Ok, they’re just prosecuting spammers for multi-million dollar judgements, that likely will never be collected… but it’s a great quote (and perfect for Halloween!).  And the effect is hopefully equivalent to the head-spiking from long ago. 

Ultimately, spam is bad for the internet, and it’s great to see companies with resources going after the spammers.

BTW, if you’re wondering, this is not a real head.  :)   

Happy Halloween!

Check out this cool pumpkin carver from the good folks at Archetype!  Here’s mine: 

A fun way to spread a little Halloween cheer – after you build your pumpkin and customize the message, you can generate an email to send it to your friends or just generate a permanent link and post it. 

Nicely done, folks! 

Technology at work: Silverlight 3 running on Windows Azure.

Seven patties and 2120 calories.  Wow! 

Read about the Windows 7 Whopper, or see the video below. 

The MIT Technology Review magazine recently reported that next month Eran Tromer, a postdoctoral reseacher at MIT’s Computer Science and Artificial Intelligence Lab, will present research suggesting that Amazon’s EC 2, an Infrastructure-as-a-Service cloud computing offering, may be vulnerable to a form of eavesdropping and other attacks.  Tromer and his fellow researchers (who are from UCSD) believe the attack techniques could potentially work against other cloud services, as well.   Amazon claims that the techniques described in the paper will not work in practice. 

The research paper itself, colorfully titled “Hey, You, Get Off of My Cloud:Exploring Information Leakage in Third-Party Compute Clouds” is available from Tromer’s home page, and will be presented at CCSW 2009: The ACM Cloud Computing Security Workshop, happening 13-November-2009 in Chicago (logistics info below).  Until then additional details may be hard to come by, but the MIT Technology Review article reports that the key concept is for hackers to gain a VM on the same physical machine used by a specific target (i.e., the “victim”) VM. 

How could a hacker manage to get a VM on the same machine as a specific application they want to target?  Apparently, the IP addresses for VMs on the same physical server tend to be next to each other, and also tend to be assigned at the same time.  By launching a Denial of Service attack against a target site, a hacker might be able to force it to request more VMs… if the hacker also simultaneously request VMs, there’s some chance they might get one on the same physical machine as the target. 

Using this technique, the researchers believe they can raise the odds of getting on the chosen physical machine up to 40%. 

You might be wondering, even if a hacker gets a VM on the same physical machine as a target, what good would that do the hacker?  Tromer and his colleagues claim that by monitoring resources available to the VM that they do control they can infer information about the operation of the target application VM that also sits on the same server.   The researchers believe that knowing this resource utilization information for a targeted application could  help a hacker make deductions about information that should be confidential or secret. 

Is there a way to mitigate this risk?  The authors discuss some options that would make it difficult to successfully use this exploit technique, but argue that the only certain way to protect against this kind of attack is to use all the VMs on a server so malicious parties have no opportunity to get a VM on the same physical machine. 

I should note that the authors’ findings are based on analysis of Amazon’s EC2 cloud service, and also on experimental results from work with a private “EC2-like” Infrastructure-as-a-Service cloud that they set up and operated themselves (that is, experiments were not done on EC2 itself).  It’s also not clear (to me, at least) if the exploit techniques described in the research could be used on a Platform-as-a-Service cloud, such as Windows Azure. 

Even so, cloud computing will be with us for a long time… it’s worth watching and understanding these kinds of security vulnerability claims as they emerge, even if they ultimately prove not to be practicably exploitable (as Amazon claims is the case here). 

If you’re interested in learning more about this research from the researchers themselves, check out CCSW 2009: The ACM Cloud Computing Security Workshop.  This CCSW 2009 is a one day workshop that will run from about 8am-6pm at the Hyatt Regency Chicago.  It’s a “post-conference” for the larger 16th ACM Conference on Computer and Communications Security (which itself runs 4 days, from 9-13 November), and also at the Hyatt Regency Chicago.  

Go here to register for either (or both) the Cloud Security Workshop and the larger Computer and Communications Security event. 

Well, no secret I’m one of the few who actually liked Microsoft’s  Seinfeld ads.  Always felt it was a great way to humanize the brand, and prepare it for a re-introduction to the world. In fact, I still feel that way.  Judging from the buzz when they launched, I think it’s safe to say they were not widely “appreciated”. 

Then there was the transition to “I’m a PC”, followed by the adorable Kylie – both of which received much more critical acclaim. 

So here’s a new one to accompany the launch of Windows 7 today (by way of I Started Something) with a new tag line: “Windows 7 was my idea”.  

What do you think? 

Amazon (UK) announced today that Windows 7 is the best selling pre-order product of all time, beating out Harry Potter.  A couple quotes from the TG Daily Article: 

• "The launch of Windows 7 has superseded everyone's expectations, storming ahead of Harry Potter and the Deathly Hallows as the biggest grossing pre-order product of all-time at Amazon.co.uk, and demand is still going strong," says Brian McBride, Amazon UK MD.
  
• "Over the past three months, only Dan Brown's The Lost Symbol has sold more copies than Windows 7, which is an incredible achievement for a software product."

