InformationWeek Stories by Larry Seltzer

InformationWeek Stories by Larry Seltzerhttp://www.informationweek.comInformationWeeken-usCopyright 2012, UBM LLC.2013-05-16T10:49:00ZGoogle Apps To Microsoft Office 365: 10 LessonsSwitching from Google Apps to Microsoft Office 365, you will find good and bad surprises. But overall, Microsoft's Web apps make the migration worthwhile.http://www.informationweek.com/cloud-computing/software/google-apps-to-microsoft-office-365-10-l/240154989?cid=RSSfeed_IWK_AuthorsI was a long-time customer of <a href="http://www.google.com/enterprise/apps/business/" target="_blank">Google Apps for Business</a>. I used it for larryseltzer.com, which I use for both business and personal reasons. Back when I switched from conventional hosting and POP/SMTP email to Google Apps, it was a great deal -- you could get all the basic features for free. This included Gmail, Google Calendar, Google Sites and Google Docs, and it was all searchable using Google's top-notch engine. A lot has changed since then. Google Apps has gotten better, although not markedly so. The competition, which is Microsoft, has not stood still. In fact, Microsoft's cloud product, <a href="http://office.microsoft.com/" target="_blank">Office 365</a>, is clearly more powerful and sophisticated than Google Apps for business needs, especially large businesses. I recently <a href="http://www.informationweek.com/software/enterprise-applications/google-apps-to-office-365-why-to-switch/240154193">laid out the case for leaving Google Apps for Office 365</a>. Here, I'm sharing the lessons I learned while making that migration. Migrating my five users -- three real ones and a couple of test ones -- took about five days. The first day was consumed with standard and necessary things such as migrating DNS servers; the second involved working around an obscure bug I encountered. Most of the rest of the time was spent migrating email, contacts and calendars. After leaving Google Apps, I learned a lot about what's possible with Office 2013, its Web apps in various browsers, and mobile support. Mobile is especially complicated. In the end, once I got past deciding which company was being more duplicitous, it became clear to me that Microsoft offers better mobile support than Google. Microsoft still has some big mobile support holes, but it does appear to be working on most of them. Some people will disagree with me on this, but I think Google Sites is not a useful product, and compared to Microsoft's SharePoint it's so small as to be barely visible. The differences between Google Apps (formerly Google Docs) and Microsoft Office are not as great as they once were, but they're still substantial. Am I glad I left Google Apps? Yes, even though I ran into some problems in migrating. I suspect no migration like this ever goes completely as planned. Read on to learn from all of my stumbles -- and happy discoveries.Microsoft needs to coordinate Windows accounts and Office 365 accounts better. More than once I ran into problems related to the distinction between my Windows account and my Office 365 account. Windows accounts, formerly known as Live (and Passport before that), are a distinct identity system from that used for Office 365. Some of my migration problems were due to the unusual situation I apparently presented: My Windows ID was the same personal email address that I was using on the Office 365 domain. This confusion caused a 24-hour delay in getting the Office 365 domain properly set up and I was only able to do that with help from Microsoft support. I had to cancel my Windows ID and create a new one and even then, I had the impression that the system is unequipped for this circumstance and that the operations people had to do some sort of manual override. There are many other circumstances where you'd think you could use your Office 365 ID instead of your Windows ID: Logging into a Windows 8 system or Windows Phone (pictured), for example. But unless the Windows system is on a managed domain, you'll need to use a Windows ID to log in and then log in separately to Office 365. This isn't a major pain, but it feels wrong and some users undoubtedly will experience the same confusion I did. RECOMMENDED READING: <a href="http://www.informationweek.com/smb/hardware-software/skykick-tackles-microsoft-office-365-mig/240153454">Skykick Tackles Microsoft Office 365 Migration Headaches</a> <a href="http://www.informationweek.com/software/productivity-applications/microsoft-office-365-steps-on-google-ent/240154836">Microsoft Office 365 Steps On Google Enterprise Ambitions</a> <a href="http://www.informationweek.com/software/productivity-applications/microsoft-office-365-how-one-company-sav/240150383">Microsoft Office 365: How One Company Saves Big</a> <a href="http://www.informationweek.com/security/attacks/9-google-apps-security-secrets-for-busin/240005410">9 Google Apps Security Secrets For Business</a> <a href="http://www.informationweek.com/cloud-computing/software/google-apps-service-restored/240153120">Google Apps Service Restored</a> <a href="http://www.informationweek.com/government/cloud-saas/national-archives-picks-google-apps-for/240142987">National Archives Picks Google Apps For Government</a> <a href="http://www.informationweek.com/security/application-security/6-ways-to-strengthen-web-app-security/240006962">6 Ways To Strengthen Web App Security</a>The Windows Phone smartphone operating system does a good job of handling Office 365 apps and the Office Hub. (Hub is an app that allows users access to documents in SkyDrive and SharePoint for minor edits.) Trying to use Office 365 on iOS devices is, unsurprisingly, not as easy. But it's not as hard as you might think. First, Exchange ActiveSync gives you full access to your email, calendar and contacts in standard iOS apps. The same is true of Android and BlackBerry devices. But iOS users also get a <a href="https://itunes.apple.com/us/app/sharepoint-newsfeed/id595847617?ls=1&mt=8" target="_blank">SharePoint Newsfeed App</a> and will also get a <a href="http://www.microsoft.com/en-ca/trending/office/new-mobile-apps-for-sharepoint-by-the-sharepoint-team" target="_blank">SkyDrive Pro app this summer.</a> Somewhat surprisingly, Windows 8 has lagged in Office 365 support and will get a SkyDrive Pro app at the same time as iOS. Microsoft also seems to have put extra effort in for iOS users in the browser. Pictured is my Office 365 email on a Samsung Galaxy S 4 and an iPhone 5. Android users get the old Outlook Web Access interface, which isn't all that usable on a desktop PC. iOS users get the modern Outlook.com mobile interface. This follows even for Chrome on both operating systems: Chrome on iOS gets the new interface, Chrome on Android gets the old interface. Microsoft does make Lync, OneNote and SkyDrive apps for Android and there are many third-party apps to fill the gaps in, for example, support for SharePoint. And Microsoft recently announced <a href="http://blogs.office.com/b/microsoft_office_365_blog/archive/2013/05/07/office-web-apps-more-office-more-collaborative-more-devices.aspx" target="_blank">improvements in its Web apps on Android tablets</a> to allow document editing through mobile Chrome browser support. But for now, browser support in Android is bottom rung. <a href="http://technet.microsoft.com/en-us/library/fp161353.aspx" target="_blank">Officially, SharePoint 2013 supports iOS 5.0</a> or later and Android 4.0 or later. Video play requires iOS 6.0 and Android 4.1, and iOS 5.0 support for Office Web Apps is "limited." RECOMMENDED READING: <a href="http://www.informationweek.com/smb/hardware-software/skykick-tackles-microsoft-office-365-mig/240153454">Skykick Tackles Microsoft Office 365 Migration Headaches</a> <a href="http://www.informationweek.com/software/productivity-applications/microsoft-office-365-steps-on-google-ent/240154836">Microsoft Office 365 Steps On Google Enterprise Ambitions</a> <a href="http://www.informationweek.com/software/productivity-applications/microsoft-office-365-how-one-company-sav/240150383">Microsoft Office 365: How One Company Saves Big</a> <a href="http://www.informationweek.com/security/attacks/9-google-apps-security-secrets-for-busin/240005410">9 Google Apps Security Secrets For Business</a> <a href="http://www.informationweek.com/cloud-computing/software/google-apps-service-restored/240153120">Google Apps Service Restored</a> <a href="http://www.informationweek.com/government/cloud-saas/national-archives-picks-google-apps-for/240142987">National Archives Picks Google Apps For Government</a> <a href="http://www.informationweek.com/security/application-security/6-ways-to-strengthen-web-app-security/240006962">6 Ways To Strengthen Web App Security</a> One of the precipitating events for my decision to migrate from Google Apps to Office 365 was Google's decision to restrict Exchange ActiveSync (EAS) support to paying customers. This <a href="http://www.informationweek.com/byte/google-at-war-with-windows-8-phone/240145490" target="_blank">rubbed a lot of people the wrong way</a>. The alternatives Google suggests -- IMAP, CalDAV and CardDAV -- are not only harder to configure, but they don't work all that well. Google's CalDAV implementation, for example, doesn't let you invite another user to a calendar event. Even the fact that I was a paying customer didn't stop me from being affected -- Microsoft changed the Windows 8/RT Mail, Calendar and Contacts apps to <a href="http://www.informationweek.com/byte/personal-tech/mobile-applications/gmail-users-cut-off-in-windows-8/240151889">blacklist all Google users from EAS access</a>. Microsoft provides alternative means for <a href="http://windows.microsoft.com/en-US/windows-8/use-google-windows-8-rt" target="_blank">syncing email and contacts to Windows 8/RT</a>. For Calendar, Microsoft's official advice is to use Outlook.com instead. Both Google and Microsoft came across as petty and unhelpful in this episode -- but I wasn't prepared to dump both of them. I decided I wanted to have EAS support and Office 365 was the way to get it. Since I set up Office 365, I have connected from Windows 7 and 8, Windows Phone, an iPad and iPhone, Android 2.3 and 4.2 phones and an Android 4.1 tablet. No problems. There was an unexpected bonus: EAS provides some basic mobile device management (MDM) tools and Office 365 lets you use them. You can make users set complex passcodes, force a device wipe after a set number of failed attempts to connect, and use other measures to improve security. These are the kinds of security features users love to hate, but short of a full-blown MDM product subscription this can do some good. (To be fair, Google Apps lets administrators remotely wipe devices that have been connected through EAS.) RECOMMENDED READING: <a href="http://www.informationweek.com/smb/hardware-software/skykick-tackles-microsoft-office-365-mig/240153454">Skykick Tackles Microsoft Office 365 Migration Headaches</a> <a href="http://www.informationweek.com/software/productivity-applications/microsoft-office-365-steps-on-google-ent/240154836">Microsoft Office 365 Steps On Google Enterprise Ambitions</a> <a href="http://www.informationweek.com/software/productivity-applications/microsoft-office-365-how-one-company-sav/240150383">Microsoft Office 365: How One Company Saves Big</a> <a href="http://www.informationweek.com/security/attacks/9-google-apps-security-secrets-for-busin/240005410">9 Google Apps Security Secrets For Business</a> <a href="http://www.informationweek.com/cloud-computing/software/google-apps-service-restored/240153120">Google Apps Service Restored</a> <a href="http://www.informationweek.com/government/cloud-saas/national-archives-picks-google-apps-for/240142987">National Archives Picks Google Apps For Government</a> <a href="http://www.informationweek.com/security/application-security/6-ways-to-strengthen-web-app-security/240006962">6 Ways To Strengthen Web App Security</a> There are lots of automated tools for migrating data from Google Apps to Office 365, including Dell's <a href="http://www.quest.com/office-365/" target="_blank">Quest OnDemand Migration for Email</a> and <a href="http://www.agileit.com/business/agileascend/" target="_blank">Agile IT's AgileAscend</a>. You should consider using one of these products -- even if you're switching over just a few users like I was -- or it will just take too long. Thinking way too much of my own skills, I assumed that the process would be time-consuming but not all that challenging. The migration took