Monthly Archives: October 2001

StratVantage Consulting, LLC — Mike’s Take on the News 10/23/01

From Evernote:

StratVantage Consulting, LLC — Mike’s Take on the News 10/23/01

Clipped from:

The News – 10/23/01

Security Problems Plague All Operating Systems

Alert SNS Reader Larry Kuhn (speaking for himself and not his employer) points out that Microsoft is not the only operating system maker plagued by security problems. This is certainly true, and is a point I have made repeatedly in the past. However, it can’t be stressed enough that just because you follow my advice and don’t expose Microsoft OSes to the Internet, you can’t be complacent. As I always say, if you’re not terrified about security, you’re not paying attention.

Larry sent along a link to an article written by TechRepublic and published by ZDNet Australia that compares the raw number of bugs for various operating systems tracked through the Security Focus Bugtraq system. Bugtraq is a commonly used repository for reports and questions about security bugs. The TechRepublic article appears to have counted the bug reports for major OSes so far in 2001 and placed the results in this table:

The article makes the point that Microsoft Windows 2000 at number 7 is far from the most-buggy OS, and this appears to be true from this analysis. What’s especially comforting for Microsofties is that last year, Windows NT 4.0 was the bug champ, with Windows 2000 taking fifth place. Two factors have probably influenced this better showing: Lots of companies have replaced Windows NT with Windows 2000, and both platforms have benefited from fixing previously reported bugs. Windows 2000, for example, is already on Service Pack 2. (A Service Pack is a compilation of bug fixes that users download and install over an existing installation. SP-2 is 101MB in size; hardly a quick download.)

Now I’m a little skeptical of the numbers, and wonder, as did a responder to the article in TechRepublic’s talkback forum, if a raw bug count is really all that relevant. Of more importance is the amount of time for the vulnerability to get fixed, the severity of the vulnerability (is it in the wild, or theoretical?), and the source of the bug report (was it found through a code review or because it has been actively used to circumvent security?). The poster asserts that closed source vulnerabilities (like Microsoft’s) are almost always found because someone has compromised the service, since there is no independent review of the code as there is in Open Source Software.

Nonetheless, the results underscore Larry’s point: “People shouldn’t feel safer only because they’re using a non-MS OS. I think that’s the only meaningful conclusion that can be drawn from this article. IMHO, there are non-technical folks at the CxO level who read stuff like the Gartner recommendation to ditch IIS and mistakenly come to believe that the same type of risks aren’t possible in the alternative environments.” I couldn’t agree more. Just because you locked the front door doesn’t mean burglars can’t get in the windows (no pun intended! ö¿ð ).

Incidentally, front page news at Security Focus is a report that a hacker named Beale Screamer has cracked Microsoft’s Digital Rights Management (DRM) copyright protection scheme which is planned for use in securing audio files. Another front page article reports that hackers can get users’ passwords from Cayman Systems’ popular 3220-H DSL router. Both these items underscore the need to not be complaisant or to feel that securing your computer OS is all you need to worry about.

Larry continues, once again making a lot of sense: “Security (or the lack of it) is a multifacted problem – People, Processes and Technology. Any Technologically secure system can be compromised by an untrained person (someone who sets the "sa" password to blank), or by well-trained people who don’t follow processes (like stickies on the monitor with passwords written on them, or by not applying security patches as they become available) that ensure the security of the system.

Larry points to an online tool you can use to assess the security of your system, the Microsoft Personal Security Advisor , written by folks right here in the Twin Cities, Shavlik Technologies , who make an enterprise version of the tool. The PSA will check the strength of your passwords and see if you’ve applied all the relevant security patches on your system. I think everyone in your enterprise should run it and act on its recommendations.

