The irony is ironic: On the same day that I learned about a new Microsoft marketing initiative to sell its customers client, server and network security software, the company released yet another slew of patches to plug up flaws in its products, including Windows Vista.

The new marketing initiative is called “Fast, Faster,” and is designed to push Microsoft’s Forefront security products — products, that is, the customers need to protect themselves against flaws in Microsoft’s operating systems and applications. According to Microsoft’s press release,

“The campaign uses humorous metaphors to illustrate how defending against security threats with Forefront is easier than defending against virtually anything else — including far-fetched threats from aliens, ninjas and zombies.

“The goal of this campaign, created by McCann Worldgroup San Francisco, is to emphasize Microsoft’s competitive differentiation in making security products easier to deploy, implement and manage.

“The Easy, Easier campaign will be appearing in IT print and online media in the U.S. and 28 markets worldwide as well as throughout Microsoft’s digital properties. More information on Microsoft Forefront, the Easy, Easier campaign and related customer stories can be found at http://www.easyeasier.com/.”

The Forefront products officially launch on May 2, at an event in Los Angeles.

What would be truly easy, easier for Microsoft’s customers would be to have more secure operating systems and applications.

• Yesterday was also Patch Tuesday, the monthly event that systems administrators dread. Just think about that: Every month, Microsoft’s customers know to expect a whole bunch of bug fixes. (Every Microsoft customer should sign up to receive advance notification of these patches.) The April 10 patches included five new fixes, four of which Microsoft itself said were critical.

• Microsoft did depart from that monthly schedule to ship an emergency update on April 3. Patch MS07-017 works to resolve a vulnerability in animated cursor handling in .ani files. For those who didn’t catch it early, Microsoft rolled this one into the April 10 patch group.

• Also according to eWeek, Microsoft is investigating public reports of new security flaws in Office. “Reports of several new security holes in Microsoft Office have been made public on known exploit sites. The company did not release specific information about the vulnerabilities, citing potential risk to users,” eWeek reporter Brian Prince writes.

That’s not to say that all the flawed software comes out of Microsoft. Even companies like IBM, Rad Hat and Apple issue regular security bulletins and patches, and have security advisory mailing lists. However, there is the hypocrisy that Microsoft charges customers for Forefront, which is software that exists mainly to help customers overcome flaws in Microsoft’s other products. If Microsoft truly wanted to make security easy, easier, it would create less buggy and less flawed products.

Today, Apple announced that it had sold 100 million iPods. That’s a lot of computers… and yes, that’s what the iPod is. It’s a specialized computer, but it’s a computer nonetheless. So, too, are high-end cell phones and devices like BlackBerries and Palm Treos.

Seeing Apple’s news made me realize that I have no idea how many iPods I’ve purchased. My own family has four, all of which I purchased: an initial 20GB “iPod with click wheel” for me, then a second one for my wife. Then an upgrade to a 30GB “iPod photo,” for me, with the 20GB becoming a hand-me-down. Then, a final upgrade to a black 80GB “iPod with video” for me.

Amazingly, I still haven’t watched a video on it. I got it because my music library wouldn’t fit onto the 30GB model.

But that leaves out the dozens, dozens, dozens of iPods that I’ve purchased as premiums for sales promotions, survey respondents, door prizes, and so-on. Last December, we gave away nearly two dozen iPod shuffles for one particular give-away to business partners. At $79, a shuffle’s the perfect prize.

By far, offering an iPod as a premium or incentive is the most popular thing that I’ve done (even outpulling an equivalent-value Amazon gift certificate in one test that I did). Seemingly, everyone wants one, either for himself/herself, or to give away to a family member.

The number of different iPod models, past and present, is astonishing. See Apple’s site for pictures of ’em all. (Did you know that there was even an iPod Special Edition Harry Potter, with the Hogwarts Crest engraved on the back?)

On the heels of International Data Group’s decision to discontinue the print edition of InfoWorld, Crain’s BtoB reports that the publishing company will be reducing the paper size of its two tabloid-sized newsweeklies to standard magazine trim.