me more than two days -- although I was working on other things at the same time – and I'm still cleaning up small problems it caused. If you look up migration techniques on the Internet you'll see a lot of bad advice, mostly about using IMAP. Fortunately, you'll have to go this route only if you're one of the grandfathered-in free Google Apps users. If you're a Google Apps for Business customer, you have Exchange ActiveSync support for access to your calendars, contacts and email, and this is the secret to a much more straightforward migration. If you haven't been using Google Apps Migration For Microsoft Outlook and Google Apps Sync For Microsoft Outlook to access your Google Apps email, calendar and contacts, now is the time to set it up. There are two ways to proceed: In Outlook, export all the data from each account to a PST file. Then, after connecting to your Office 365 account, import the PST file. The second way is to connect to both the Google and Microsoft accounts from the same instance of Outlook and drag and drop the content from the former to the latter. It sounds so simple, and eventually it worked, but it wasn't as easy as it sounded. First, I tried the second, drag-and-drop method. But I was dealing with some very large accounts with many gigabytes of data, and Outlook was not up to the task. I don't know what caused it, but whenever I tried either drag and drop or copy and paste, Outlook would become unresponsive. It might have been that the migration was actually being performed and only the UI was unresponsive, and that if I left it for many hours it would complete, but I decided that wasn't a reasonable use of my time. The other method worked better, although Outlook also dislikes very large PSTs and becomes unresponsive when importing them. I got better results by creating partial PSTs -- just the calendar, just the contacts, and different parts of the email -- and importing them one at a time. The main problem I was left with -- and this is a common problem -- is duplicate entries in the contacts. No matter how often you tell the import program not to import duplicates it does it anyway (pictured). RECOMMENDED READING: <a href="http://www.informationweek.com/smb/hardware-software/skykick-tackles-microsoft-office-365-mig/240153454">Skykick Tackles Microsoft Office 365 Migration Headaches</a> <a href="http://www.informationweek.com/software/productivity-applications/microsoft-office-365-steps-on-google-ent/240154836">Microsoft Office 365 Steps On Google Enterprise Ambitions</a> <a href="http://www.informationweek.com/software/productivity-applications/microsoft-office-365-how-one-company-sav/240150383">Microsoft Office 365: How One Company Saves Big</a> <a href="http://www.informationweek.com/security/attacks/9-google-apps-security-secrets-for-busin/240005410">9 Google Apps Security Secrets For Business</a> <a href="http://www.informationweek.com/cloud-computing/software/google-apps-service-restored/240153120">Google Apps Service Restored</a> <a href="http://www.informationweek.com/government/cloud-saas/national-archives-picks-google-apps-for/240142987">National Archives Picks Google Apps For Government</a> <a href="http://www.informationweek.com/security/application-security/6-ways-to-strengthen-web-app-security/240006962">6 Ways To Strengthen Web App Security</a> In my earlier story on the <a href="http://www.informationweek.com/software/enterprise-applications/google-apps-to-office-365-why-to-switch/240154193">business case for migrating from Google Apps to Office 365</a>, I criticized both cloud products for their file storage tools: Google Drive and Microsoft SkyDrive Pro, respectively. Both need storage pooling and user quotas. But in the end, SkyDrive Pro is more disappointing. The first thing to know about SkyDrive Pro is that it's not a professional version of the <a href="http://www.skydrive.com/" target="_blank">consumer SkyDrive offering</a>, but a recasting of <a href="http://office.microsoft.com/en-us/sharepoint-server-help/introduction-to-my-site-HA010108748.aspx" target="_blank">SharePoint MySites</a>. Therefore it doesn't interoperate with the consumer version of SkyDrive, nor does it work with SkyDrive apps for iOS or Android, although there is Mac support. And if you have Windows Phone, you will have access to your SkyDrive Pro data. Check out Microsoft's <a href="http://sharepoint.microsoft.com/blog/Pages/BlogPost.aspx?pID=1033">"What's the difference between SkyDrive and SkyDrive Pro?"</a> for more. RECOMMENDED READING: <a href="http://www.informationweek.com/smb/hardware-software/skykick-tackles-microsoft-office-365-mig/240153454">Skykick Tackles Microsoft Office 365 Migration Headaches</a> <a href="http://www.informationweek.com/software/productivity-applications/microsoft-office-365-steps-on-google-ent/240154836">Microsoft Office 365 Steps On Google Enterprise Ambitions</a> <a href="http://www.informationweek.com/software/productivity-applications/microsoft-office-365-how-one-company-sav/240150383">Microsoft Office 365: How One Company Saves Big</a> <a href="http://www.informationweek.com/security/attacks/9-google-apps-security-secrets-for-busin/240005410">9 Google Apps Security Secrets For Business</a> <a href="http://www.informationweek.com/cloud-computing/software/google-apps-service-restored/240153120">Google Apps Service Restored</a> <a href="http://www.informationweek.com/government/cloud-saas/national-archives-picks-google-apps-for/240142987">National Archives Picks Google Apps For Government</a> <a href="http://www.informationweek.com/security/application-security/6-ways-to-strengthen-web-app-security/240006962">6 Ways To Strengthen Web App Security</a> One of Gmail's "innovations" was to abandon the traditional hierarchical folder model. In Gmail, you don't move or copy messages to folders -- you give them labels. The labels themselves can be hierarchical, but the big difference is that one individual message can have more than one label. If you think of labels as folders, this means that a message can exist in more than one folder. Another one of Gmail's departures from conventional email is archiving, which takes a message out of view, but leaves it available for search. I was never quite sure over the years how, but frequently Gmail would archive a message when I didn't intend it. If I didn't know what to search for, it was gone. Now that I'm back on a classic folder model I'm much happier and everything seems logical. I can still search and find anything I want and messages no longer disappear mysteriously. Outlook's auto-archiving feature, moves items to a PST file, is clumsy compared to Gmail's, but it's much more flexible, and there are many third-party products to assist with Exchange search and archiving. RECOMMENDED READING: <a href="http://www.informationweek.com/smb/hardware-software/skykick-tackles-microsoft-office-365-mig/240153454">Skykick Tackles Microsoft Office 365 Migration Headaches</a> <a href="http://www.informationweek.com/software/productivity-applications/microsoft-office-365-steps-on-google-ent/240154836">Microsoft Office 365 Steps On Google Enterprise Ambitions</a> <a href="http://www.informationweek.com/software/productivity-applications/microsoft-office-365-how-one-company-sav/240150383">Microsoft Office 365: How One Company Saves Big</a> <a href="http://www.informationweek.com/security/attacks/9-google-apps-security-secrets-for-busin/240005410">9 Google Apps Security Secrets For Business</a> <a href="http://www.informationweek.com/cloud-computing/software/google-apps-service-restored/240153120">Google Apps Service Restored</a> <a href="http://www.informationweek.com/government/cloud-saas/national-archives-picks-google-apps-for/240142987">National Archives Picks Google Apps For Government</a> <a href="http://www.informationweek.com/security/application-security/6-ways-to-strengthen-web-app-security/240006962">6 Ways To Strengthen Web App Security</a> Pricing the two offerings out can get complicated but the bottom line is Office 365 is more expensive, once you get past the least-expensive packages. Late last year, Google <a href="http://www.informationweek.com/software/productivity-applications/google-apps-no-longer-free-for-businesse/240144076">dropped the free option for Google Apps</a>, grandfathering in existing free customers. There are several other packages, but for business the price is basically $5 per user per month or $50 per user for a year. There are multiple prices for Office 365, for small, medium and large businesses. There is also a Home Premium edition that costs $100 a year and supports up to five PCs or Macs. I opted for a business package because I wanted features such as SharePoint. Although I don't intend to hold on to it long term, I migrated to an evaluation copy of Office 365 Small Business Premium, which costs $15 per user per month or $150 for a year. What justifies three times the price? A lot of management features, and a subscription for all your users to the latest full edition of Office desktop. Eventually, I'll probably end up with the non-Premium Office 365 Small Business, which costs a more-reasonable $6 per user per month or $60 per user for a year. RECOMMENDED READING: <a href="http://www.informationweek.com/smb/hardware-software/skykick-tackles-microsoft-office-365-mig/240153454">Skykick Tackles Microsoft Office 365 Migration Headaches</a> <a href="http://www.informationweek.com/software/productivity-applications/microsoft-office-365-steps-on-google-ent/240154836">Microsoft Office 365 Steps On Google Enterprise Ambitions</a> <a href="http://www.informationweek.com/software/productivity-applications/microsoft-office-365-how-one-company-sav/240150383">Microsoft Office 365: How One Company Saves Big</a> <a href="http://www.informationweek.com/security/attacks/9-google-apps-security-secrets-for-busin/240005410">9 Google Apps Security Secrets For Business</a> <a href="http://www.informationweek.com/cloud-computing/software/google-apps-service-restored/240153120">Google Apps Service Restored</a> <a href="http://www.informationweek.com/government/cloud-saas/national-archives-picks-google-apps-for/240142987">National Archives Picks Google Apps For Government</a> <a href="http://www.informationweek.com/security/application-security/6-ways-to-strengthen-web-app-security/240006962">6 Ways To Strengthen Web App Security</a> It's fair to say that Microsoft invented Web 2.0 with the original Outlook Web Access online mail service. It was the first prominent implementation of a Web front-end that had live links to back-end data and a user interface that approximated a desktop GUI. Today it looks primitive and, in fact, until Office 365, Microsoft did little to improve the interface. Worse, it worked much better in Internet Explorer than in other browsers -- and lots of users make a habit of avoiding Internet Explorer. The Web apps are much better now. My experience with them makes me feel better about my decision to eventually ditch the Office 365 edition that includes the desktop software. I haven't found much that I wanted to do but couldn't. I could even print to local printers, something Google Apps can't do, at least not directly. The Microsoft video below shows the PowerPoint Web app running on two separate systems, both editing the same presentation. Changes in one are reflected in the other. <iframe width="325" height="183" src="http://www.youtube.com/embed/4wdh-PE3OEk" frameborder="0" allowfullscreen></iframe> Slick as this is, it's not like Microsoft invented it. Google Apps was doing it from the beginning, in 2006. The Google Apps applications, especially the spreadsheet, started out quite primitive and almost useless. From what I've seen recently, they have improved a great deal. There is at least some support now for pivot tables and I've been able to import spreadsheets which, years ago, were too complex for Google's spreadsheet app to make sense of. From what I can see, the main weaknesses are in layout, where Office has many more and finer-grained options. That said, it's harder to dismiss Google Apps these days. Just look at the side-by-side of the Excel app and the Google Apps spreadsheet pictured here. But perhaps the question is moot. For a business, the ability to use Excel, including the desktop version, is a great selling point. With Google Apps, larger businesses are bound to run into limitations I didn't see, especially when dealing with legacy documents. RECOMMENDED READING: <a