route to upgrade to XP Pro and enable network connection using Windows.

I can see that there is demand for this. On the other hand, Windows needs some tweaking in order to work at its best on the Eee. One of the issues is that frequent writes to the solid state drive are reckoned to reduce its life, so it makes sense to configure Windows without a swap file as well as cutting out unnecessary components.

Will the Windows Eee, which costs £30.00 more (plus VAT), come with an equally generous suite of bundled open-source applications, such as Open Office, as found on the Linux version? It will be interesting to see, though I doubt it.

It will be fascinating to see how take-up of the Linux and Windows versions compares, both in the education market, and more widely. I’d suggest that Linux is better suited to the device, but Windows has familiarity, compatibility, and arguably ease of use advantages. It will be a shame if Windows ends up dominating on the Eee, as it has given a boost to the visibility and adoption of Linux on the desktop.

Finding obscure commands in Office 2007

I was intrigued to see an article on CNET called Word 2007 loses the ability to export outlines to Powerpoint. It says:

There’s a great little feature in Microsoft Word 2003 and earlier versions of the word-processing program that lets you export to Powerpoint an outline of any Word file formatted with headings … I was all set to tell you how to use the feature in Word 2007 when I realized it has been removed.

I wondered if perhaps the feature was still there, but the author missed it, so I used my usual technique for finding obscure commands in Office 2007. Go to Customize Quick Access Toolbar, then choose More Commands, then All Commands. Hey, there it is:

This is a great place to look if you cannot find a feature you used in earlier versions of Office.

SharePoint’s secret sauce

Just before Christmas I spoke to Daz Wilkin, Microsoft Developer Platform Evangelist, about Office development and Sharepoint. I’ve wanted to catch up on Sharepoint for some time, since it is achieving significant usage. Here’s a recent study which claims that:

the number of SharePoint applications in place today will quadruple over the next 12 months

Wilkin says that:

SharePoint is approaching becoming a billion dollar business for Microsoft. It’s vastly exceeded all of our estimates.

I suspect that journalists, myself included, have given Sharepoint insufficient attention. One reason is that it is a slippery product to describe and seems to straddle several categories, such as portal server, smart file store, and workflow platform. “I don’t think Microsoft has done a bang-up job in being able to articulate it. It is many things to many people,” says Wilkin.

Another problem is the confusion over SharePoint Portal Server (paid for) and SharePoint Services (free add-on for Windows server). You can find a point-by-point comparison here. The free SharePoint Services, on which Portal Server is built, are surprisingly rich. Once you have them installed, which can be a little painful, you get instant wikis and blogs, shared documents with versioning, permissions, and the ability to open and save directly from Office applications, shared calendars and tasks, and online forums. Here’s the settings panel for a shared document store:

Site options including content approval,versioning,permissions and check out 

It’s a shame that document versioning is off by default, but there is plenty of value in these features. Note we are mainly talking intranet rather than internet, though hosting SharePoint is a growing industry and it is also core to Microsoft’s own hosted service efforts.

Why is installation painful? Well, you need Windows Server, and if you want to use ASP.NET for something other than SharePoint on the same box, it needs a bit of tweaking. For example, if you run Exchange and install SharePoint Services, it breaks Outlook Web Access. On my server I got round this by adding a second host name in local DNS, pointing to the same machine, and using this for the SharePoint site using IIS host headers. Real-world businesses either install SharePoint on a separate server, or have Small Business Server which builds it in, so this is mainly an issue for journalists and the like. Perhaps this is a small factor in why SharePoint gets less coverage than it should; it is not something we can just pick up and use like Office itself.

So why is SharePoint taking off? According to Wilkin, it is about “group productivity”. He talks about how SharePoint deals with the classic document review process. Emailing documents around a company and getting numerous edited versions back is a hassle. Apparently Microsoft itself is now using SharePoint more intensively, and users just check-out a document, make changes, and check it back in. He adds,

…If you then combine that with the ease with which you can check that document into a workflow, and then have it automatically routed around the organization, and then very naturally combine that with data going in and out of backend systems whatever they are, that to me is the magic. Customers tend to get the value more quickly than some of the ISVs.