Wow – second-best selling product in any category last quarter?  That’s pretty amazing for a product that’s not even available yet! You might be wondering if this means Windows 7 is poised for a great launch tomorrow.  Here’s what Engadget had to say about Windows 7 success at Amazon: 

“Take it from us, your London-based sleuths, when anything sells faster than Harry Potter books or DVDs in the UK, it's scorching hot.”

Additionally, tech blogger and entrepreneur Alex Wilhem over at The Next Web had this to say:

“Windows 7 was being rumored to have been overshadowed by the recent Apple event, but the consumers are speaking. Windows 7 is going to be a blowout success for Microsoft, at least in terms of initial sales.”

Only time will tell what will really happen, of course, but it’s nice to see the warm response from consumers and businesses alike to Windows 7. 

You can pre-Order your copy of Windows 7 (and get a discount) here before tomorrow!

BTW, something cool that I think is new, if you order via the Microsoft Store you can choose to have Windows 7 shipped to you on DVD, or just download it to your USB drive (a great option, especially for netbook users). 

Ok, this is very cool. I just tried it, and I’m impressed.  Fast, relevent   results from the real-time twitter stream.  Load up www.bing.com/twitter and it gives you a tag cloud of what’s trending. I clicked on the Windows 7 tag and got a  real-time, continuously refreshing twitter stream back – nothing more than 1 minute old, tweets scrolling across the screen as they come in. 

Equally cool, below that, there’s a list of the top links people have shared on Twitter (A nice view I’ll be using again). 

Here’s an interesting one from that list:  Windows 7 is the all-time most pre-ordered product on Amazon UK, beating out Harry Potter. 

Nicely done!

See the Bing Blog to read more about searching Twitter on Bing, including screenshots, etc. 

Even better, try it yourself now.    

It’s no secret that Moore’s law is breaking down.  It will be great if the geniuses at Intel and AMD figure out how to keep increasing transistor densities, but it looks like circuits will start melting soon if we get much more dense.  My 20 month old Sony Vaio uses 45 nm circuits… there’s only so much smaller we can get without some fundamental changes. 

Thanks to these physical limitations, you’ve probably noticed clock speeds on processors are not growing at the rate they used to.  But, what is growing is the number of cores on a processor.  In a processor with multiple cores, each core acts sort of like a processor of it’s own.  So chips aren’t getting that much faster… but they’re still getting more and more powerful, so we’re all good, right?  Not quite. 

The challenge with multiple cores is that it’s hard to write applications that really take advantage of them.  Doing so requires multiple threads… and managing threads can be tricky, debugging is hard, detecting race conditions is a challenge, etc. 

Fortunately, Microsoft is releasing a software platform that runs on top of Windows to help take the pain out of writing good multi-core apps.  It’s called .NET 4.0, and it’s available today in beta form with Visual Studio 2010 Beta 2, complete with a go-live license.  This means you can start developing supportable multi-core production apps today!

Here are some online resources to learn how to parallelize your apps to use multiple cores.  You can also learn what else is in .NET 4.0.  And, you can download the .NET 4.0 and Visual Studio 2010 Beta 2 here.

Especially cool, if you live around the Michigan, Ohio, Kentucky, or Tennessee, check out the “Steven Taub Parallel Computing Tour” that my colleague Jennifer Marsman is putting together.  Steven will be speaking about parallel computing at 8 events in 4 states over 5 days (October 26-30th)!  Wheh!

Here’s a little bit about Steven. 

Stephen Toub is a Senior Program Manager Lead on the Parallel Computing Platform team at Microsoft, where he spends his days focusing on the next generation of programming models and runtimes for concurrency, parallelism, and asynchrony. Stephen is also a Contributing Editor for MSDN® Magazine, for which he writes the .NET Matters column, and he’s an avid speaker at conferences like  PDC, TechEd, and DevConnections. Prior to working on the Parallel Computing Platform, Stephen designed and built enterprise applications for companies such as GE, McGraw-Hill, BankOne, and JetBlue. He was a developer for Microsoft Outlook as well as for the Microsoft Office Solution Accelerators.

Click here for the full schedule, and to register for one Steven’s Parallel Computing events! 

Most the folks likely to stumble across this blog have heard of Microsoft Surface by now.  It’s the table top computer that came out a couple years back that brings together machine vision and massive multi-touch into a table form factor for collaborative experiences.  (For more background on Surface, see “What Is Surface”.)

And, you may know that Surface computers are available to corporate customers, Microsoft partners, universities, etc.  If you’d like to pick one up for personal use, you can – but for now you can only get them through Lazzara Yachts. 

But perhaps you’ve been thinking, “I’d like a Microsoft Surface on my next yacht, but will wait until I can play D&D on it.”  If so, this post is for you!  :)  Thanks to an impressive proof-of-concept put together by some students at Carnegie Mellon University (CMU), your wait may (almost) be over. 

Without further ado, Dungeons & Dragons on Microsoft Surface proof-of-concept, courtesy of students at Carnegie Mellon University. 

Surfacescapes Demo Walkthrough from Visual Story TAs on Vimeo.

Nice job!