href="http://www.informationweek.com/smb/hardware-software/skykick-tackles-microsoft-office-365-mig/240153454">Skykick Tackles Microsoft Office 365 Migration Headaches</a> <a href="http://www.informationweek.com/software/productivity-applications/microsoft-office-365-steps-on-google-ent/240154836">Microsoft Office 365 Steps On Google Enterprise Ambitions</a> <a href="http://www.informationweek.com/software/productivity-applications/microsoft-office-365-how-one-company-sav/240150383">Microsoft Office 365: How One Company Saves Big</a> <a href="http://www.informationweek.com/security/attacks/9-google-apps-security-secrets-for-busin/240005410">9 Google Apps Security Secrets For Business</a> <a href="http://www.informationweek.com/cloud-computing/software/google-apps-service-restored/240153120">Google Apps Service Restored</a> <a href="http://www.informationweek.com/government/cloud-saas/national-archives-picks-google-apps-for/240142987">National Archives Picks Google Apps For Government</a> <a href="http://www.informationweek.com/security/application-security/6-ways-to-strengthen-web-app-security/240006962">6 Ways To Strengthen Web App Security</a> Any administrator preparing for a significant system migration knows this: You need to plan for things to go wrong, because they usually do. I planned to start my migration on a Friday night, as a business might, to concentrate downtime in less-critical periods. Almost immediately I ran into two roadblocks that were my fault alone. The first: the domain I was migrating was configured in a complicated way, registered at one registrar but with the authoritative DNS at a different one. Furthermore, the domain was locked at the registrar. I ended up having to make changes at both registrars, but unlocking the domain required filling out a form and faxing it and photo ID to the registrar. Worse, because it was a Friday night there was a good chance nobody would see it till Monday morning. (This process may seem absurdly primitive and cumbersome, but it's part of an effort to protect domains from theft and abuse and I appreciate the need to impede speed, lest domain thieves do their dirty deed.) Fortunately, there were things I could do while waiting. Once the domain was unlocked, I ran into problem number two, which was that the email address I was going to use for the administrator of my Office 365 domain was the same as one I had been using for many years as a Windows/Live/Passport ID. Microsoft's systems were so confused by this that it took a good 24 hours working with a support escalation engineer to get it fixed. The final barrier was migrating the data itself, also explained earlier. If I had the resources and the time I might have been able to do more of the work in advance of changing the actual domain structure, but it doesn't change the overall lesson: You need to know what to expect when you actually start throwing switches in a migration. I should have planned it out better in advance and investigated each stage of the process. RECOMMENDED READING: <a href="http://www.informationweek.com/smb/hardware-software/skykick-tackles-microsoft-office-365-mig/240153454">Skykick Tackles Microsoft Office 365 Migration Headaches</a> <a href="http://www.informationweek.com/software/productivity-applications/microsoft-office-365-steps-on-google-ent/240154836">Microsoft Office 365 Steps On Google Enterprise Ambitions</a> <a href="http://www.informationweek.com/software/productivity-applications/microsoft-office-365-how-one-company-sav/240150383">Microsoft Office 365: How One Company Saves Big</a> <a href="http://www.informationweek.com/security/attacks/9-google-apps-security-secrets-for-busin/240005410">9 Google Apps Security Secrets For Business</a> <a href="http://www.informationweek.com/cloud-computing/software/google-apps-service-restored/240153120">Google Apps Service Restored</a> <a href="http://www.informationweek.com/government/cloud-saas/national-archives-picks-google-apps-for/240142987">National Archives Picks Google Apps For Government</a> <a href="http://www.informationweek.com/security/application-security/6-ways-to-strengthen-web-app-security/240006962">6 Ways To Strengthen Web App Security</a> Many people love Gmail and many hate Outlook. Not me. I'm okay with Gmail, but it's not as powerful and usable as either the Outlook desktop or Web app. This is the main impression I've had in the wake of the migration: I'm very happy to be using Outlook again. In the process, I got an unexpected bonus, although in hindsight I should have expected it: Outlook is an excellent RSS reader. It treats the feeds just like regular folders and you can read articles that come in just as you read email. They show up in unread messages and you can easily forward them as email, editing and annotating them. And by putting the feeds in the Exchange account, you keep your reading up-to-date even if you read from multiple devices. Now that I've migrated, the fact that Google is dumping Google Reader is no skin off my nose. A couple of years from now I might tire of the problems I'll inevitably encounter with Office 365, but I expect Microsoft to pay more attention to them than Google does to Apps. Microsoft just seems hungrier and more committed to its products, which is why they look great and Google's look kind of old, plain and tired. For now, it's a good feeling. RECOMMENDED READING: <a href="http://www.informationweek.com/smb/hardware-software/skykick-tackles-microsoft-office-365-mig/240153454">Skykick Tackles Microsoft Office 365 Migration Headaches</a> <a href="http://www.informationweek.com/software/productivity-applications/microsoft-office-365-steps-on-google-ent/240154836">Microsoft Office 365 Steps On Google Enterprise Ambitions</a> <a href="http://www.informationweek.com/software/productivity-applications/microsoft-office-365-how-one-company-sav/240150383">Microsoft Office 365: How One Company Saves Big</a> <a href="http://www.informationweek.com/security/attacks/9-google-apps-security-secrets-for-busin/240005410">9 Google Apps Security Secrets For Business</a> <a href="http://www.informationweek.com/cloud-computing/software/google-apps-service-restored/240153120">Google Apps Service Restored</a> <a href="http://www.informationweek.com/government/cloud-saas/national-archives-picks-google-apps-for/240142987">National Archives Picks Google Apps For Government</a> <a href="http://www.informationweek.com/security/application-security/6-ways-to-strengthen-web-app-security/240006962">6 Ways To Strengthen Web App Security</a> 2013-05-07T09:06:00ZGoogle Apps To Office 365: Why To SwitchHere's the business case for why I moved from Google Apps for Business to Microsoft Office 365 -- and why you may want to do the same.http://www.informationweek.com/software/enterprise-applications/google-apps-to-office-365-why-to-switch/240154193?cid=RSSfeed_IWK_Authors <div class="inlineStoryImage inlineStoryImageRight"><a href="http://www.informationweek.com/software/productivity-applications/office-2013-10-questions-to-ask/240150037"><img src="http://twimgs.com/informationweek/galleries/automated/959/01_Intro_175.jpg" alt="Office 2013: 10 Questions To Ask" title="Office 2013: 10 Questions To Ask" class="img175" /></a> <div class="storyImageTitle">Office 2013: 10 Questions To Ask</div> (click image for slideshow) </div> Since its <a href="http://googleblog.blogspot.com/2006/08/get-your-people-talking.html"> launch in 2006</a>, Google Apps has been a good way to get email and other services on a custom domain. This is especially true of the free version, which included Gmail, Google Calendar, Google's online word processing and spreadsheet apps and more. But last December <a href="http://www.informationweek.com/software/productivity-applications/google-apps-no-longer-free-for-businesse/240144076">Google discontinued the free edition</a>. This might have not been a big deal for business users, <a href="http://googleenterprise.blogspot.com/2012/12/changes-to-google-apps-for-businesses.html">according to Google</a>, since most businesses would quickly hit the limitations of the free edition. But customers considering <a href="http://www.google.com/enterprise/apps/business/">Google Apps for Business</a>, the premium version, now have reason to look seriously at the alternatives. The most prominent competitor is <a href="http://office.microsoft.com/">Microsoft's Office 365</a>. My own personal domain (larryseltzer.com) has for many years been with Google Apps for Business -- in fact, when I first adopted it the service was called Google Apps Premier. For a number of reasons I recently decided to migrate it to Office 365. In a future story I'll discuss how that went and what lessons I learned -- but for now I'll compare both products and explain why I believe Office 365 has the edge for business users. Google offers a number of editions for education, ISPs and non-profits but only <a href=http://www.google.com/intl/en/enterprise/apps/business/>one edition for business</a>, priced at $5/user per month or $50/user per year. [ For more on transitioning to Office 365, read <a href="http://www.informationweek.com/smb/hardware-software/skykick-tackles-microsoft-office-365-mig/240153454?itc=edit_in_body_cross">Skykick Tackles Microsoft Office 365 Migration Headaches</a>. ] Microsoft's Office 365 editions are organized differently: <a href="http://office.microsoft.com/en-us/home-premium/?WT%2Emc_id=PS_google_O365Cons_office%20365%20home%20premium_Text&WT%2Eintid1=ODC_ENUS_FX101785584_XT104029222&WT%2Eintid2=ODC_ENUS_FX101785584_XT104052692">Home Premium</a> costs $9.99/family per month, or $99/family per year. There's also an <a href="http://office.microsoft.com/en-us/academic/?WT%2Emc_id=PS_google_O365Cons_office%20365%20home%20premium_Text&WT%2Eintid1=ODC_ENUS_FX101785584_XT104029222&WT%2Eintid2=ODC_ENUS_FX101785584_XT104051425">education edition</a> and <a href="http://office.microsoft.com/en-us/business/compare-office-365-for-business-plans-FX102918419.aspx">8 editions for business</a> offering different service levels for different business sizes. Even if you're already a Google Apps for Business user, here are a few reasons you might want to consider switching to Office 365: Better Software Is Office 365 actually better than Google Apps? I think so, although the difference is not profound in most cases. Neither online version has all the features and power of the full desktop Excel, but both probably offer enough for most users most of the time. Google Apps has improved greatly in recent years; the spreadsheet even now includes pivot table support. However, it didn't take me long to find Excel spreadsheets that wouldn't import into Google Apps. Microsoft's offerings include Sharepoint, Lync, and Exchange in the cloud. All of these services have vast third-party add-on and professional services ecosystems (yes, even Lync). And it doesn't stop at the cloud; one of the best things about Office 365 is that it has... Direct Support for Microsoft Office Desktop Software This might seem like an odd and anachronistic feature, but in fact it's a profoundly important one. Cloud versions of office productivity applications, whether from Microsoft or Google, are not as feature-rich as local desktop applications. And there are times when Internet connections are poor or unavailable (for example, on an airplane) and an offline model can be useful. The more expensive Office 365 versions, from Small Business Premium ($15.00/user per month or $150 annually) on up, include a subscription to the full desktop Office 2013 suite for each user. The less-expensive versions, including the non-premium Small Business, don't include subscriptions to Office, but they work with the copies you may already have. Microsoft says Office 2010 and 2007 work with Office 365, although with some unspecified reduced functionality. More Flexible Pricing Most of Microsoft's offerings are more expensive per user than Google's, but its features are more extensive. Microsoft's enterprise offerings include such advanced features as email archiving, ediscovery and site mailboxes. Training Except for Gmail, none of Google's apps are widely familiar to users. Microsoft Office is. It's much easier to find training materials and consulting services for Office. Better Service Level Agreements Both services have service level agreements (SLAs) that promise a percentage of uptime and credits if the guarantees are not met. For annual payment customers, <a href="http://www.google.com/apps/intl/en/terms/sla.html">Google's SLA</a> offers days of service added to the