Visual Studio 2008 has support for SharePoint projects and this is something I plan to write about soon. If anyone has been doing SharePoint and/or Workflow Foundation development, I’d be interested to know how you found it.

Detailed look at a WordPress hack

Angsuman Chakraborty’s technical blog suffered a similar attack to mine – the malicious script was the same, though the detail of the attack was different. In my case WordPress was attacked via Phorum. Chakraborty offers a detailed look at how his site was compromised and makes some suggestions for improving WordPress security.

In both these cases, WordPress was not solely to blame. At least, that is the implication. Chakraborty thinks his attack began with an exploit described by Secunia, which requires the hacker first to obtain access to the WordPress password database, via a stray backup or a SQL injection attack. Nevertheless, Chakraborty says:

One of the challenges with WordPress is that security considerations were mostly an afterthought (feel free to disagree) which were latched on as WordPress became more and more popular.

I have huge respect for WordPress. Nevertheless, I believe its web site could do better with regard to security. The installation instructions say little about it. You really need to find this page on hardening WordPress. It should be more prominent.

Technorati tags: ,

Is Adobe spying on you?

Abode is on the defensive after users complained that their premier software package Creative Suite 3 is collecting usage stats in an underhand manner.

On the other hand, Adobe’s John Nack reports that the content being tracked is content delivered from the internet, such as a Live News SWF, and online help which really is online, not just local files.

The other part of this story is that Adobe is using Omniture for analytics, and Omniture has chosen a deceptive url for its tracking stats, specifically 192.168.112.2O7.net. That’s not an IP number, it’s an URL – note the capital O used where it looks like a zero.

Breach of privacy? Case not proven. Anyone running a web site should track stats for all kinds of reasons; I used them recently to investigate a break-in. When desktop applications call internet resources, they are acting like a web browser, and users should expect that they leave a digital trail. It is not as if CS3 calls the internet secretly – I think most of us can figure out that a live news panel is doing more than showing files installed by setup.

Unfortunately once you start browsing the web it is difficult to know exactly what resources you are calling and from where. What users see as a single web page typically has ads from one place, maybe images from another, and often slightly sneaky tricks like invisible images or scripts put in place solely to track usage. Now desktop apps are doing the same thing; it is not different in kind though it is true that neither case is transparent for the user.

That’s no excuse for Omniture using a silly URL that is the kind of thing you would expect from spam sites or misleading emails that want you to click malware links. Omniture’s URL is designed to look like an internal IP address which would normally be safe. That’s beyond “not transparent”; it is deliberate deception, albeit easy to spot for anyone moderately technical.

Should Adobe offer an option to turn off all non-local content? Possibly, though not many users would want to do so. There is a simple way for users to protect their privacy, which is to disconnect their machine from the Internet.

The big unknown is how these stats are used. Does Adobe check for the same serial number being used on multiple machines concurrently? Does it link usage stats to registration details? Does it check which apps in the suite are used most, and use that for contextual marketing to specific users? There is probably a privacy policy somewhere which explains what Adobe does, or does not, or might do. Unfortunately users have to take such things on trust. Occasionally companies slip up, even with good intentions – you may recall the day AOL released search logs for 500,000 users naively thinking they were not personally identifiable.

This problem is not specific to Adobe. It is inherent in internet-connected applications including web browsers. That said, Adobe should beat up Omniture for its shady URL, and do a better job informing users what kind of data it is collecting and how it is used. Which is pretty much what Nack says in a second post – except he says security when this is a privacy issue. Not the same thing.

Technorati tags: , , , ,

Why I haven’t seen the best of Bill Gates

I’ve been covering Microsoft for enough years to have seen and heard Bill Gates on numerous occasions. But I’ve not done so for enough years to have seen the best of him. I gather from other journalist friends that until maybe the early nineties, Gates was excellent value for the IT press, showing his technical side and chatting in-depth about some of the details of his products. Note this comment from Joel Spolsky:

Bill Gates was amazingly technical. He understood Variants, and COM objects, and IDispatch and why Automation is different than vtables and why this might lead to dual interfaces. He worried about date functions. He didn’t meddle in software if he trusted the people who were working on it, but you couldn’t bullshit him for a minute because he was a programmer. A real, actual, programmer.