According to Crain’s BtoB (which covers the business-to-business media industry),

“Given the financial pressure we’re under in mailing these things out, we thought it was time to save the money and take advantage of the new format,” said Matt Sweeney, CEO of Computerworld, in a statement.

Being on the outside, it’s hard to say if these three big decisions are related. But given that InfoWorld, NetworkWorld and Computerworld are managed independently at IDG, my guess is that this cost-cutting is a broad or top-down directive. Otherwise, this would be a heck of a coincidence.

As far as I know, this leaves IDG without any tabloid-sized publications (that is, around 10×13 inches) in the U.S. market. Standard magazines are trimmed to around 8×10 inches. No word yet how this affects the international editions of Computerworld and NetworkWorld.

While IDG moves away from the tabloid format, please be assured that BZ Media still believes in that trim size.

The 10×13 format that we use for SD Times is popular with readers and advertisers, and also provides our art/production staff with lots of room for creativity. We have no plans to downsize SD Times.

It’s amazing how clever those spammers are.

On Oct. 30, 2006, I set up a new mailbox on one of the domains that I manage. It’s a hosted domain held by a major ISP. I just set up the mailbox, but didn’t do anything with it. It’s never sent a message, not even a test message. The address has never been given out. The address was an obscure one; it wasn’t something like info@ or service@.

Today, for the first time, I logged in to the Web-based interface, and found 58 pieces of spam in the inbox.

How do they do it? Brute force? Have spammers hacked into the ISP’s back-end systems? Is there someone on the inside? Absolutely incredible.

We should all celebrate: Today, the U.S. Federal Communications Commission has terminated its proceedings regardng the use of cellular phones onboard aircraft during flight.

That’s not to say that they won’t bring the issue up in the future, or that the FCC agreed that cell phone usage within the inescapable confines of a commercial aircraft is simply too obnoxious a practice to be allowed. (See my earlier post, “Please, no cell phones on airplanes.”) Instead, the FCC said that it didn’t know enough about the technical ramifications to make an informed decision.

To quote from order FCC 07-47 (I’ve added bolding for emphasis):

“On December 15, 2004, the Commission adopted a Notice of Proposed Rulemaking (Notice) in the above-captioned docket proposing to replace or relax its ban under Section 22.925 of its rules on the use of 800 MHz cellular handsets on airborne aircraft. The Notice explored several different options for allowing airborne use of wireless devices, including a proposal to allow the airborne use of cell phones. The Commission also noted that the Federal Aviation Administration (FAA) prohibits the use of portable electronic devices (PEDs) on airborne aircraft. Given the lack of technical information in the record upon which we may base a decision, we have determined at this time that this proceeding should be terminated.

“In the Notice, the Commission specifically requested technical comment, emphasizing that the ban on the airborne use of cell phones would not be removed without sufficient information regarding possible technical solutions. The Notice also noted that RTCA, Inc. (RTCA), a Federal Advisory Committee, at the request of the FAA, is currently studying the effect of PEDs on aircraft navigation and safety. Phase I of the study – a short-term technology assessment – was completed in late 2004, and focused on existing PED technologies. Phase 2 – an ongoing, long-term technology assessment – is focused on emerging PED technologies, e.g., ultra-wideband devices or pico cells for telephone use onboard aircraft. RTCA published findings in December 2006, and is expected to issue recommendations regarding airplane design and certification requirements later this year.

“It is apparent that it is premature to decide the issues raised in the Notice. The comments filed in this proceeding provide insufficient technical information that would allow the Commission to assess whether the airborne use of cellular phones may occur without causing harmful interference to terrestrial networks. Similarly, although the report issued by RTCA recommends, inter alia, a process by which aircraft operators and/or manufacturers may assess the risk of interference due to a specific PED technology within an aircraft, it does not provide data that would allow us to evaluate the potential for interference between PED operations onboard airplanes and terrestrial-based wireless systems. Further, because it appears that airlines, manufacturers, and wireless providers are still researching the use of cell phones and other PEDs onboard aircraft, we do not believe that seeking further comment at this juncture will provide us with the necessary technical information in the near term. Accordingly, we conclude that this proceeding should be terminated. We may, however, reconsider this issue in the future if appropriate technical data is available for our review.