end of the service term ("You aren't satisfied with our service? Here, have some more!"). <a href="http://www.microsoft.com/en-us/download/details.aspx?id=18128">Microsoft's SLA</a>, on the other hand, actually credits fees back to the customer, and at a higher percentage than Google's. Both companies require the customer requesting credit to provide documentation. Google's Capricious Behavior Over the years -- especially in the last year -- Google has changed and dropped services, leaving users in the lurch. The discontinuation of Google Apps Standard (free) Edition is an example. Even grandfathered users of that service, and of the free Gmail service, recently lost the ability to create new Exchange ActiveSync connections to the account. That means if you get a new iPhone, in order to connect it to Gmail you need to use <a href="https://support.google.com/mail/answer/3008051"> IMAP for email, CalDAV for Calendar and CardDAV for contacts</a> -- and Google's implementations of these standards are inferior. For example, its CalDAV does not support inviting another user to a calendar event. If Google has made these changes, who's to say that the company won't discontinue or cripple some other service you rely on? Microsoft's record on maintaining old, obsolete, even problematic products and services (think Windows XP) is much better. There are some areas where both Google and Microsoft fall short. For example, consider cloud storage: Microsoft includes SkyDrive Pro and a whopping 7 GB per user with Office 365. That's a small step up from the 5 GB per user that Google Apps for Business customers get, and that is probably no coincidence. But in both cases, the storage is licensed and allocated per user -- neither Microsoft nor Google takes the obvious next step for an organizational subscription: To license storage as a pool that a company administrator can then allocate to each user. (Perhaps some other cloud storage company does this, but I couldn't find one. Since the technology behind it is quite established, I have to wonder if there's an economic reason for this.) There are also features where both services are essentially equivalent. But it's hard to think of a case where Office 365 offers less to a business user than Google Apps. That's why I made the switch, and it's why you might want to consider making it too. E2 is the only event of its kind, bringing together business and technology leaders across IT, marketing, and other lines of business looking for new ways to evolve their enterprise applications strategy and transform their organizations to achieve business value. Join us June 17-19 for three days of 40+ conference sessions and workshops across eight tracks and discover the latest insights in enterprise social software, big data and analytics, mobility, cloud, SaaS and APIs, UI/UX and more. <a href="http://www.e2conf.com/boston/?_mc=MP_BTMEDIWKAXE">Register for E2 Conference Boston today</a> and save $200 off Full Event Passes, $100 off Conference, or get a FREE Keynote + Expo Pass! 2013-04-16T10:30:00ZSmartphones With Physical KeyboardsDo you want a physical keyboard on your smartphone? Here we show you eight phones, including the new BlackBerry and many from other handset companies.http://www.informationweek.com/byte/personal-tech/smart-phones/smartphones-with-physical-keyboards/240152965?cid=RSSfeed_IWK_AuthorsThere was a time when all smartphones had hard keyboards. Then the iPhone came. It wasn't the first touch-screen smartphone, but it made it respectable, even fashionable, to use a smartphone with a soft keyboard. After a while, hard keyboards themselves, associated as they are with BlackBerry, seemed to symbolize the old way. But many users gave up their hard-keyboarded BlackBerrys with some reluctance. The soft keyboard basically worked, but clearly it wasn't as easy to use as the old, familiar BlackBerry hard keyboard. The reason users dropped their BlackBerrys for iPhones and Android phones — in spite of the inferior keyboards — was the much better software and the big touch screens. But hard keyboards never went away. Do you still want one? You have some options, which we will show in the pages that follow. Verizon Wireless offers the most options, followed by Sprint, but all the carriers have some sort of BlackBerry. There are a few phones here — the Samsung Replenish, Motorola Admiral, Pantech Marauder, and Motorola ES400S — that you may never have heard of. I know I never heard of them. They tend to be inexpensive and some are well behind the times in terms of features. But the deficiencies may not matter to you. <H1 style="text-align: center;">BlackBerry Q10</H1> The first, pictured here, is <a target="_blank" href="http://global.blackberry.com/smartphones/blackberry-q10.html">the BlackBerry Q10</a>. It's not available yet, but as we recently reported, <a href="http://www.informationweek.com/byte/personal-tech/smart-phones/blackberry-q10-the-keyboard-to-success/240152893">it will be available in a matter of weeks</a>. The Q10 runs the same BlackBerry 10 OS as the fully-touch BlackBerry Z10. The display is smaller than the Z10's. Too small? Too personal a decision for us to make. Wait till they're in stores and compare them side by side. In the meantime, below is a short demo of the Q10 and, below that, you can click on to other hard-keyboard phones that you can get today.  <script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script> <object id="myExperience2245661502001" class="BrightcoveExperience"> <param name="bgcolor" value="#FFFFFF" /> <param name="width" value="620" /> <param name="height" value="350" /> <param name="playerID" value="1773784400001" /> <param name="playerKey" value="AQ~~,AAAAAF14eAc~,GZC-YoxXnehlrluSeFegBx9a-oM9hSFf" /> <param name="isVid" value="true" /> <param name="isUI" value="true" /> <param name="dynamicStreaming" value="true" /> <param name="@videoPlayer" value="2245661502001" /> </object>  <script type="text/javascript">brightcove.createExperiences();</script>  Next Page: Samsung Galaxy Stratosphere II<H1 style="text-align: center;">Samsung Galaxy Stratosphere II</H1> The <a target="_blank" href="http://www.samsung.com/us/mobile/cell-phones/SCH-I405LKAVZW">Samsung Galaxy Stratosphere II</a> is available <a target="_blank" href="http://www.verizonwireless.com/b2c/store/controller?item=phoneFirst&action=viewPhoneDetail&selectedPhoneId=5963">only on Verizon Wireless</a>. It has a full touch screen and runs Android 2.3 (Gingerbread). Half the body slides out to expose a QWERTY keyboard. The keys bubble out and have some travel, but the fact that you have to have to physically open the keyboard can serve as a disincentive to its use. This is the case with some other phones in this collection. Contrast this with the BlackBerry-style keyboard, which not only is always available, it's the only keyboard to use. Next Page: Motorola Droid 4 <H1 style="text-align: center;">Motorola Droid 4</H1> <a target="_blank" href="http://www.motorola.com/us/consumers/DROID-4-by-Motorola/88569,en_US,pd.html">The Motorola Droid 4</a> is also available <a target="_blank" href="http://www.verizonwireless.com/b2c/store/controller?item=phoneFirst&action=viewPhoneDetail&selectedPhoneId=5845">only on Verizon Wireless</a>. Like the Samsung Stratosphere it has a body that opens to expose a full QWERTY keyboard. Unlike the Stratosphere, it runs a modern version of Android, specifically 4.1 (Jelly Bean). This is the fourth generation of Droid with a physical keyboard and Motorola has improved the keyboard with each step. The current keyboard is "edge-lit" meaning the edges of the keys are lit, making it far easier to type in dark conditions. Typing is also made easier because the phone itself is on the hefty side. <hr /><blockquote><a href="http://www.informationweek.com/byte/personal-tech/smart-phones/motorola-droid-4-an-office-in-your-pocke/232600815">BYTE recently reviewed the Motorola Droid 4. Click here to read that review.</a></blockquote><hr /> Next Page: The Old BlackBerrys: Curve and Bold<H1 style="text-align: center;">The Old BlackBerrys: Curve and Bold</H1> When BlackBerry recently announced its quarterly financial results the fact that it sold one million Z10 units in the first quarter got a lot of attention. But in that same quarter the company sold five million older BlackBerry units, almost all of them phones. In the popular imagination the old BlackBerry is as dead as <a target="_blank" href="http://en.wikipedia.org/wiki/Dodo">the dodo</a>, but in truth it's still a fairly big business. As email/calendar/PDA systems, the old BlackBerry models — the <a target="_blank" href="http://us.blackberry.com/smartphones/blackberry-curve.html?LID=us:bb:devices:blackberrycurve&LPOS=us:bb:devices#!family=Curve">Curve</a>, <a target="_blank" href="http://us.blackberry.com/smartphones/blackberry-torch-9810.htmlh">Torch 9810</a> and <a target="_blank" href="http://us.blackberry.com/smartphones/blackberry-bold.html?LID=us:bb:devices:blackberrybold&LPOS=us:bb:devices#!family=Bold">Bold</a> — are hard to beat. It's when it comes to all the other software that they fall well short. All the major carriers still carry older BlackBerry models and a very large percentage of large companies still support them internally. Depending on your needs, they could easily still be the best solution. But wait for the Q10 to be sure. Next Page: Samsung Replenish<H1 style="text-align: center;">Samsung Replenish</H1> <a target="_blank" href="http://www.samsung.com/us/mobile/cell-phones/SPH-M580ZKASPR">The Samsung Replenish</a> tries to use the basic BlackBerry design of an integrated keyboard always exposed below the screen — often called a "candy bar" design, but it attempts a little more style. The keyboard and case are available in Onyx Black, Arctic Blue and Raspberry Pink. But it's still just lipstick on a you-know-what. The phone is undersized for a physical keyboard. The screen is also tiny and several generations old. The phone is CDMA-only and <a target="_blank" href="http://shop.sprint.com/mysprint/shop/phone_details.jsp?prodId=dvc6470001prd&deviceSKUId=50300018&flow=AAL&planSKUId=null&tabId=dt_phones&ptn=">only available on Sprint</a> and runs Android 2.3 (Gingerbread). Don't be fooled by the pretty colors (or let your kid get fooled). There has to be a better option. Next Page: Motorola ADMIRAL <H1 style="text-align: center;">Motorola ADMIRAL</H1> <a target="_blank" href="http://www.motorola.com/us/consumers/MOTOROLA-ADMIRAL/73931,en_US,pd.html">The Motorola ADMIRAL</a>, available <a target="_blank" href="http://shop.sprint.com/mysprint/shop/phone_details.jsp;jsessionid=9C89EA50010807B36C7CF835726BFE02.shop78?prodId=dvc5790001prd&deviceSKUId=57900038&flow=AAL&planSKUId=&ptn=&tabId=dt_phones">only from Sprint</a>, also uses the classic BlackBerry candy bar design. Unlike the Samsung Replenish, you could easily mistake it for one at first glance. The technology is not as behind the times as the Replenish's, but it's far from top drawer. The screen is 3.1 inches (same size as the BlackBerry Q10). It only has 4GB of built-in storage, although it can take as much as 32GB of microSD, and it's running Android 2.3 (Gingerbread). Next Page: Pantech Marauder<H1 style="text-align: center;">Pantech Marauder</H1> The <a target="_blank" href="http://www.pantechusa.com/phones/marauder">Pantech Marauder</a>, available <a target="_blank" href="http://www.verizonwireless.com/b2c/device/smartphone/pantech-marauder">only from Verizon</a>, has a slide-out keyboard like the Stratosphere and Droid 4. Unlike some of the other lesser-known phones here, it supports LTE and runs Android 4.0 (Ice Cream Sandwich). Pantech and Verizon market the Marauder as a "first smartphone" and perhaps it's good for that. It's cheap: $349.99 retail, and free with a two-year activation, but it's also clearly less of a phone than some of the alternatives. You might want to look at the Droid 4 — also on Verizon Wireless — carefully. For $99 more it's a much better phone. Next Page: Motorola ES400S<H1 style="text-align: center;">Motorola ES400S</H1> <a target="_blank" href="http://www.motorola.com/Business/US-EN/Business+Product+and+Services/Mobile+Computers/Handheld+Computers/ES400_US-EN#">The Motorola ES400S</a>, available <a target="_blank" href="http://shop.sprint.com/mysprint/shop/phone_details.jsp?prodId=dvc2260006prd&deviceSKUId=63000145&flow=AAL&planSKUId=null&tabId=dt_phones&ptn=">only from Sprint</a>, is not a typical smartphone. It is designed for high-security environments