The bottom line is, as much as I malign Microsoft, they’re by no means the only folks with security problems. Being the world’s most popular operating system means there are a lot more crackers out there trying to break their stuff, and that means their problems are ballyhooed in the press. But, hey, who said being a monopoly had to be fun? There are advantages to adopting Open Source Software for your Internet-exposed Web systems. Such systems are supported by fanatical, and I mean really fanatical, software zealots who consider it a point of pride to find and eradicate all bugs as quickly as possible. Even if Microsoft, or, heck, even Sun, for that matter, gets really serious about security, they will be hard pressed to match the dedication of OSS supporters. If you must use Microsoft software on the Internet, then you must accept as part of the Total Cost of Ownership (TCO) the responsibility to constantly update the software with the latest patches and to be eternally vigilant. In larger enterprises, this obligation can translate into dedicating one or more employees to the task.

If you’re not terrified about security, you’re not paying attention.

ZDNet Australia

Briefly Noted

  • Shameless Self-Promotion Dept.: I’ve added a security news ticker to the StratVantage Security Web page. It scrolls up to date information about viruses, worms, hoaxes and other items of interest regarding computer security. Check it out.
    StratVantage Security Resources
  • Are You Ready for CRM? I’ve had a problem with the area known as Customer Relationship Management (CRM) for some time. It’s a catch-all category for everything from contact management and sales force automation to call center management, database marketing, and data mining. Talk to one person about CRM, and they think you’re talking about contact management software like ACT! or GoldMine. Talk to another and they think about email marketing. A third person thinks about call center management. It’s too confusing to lump all these customer touch areas under one acronym. Often businesses need help in sorting it all out. Taylor Harkins Group publishes a newsletter that helps companies make sense of the various issues in CRM, and in their latest issue they list questions you should ask yourself to assess organizational readiness before considering a CRM system:
  • Do you know why your customers buy from you? Can you find prospective customers just like your current customers?
  • Can you match your key products and services against products and services of your competitors? What are the strengths and weaknesses? Are you selling against them?
  • Who are future purchasers of your products and services? What do they look like?
  • Do you know why your customers are not buying from your competitors?
  • Will changes in the economy have and influence your customer’s ability to purchase your products and services? How?
  • Will changing demographics have an impact on your business? How?
  • If your product or service is regulated will pending changes in legislation affect your profitability? How?

Taylor Harkins Group

  • Wireless Videoconferencing: Tandberg of Norway has announced one of the first videoconferencing products capable of running on an 802.11b Wireless LAN (WLAN). The Tandberg 1000 consists of an LCD screen with multiple network interfaces including IP, ISDN, and WLAN. In wireless mode, you only need to plug the power cord in the wall, and off you go. Of course, you’ll have to have a compatible wireless LAN running in your home or office first. The company envisions folks just grabbing it and toting it from office to office as the need for videoconferencing hits. The unit requires a PC/PCMCIA card that fits into the slot at the top and interfaces with your WLAN. Pricing starts at $5,490.

    And completely off the subject, who else thinks that looks like Ross Perot in the picture to the left?

  • Life in Prison for Hacking? A new bill being considered in Congress calls for life in prison without a possibility of parole for people who engage in computer trespass, also known as hackers. The Anti-Terrorism Act , AKA the ‘‘Uniting and Strengthening America Act’’ or the ‘‘USA Act of 2001’’ has lots of folks up in arms about this provision. The Electronic Frontier Foundation has publicly condemned the bill for treating low-level computer intrusion against the government, already a crime under existing laws, as an act of terrorism. Let’s keep it together, people!
    East Carolinian
  • Record Industry Profiteering: As if upping the penalties for hacking wasn’t enough, our friends at Recording Industry Association of America (RIAA) tried to glue a self-serving hacking-authorization amendment onto the Mom & Apple Pie, er, Uniting and Strengthening America Act. The amendment , authored by RIAA lobbyists, would have exempted any actions the RIAA would take to preserve their copyright from the anti-hacking provision. This means the RIAA would have carte blanche to attack anyone who tried to circumvent their copyright or Digital Rights Management (DRM) schemes. That’s pretty extreme, and we can be thankful the amendment was dropped.
  • Cracking Attacks on Pace to Double: According to Carnegie Mellon University’s Computer Emergency Response Team/Coordination Center (CERT/CC), attacks on Internet computers should easily double the last year’s reported number. Already, the number of security incidents reported has reached 34,754, a 60% increase over the 21,756 incidents logged last year. We’re on a pace to see more than 46,000 reported security attacks, more than twice last year’s number.
  • The Sky Is Falling: The FBI appeared to put their foot in it when they named the file containing the press release warning that Americans should expect additional terrorist attacks. The two-sentence press release on said there “may be additional terrorist attacks within the United States and against U.S. interests overseas over the next several days.” That’s bad enough, and contributed to the mixed message we’re all hearing these days: Be aware and worried; act normal or the terrorists will win. Even more worrisome, however, was the name the FBI chose to give the file that contained the Web version press release: Skyfall? As in Chicken Little? Or as in the novel Skyfall from the ‘70s? Or as in the name of a Transformer, Skyfall the Action Master (pictured)? The FBI could answer none of these questions, and eventually retitled the file. Things that make you go “Hmmmmmm.”