“Accordingly, IT IS ORDERED that, pursuant to sections 1, 4(i), 11, 303(r) and (y), 308, 309, and 332 of the Communications Act of 1934, as amended, 47 U.S.C. §§ 151, 154(i), 161, 303(r), (y), 308, 309, and 332, that this proceeding is TERMINATED, effective upon issuance of this Order.“

To which, we can all say, “hallelujah!” and hope that this never ever comes up again.

One of our industry’s most laconic yet unpredictable writers, retired test engineer I.B. Phoolen, has written three new stories for BZ Media’s SD Times and Software Test & Performance. He covers such diverse subjects as network firewalls, the Indianapolis 500 and Homeland Security.

You can find links to all these stories on I.B.’s blog. You’ll find all of his previously published stories there too.

Bertrand Meyer, the designer of the Eiffel programming language (and founder of Eiffel Software, which sells development tools) has just been recognized by the ACM with its 2006 Software System Award.

The citation reads,

“For designing and developing the Eiffel programming language, method and environment, embodying the Design by Contract approach to software development and other features that facilitate the construction of reliable, extendible and efficient software.”

While I wouldn’t call Eiffel an overwhelming commercial success, the object-oriented language’s influence on software development has been profound. Similarly, Meyer has been at the center of interesting debates, especially around Design by Contract. Last year, the Eiffel language became ISO/IEC Standard 25436:2006.

In addition to his work at Eiffel Software, Meyer is a professor of software engineering at the ETH in Zurich.

I haven’t spoken to Meyer for several years, but have always enjoyed our conversations — perhaps this award will help us find the opportunity to chat again soon.

My Hawaii-based colleague Larry O’Brien is a believer in storyboarding.

On his blog, Larry posted a short review of a Visio-based tool called stpBA Storyboarding, “… which every architect and team lead owes themselves to evaluate. I would say it’s revolutionary, but it’s better than that — it simply makes the way you probably already work vastly more efficient.”

Given that Larry (pictured) is already vastly efficient by any standard, that’s a pretty tall claim. Plus, I’m somewhat skeptical because tools like Visio are impediments to my own creativity. That may be a matter of personal style: I’m much more comfortable writing text than drawing with circles and arrows. Which is why, incidentally, I never became a UML fanatic, and why I’m arguably the worst user-interface designer on the planet. I’m just not a visual person. (If you don’t believe me, ask one of BZ Media’s art directors.)

Even so, one endorsement by Larry is worth a hundred endorsements by lesser beings. If he says that stpBA Storyboarding is worth checking out, then it’s worth checking out.

In this week’s InfoWorld, Andrew Binstock (a columnist for SD Times, as well as a technology analyst) wrote a powerful head-to-head review of Java integrated development environments.

Andrew looked at Borland/CodeGear’s JBuilder 2007 Enterprise Edition, IBM Rational Application Developer for WebSphere Software 7.0 (what a terrible name) and Sun’s NetBeans 5.5.

I heartily recommend this article for two reasons. First, if you’re shopping for a Java IDE, this is a definitive resource. Second, if you’re curious how real experts evaluate development tools, there’s no finer reviewer than Andrew Binstock.

Andrew and I chatted several times during during the evaluation process, and I was continually impressed not only with the depth of his knowledge, but his genuine commitment to doing a thorough job on this product evaluation.

My Take this week in SD Times News on Thursday discussed a fascinating presentation from Jonathan Rosenberg (pictured), senior VP for product management at Google. In the column, I made passing reference to Metcalfe’s Law and Moore’s Law.

Since I didn’t describe these two laws, and referred to them in adjacent paragraphs, some readers thought that one reference was a typo. It wasn’t. However, let’s use the opportunity to briefly describe these two laws.

Metcalfe’s Law, as proposed by Ethernet inventor Bob Metcalfe, says that the value of a telecommunications network is proportional to the square of the users of the system – that is, the number of potential connections between the users.