such as certain military applications. It includes, for example, a finger-swipe biometric sensor. The hardware and software are almost laughably out of date: It runs Microsoft Windows Mobile 6.5.3 Professional — you read that correctly, not Windows Phone, but Windows Mobile, the operating system that was dropped by Microsoft years ago. The CPU is a very old ARM processor running at half the speed of typical current versions. The 3-inch display has puny resolution. The very fact that it's still on the market is an indication that it's still being bought, probably for applications for which no other phones meet requirements. But if you're one of the buyers of those phones you know this. For the rest of us, look at the ES400S and be amused, and then look on.2013-04-10T08:46:00ZHow To Bug Mitch McConnell's Office"Bugging" in the context of politics raises images of burglars messing with telephones and clunky tape recorders in the Oval Office. Now you'd just use malware.http://www.informationweek.com/byte/personal-tech/how-to-bug-mitch-mcconnells-office/240152599?cid=RSSfeed_IWK_Authors<a target="_blank" href="http://www.motherjones.com/politics/2013/04/mitch-mcconnell-ashley-judd-secret-tape-senate">A report in Mother Jones this week cites</a> a recording of Senate Minority Leader Mitch McConnell (R-Ky.) in his offices engaged in what he thought was a private conversation. Someone recorded the conversation and provided the recording to Mother Jones. Especially in the context of political figures our thinking about surveillance gets primitive. Indeed, even the title of the Mother Jones article exhibits this: "Secret Tape: McConnell and Aides Weighed Using Judd's Mental Health and Religion as Political Ammo". The emphasis on "Secret Tape" is mine, and I'm not going to get into the substance of the discussion in this commentary. Of course <a target="_blank" href="http://www.washingtonpost.com/politics/mcconnell-wants-fbi-probe-of-alleged-bugging-of-offices/2013/04/09/5e0769b2-a14e-11e2-82bc-511538ae90a4_story.html">McConnell wants the recording investigated by the FBI</a> and this is obviously reasonable, although it's not at all clear what laws were broken by Mother Jones or whoever created the recording. The term "bugging" in political context raises images of Watergate (for those of us old enough to remember it — I'm 51 and remember it clearly), with burglars breaking into a building and physically messing with telecommunications equipment, not to mention big clunky tape recorders in the Oval Office. <img alt="The sort of bugging equipment used in the Watergate break-in" title="The sort of bugging equipment used in the Watergate break-in" src="http://twimgs.com/informationweek/byte/commentary/2013-April/watergate-bugging-equipment.jpg" /><div style="margin:4px 0 0 0; padding:0; color:#009999; font-size:small; ;font-style: italic; text-align:right;">The sort of bugging equipment used in the Watergate break-in</div> Nowadays you'd do it completely differently. How would you record someone's conversations clandestinely? You'd use the powerful and flexible world of malicious software. Every computer and mobile device in that office where Senator McConnell was speaking is a potential clandestine recording device. A malicious program installed on any computer or phone or tablet in the office could turn on the microphone, record the contents and forward it on to the attacker, either through email or some cloud sharing service. It's not all that complicated. The program could also potentially record video, but this is more likely to be noticed because of the large volume of data involved. What's a little complicated is how you'd get the malicious software on the specific device. This would involve what we call a targeted attack against McConnell or his staff. I don't know exactly how it's done, but obviously it can be done. It's possible, through rigourous best practices, to prevent this sort of surveillance softwre from getting on your systems, but sadly it's common for people not to want the inconvenience attached to such security. By the way, just to clear things up, <a target="_blank" href="http://www.washingtonpost.com/blogs/plum-line/wp/2013/04/09/mitch-mcconnell-versus-mother-jones/">Mother Jones issued a statement</a> saying that they were not involved with the creation of the recording:<blockquote>As the story makes clear, we were recently provided the tape by a source who wished to remain anonymous. We were not involved in the making of the tape, but we published a story on the tape due to its obvious newsworthiness. It is our understanding that the tape was not the product of a Watergate-style bugging operation. We cannot comment beyond that.</blockquote> <img alt="" title="" src="http://twimgs.com/informationweek/byte/commentary/2013-April/mcconnell-bugs.jpg" />2013-04-08T09:48:00ZNokia Lumia 920 Run Over, But Still WorksA Nokia Lumia 920 Windows Phone got run over and buried by a 24-ton earth mover. The screen was cracked up and the frame bent, but it still worked!http://www.informationweek.com/byte/personal-tech/smart-phones/nokia-lumia-920-run-over-but-still-works/240152422?cid=RSSfeed_IWK_AuthorsThe Nokia Lumia 920, the flagship Windows 8 Phone, feels solid in your hand. But who knew it was this solid? <div style="margin:0; padding: 0 0 5px 5px; width:210px; float:right; text-align:center;"><a target="_blank" href="http://twimgs.com/informationweek/byte/news/2013-April/Nokia-Lumia-920-Crushed-On.jpg"><img alt="Nokia Lumia 200 crushed by earth mover but still works" title="Nokia Lumia 200 crushed by earth mover but still works" src="http://twimgs.com/informationweek/byte/news/2013-April/Nokia-Lumia-920-Crushed-On-200.jpg" hspace="0" vspace="0" border="0" /></a><div style="margin:4px 0 0 0; padding:0; color:#990000; font-weight:bold; font-size:small;">Click for larger image</div></div>Ilta-Sanomat (Finnish for the evening news according to Wikipedia) reports on the story of <a target="_blank" href="http://www.iltasanomat.fi/digi/art-1288553981742.html">a Nokia Lumia 920 Windows Phone, which got run over and buried by a 24-ton earth mover but still worked afterwards</a>. As you can see by the nearby photos, the phone did not escape unharmed, but when a worker lost the phone and called it, he heard a ringing below ground. Six men dug and found it about a half meter below ground. The frame was bent and the display fragmented, but the story says everything worked except for hanging up on calls. Hat tip to <a target="_blank" href="http://allthingsd.com/20130408/nokia-lumia-phone-gets-plowed-over-but-still-answers-the-call/">AllThingsD</a>.2013-04-03T08:02:00ZWindows 8.1 (Blue) is Incremental - That's a Good ThingWindows Blue, likely to be released as Windows 8.1, is not a major new version of Windows. It will focus on incremental improvements in the new Modern UI.http://www.informationweek.com/byte/personal-tech/windows-81-blue-is-incremental-thats-a/240152133?cid=RSSfeed_IWK_AuthorsMere months after the release of Windows 8, some are wondering where Windows 9 is already. Sorry folks, this isn't Google Chrome, which gives us eight or nine major version bumps a year. We've had eight major versions of Windows in over 27 years. It's going to take a while before version 9. But you can expect more incremental changes, especially in the new "Modern UI" formerly known as Metro, to come out at a more rapid pace. That's what Windows Blue appears to be: an incremental refresh of Windows 8. This interpretation is reinforced by a screen grab tweeted this morning: <a target="_blank" href="http://twimgs.com/informationweek/byte/commentary/2013-April/about-windows-8.1-blue.jpg"><img alt="" title="" src="http://twimgs.com/informationweek/byte/commentary/2013-April/about-windows-8.1-blue-short.jpg" /></a><div style="margin:4px 0 0 0; padding:0; color:#009999; font-size:small; ;font-style: italic; text-align:right;">Thanks to <a target="_blank" href="https://twitter.com/AngelWZR/status/319069728146612224">Roman L (@AngelWZR on Twitter)</a> for this image. Click to see the full dialog box.</div> The dialog box calls the new version Windows 8.1, and even that sounds generous to me, based on what we've seen so far. BYTE's Chris Spera described Blue as being <a href="http://www.informationweek.com/byte/windows-blues-got-me-down/240151927">disappointing for lacking the things he thinks Windows 8 needs</a>. I agree with him on some of those things, but I think it's fair and reasonable to expect Microsoft to put its efforts into fine-tuning the Modern UI. Hat tip to <a target="_blank" href="http://www.zdnet.com/microsofts-windows-blue-looks-to-be-named-windows-8-1-7000013391/ ">Mary Jo Foley on ZDNet.</a> Mary Jo says that Blue is expected to be released to manufacturing (what an antiquated term!) around August. Perhaps it can affect the back-to-school market. She adds that Microsoft sees it as a refresh of Windows 8; that the branding will remain "Windows 8" (although I'm sure techies can and will use the term 8.1). And don't be surprised if .1 Windows releases come more frequently than in the past. (I'm still hoping for an 8.5 that makes the desktop mode more Windows 7-like.) 2013-04-01T05:00:00ZiPad nano Fills Micro-Tablet Niche For AppleFormerly known as the "iPod Touch" Apple is recasting this product as an affordable, easy-to-handle micro tablet.http://www.informationweek.com/byte/personal-tech/ipad-nano-fills-micro-tablet-niche-for-a/240151987?cid=RSSfeed_IWK_AuthorsApple will release a new "micro tablet" soon called the iPad nano. Formerly known as the "iPod Touch" Apple is recasting this product as an affordable, easy-to-handle tablet. Philip Schiller, Apple's senior vice president of Worldwide Marketing described the new iPad nano as "...the thinnest, smallest iPad ever. It features a brilliant 4-inch Retina display; a 5 megapixel iSight camera with 1080p HD video recording; Apple's A5 chip; Siri, the intelligent assistant; and iOS 6, the world's most advanced mobile operating system." <img alt="iPad, iPad Mini, iPad nano (April Fools' Day)" title="iPad, iPad Mini, iPad Nano (April Fools' Day)" src="http://twimgs.com/informationweek/byte/news/2013-April/ipad-nano.jpg" /><div style="margin:4px 0 0 0; padding:0; color:#009999; font-size:small; ;font-style: italic; text-align:right;"></div> The iPad nano weighs in at a mere 88 grams (3.1 ounces). The device's height is 123.4mm (4.86 inches), width 58.6 mm (2.31 inches) and depth just 6.1 mm (0.24 inches). "It fits comfortably even in children's hands" says Schiller The iPad nano will be available through <a target="_blank" href="http://www.apple.com/">the Apple Online Store</a> for a suggested price of $299 (US) for the 32GB model and $399 for the 64GB model. "It's also an excellent music player" said Schiller, who added "don't believe everything you read.".2013-03-29T07:45:00ZGmail Users Cut Off in Windows 8The new Calendar and Contacts apps in Windows 8 will not synchronize with Google at all, and Google email is limited to IMAP from now on.http://www.informationweek.com/byte/personal-tech/mobile-applications/gmail-users-cut-off-in-windows-8/240151889?cid=RSSfeed_IWK_AuthorsGmail and Google Apps customers will have a severely-downgraded experience on Windows 8 thanks to a protocol spat between Microsoft and Google. This past December <a href="http://www.informationweek.com/byte/google-at-war-with-windows-8-phone/240145490">Google announced the sunset of support for a variety of interfaces to its email and other services</a>, including Microsoft Exchange ActiveSync (EAS). Google plans to continue support for existing connections established over EAS, but would no longer support new ones, unless the Google account was a paying Google Apps account, rather than a free Gmail account. The new version of Windows Mail released earlier this week supports only IMAP for Google accounts. The Calendar and Contacts apps do not support <a target="_blank" href="http://caldav.calconnect.org/">CalDAV</a> or <a target="_blank" href="http://carddav.calconnect.org/">CardDAV</a>, the open standards supported by Google for calendar and contacts synchronization. Therefore, the Windows 8 apps have no way of synching with Google. Microsoft hasn't said so, but I would expect similar updates for Windows Phone soon. Just to be clear about this, the new apps are locking out even the Google users for whom Google will still support EAS, as I discovered this week when I tried to set up a new Windows 8 tablet using my paid Google Apps domain: The new apps won't even try to set up EAS if the server domain is google.com. When I tried to set up my system for EAS I got an error: "This account can't be connected using ActiveSync," even when I knew I was using the correct values. I suspected that Microsoft was blacklisting google.com from all EAS and asked Microsoft. A Microsoft spokesperson replied:<blockquote>In light of Google's decision to change its support for EAS, we are now using IMAP for those customers that wish to connect their Gmail accounts. More information on how to synchronize Google services on your Windows or Windows RT device <a target="_blank" href="http://windows.microsoft.com/en-US/windows-8/use-google-windows-8-rt">is available here</a>.