When I fired up the Zune client this morning to listen to my podcasts I was told that there is a newer version. I updated the client software first on my machine and then upgraded my Zune. There were several things that I liked:

1. I think the new interface is cleaner and easier to navigate.
2. New podcasts in the marketplace. They may have been there before but I found it easier to navigate around and find what I want.
3. Mixview in the Zune Social. Here is the view for my Zune. I did notice that it only shows the recent items played on the Zune and not from the desktop client.
   
4. Games added to my Zune. I haven't had time to play them but I figure over the next couple of weeks there will be some down time to check them out.
5. Easier setup than iTunes. This issue should probably be a different post but I really don't want to blog vile when I only have 1 try behind me as I might have been the problem. The short version is that I set up iTunes for my son and was very disappointed by the lack of keyboard support in the setup program.
6. Audiobooks - I know this has been a very requested feature as I have talked to other users. Now you can download and transfer books from audible.com and overdrive.com.
   

There are some things I didn't like:

1. I had to remove the "friends" that were added for me in the Zune social. I don't know how they were chosen since I didn't recognize one song or artist from my "friends" and removed them.
2. I was told in the upgrade that WiFi would be turned on. When I checked it wasn't so I don't know if it was turned on as part of the upgrade and then set back to it's previous setting (that would be a good thing) or something didn't work like planned (a bad thing).

I am looking forward to many more hours of music from my Zune.

So if you haven't been living in a cave you have been hearing about the Microsoft ads with Jerry Seinfeld. I have even blogged about it. Well with the news that Jerry wouldn't be appearing any more there was a lot of talk about the campaign failing and Microsoft changing direction.

Now there are a few new commercials on http://www.microsoft.com/presspass/windows/videoGallery.aspx along with an executive video by Bill Veghte explaining more about the "Life Without Walls" strategy.

If you want you can get into the act as well by uploading your video that explains why you are a PC and why you are proud of it.

This is a reminder that next Wednesday we will be holding out monthly meeting of the Utah County .NET User Group (UCNUG). It will be held at the NuSkin building at 1175 S 350 E in Provo. Aaron Zupancic will be speaking to us on the design time experience of WinForms controls.

There was a lot of comment about the Bill Gates and Jerry Seinfeld commercial. There are now two more "yet to be aired" commercials posted at http://www.microsoft.com/presspass/windows/. You can also see them as one big commercial (4:33) at http://www.windows.com. I am not a marketing genius although I have been accused of being a marketing professional (and have the e-mail to prove it). I am not sure I know exactly where they are going but I think I start to see a glimmer and my guess would be that we will start seeing things like the xBox, Live Mesh, the Tablet PC, and yes, Windows Vista start showing up more often in the ads. If nothing else it is nice to see Bill Gates not taking himself seriously.

I posted yesterday on Google's new browser named "Chrome". Today I have see a lot of news articles and blog posts about the browser. In general the feeling seems to be that the browser is fast, has a lot of good features, and is squarely aimed at taking market share from Microsoft. Not only will it hurt IE if Chrome gets a lot of play but it will also affect Windows as the browser will become the application platform.

There was a lot of talk about the EULA (you know the thing you never read but click the "I agree" button so you can get on with installing software). In particular the agreement granted Google a license to use anything you used in the browser. There was a wide range of reactions from "this is standard practice to keep Google from being sued, they would never use your stuff" to "that means they can capture and post the details of my on-line banking session to the world. I am deleting this as fast as I can". Whether they were intending to do anything with the data or not is unclear to me but in an article on arstechnica.com Google admitted it was a mistake and promised to change the license to retroactively not grant them any rights.

There is a bigger issue though and that is the Omnibox on each tab. The arstechnica article links to another article on cnet.com that states "Chrome's "Omnibar" can also access all keystrokes a user types, and Google will store some of this information along with IP addresses". This sounds like the kind of scenario I wrote about back in 2005 where AJAX is used to send your keystrokes to a server even if you don't ever actually hit the enter key. I have not found any mention of Google deciding to stop this practice in the future so I guess I will stay away from using Chrome until I have a better feel for what privacy I am giving up. I like the idea of having it suggest information to me, I just don't want Google storing that information.