  • A Sound Link: US Robotics has released a cool gadget that sets up a wireless connection of up to 1,000 feet between your computer and stereo. So if you’re tired of listening to your MP3s (lawfully ripped from your own, fully licenced CDs, of course) on your dinky computer speakers, this $100 toy’s for you.
    US Robotics

Return to Mike’s Take

StratVantage Consulting, LLC — Mike’s Take on the News 10/11/01

StratVantage Consulting, LLC — Mike’s Take on the News 10/11/01

From Evernote:

StratVantage Consulting, LLC — Mike’s Take on the News 10/11/01

Clipped from:

The News – 10/11/01

In this Issue:

Someone to Watch Over Us

In the wake of the terrorist attacks, many people have wondered if one of the new battlefronts will be cyberspace. In fact, in a previous SNS, I reported the cracking of a German Islamic extremist Web site and the posting of subscribers’ names on a Swiss server. How well are we prepared for infowar? And who will fight it?

One of the forces that will fight to protect US networks is InfraGard , a cooperative undertaking between the FBI and an association of businesses, academic institutions, state and local law enforcement agencies, and other participants. InfraGard’s mission is to ensure the security of critical US infrastructures such as energy, banking and finance, water systems, government operations, emergency services, telecommunications and the Internet. To do so, they work with the National Infrastructure Protection Center (NIPC), a governmental organization that is dedicated, in part, to “detect, deter, assess, warn, respond, and investigate unlawful acts involving computer and information technologies and unlawful acts, both physical and cyber, that threaten or target our critical infrastructures.

The NIPC and the InfraGard are responding to the requirements of Presidential Decision Directive (PDD) –63, which President Clinton created on May 22, 1998. The directive orders the strengthening of the nation’s defenses against emerging unconventional threats to the United States to include those involving terrorist acts, weapons of mass destruction, assaults on our critical infrastructures, and cyber-based attacks. PDD-63 calls for a national-level effort to assure the security of the increasingly vulnerable and interconnected infrastructures of the United States.

While the FBI has called for managers of physical infrastructure to go to a high alert status, it may be even more important for networking and computer professionals to be on alert. This is because many physical infrastructure resources are controlled by computers, and the security of these computers has been compromised in the past. For example, several times this past spring, crackers attempted to gain access to the servers at California’s Independent System Operators (Cal-ISO), the agency that manages the state’s electrical supply and decides when rolling blackouts will occur. The crackers apparently got close to disrupting the flow of power in California during the rolling blackouts that occurred in May.

Many pieces of critical infrastructure today are controlled by Supervisory Control And Data Acquisition (SCADA) systems, which are basically networked computer systems. Like any networked computer system, SCADA systems can be vulnerable to attacks. Some of these systems, like GE SmallWorld’s PowerOn ™ electrical distribution system or Encorps Virtual Power Plant power dispatching system, are based on Microsoft Windows products, and many have Internet-enabled features (using Microsoft’s Internet Information Server (IIS)) for convenience.