</blockquote>And it's even worse than it seems: Because contacts don't sync, the fact that you have IMAP email is of no value. An email program without contacts isn't very useful. Of course, going this far was not necessary. It should have been fairly easy for Microsoft to try the EAS connection and, if it failed, report an error. Perhaps they could even report an error that noted that Google had removed support for EAS for some of its accounts and directed the users to instructions. But doubtless many paying Google customers, free or otherwise, will want to use Windows 8. Google has made clear that it has no plans to write apps for Windows 8 (or Windows Phone), so Google users will be stuck using browser access to Google services. It's hard to read this as anything other than payback for Google's withdrawal of EAS support. Google's options are now to:<ol><li>Ride out the storm, perhaps hoping that users will choose Chromebooks instead (and not move to Outlook.com or other alternatives)</li><li>Reconsider its EAS policies (this would only make sense if Microsoft agreed to put EAS support for Google back in to the Windows 8 apps)</li><li>Write Windows 8 (and maybe Windows Phone) apps</li></ol>Microsoft, on the other hand, no doubt sees this as an opportunity to sell Office 365 and Outlook.com. What will Google do? What should it do? You tell me. My money says Google rides it out for a while and then "discovers" customer interest for Windows 8 versions of its apps. 2013-03-27T10:45:00ZBlackBerry Balance - The Real Reason To Buy ItBlackBerry 10 has features the company calls "BlackBerry Balance," to make both business and personal use work well and to protect each from the other.http://www.informationweek.com/byte/personal-tech/smart-phones/blackberry-balance-the-real-reason-to/240151827?cid=RSSfeed_IWK_Authors<a href="http://www.informationweek.com/byte/personal-tech/smart-phones/blackberry-z10-hands-on-first-impression/240150909">My recent first impressions story on the BlackBerry Z10</a> was typical of BlackBerry 10 reviews you'll see: I used the phone as a consumer user would — not as BlackBerry has designed it to be used by a business user. Many non-business users have BlackBerry phones, especially abroad, but in the U.S. what's left of it is basically a business phenomenon. Sure, there's music and a great camera and all that in the new BlackBerry 10 devices, but the point is to make it attractive to business users. BlackBerry doesn't stop there. <hr /><blockquote>InformationWeek's Fritz Nelson spent a week with a BlackBerry Z10. <a href="http://www.informationweek.com/mobility/smart-phones/blackberry-z10-my-first-week/240151664">Click here to find out if he's tossing his Galaxy S III for it.</a></blockquote><hr /> BlackBerry devices under management by a BES 10 get BlackBerry Balance, a separation of work and personal use of the phone. In the image on this page you can see the buttons with which to choose the Work or Personal "perimeters," as BlackBerry calls them. Somewhat faded below, you can see the apps from the Work perimeter. You are required to set a password for access to the Work perimeter and this may be different from the device password, allowing you to let someone use the Personal perimeter but not the Work one. Data in the Work perimeter is secured with 256-bit AES encryption. IT can set policies in the BES to prevent users from copying data between perimeters. I asked BlackBerry for access to an account managed by a BES 10 so that I could test Balance. A company official gave me access to an eval account that included email, calendar and other server facilities. One of the apps in the image is "BlackBerry World - Work." This is a company app store that IT can set up on the BES. Apps in that store can be secured using <a href="http://www.informationweek.com/byte/personal-tech/smart-phones/blackberry-can-set-emm-standard-with-bes/240149981">BlackBerry's Mobile Application Management facilities</a>. The apps listed here are not available to users in the Personal perimeter and vice versa. BlackBerry has announced that iOS and Android devices managed by a BES will get Balance and communications through their NOC, but it has not announced a date for this yet. This image shows the app listing for the Personal perimeter. These apps cannot see the files or email or any other sensitive data from the work perimeter so malicious apps and Web sites should not be able to affect them. The BlackBerry hub integrates both Work and Personal communications, but of course users need the Work password to gain access to the Work communications. Notice that both my personal and work email accounts are listed, as are BBM (BlackBerry Messenger Service), text messages and Facebook. Scrolled below your view are Twitter, LinkedIn, Visual Voice Mail and, of course, phone calls. (That's right, the BlackBerry Z10 is also a phone!) BlackBerry 10 also combines Personal and Work calendar events on the same calendar view. Users in the Work perimeter also have access inside the company firewall, so IT can also grant access to network file shares. Pictured is a file share maintained by BlackBerry on one of its servers. The files can be access by apps in the Work perimeter, including the Connect to Dropbox and Box apps BlackBerry included with the Work perimeter setup. Your IT staff can, of course, pick which apps are and are not included in the Work perimeter. By the same token, users may access Web sites inside the firewall when in the Work perimeter. 2013-03-25T11:03:00ZWindows Blue/9: No Desktop? No Way!Windows 9, code-named Windows Blue, focuses on the Metro interface. But will Microsoft ever actually remove the desktop? Absurd!http://www.informationweek.com/byte/personal-tech/windows-blue9-no-desktop-no-way/240151632?cid=RSSfeed_IWK_AuthorsThere was a flurry of blogosphere action over the weekend related to a leaked version of a future Windows build. It's code-named Windows Blue and for obvious reasons some are calling it Windows 9, but who knows what it really is. I recommend <a target="_blank" href="http://www.youtube.com/watch?v=KAxXX0m-P_0&feature=youtu.be">the excellent video put up by WinBeta</a> for a tour. The focus seems to be all on the new Windows interface (what everyone but Microsoft calls Metro). There are new tile sizes, new gestures, and a new ability to "snap" more than one app together on the desktop, as shown here: <a target="_blank" href="http://twimgs.com/informationweek/byte/commentary/2013-March/Windows-9-Blue-side-by-side.jpg"><img alt="Windows 9 (Blue) apps side-by-side" title="Windows 9 (Blue) apps side-by-side" src="http://twimgs.com/informationweek/byte/commentary/2013-March/Windows-9-Blue-side-by-side-452.jpg" /></a><div style="margin:4px 0 0 0; padding:0; color:#009999; font-size:small; ;font-style: italic; text-align:right;">Windows 9 (Blue) apps side-by-side. Click for larger image. (courtesy <a target="_blank" href="http://www.youtube.com/watch?v=KAxXX0m-P_0&feature=youtu.be">WinBeta</a>)</div> What got me mad enough to write this column was the assertion by some (mostly <a target="_blank" href="http://winsupersite.com/windows-8/virtual-hands-windows-8-blue-build-9364">Paul Thurott</a>) that, as Paul puts it:<blockquote>All the action in this build is in PC settings, and if you were looking for any further proof the desktop being eased out going forward, look no further than this. As noted in the previous report, there are a ton of new settings in there now, including many items that were previously only available in the desktop-based Control Panel interface. This is clearly an indication of how we get from here (Windows 8) to there (Windows 9, with potentially no desktop).</blockquote> Easing out the desktop? Can anyone actually believe this? Earth to Paul: The Windows desktop is a major strength of the operating system, *especially* as compared to the competition. There is an ocean of expertise and customized software out there on the Windows desktop, and Microsoft would never alienate these people. As it happens, these people are concentrated in the large enterprises on which Microsoft depends for the lion's share of their immense revenues. In fact, what really makes Windows 8/Metro stand out is that it works side-by-side with the desktop mode. The right strategy should be to expand their ability to work together, for instance by letting Metro apps work on the desktop. And, as I've said before, <a href="http://www.informationweek.com/byte/personal-tech/desktop-operating-systems/what-windows-81-must-be/240143750">Microsoft needs to stop hiding the desktop in Windows 8 and make it more like the Windows 7 interface</a>. <a target="_blank" href="http://twimgs.com/informationweek/byte/commentary/2013-March/Windows-9-Blue-desktop.jpg"><img alt="Windows 9 (Blue) Start page" title="Windows 9 (Blue) Start page" src="http://twimgs.com/informationweek/byte/commentary/2013-March/Windows-9-Blue-desktop-452.jpg" /></a><div style="margin:4px 0 0 0; padding:0; color:#009999; font-size:small; ;font-style: italic; text-align:right;">The Windows 9 (Blue) Start page. (Click for larger version)</div> Overall I'm underwhelmed by what I see in Blue, but it's basically a leak of a pre-alpha version, so I wouldn't expect much at this point. Is it just flashy stuff in the Metro UI? My respected former colleague Joe Wilcox at Betanews thinks <a target="_blank" href="http://betanews.com/2013/03/24/code-red-windows-blue-leaks/">it's all about the bling</a>. "Perception is everything" Joe says, and actual utility is less important in the market now, including the stock market, than the perception that Microsoft is turning Windows into a modern OS that can compete with Apple and Google. I'd hate for this to be true, but it might be. But even if the highest priority is to improve the Metro interface, that's not a reason to abandon the desktop interface. A strong desktop *and* a strong touch interface are the magic combination. Without the desktop, Windows is just another touch OS.2013-03-19T07:30:00ZSamsung? BlackBerry? Who Will Win the Containerization Wars?MAM (Mobile Application Management) wraps apps in a management code shell or container in order to secure them. Will one container standard beat out the others?http://www.informationweek.com/byte/personal-tech/mobile-applications/samsung-blackberry-who-will-win-the-cont/240151082?cid=RSSfeed_IWK_AuthorsMDM (mobile device management) has become a commodity technology over the years. It is also embarrassingly limited in its ability to secure devices and data on those devices. But it is, ironically, standardized by the rigid definition of what Apple will support. So when security companies like Apperian develop <a target="_blank" href="http://www.apperian.com/get-started/mobile-application-management-software/">their MAM (mobile application management) solutions</a> to advance security beyond what Apple does, things can get messy. <img src="http://twimgs.com/informationweek/byte/commentary/2013-March/apps.jpg" /> The main technique in MAM is containerization or wrapping: The management system takes an app and "wraps" it inside a shell of code through which all access to the app must pass. This container (or "wrapper") is a management point: It implements policy as set by the MAM system. Examples of policies that Apperian's EASE can impose as policies on an app include:<ul><li>A per-app passphrase</li><li>Strong encryption of all data stored</li><li>Secure copy/paste</li><li>A per-app VPN tunnel to the enterprise</li></ul> Many other companies implement similar sets of features in their MAM products. Some big names are getting into this business, including <a href="http://www.informationweek.com/byte/personal-tech/smart-phones/blackberry-can-set-emm-standard-with-bes/240149981">BlackBerry with BES 10</a> and <a href="http://www.informationweek.com/byte/personal-tech/mobile-applications/samsung-knox-raises-android-security-gam/240150413">Samsung with Knox</a>. But there is no standard for the feature set and there is no binary standard for the container code, so there is no interoperability. <hr /><blockquote style="font-size: large; ">Join us at Interop Las Vegas where <a target="_blank" href="http://www.interop.com/lasvegas/conference/mobility.php">the mobility track</a> will explore best practices for management of mobile computing today and what's coming in the future. <a href="http://www.interop.com/lasvegas/?