It seems that yesterday Google leaked information about a new browser named "Chrome" they are building. The blog announcement and comic book with details are interesting. Some of the things I see are also in IE 8 and some seem to be a little different. As both IE 8 and Chrome are in beta it is too soon to start a comparison but here are some of the things I like and dislike about the announcement.

Like:

• Each tab is a separate process so a tab crashing will not bring down the entire browser
• Improved security including a privacy mode where nothing is saved. This will be good for going to web sites that might be legitimate or might be a drive by download site
• Webkit based rendering engine. At least we won't have to be worried about a different way of handling HTML or CSS

Dislike:

• Each tab is a separate process (I know I said I like it above) because processes take more resources than threads. I am not sure I will notice a slowdown switching between processes but that possibility exists.
• New JavaScript engine. I am sure it will be fast and the most standards compliant (whatever that really means) engine out there but it will be different which means one more browser to test on and I am getting lazy in my old age :)

Only time will tell whether this means increased competition for IE, a fragmentation of the open source based browser market, or some combination but I believe that competition will help all the products be better.

Until I see a compelling reason to switch I still plan on doing most of my browsing in IE with FireFox, Safari, and now Chrome installed to help with testing and debugging of pages.

I have been getting more phishing e-mail lately that points me to "bad" files on what would normally be "good" sites. Last week I got a message that pointed to index1.htm on a site. Index.htm was the valid home page and appeared to be the personal site for a young lady in Brazil. I couldn't read the page but it didn't look malicious. When I went to the index1.htm page it had a flash application that would tell me that I needed to download a new viewer to view a news article.

The message today pointed me to a web site for a doctor. The link went directly to a .exe file in the URL so I knew better than to click on it. The interesting thing about this message is that I supposedly got an e-card from "a friend". At the bottom of the message was a link to www.greetingcard.org which has a section for an "Email Scam Alert!" on the lower right of its home page. You would think that the phishers would not put in clues that their e-mail is bogus right in the e-mail. Then again, maybe I should be thankful that they are not better as it would be harder to figure out which e-mails are legitimate and which ones I can blog about.

I read the article at http://redtape.msnbc.com/2008/08/almost-everyone.html about the "Forgot your password" link to reset your password as being a possible attack vector. I think they discussed the security issue quite well and also pointed out that there are no reports that this method has been used widely to attack accounts. I know that in all the time that I have had a Hotmail account I have twice gotten e-mails about a password reset that I didn't initiate. The first time I ignored the e-mail until I got a reminder about 10 days later that it was about to expire, the second time I immediately clicked on the link stating I hadn't started the password reset. I also went and changed my password just in case someone had compromised my account.

The article has some good advice about not using obvious answers to the reset questions. I think this might be one case where my generation has a lot more latitude in choosing a non-obvious answer. While my birth date and mother's maiden name might be easy to find on the Internet, when I was a teenager there was no blogging so I would assume outside of the people that I went to school with and a few close family members nobody would know the name of my first girlfriend. It might be easy for a hacker to guess the answer to that question but hopefully it would take them a few tries and the back end systems would be alerted well before they guessed the correct answer.

Another tactic that I have used is to pick an "obvious" question but then give it a false answer. As was pointed out in a recent issue of the RISKS digest, they aren't validating the answer, just that you can type in the same value twice. I use the name of my pet as a question but rarely if ever use Max which was the name of my dog but instead make up other "names". The best are a semi random set of number and letters that aren't even a name so if someone is running a dictionary attack of the most common pet names your answer will not be in the dictionary.

To help me not forget the password in the first place, or to remember the answer if I need to I can always look at my Password Minder file. The thing I like is it will automatically generate random passwords for me and has a notes area where I can write down my secret question and answer. The data (both passwords and comments) is encrypted on the disk so I feel pretty safe about it not being stolen from me.