Regular readers may remember I am not a fan of Microsoft products being exposed to the Internet. Well, I’m obviously not alone. Industry analyst GartnerGroup agrees:

IIS security vulnerabilities are not even newsworthy anymore as they are discovered almost weekly . . . As Gartner warned in 1999, pulling complex application software into operating system software represents a substantial security risk . . . Microsoft has discussed its Secure Windows Initiative, which details a well-thought-out program for improving Microsoft’s development processes to avoid repeating the same security mistakes that led to vulnerabilities in Windows NT and Windows 2000. However, the same old buffer overflow problems appearing in beta Windows XP code raises doubts over whether the security assurance tools Microsoft has implemented will effectively reduce the number of well-known security bugs that continue to show up in Microsoft products. For Microsoft’s vision of .NET and Web services to succeed, Windows XP will have to be significantly more secure than Windows 2000 has proven to be; otherwise, Microsoft risks losing some enterprise business to more-secure implementations of Web services.

To reduce their vulnerability, Windows-based SCADA systems may be hardened and protected by third party software, such as that available from Visual Automation . But the fact remains that many critical infrastructure systems are run by software from a vendor that has, to date, had serious problems with security vulnerabilities. And that makes me, for one, more than a little worried. It’s one thing for Web sites to be hacked. Even if the companies attacked lose millions, it’s only money. It’s yet another thing for critical infrastructure systems to be attacked, by joyriding script kiddies or by terrorists; the result could be disastrous. Here’s hoping the newly created Homeland Security Agency will act to bolster groups like InfraGard and will issue strong new guidelines for the use and protection of the software that controls vital services.

In the spirit of acting locally, here are some steps, courtesy of InfraGard, that you can take to improve your personal and company security:

  • Use strong passwords. Choose passwords that are difficult or impossible to guess. Give different passwords to all accounts.
  • Make regular backups of critical data. Backups must be made at least once each day. Larger organizations should perform a full backup weekly and incremental backups every day. At least once a month the backup media should be verified.
  • Use virus protection software. That means three things: having it on your computer in the first place, checking daily for new virus signature updates, and then actually scanning all the files on your computer periodically.
  • Use a firewall as a gatekeeper between your computer and the Internet. Firewalls are usually software products. They are essential for those who keep their computers online through the popular DSL and cable modem connections but they are also valuable for those who still dial in. [Editor’s note: I prefer ZoneAlarm , which is free for personal
  • Do not keep computers online when not in use. Either shut them off or physically disconnect them from Internet connection.
  • Do not open email attachments from strangers, regardless of how enticing the Subject Line or attachment may be. Be suspicious of any unexpected email attachment from someone you do know because it may have been sent without that person’s knowledge from an infected machine.
  • Regularly download security patches from your software vendors.

You can also learn more about computer security at the StratVantage Security page. If these measures fail, and your company is a victim of a cyber break-in, it’s important to preserve the evidence so the perpetrators can be located. ZDNet recommends you take the following steps:

  • Record every action you take. Include the date and time.
  • Preserve evidence, no matter how small.
  • Think prosecution–every action you take should help build a possible court case against the perpetrators.
  • Notify key personnel immediately.
  • Limit the scope of the attack as quickly as possible.
  • Preserve all audits (disable any system log purges or overwrites).
  • Implement additional security, if necessary or available.
  • Review the incident response plan in light of the recent event and revise accordingly. Remember that any response plan is just a “work in progress.

You may be wondering whether you’ll be able to prosecute even if you catch the criminals. The National Security Institute maintains a list of computer crime laws by state.

And hey, hey, hey! Let’s be careful out there!