_mc=MP_BTMEDNWCAXE" style="padding: 0px; margin: 0px; text-decoration: underline; color: rgb(0, 59, 176);">Register today!</a></blockquote><hr /> Of course, the MAM companies don't necessarily want interoperability, but if there was, then the development tools for secured apps and the management systems for them could be separate. More importantly, secured versions of apps could be deployed through the app stores. For now they must be deployed through an enterprise app store -- a feature often sold separately. At one point an MAM vendor suggested to me that certain large volume apps, <a target="_blank" href="https://www.box.com/">Box</a> for instance, would start to distribute versions of their apps wrapped with that MAM vendor's container in the app store. This would greatly ease the deployment of these apps and be a good deal for the MAM vendor as well. But what about all the other container systems? If there are 20 of them (I don't know about that number but it's possible) are app vendors supposed to maintain 20 versions in the app store? [Update: I've just been reminded of the <a target="_blank" href="http://www.symantec.com/sealed-program">Symantec Sealed program</a> which is a program to do pretty much what I propose in this column, albeit with Symantec's MAM implementation (<a target="_blank" href="http://www.symantec.com/app-center-enterprise-edition">Symantec App Center</a>). In fact, I believe it was Symantec who was the vendor I mentioned in the article as suggesting to me that they would do this.] So where this idea is going is that it would be good for there to be a containerization standard. A manifest could define which APIs are supported, the secured version could be distributed through the app store — perhaps it would be the only version distributed — and dev tools, management systems and enterprise app stores could compete based on their own merits. Of course, for the most part the same companies sell these tools together so they don't have much of an interest in dividing them up. But Samsung and BlackBerry — and maybe even Apple — could change this. BlackBerry does sell BES, but it has shown an interest in opening its APIs before and currently its interest lies in spreading the use of its technology by any means necessary. Samsung is already working with third-party MAM companies to support Knox. Apple is nowhere in all this, but could help itself a lot by advancing the standard for security of app management. Mobile security is a messy phenomenon evolving as you read this through the market. The market is still structured not necessarily to the advantage of the customer, but it's inevitable that it will end up that way, because in the end customers will demand it. That's why I don't think the chaos of multiple container formats will last.2013-03-18T09:00:00ZBlackBerry Z10 Hands-On: First ImpressionsThe most amazing thing at first about the BlackBerry Z10 is the intelligent, predictive soft keyboard.http://www.informationweek.com/byte/personal-tech/smart-phones/blackberry-z10-hands-on-first-impression/240150909?cid=RSSfeed_IWK_AuthorsI haven't had long with my BlackBerry Z10, but it has made a good first impression. Not a perfect impression, but there's at least one feature I downright love — the keyboard. But there's a lot more that's new. The Z10 and the Q10 (a model with the famous BlackBerry physical keyboard, not yet available) are important phones. After years of market decline and substantial delays in this new generation, the fate of the company probably rests on how these specific phones are received. BlackBerry, formerly known as RIM, has been reporting enthusiastic reception among customers but, honestly, what would you expect them to say? I do believe that enterprise IT will be enthusiastic about BlackBerry 10 <a target="_blank" href="http://www.informationweek.com/byte/personal-tech/smart-phones/blackberry-can-set-emm-standard-with-bes/240149981">for reasons I've gone into in detail previously.</a> The physical characteristics of the phone itself (more about these in a subsequent image) are good, not outstanding. It's a bit on the physically large size: a bit taller, wider and thicker than the iPhone 5. It's a bit heavier too, but far from <a target="_blank" href="http://www.informationweek.com/byte/personal-tech/smart-phones/lumia-920-nokia-microsoft-finally-bring/240006902">the heaviest phone I've tested recently</a>. The Z10 is very close to the dimensions and weight of the Samsung Galaxy S III and that phone has been well-received. It's the software that makes the BlackBerry different. A big part of that is the keyboard, but pictured here is the BlackBerry Hub, a messaging/notification center that consolidates just about anything of interest: emails, hardware and OS notifications like software updates, SMS/MMS text messages, BlackBerry Messenger (BBM) messages, updates from Twitter, LinkedIn, Facebook and, of course, phone calls. You can, from any app, "peek" into the Hub, overlaying it partly on the current app, to see if there's anything worth pursuing. This is one of the features that strikes me as likely to enhance productivity of users who become proficient with the phone, relative to expert users of other phone operating systems. Other BB10 features are aimed at productivity. The interface is heavily gesture-oriented and you *need* to internalize these gestures in order to use the device effectively. You need to know when to swipe up from the bottom and then right, or swipe down from the top. Once you learn these, everything is easy. Before you learn them, everything is confusing. Like Windows 8, BlackBerry 10 may suffer from a confused first impression by those who don't spend a few minutes learning some key interface techniques. I haven't yet had a chance to test what I believe to be the most significant feature of BlackBerry 10: Balance. Balance is a software segregation of business and work functions. The idea is to protect both. Users don't want IT administrators nosing around in and possibly wiping their personal data or telling them what apps they can and can't run. Administrators don't want to be doing those things either, but they do have to protect the company apps and data from compromise. Balance keeps the two separate. In a subsequent story I'll describe test results of it.The well-designed physical keyboard is probably what most users of older BlackBerries love about the devices, so when they went soft in BB10 BlackBerry knew it had to do a good job. I think the company did very well. As you type a word, the OS predicts what you intend to type and mixes suggestions into the keyboard as pictured here. You may then "flick" the suggestion up and it will show up in the field where you are typing. I've been using the phone less than a day and I'm definitely getting used to looking for the suggestions and flicking. It works. Other soft keyboards, especially the iOS keyboard, seem weak by comparison, although there are many 3rd party keyboards for Android which bring innovation like the BlackBerry soft keyboard. It's not perfect. Perhaps it's early still, but so far in my experience, there are times when the predictions could be smarter. For instance, I've typed in my email address a dozen times already. You'd think that in an email field the software would know to suggest that one, especially after I start typing my name. Perhaps this will come in a software update. The rear of the device has a rubberized, grainy feel that's easy to grip. The BB design is also an NFC antenna. The 4 sides of the BlackBerry Z10. On the bottom of the device you can see an opening you can use to remove the back cover. Under the back cover are the removable battery, SIM card and Micro SD slots. On top is the power/standby button and headphone jack. On the left side as you face the phone are microHDMI and MicroUSB ports. On the right side are the volume rockers and, between them, the play/pause/voice command button. One minor peeve I have with BB10 so far is that in short order I've had 2 large OS updates. The first, part of my out-of-box experience, was about 150 MB. Then about 36 hours later another came along 3 times that size. Good thing I had Wi-Fi. It's a new operating system and I know that I need to let the company update it, but the update process was lengthy. The first one took almost an hour of download and install time. I let the second one run overnight.2013-03-13T08:30:00ZDropbox 2.0.0 Pretties Up the MenuThe best part of the Dropbox cloud storage service is their easy-to-use software. Version 2.0 makes it even easier.http://www.informationweek.com/byte/personal-tech/storage-memory/dropbox-200-pretties-up-the-menu/240150665?cid=RSSfeed_IWK_Authors<a target="_blank" href="https://www.dropbox.com/install">Dropbox 2.0.0</a> on Mac, Windows and Linux. We tested the new version on both Mac and Windows and the differences aren't all that major. But they are nice. <center><img alt="Dropbox 2.0.0 Mac menu" title="Dropbox 2.0.0 Mac menu" src="http://twimgs.com/informationweek/byte/reviews/2013-March/Dropbox-2.0.0/Dropbox-2.0.0-Mac.jpg" /><div style="margin:4px 0 0 0; padding:0; color:#009999; font-size:small; ;font-style: italic; text-align:right;">The Dropbox 2.0.0 menu on Mac</div></center> See the image above. That's the drop-down menu on Mac OS from the Dropbox 2.0.0 icon at the top of the screen. As you can see, notifications come directly into the menu, although we still got the bubble notifications from the system when we weren't in the menu. You can share files directly from this menu and open files and folders. <div style="margin:0; padding: 0 0 5px 5px; width:260px; float:right; text-align:center;"><img alt="Dropbox 2.0.0 Windows menu" title="Dropbox 2.0.0 Windows menu" src="http://twimgs.com/informationweek/byte/reviews/2013-March/Dropbox-2.0.0/Dropbox-2.0.0-windows-250.jpg" alt="same as caption" hspace="0" vspace="0" border="0" /><div style="margin:4px 0 0 0; padding:0; color:#009999; font-size:small; ;font-style: italic; text-align:right;">Dropbox 2.0.0 Windows menu</div></div>The menu shows what files have changed recently. That's pretty much all she wrote. <a target="_blank" href="https://blog.dropbox.com/2013/03/discover-the-new-dropbox-menu-on-your-computer/">As the Dropbox Blog explains</a>, the changes are only what you see in the new menu. It's just as well because the easy-to-use and powerful software is what makes Dropbox so popular. It has many competitors, some from huge and powerful companies like Google and Microsoft, but "Dropbox" is almost synonymous now with consumer cloud storage. When we went to download the Windows version we encountered a bug on the Dropbox site: The link to download Dropbox 2.0.0 downloaded an earlier version, 1.6.16. It will likely be fixed by the time you read this. You can download any of the new versions directly from these links:<ul><li>Windows: <a href="https://dl-web.dropbox.com/u/17/Dropbox%202.0.0.exe">https://dl-web.dropbox.com/u/17/Dropbox%202.0.0.exe</a></li> <li>Mac OS X: <a href="https://dl-web.dropbox.com/u/17/Dropbox%202.0.0.dmg">https://dl-web.dropbox.com/u/17/Dropbox%202.0.0.dmg</a></li> <li>Linux x86_64: <a href="https://dl-web.dropbox.com/u/17/dropbox-lnx.x86_64-2.0.0.tar.gz">https://dl-web.dropbox.com/u/17/dropbox-lnx.x86_64-2.0.0.tar.gz</a></li> <li>Linux x86: <a href="https://dl-web.dropbox.com/u/17/dropbox-lnx.x86-2.0.0.tar.gz">https://dl-web.dropbox.com/u/17/dropbox-lnx.x86-2.0.0.tar.gz</a></li></ul>2013-03-12T08:00:00ZMicrosoft Reverses Course on IE10 Flash SupportInternet Explorer 10 in Windows 8 and RT previously used a whitelist to gate Adobe Flash content, but now it uses a black list.http://www.informationweek.com/byte/personal-tech/microsoft-reverses-course-on-ie10-flash/240150556?cid=RSSfeed_IWK_AuthorsA major policy change by Microsoft will affect the user experience for Internet Explorer 10 users on Windows RT and Windows 8. The policy goes into effect today. As