For example I was talking to a young man who I have known for many years and he revealed that he had no interest in voting. He did not think it made a difference. I quoted Mark Twain by saying "The man that does not read has no advantage over the man who cannot read". I said to him that I found that statement to be profound and felt that by the same token the man that does not vote has no rights beyond the man who lives in a society that does not let him vote. In this way not voting does a disservice to all those who have fought and died to guarentee that right for US citizens.

To the assertion by my young friend that voting does not make a difference I have the following warning. Our political system is ever more cynical. This means that those in power cater to those that can give and take their power and that means blocks of "likely voters". If you belong to a demographic that is not seen as likely voters then you can expect your views on your issues to be ignored at best and at worst for the tides of legislation to actively work against your wants and needs. The only cure for this is to vote regularly for equality starts with the vote.

As a war veteran of the US Army, I feel that voting is a sacred duty that all citizens are bound to fulfill and the only greater sin against our democracy than not voting is hindering the ability of a citizen to vote. I hope my words here have motivated some to vote and others to abandon their support of any measures that limit participation in voting in any way.

The details of my session at TechEd in Orlando are posted here

Hope to see you there!

Go to here for details.

Hope to see you there!

At first glance I thought that the paper was doing harm by dismissing user security as simply not worth attempting, but that is not the point. The point is that the advice provided to users is often hysterical and out of touch with the real world. This is something I have believed for a long time. So rather than just say, "yes, that is right, we are screwed", I want to offer up the advice (and mandates) that my own employees and family get when dealing with the security aspects of online security. Here are my Rules of the Road if you will.

1. The password to my network must NEVER be used for anything else. Violating this rule is worth your job.
2. If your password is long enough then you never have to change it, except of course if it is known to be compromised. My password to my domain is over 50 characters and it is a pass phrase so since I have never told it to anyone, never written it down, never used it anywhere else, I feel no need to change it regularly (I do change it over time, but not monthly or even quarterly).
3. You should type in web sites yourself rather than click on links. If your bank sends you an email that something is wrong or they need to talk to you either open a new browser and type in the bank's URL and login that way or call the bank using the number on the back of your credit card or on your last statement. Phishing is the biggest trap out there and always being suspicious of every link in every email is the best defense unless you are a security expert with alot of knowledge of TCP/IP (hint, if you didn't understand any of that you are not that expert).
4. When in doubt close the browser (and if you like for good measure open up task manager and kill all browser processes).
5. Have a password plan. For me there are 5 levels of passwords. Level 1 is for sites I just don't care about, but need a password anyways. I use a low security password but a password none the less. It is over 7 characters and has a number in it. Level 2 is for sites that I would not want a stranger browsing as me, but are not a risk to my reputation or my finances. Level 3 are sites like social network sites where I would face some embarrassment if someone hijacked it, but not financial loss. Level 4 sites are things like banking and I have very few of these and while according to my rules I could reuse passwords on this level I choose not to. Level 5 is of course the password for my business network and it stands alone.
6. If you find the need to write down your passwords then either get a password keeper program like whisper32 (there are many to choose from). These programs are not hacker proof, but the hacker needs to get pretty deep to be able to even start attacking these kinds of programs.
7. As the X-Files taught us, "trust no one! If someone asks for your password for anything stop talking to them no matter how the topic arrives.

Those are the highlights. I don't try to make users security experts, but I seek to help them exercise some best practices. I am thinking of making this into a presentation for user groups and expanding it out with examples and much more detail.

With this regular writing task to spur me on I expect (and hope) to be doing alot more blogging as well...

Ultimately when you decide to build a product for general sale you have three choices:
1. Invent something
2. Copy something
3. Enhance something

Each of these has its strengths and weaknesses. For #1 you have to really have a good idea and you have to bear the burden of educating the world they need something they never had before. In path #2 you have to make sure you can do it so much better that you can overtake the current vendors. And with #3 you build an add on to an existing product as part of its ecosystem, so that means your only customers are the people who bought the thing you are enhancing.

None of these is easy and none is a "sure thing". I find that it is a slow road with luck and hard work playing equal roles in most cases. Misjudging the market is a common mistake, but not doing any market research ahead of time is by far the most common mistake.

Our head developer of our FSM product, Amr (he specifically asked me to mention him when I told him I planned to blog about this), throught that it might be a good idea for us to develop a Facebook Application. My response was to point out that Facebook, iPhone apps and other applications seem like a great way to get rich, but the failure rate is enormous my research says that it costs tens of thousands of dollars to bring one to market successfully as very, very few make any money at all the average lose money if the idea is good enough then you have a better chance, but everyone thinks they have the killer idea. The costs go way up if you advertise it with some having spent as much as a million dollars. There really are no shortcuts to wealth

You should never just build an application. You should first figure out the odds of it actually making money otherwise you spend your life just writing code and never make any headway.

The key is to jump in before the market gets too saturated and to do some pragmatic thought about the potential of your product idea. Rather than look to Facebook or iPhone apps I think Windows Phone 7 applications is a much better landscape since there is still room for new players to make a mark. Just remember that you have to tamp down your wishful instincts...

This morning Richard tweeted "Four things to write this weekend... is it wrong to do them in the order of how much they pay?". This got me thinking about my own task juggling over the years. When I was in college I learned that there are times that you have more to do than can humanly be done. This was in fact a central part of the pressure West Point put on us while we were cadets there. To cope I came to the conclusion that the juggling metaphor is quite apt. The thing to realize is that not all balls (tasks) are created equal. Some are made of rubber and some are made of glass. Rubber balls bounce and you recover even if you let them drop from time to time. Glass balls shatter if you drop them even once. The key is to identify which kind of ball a task represents and there lies the rub.

We see the same decision points when we undertake software development. I try to tell people over and over that security is a task of glass.

For the record, I think Richard has his priorities correct all things being equal...

Don't get me wrong, I am not xenophobic by any means and am even not violently opposed to offshore development or data centers. The problem is that China is the capital of corporate espionage and the worst offender in the world of not respecting the intellectual property of others.

This is a big win for Microsoft Azure and Amazon unless I missed similar announcements from them (which I doubt).

The first mission of a Cloud Computing provider is to provide security of the data and I just don't see that happening if the data is in China.

To look it over go to the Windows Azure Offers page at Microsoft.com and get going. You might not have a project that fits the Azure model currently, but you will. I am working on a new product for DTS that will have an Azure component and while it is still off in the horizon the time to jump in is before you are behind.

Now that I see the resolve in my friends there I know that this is not a rebellion, but a revolution that deserves the support of all of us who have ever had their country ruled without democracy.

I wish I was there and could stand in the streets with you, but know that you are in my prayers and I am proud of each and every one of you. Good luck and may you win the day and your destiny In Sha Allah!