Think about fax machines, or e-mail: The more people who use it, the more useful the system is. The same concept also applies to information sources: The more books you have in a library, or the more Web pages are indexed by a search engine, the more popular it is, the more likely people will want to use it (because they’ll more likely to find what they want), and the more people will want to add more stuff to it (because it has more users).

Note that some experts agree with the principle of Metcalfe’s Law, but argue that the correct ratio is n log n, not n squared. While that intuitively seems more accurate for very large networks, I don’t have a strong opinion one way or the other.

Moore’s Law, based on observations by Intel co-founder Gordon Moore, is widely quoted saying that, for a fixed cost, the number of transistors on an integrated circuit doubles every 12 or 18 months. However, Moore himself later that he meant that the number doubles every 24 months.

For my purposes here (and in my Take), the important concept is that technology growth is exponential in many areas of computing technology, including raw CPU power, memory, storage, I/O bandwidth and network bandwidth. Or, to look at it another way, the cost of CPU power, memory, storage, I/O bandwidth and network bandwidth is decreasing at an exponential rate.

When you combine these laws, Google’s business model depends on two predictions being true for many years:

* In a Metcalfe’s Law sort of way, the amount of information that Google stores and delivers will continue to grow – and the more information Google has, the more users it will attract. The more users it has, the more advertisers it will attract. The more money advertisers can make, the more likely they’ll be to put more content there. That will attract more users, and so-on.

* In a Moore’s Law sort of way, the march of technology will make Google’s server farms faster and able to perform more complex processing, and store more content and it will make end users’ computers more powerful and it will increase the width of pipes that deliver content from Google’s service farms to end users.

That, in turn, will enable the processing, storage and delivery of yet more content, making the cycle ever more virtuous.

Borland has come up with a thought-provoking list of “Top Ten Blunders” that can lead development teams to introduce unexpected defects into their applications. It’s a real-world list, albeit weighted a little too heavily to builds. While it’s obviously essential to build early and often, and to make sure that your builds are good, it’s only one of many steps in the application development life cycle. But then again, this “Top Ten” list was created by Borland’s Gauntlet build-automation product team, so I can see why it’s tilted that way.

Take a look at their list, and tell me what you think: What are the biggest app-dev development blunders that you’ve seen?

Back when I was studying compiler design in the late 1970s and early 1980s, the name John Backus was often foremost in my mind. He was one-half of the team that developed the Backus-Naur Form, the notation that we used to define language syntax.

Backus, who passed away last Saturday, was one of the designers of the FORTRAN programming language. The 82-year-old computer scientist, who spent most of his professional life at IBM, won many awards, including the ACM’s A.M. Turing Award in 1977 and the Charles Stork Draper Prize in 1993.

You can read a detailed obituary at the New York Times. The IBM archives (from which I appropriated the photo) talks about the development of FORTRAN under Backus’ guidance in the late 1950s:

Most people, Backus says today, “think FORTRAN’s main contribution was to enable the programmer to write programs in algebraic formulas instead of machine language. But it isn’t. What FORTRAN did primarily was to mechanize the organization of loops.”

It’s a great story about a true computer science pioneer.

Trees are important assets – not just for forests, but also for cities. In the small San Francisco suburb where I live, the city government is adamant that if you have to cut down a tree, you have to justify it with a good reason (like, the tree is sick and dying), and you have to replace it with another one.

The City of San Francisco, a few minutes to the north, takes its arboreal assets seriously, and this month embarked on an ambitious urban forest mapping project to inventory and map all the trees within the city limits. Two organizations, the city’s Bureau of Urban Forestry and the non-profit Friends of the Urban Forest, are helping the city with this – and they’re using interesting software tools, based on open-source software.

The software that San Francisco is using is called STRATUM, or Street Tree Resource Analysis Tool for Urban Forest Managers – that’s a mouthful. STRATUM was build by the U.S.D.A. Forest Service Center at U.C. Davis. It’s based on MapGuide Open Source, an LGPL-licensed “corporate” open source program started by Autodesk. The company spun the open source project out of a commercial version of the product. The project is run by the Open Source Geospatial Foundation, which Autodesk set up and exercises a great deal of influence over (if not outright control).