InfraGard at

Briefly Noted

  • Shameless Self-Promotion Dept.: I’ve added a new directory to the Directories section of the StratVantage Web site: Email Newsletters. After conducting a fruitless search for a central place listing interesting email newsletters, I decided to establish one myself. I’ve seeded it with newsletters I receive and find useful. If you’ve got a favorite, send it along and I’ll add it.
    StratVantage Directories
  • Advertising Has Changed: Stan Hustad, a performance coach with PTM Group, quoted a discussion with advertising executives John Partilla and Mike Campbell in his recent newsletter. The pair discussed how advertising will change in the post Tragedy world: “Cynicism will go by the wayside. It’s just not cool anymore. Relevance will be really important in terms of how you try [to] tie in what’s happened. I see every piece of work that goes out of the agency, [to see] if it has humor in it, if there is humanity in it, a humility that feels appropriate. You don’t need big focus groups [to
    determine what people want]. You can see it in the faces of people on the street. People are really tender right now. They don’t want to be presented with advertising that is too in-your-face.” Words to remember if you’re planning an advertising campaign. Stan’s newsletter, The Coaching Connection, offers tips on self-improvement and performance optimization as well as business and marketing tips. I heartily recommend it.
    PTM Group
  • Toshiba Rolls Out Handheld: Last week, Toshiba became the latest vendor to embrace Microsoft’s Personal Digital Assistant (PDA) Pocket PC platform. Microsoft also announced its latest revision of the system, dubbed Pocket PC 2002, available now. This is the first year-named product that Microsoft has released ahead of the year, as far as I can remember. Toshiba, on the other hand, doesn’t even mention their new product on their US Web site. Now that’s a great way to roll out a brand new product! While many industry analysts predict Microsoft will continue to take share from Palm, the price and still-poor usability will slow their momentum. The Palm platform got a boost recently when Samsung rolled out a new color PDA/cell phone for use on Sprint’s cellular network. The unit uses the Palm operating system, comes with 8MB of memory and supports Wireless Application Protocol (WAP), HTML and i-mode’s cHTML.
  • First US GPRS Network Expands: AT&T, which established the first General Packet Radio System (GPRS) cellular network in Seattle a few months ago, is expanding the network to three more cities: Las Vegas, Phoenix and Portland. Unlike the Seattle area, coverage in these new cities seems to be fairly extensive. GPRS offers voice and data, with data speeds as high as 144 Kbps. Typical performance, however, is likely to be 56Kbps, the speed of today’s wireline modems. The company said it’ll roll out Detroit in the next few weeks, serve about 40 percent of current customers with GPRS by the end of the year, and serve all its markets by the end of 2002.
  • Are U Ready 4 a New Buzzword? Let’s see. We’ve had eBusiness and e-Tail (stupid buzzword alert), eCommerce and m-Commerce (mobile commerce). Next, we’ll start hearing about u-Commerce, or ubiquitous, universal commerce. In the future, according to Accenture’s think tank, Accenture Institute for Strategic Change, you can wirelessly buy anything from anyone anywhere in the world. (Lest we get too starry-eyed, we need to realize there are places in the world where livestock is the only going currency.) The company predicts 630 percent growth worldwide for net-connected wireless devices over the next four years. Despite its breathlessness, I more or less agree with this forecast. As I’ve predicted in the TrendSpot , I fully expect ubiquitous computing, where computing becomes not a place you go, but a service you get from your environment, to arrive by the end of the decade. Local area networking schemes like 802.11b (or successors) and Bluetooth are starting to make this happen today. Will this new acronym stick? Well, a casual perusal of the Web using Google turns up some supporters: Visa (who apparently coined the buzzword), the Association for Computing Machinery , and South Africa’s McCarthy Online .
  • How Can You Be In Two Places At Once, When You’re Not Anywhere At All? A company called Teleportec has the coolest technology I’ve seen in a long while. Using three ISDN lines (roughly 384Kbps), a person using their $70,000 Teleportec Podium can project his or her image from the waist up to a remote location and appear lifesized and in 3D. Only one of the men in the picture to the left is really there; the other is hundreds of miles away. The company has tried it out with several businesses. It also makes a large Teleportec Theatre that is 20 feet across with an 11 foot wide “teleportation zone” designed for panel discussions or telemeetings. Given the recent events, all kinds of virtual meeting technology will likely be given a boost (witness WebEx’s 30 percent stock rise on the first day of trading after the terrorist attacks). If Teleportec’s technology is as good as they say it is, look for them to put the others in the shade quicker than you can say, “Help me, Obie-Wan!” The applications aren’t limited to distance learning and business conferencing, however, as illustrated by the Digie award given Teleportec by Realcomm, a realty eCommerce conference.
  • Encryption a Threat? Alert SNS Reader Jeff Ellsworth sends along this article regarding the role encryption may have played in the recent tragedy. There is evidence that terrorists have used commonly available Public Key Encryption techniques as well as the more sophisticated steganography methods in their communications. Steganography is the embedding of secret messages in binary files such as image files or music files. The sender changes a few bits in the file and the result is invisible when viewed or listened to. There have been claims that the terrorists regularly used pornography files to communicate. Now Sen. Judd Gregg (R-N.H.) has proposed making it mandatory that software developers give government security agents the “keys” to encryption programs when they are created. The government tried this once before, in 1993 with a technology called the Clipper Chip . The idea was everyone would use the government’s encryption scheme, which had a “law enforcement back door.” This scheme was roundly criticized as unworkable by pretty much every knowledgeable security expert. Three main criticisms illustrate the folly of the Clipper Chip:1) Because the government would keep the Clipper methodology secret, the security community couldn’t point out any deficiencies
    2) Crackers would inevitably find ways to use the back door to their advantage
    3) Nobody in their right minds outside of the US would ever use this technology if the US government could eavesdrop on them, thus it would be useless in protecting us from foreign terrorists