If you’re planning to re-pave your machine and add Windows 7 sometime in the next few weeks, don’t forget to download Microsoft Security Essentials (aka, MSE).  The free anti-virus software package has gotten good reviews, and also got off to a very strong start with over 1.5 million downloads during it’s first week of general availability.  

Why use MSE?  From the web site, the marketing guys claim it’s: 

“…simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure — when you’re green, you’re good. It’s that simple.”

To me, the key thing here is that since it’s free, it can use an automatic update service to always keep itself up to date… no nagging emails asking you to pony up for another year’s subscription (or having to remember to do it).

CNET editors tested the RTM version and gave it a 9.0 score (on scale of 1-10).  Given that Security packages are notorious for slowing down your computer, it’s interesting that they also had this to say:

“Microsoft Security Essentials actually sped up the boot time of our test computer by more than two seconds, and it sped up the shut-down time by more than two and a half seconds.”

Wow – that’s unexpected.  Now, not *every* operation got faster in CNET’s test with MSE, and the test PC secured with MSE was not *always* faster than those secured with a paid product.  Additionally, doing a full scan with MSE took quite a bit longer than the paid products like Norton. 

The flip side, though, is this from CNET:

Running the Full Scan took up about 86MB of RAM. However, it felt far lighter, and we were able to perform resource-intensive tasks like uploading photos without any noticeable freezes.

So just speculating here, but wonder if the longer scan times but light-weight feel is due to a conscious strategy to trade longer scan times for a better user experience during the scan? 

Well, maybe that’s pushing it, but some very good news this week on hypervisor interoperability and management of  heterogeneous environments… Red Hat Enterprise Linux virtual machines are now certified and supported to run on Windows Server’s Hyper-V hypervisor, and vice-versa.  Details, courtesy of the Windows Virtualization team blog: 

• Red Hat Enterprise Linux 5.2, 5.3, 5.4 have passed cert tests when running on Windows Server 2008 Hyper-V, Microsoft Hyper-V Server 2008, Windows Server 2008 R2 Hyper-V, Microsoft Hyper-V Server 2008 R2. See more at RedHat's certified hardware site.
• Windows Server 2003/ Windows Server 2008 /  Windows Server 2008 R2 are validated to run on Red Hat Enterprise Linux 5.4, using their KVM-based hypervisor. See more at Microsoft Server Virtualization Validation Program site.

Additionally, Red Hat will now provide technical support for JBOSS running on Red Hat Enterprise Linux VM managed by Windows Server’s Hyper-V hypervisor.

Mike Neil is the general manager of the  Windows Server and Server Virtualization team… check out his post for more details on the interoperability work with Red Hat, Microsoft’s contribution to the Linux kernal, and what it means for System Center management of mixed (Windows, Unix, Linux) environments. 

Almost every customer has a mixed environment these days… great to see the industry finding ways to come together to enable customers.

Check out what my teammate, Jon Box, had to say about the new Windows Mobile 6.5 release yesterday.  I was just gearing up to write my own post, but Jon’s is an excellent round-up on the announcements and why they matter.   

See Jon’s Windows Phone (i.e., Windows Mobile 6.5) post here. 

The only thing I’ll add is that I went down to my local AT&T Wireless store this morning and tried out a new HTC Pure (a black one, not a purple one – this pic notwithstanding).  It feels good, and looks good.    The new IE browser is a massive improvement over the old Windows Mobile IE.  I like the Marketplace, although it will take a little time for people to ramp up the volume of apps.  (HINT: there’s a strong first-mover opportunity here, as it will be harder to get attention for your app later on.) 

All in all, I probably would’ve bought it but for one thing: typing was a major challenge for me.  I’ve never had a smart phone without a physical keyboard, and I don’t think I’m ready to start.  I’ll wait to upgrade until the Tilt 2, a new version of the Samsung Jack, and/or other Windows Mobile 6.5 keyboarded phones are available.   My friendly local AT&T rep says they should have all their new phones within the first 2 weeks of November.

Finally, here’s a more thorough review on the Windows Mobile 6.5 HTC Pure. 

Five computer science students in China have created a great little utility called PhotoSketch. Learn more from this Mashable review of PhotoSketch. 

In a nutshell, PhotoSketch lets you sketch a stick figure image, and tag the elements of the image… the utility then automatically finds appropriate pictures from the internet that can be effectively composited together to achieve a photo-based version of your sketched image. At the end of the process, the utility shows you some options and gives you a chance to select the one you like best.  Here’s one example, courtesy of Gizmodo’s review of PhotoSketch. 

Also, check out the video below... definitely worth 5 minutes.

PhotoSketch: Internet Image Montage from tao chen on Vimeo.

If you still crave more on PhotoSketch, here’s the research paper from SIGGRAPH Asia. 

There’s a free Forrester webcast from on Windows 7 coming up tomorrow (register here) that runs 12-1:00 PM Eastern Time.  

Among other things, Benjamin Gray from Forrester will be discussing his view on the Top 5 Windows 7 features, as well as how to evaluate if your organization is ready for Windows 7. 

The Windows Azure team released a Community Technology Preview of the Windows Azure Service Management API the other day.  This API is REST-based, and currently supports the following operations (according to the Windows Azure team blog):