San Francisco isn’t the only city to inventory its trees using STRATUM; others include Chicago, Fort Collins, Colo. and Modesto, Calif. However, it’s the first one I heard about, and because it’s local it’s more interesting to write about. San Francisco’s trees, not only in Golden Gate Park and the Presidio, but also in greenways and neighborhoods all around the City, are as much as part of its charm as the Golden Gate Bridge, Fisherman’s Wharf, cable cars and famously crazy crooked streets.

The urban forest map is available to everyone, not just to the San Francisco City government. Anyone can search for trees by species, address, neighborhood, planting date of the tree, and other factors. The Web-based map itself is very visual and interactive, and you can select different overlays that show soil conditions, the location of water sources and parks, who put the tree there (such as different non-profits or the city itself). You can also overlay satellite images or elevation lines. You’re even supposed to be able to use the STRATUM application to communicate back to the City, such as if you find that there’s a problem with a tree, though I couldn’t get that to work.

In my exploring the application, it seems a bit buggy, and occasionally goes unresponsive. Attempts to pan the map by click-and-drag, or learn information about an object by hovering the mouse pointer, did not work properly. The overlays also didn’t work consistently. With luck, the bugs will get worked out soon.

Despite those “version 1.0” flaws, it’s a pleasant change to encounter open-source successes that are applications, not infrastructure or software developer tools. Normally, we see the likes of Linux, Eclipse, NetBeans, Apache Tomcat, Hibernate and so-on. It’s good to see examples of how ordinary people can use open source software.

Earlier this week, I blogged about Microsoft’s big patch, the newly released Windows Server 2003 Service Pack 2 — which is not only for all versions of Windows Server 2003, but also for the 64-bit version of Windows XP Professional.

In my column in this week’s SD Times News on Thursday, “Patching Isn’t Just for Sysadmins,” the topic shifts to the role of enterprise software developers in the process of evaluating and deploying patches and service packs to operating systems and infrastructure applications.

I’d like to hear what you think. How does this work at your company?

Microsoft and Apple both released service packs yesterday. The Microsoft one is more significant, and applies to nearly all data-center Windows Server users.

Windows Server 2003 Service Pack 2 is for all editions of Windows Server 2003, including Storage Server. It also applies to Windows XP Professional x64 Edition.

There’s a huge list of changes in SP2, many of which have been issued as hotfixes. I counted 61 security patches in SP2, but it’s unclear how many of those are new, and how many were already out as hotfixes.

The contents of SP2 itself range all over the map, and include dozens of changes to the .NET Framework, administration tools, applications compatibility fixes, cluster fixes, COM+, data access components, development tools and processes, drivers, distributed system services (like DNS and LDAP), Exchange services, file system fixes, graphics handling, Internet Information Services, Intellimirror, Internet Explorer, the kernel and hardware abstraction layer, message queuing and middleware, the network stack, Plug ‘n Play, printing, security infrastructure, the command shell, storage, terminal services, the installer engine, Windows Media services, and management instrumentation.

It doesn’t appear that SP2 introduces many new features, as the focus is on bug fixes and resolving compatibility issues. However, there are new functions for data access, distributed systems, file systems, message queuing, and networking. For example, there’s support for WPA2-based WiFi security, and a new XML parser called XmlLite.

As always, it is recommended that you test SP2 before installing it on production servers, or otherwise rolling out, to ensure that there aren’t unwanted side effects of all these patches and fixes. Be sure to read the release notes for caveats; there are quite a few.

By contrast, Apple’s update is pretty minor, though it also addresses a lot of security fixes. The company released Mac OS X 10.4.9 yesterday. It offers changes to the company’s .Mac online service, fixes for Bluetooth wake-up issue, bug fixes for iChat, iCal and iSync, networking and modem fixes, and some fixes for print issues. There’s also a smattering of fixes for third-party applications and a few driver upgrades and fixes. Minor stuff. Rumor is that Mac OS X 10.5 should be out in April, so the 10.4 lineage is clearly in maintenance mode.