    I really hope we don’t need to go down the Clipper path yet again. Phil Zimmermann, the creator of Pretty Good Privacy, a popular encryption technology, believes human footwork will be more useful in catching terrorists than more surveillance technologies: “It’s not practical to frisk everyone on the planet to find the one person with a box cutter.

  • Unsafe At Any Speed? Alert SNS Reader Bill Lehnertz sent along a pointer to a McKinsey Quarterly article, How Fast is Too Fast? It’s a nice analysis of the “Internet time” mania that gripped many of the dot-coms. The authors studied 80 Internet companies, including business-to-consumer (B2C) companies, business-to-business (B2B) companies, and infrastructure providers. They tried to determine the speed with which each built its business—and the outcome. One of the companies examined is my favorite dot-com/exchange success story: Altra Energy.
    McKinsey Quarterly (registration required)

Return to Mike’s Take

StratVantage Consulting, LLC — StratVantage News Summary 10/02/01

From Evernote:

StratVantage Consulting, LLC — StratVantage News Summary 10/02/01

Clipped from:

Wireless Almost Usable

User interface guru Jakob Nielsen has been a curmudgeon about wireless devices ever since they started sprouting interactive features. He’s an advocate of the plain and simple, and of intuitive interfaces. So there’s no wonder he hated the phones that make you press the “7” key four times to type an “S”. After his visit to the recent DEMOmobile conference in La Jolla, California, however, Nielsen’s changing his tune, at least somewhat.

First off, he found a number of interesting wireless developments at the conference:

  • iPaq is now the mobile device of choice and was the platform for almost all new services. I’ve noted this trend myself, and that has led to a re-ranking of Personal Digital Assistant (PDA) technology in the TrendSpot this month. According to Nielsen, last year, most start-ups based their systems on Wireless Application Protocol (WAP) phones, which is now widely viewed as a limited and wounded technology. At the conference, virtually all presenters now see WAP as doomed. Nielsen, a strong WAP opponent, agrees: “Think of the hundreds of millions of dollars that could have been saved last year if the VCs had bothered running a WAP usability study .
  • Palm is still around, but used by dramatically fewer services at this year’s conference than last year. Palm’s inability to capitalize on its command lead in PDA sales by offering a decent development environment may have led to its loss of market share. Its primary advantages nowadays are its ubiquity and its smaller size. Plus, it may have been a blunder to offer a proprietary device plug in standard, unlike the iPaq and other Pocket PC PDAs, which use standard PC Cards. Sony may yet be able to morph the Palm into a consumer device, but the ease of programming and porting existing applications onto the Pocket PC platform could well spell the end of Palm’s dominance.
  • The PC is emerging as a personal server that supports a user’s mobile devices, often through its wired Internet connection. This is an interesting new trend, an extension of the PC’s role in synching contact and calendar information. For example, SimpleDevices downloads music to the PC and transmits the audio files wirelessly to the user’s car when it is within range. How cool is that? Nielsen notes that although SimpleDevices can’t support real-time news, it does offer a virtual broadband connection to the car.
  • Cheap humans add value to the network. (Editorial Aside: One of the problems of this world is that there are cheap humans, IMHO).Copytalk and Webhelp both presented ingenious ways of injecting full intelligence into a mobile system,” Nielsen said. “Users simply speak their information request; the system then compresses the audio recording into a data file and transmits it through the Internet, to locations where highly qualified labor is virtually free.” This makes possible all kinds of services, such as a human-powered AskJeeves -like service. According to Nielsen, a human expert at web searching could research the user’s question and transmit the answer back for less than a dollar. Once the answer arrives, it can be converted to speech using text-to-speech synthesis and played for the user.
  • 802.11 is now the wireless connectivity of choice and, according to Nielsen, was used by almost everybody at the conference. This is a big change from last year, when Bluetooth was on the rise. This year, Bluetoon was almost gone, Nielsen said. Followers of the TrendSpot know that I have downgraded Bluetooth consistently over the last three months, and this month is no different. But now there’s a growing feeling that 802.11b, the short range wireless network technology, combined with Voice over IP (VoIP), a technology that routes phone calls over the Internet, could threaten cell phone networks as well. This has given 802.11b a boost in the TrendSpot rankings this month.