Sadly I was a little too late to see this side of Gates. Microsoft grew too big; Microsoft execs grew too distant. In the keynotes I’ve heard, he talks about the company vision and the state of computing and leaves the technical details to others to explain. He occasionally takes questions, to which he typically gives long, circuitous answers, a favourite technique used by senior execs with, I suspect, the goal of reducing the number of questions that can be asked and answered in the time available. Nonetheless I respect him for steering the company through its path from the early days of DOS through to having its products installed on nearly every desktop and in nearly every home.

What prompts this post? billg is retiring in July and confirmed this at CES:

It’s the middle of this year, in July, that I’ll move from being a full-time employee at Microsoft to working full-time at the foundation.

This isn’t news; it’s in line with a previous announcement in June 2006; even the date, July 2008, was announced then.

Technorati tags: , ,

Wikia Search is live

You can now perform searches on Wikia, the open source search engine from the founder of Wikipedia.

This is from the about page:

We are aware that the quality of the search results is low..

Wikia’s search engine concept is that of trusted user feedback from a community of users acting together in an open, transparent, public way. Of course, before we start, we have no user feedback data. So the results are pretty bad. But we expect them to improve rapidly in coming weeks, so please bookmark the site and return often.

I tried a few searches for things I know about, and indeed the results were poor. I am going to follow the advice.

Wikia’s Jimmy Wales says there is a moral dimension here:

I believe that search is a fundamental part of the infrastructure of the Internet, and that it can and should therefore be done in an open, objective, accountable way.

There are several issues here. The power of Google to make or break businesses is alarming, particularly as it seeks to extend its business and there are growing potential conflicts of interest between delivering the best search results, and promoting particular sites. Google’s engine is a black box, to protect its commercial secrets. Search ranking has become critical to business success, and much energy is expended on the dubious art of search engine optimization, sometimes to the detriment of the user’s experience.

Another thought to ponder is how Google’s results influence what people think they know about, well, almost anything. Children are growing up with the idea that Google knows everything; it is the closest thing yet to Asimov’s Multivac.

In other words, Wales is right to be concerned. Can Wikia fix the problem? The big question is whether it can be both open and spam-resistant. Some people thought that open source software would be inherently insecure, because the bad guys can see the source. This logic has been proven faulty, since it the flaw is more than mitigated by the number of people scrutinizing open source code and fixing problems. Can the same theory apply to search? That’s unknown at this point.

It is interesting to note that Wikipedia itself is not immune to manipulation, but works fairly well overall. However, if Wikia Search attracts significant usage, it may prove a bigger target. I guess this could be self-correcting, in that if Wikia returns bad results because of manipulation, its usage will drop.

I don’t expect Wikia to challenge Google in a meaningful way any time soon. Google is too good and too entrenched. Further, Google and Wikipedia have a symbiotic relationship. Google sends huge amounts of traffic to Wikipedia, and that works well for users since it often has the information they are looking for. Win-win.

Unanswered question: how’s Vista’s real-world security compared to XP?

Reading Bruce Eckel’s disappointing I’m not even trying Vista post (I think he should give it a go rather than swallow all the anti-hype) prompts me to ask: how’s Vista’s security shaping up, after 12 months of real-world use?

I could call the anti-virus companies, but I doubt I’ll get a straight answer. The only story the AV guys want to see is how we still need their products.

I’d like some stats. What proportion of Vista boxes has been successfully infected by malware? How does that compare to XP SP2? And has anyone analysed those infections to see whether User Account Control (Vista’s big new security feature) was on or off, and whether the infection required the user’s cooperation, such as clicking OK when an unsigned malware app asked for admin rights? What about IE’s protected mode – has it reduced the number of infections from compromised or malicious web sites?

Has anyone got hard facts on this?

Technorati tags: , , ,