Although Nielsen was generally positive about one new device that debuted at the show, Danger Research’s Hiptop (OK, that’s a stupid name alert times two!), he had some criticisms of its user interface. The Hiptop, which people at the show were calling the Danger Device, is a 6-ounce Personal Digital Assistant (PDA) and a cell phone device with a a small but readable grayscale screen. The device has a thumbwheel control and a few visible buttons, leaving most of the room for the screen. You can browse the Web (with full graphics), send and receive e-mail and instant messages, or use it as a phone. The Hiptop also lets you take pictures, and play video games and other Java programs. What’s really nice, however, is the teeny thumb keyboard that you can expose by twisting the device.

The bummer for US wireless users, however, is that the Hiptop is a GSM phone, which means only Cingular and Voicestream will be able to sell it here, for about $200. Since GSM networks in the US are just getting started, that means accepting less-than-optimal coverage for the privilege of having the coolest wireless device on the block.

Nielsen is not convinced that tiny keyboards are the solution for mobile devices, putting his bets on improved handwriting recognition (it would have to improve a lot to read mine) and voice recognition. He also doesn’t like trackwheels, calling them unnatural (but then so was the mouse the first time you used it, yes?).

Whether the Danger device becomes the next big thing here will depend a lot on the progress of GSM and its successor, GPRS, in the US. With the first GPRS networks launched recently in China, England, and, incredibly, Seattle , the pervasiveness of this particular device will depend a lot on how quickly wireless network providers build out their networks.

Briefly Noted

  • Shameless Self-Promotion Dept.: I’ve added a new directory to the Directories section of the StratVantage Web site: Email Newsletters. After conducting a fruitless search for a central place listing interesting email newsletters, I decided to establish one myself. I’ve seeded it with newsletters I receive and find useful. If you’ve got a favorite, send it along and I’ll add it.
    StratVantage Directories
  • Nokia Covering Its Bets: As reported in issues of SNS (here and here ), Nokia is very interested in m-commerce (mobile eCommerce). In addition to its joint SmartCover effort with Sodexho and its dual chip test with Visa, Nokia is collaborating with IBM, Luottokunta and Radiolinja to pilot secure credit card payments using a mobile phone wallet application. The participants hope to demonstrate using the wallet for transferring payments and loyalty program information, and WIM (Wireless Identity Module) for making non-repudiated transactions. The parties are in the process of choosing suitable merchants for the pilot, which will start in the fourth quarter of 2001 in Finland.
  • Java on the Phone – Your Desktop Phone: By now my prediction last spring that it would be a while before we saw Java on mobile phones seems pretty ludicrous. Not long after I made the prediction, Korea’s LG Telecom introduced a Java-enabled cell phone in July, Nextel announced a Java cell phone, and Nokia smart phones, available outside the United States, began using Java applications. Now Kada™ Systems has announced that Cisco will build their Java technology into its Voice over Internet Protocol (VoIP) non-mobile desktop phones. Sometimes the magic works, and sometimes it doesn’t.
    Kada Systems
  • Single Sign-On = Liberty? Nokia, Cisco, Dun & Bradstreet, Sony, Sun and many other companies have announced that they will co-found the Liberty Alliance Project “to create an open, standards-based solution for network identity and authentication to provide single sign-on to the internet and to the mobile Internet.” They propose to do this through a technique they’re calling federated identity. “In a federated view of the world, a person’s online identity, their personal profile, personalized online configurations, buying habits and history, and shopping preferences are administered by users, yet securely shared with the organizations of their choosing. A federated identity model will enable every business or user to manage their own data, and ensure that the use of critical personal information is managed and distributed by the appropriate parties, rather than a central authority.

    Notably missing from the roster of founding members is Microsoft, which wants the world to adopt its proprietary Passport technology. About the name Liberty Project, though: I squirm a bit when I see projects named in this manner. What’s next? The Mom & Apple Pie Project? Nevertheless, it’s way too early to say whether this project will enhance our online freedom or detract from it.
    Project Liberty

  • Too Many Clues: Was I the only one who thought the abundance of clues left by the terrorist hijackers was a little fishy? Apparently not, as an article on Stratfor indicates. The article states that the terrorists, “practiced near-perfect operational planning, coordination and execution before their mission but left behind obvious evidence leading to other operatives who may have supported the hijackings. This begs the question of whether these evidence trails were intentionally left in order to distract U.S. law enforcement from other terrorists.” The article is well worth reading.
  • DoCoMo Starts First 3G Service: With no fanfare, Japan’s DoCoMo has started selling 3G phones that feature video services. The company thus met the timeline it announced late last year. I was among the skeptics that thought they’d never make it. Although the rollout is limited to a 30-mile radius of Tokyo, it soon will spread to other Japanese cities. The service, dubbed FOMA, (Freedom of Mobile multimedia Access), offers download speeds as high as 384Kbps. One of the phones the company is selling has a built-in camera for wireless videoconferencing. DoCoMo sold 4,000 phones the first day.
  • Sprint Stops Whining; Debuts E911 Phone: You never heard such a bunch of whining as the din put up by US wireless carriers about having to meet the FCC’s E911 mandate by this month. Verizon led the pack with detailed whines about how it couldn’t comply. VoiceStream got a waiver. But Sprint has amazed us all by offering an E911-compatible phone right on time. E911 is an FCC rule requiring cell phone network operators to be able to locate a phone within 100 meters. Although Sprint is offering the phone, Samsung’s SPH-N300 GPS-enabled phone, it is not yet supporting it with network services. Nonetheless, way to go!
  • Commitment to Make a Difference: Karen Holtzblatt, a principal of design services consultancy InContext, made the following commitment after the recent tragedy. Many other business people have made the same pledge:
    • When the NYSE re-opened, we bought and will buy stock in a company we believe in (and which gave generously to recovery and victim relief).
    • We will commit people and money to a development project that improves people’s lives.
    • We will fly and attend conferences and business meetings.
    • We will collaborate with colleagues–and competitors–to improve what we make and how we work.
    • We will watch our spending but not make frivolous cuts that hamper productivity.
    • We will invest in helping others secure a livelihood.
    • We will affirm our safety, security, and joy in living by spending on something fun.
    • We will work to help the triumph of openness, tolerance, and understanding over fear, hatred, and violence.


  • Microsoft’s .NET Could Be Virus-Prone: Eric Chien, chief researcher for antivirus firm Symantec, has identified a number of areas in which .NET, Microsoft’s next generation Web services platform, could be even more vulnerable to security threats than existing Microsoft operating systems. Chien said: “There are a number of new threats here, most of which are dependent on how users set their permissions and other security settings.” Another vulnerability is .NET’s ability to run programs in a variety of different languages, many of which currently have no antivirus products available. Chien’s primary worry, though, is that users won’t know how to use the various security resources within .NET to protect themselves. Sounds like good news for Chien’s employer, though.

Return to Mike’s Take