explained in a developer guidance document — <a target="_blank" href="http://msdn.microsoft.com/en-us/library/ie/jj193557%28v=vs.85%29.aspx">Developer guidance for websites with content for Adobe Flash Player in Windows 8 (Internet Explorer)</a> — and <a target="_blank" href="http://blogs.msdn.com/b/ie/archive/2013/03/11/flash-in-windows-8.aspx">an accompanying blog post</a>, IE10 on Windows RT and on Windows 8 in the new Windows user interface will now allow all Adobe Flash content other than that on a Microsoft-curated blacklist, the Compatibility View list. <img src="http://twimgs.com/informationweek/byte/news/2013-March/ie10-metro.jpg" /> Previously, Microsoft used a whitelist approach to Flash support in IE10 — only sites on a Microsoft-curated whitelist were allowed to run Flash content. The restriction was put in place so as to allow only sites that worked properly in a touch environment and did not suffer certain battery-draining problems. According to Microsoft the change will only be implemented on systems where IE10, which integrates the Flash Player much as Google Chrome does, is fully patched. IE10 on Windows 8 in desktop mode is not restricted by either list. Microsoft's explanation for the change is that "...we have seen through testing over the past several months, the vast majority of sites with Flash content are now compatible with the Windows experience for touch, performance, and battery life." The whitelisting experience was confusing both developers and users. The new approach should make it far more common for IE10 users to see the content they expect on the web. By the same token, the blacklist approach might create embarrassment for sites that are publicly labeled by Microsoft as unready for the experience. Perhaps Microsoft hopes this will spur them to address problems more promptly. Whitelists are preferred in theory for security reasons because they allow curators of the list to maintain tight control of what will run. Blacklists put the onus on curators of knowing what content, of all out there on the web, is problematic. Hat tip to <a target="_blank" href="http://www.zdnet.com/microsoft-changes-default-flash-behavior-in-windows-8-and-rt-7000012418/">Ed Bott on ZDNet</a>. 2013-03-11T08:15:00ZSamsung Knox Raises Android Security GameSamsung SAFE now has Knox, EMM functions like MAM and personal/business partitioning putting their devices on par with the standard set by BlackBerry BES 10http://www.informationweek.com/byte/personal-tech/mobile-applications/samsung-knox-raises-android-security-gam/240150413?cid=RSSfeed_IWK_AuthorsThe handset makers are making a play to standardize management and security of their devices in enterprises and especially in BYOD scenarios. Well, some of them are making more of a play than others. The first big example we got of this was BlackBerry and BES 10. <a href="http://www.informationweek.com/byte/personal-tech/smart-phones/blackberry-can-set-emm-standard-with-bes/240149981">As I explained last week</a>, BES 10 includes some of the new techniques of EMM (Enterprise Mobility Management) such as MAM (Mobile Application Management) and a separation of user and business personalities. These are emerging as the two key technologies in the next generation of mobile device management. <hr /><blockquote style="font-size: large; ">Join us at Interop Las Vegas where <a target="_blank" href="http://www.interop.com/lasvegas/conference/mobility.php">the mobility track</a> will explore best practices for management of mobile computing today and what's coming in the future. <a href="http://www.interop.com/lasvegas/?_mc=MP_BTMEDNWCAXE" style="padding: 0px; margin: 0px; text-decoration: underline; color: rgb(0, 59, 176);">Register today!</a></blockquote><hr /> Now Samsung has announced similar capabilities for its phones called <a target="_blank" href="http://www.samsung.com/global/business/mobile/samsungknox/index.html">Samsung Knox</a> &#151. It's not an acronym, I guess it's an allusion to <a target="_blank" href="http://www.knox.army.mil/">Fort Knox</a> (where, since 1937, the Treasury Department has stored the highly-secure <a target="_blank" href="http://en.wikipedia.org/wiki/United_States_Bullion_Depository">United States Bullion Depository</a>). There's more to Knox than MAM and personal/user "partitioning," as they call it, but I think these are the most appealing. With MAM the company either compiles management hooks into the program or, in the case of third party programs, installs a "wrapper" program around it that provides management. This allows administrators to set policy for the use of program: for instance, they may say that it can only read from or write to certain locations, that it only communicate over SSL, or that it not put unencrypted data on the clipboard. One common MAM feature is the ability to create a custom VPN session just for that instance of the program. The user/personal separation addresses the core problem created by BYOD: Neither users nor administrators want administrators to have control over personal user data. BlackBerry refers to the separate personal and business uses of its phones as personalities and Samsung calls them partitions. The division is baked into the operating system, so administrators not only can ignore personal data and programs, they actually have no access to it. The remote wipe becomes a wipe not of the whole phone, but of the business personality/partition. One big difference between the BlackBerry and Samsung approaches is that BlackBerry is pushing BES 10 as a cross-platform management tool: You can use it to manage iOS and Android devices as well as its own BlackBerry phones. Superficially, SAFE is an open standard that other Android handset makers, perhaps even Google itself, could incorporate into its products, but fat chance of that. The truth is that Samsung is ascendant and BlackBerry needs to accommodate users of its competitors' products. <a target="_blank" href="http://twimgs.com/informationweek/byte/commentary/2012-March/Samsung-Knox.jpg"><img src="http://twimgs.com/informationweek/byte/commentary/2012-March/Samsung-Knox-452.jpg" /></a><div style="margin:4px 0 0 0; padding:0; color:#009999; font-size:small; ;font-style: italic; text-align:right;">Samsung Knox creates partitions between personal and business use and protects one from the other.(Click for larger image)</div> It's more complicated than that. Like the MDM APIs of old, Knox and Samsung's earlier <a target="_blank" href="http://www.samsung.com/us/business/samsung-for-enterprise/index.html">SAFE (Samsung For Enterprise)</a> APIs, the interfaces are open for third-party management platforms to access. Indeed, my briefing on Knox came not from Samsung but from AirWatch, which <a target="_blank" href="http://www.air-watch.com/company/news-room/press-releases/2013/02/airwatch-integrates-with-samsung-knox">announced its support for Knox</a> as Samsung announced it at the recent Mobile World Congress. Other independent mobile security vendors have support for SAFE and will likely support Knox, whereas companies need a BES to support BlackBerry devices. Of course, it's more complicated than that too, as BES also provides a secure communications channel for BlackBerry and, eventually, third party devices. Knox is in beta. AirWatch, incidentally, says that it implements the most SAFE APIs of any mobile security vendor. There may be some limitations in the partitioning that are a bit disappointing. For instance, ideally I would want the two personalities to have different phone numbers and accounts. This requires that the phone have two NAMs (Number Assignment Modules) and probably two SIM cards. There are phones like this and I have seen a business/personal virtualization scheme using the two numbers demonstrated by Cellrox. <a href="http://www.informationweek.com/byte/personal-tech/smart-phones/virtualization-is-future-of-mobile-devic/240001081">Click here to read about that and see a video of it.</a> So it can be done, but it's not clear if either BlackBerry or Samsung are supporting it. Neither demoed it. I asked an Airwatch spokesperson to try, on their Knox phone, to make a phone call in one personality and then switch to the other personality. The phone call persisted. Whether this is correct behavior is unclear to me. There are probably arguments on both sides. It's pretty obvious that Knox will be supported in the Galaxy S IV, which will be announced this week in New York. Will it add support into older phones, such as the very popular Galaxy S III? No word on that yet. So both BlackBerry and Samsung are advancing security for their customers. What about Microsoft and Apple, the other big mobile OS companies? Microsoft's APIs and products (basically Intune and System Center) are quite conventional, but Apple doesn't even try. Many years ago it released an MDM API that it cloned from BlackBerry. Apple's locked-down app-deployment process means that many security products are not possible for instance, the business/personal division is basically impossible on iOS although it has also prevented the development of any malware of note. I suggest that in the long term, companies like BlackBerry and Samsung that help the customer to better manage their devices, will be more appealing to enterprises. 2013-03-05T08:30:00ZBlackBerry Can Set EMM Standard With BES 10The need for the BlackBerry Enterprise Server that's still in almost all large organizations has been declining, but BES 10 changes everything. Instead of being a legacy server to manage legacy phones, BES 10 can be the cental console for managing all mobile devices.http://www.informationweek.com/byte/personal-tech/smart-phones/blackberry-can-set-emm-standard-with-bes/240149981?cid=RSSfeed_IWK_AuthorsMany have written off BlackBerry, the company formerly known as RIM, but it was always too soon to do that. Now that the BlackBerry 10 strategy is out for the world to see, it's not at all hard to see the phone maker surviving and succeeding. In fact, it may end up leading the industry again. I'll ignore the innovative user experience on the new BlackBerry 10 phones for now and focus on an area where BlackBerry long set the standard for the industry: a secure management back-end. Ninety percent of the Fortune 500 and a very high percentage of other large companies have a <a target="_blank" href="http://us.blackberry.com/business/software/bes.html">BES (BlackBerry Enterprise Server)</a>. It was BES that brought us what later became known generically as MDM or Mobile Device Management and features like remote wipe, without which businesses might not have allowed mobile devices on their networks. BlackBerry offers another significant benefit to companies: All traffic from BlackBerry devices goes encrypted to the BlackBerry NOCs (Network Operations Centers) from where it goes to a company's (or ISP's) BES. This arrangement also provides for emails, contacts, task entries, memopad entries and calendar entries to be pushed actively out to the user rather than to wait for the user's device to initiate a synch operation. As everyone knows though, in spite of these benefits, in 2013 few enterprises are dominated by BlackBerry phones. Certainly few new orders are being taken for those phones. Consequently, these enterprises are filled with iPhones, iPads and, to a lesser degree, Android devices. An industry has developed to offer management products and services for these devices with notable names like MobileIron, SOTI and AirWatch. <img src="http://twimgs.com/informationweek/byte/commentary/2013-March/BES-BlackBerry-Enterprise-Server-10-Features.jpg" /><div style="margin:4px 0 0 0; padding:0; color:#009999; font-size:small; ;font-style: italic; text-align:right;">BlackBerry Enterprise Service 10 has extensive support for managing iOS and Android devices. <a target="_blank" href="http://us.blackberry.com/content/dam/blackBerry/pdf/BlackBerry_Enterprise_Service_10_Datasheet.pdf">Click here for the BES 10 datasheet with more details.</a></div> Now, to that list, add BlackBerry.<a target="_blank" href="http://us.blackberry.com/content/dam/blackBerry/pdf/BlackBerry_Enterprise_Service_10_Datasheet.pdf">BES 10</a> manages iOS and Android devices just as it manages BlackBerries. It doesn't stop there: It's not in the current release, but BlackBerry says it will deliver the same secure communication architecture through the BlackBerry NOC for iOS and Android devices as for BlackBerry devices. They will get the same push email and other services. For BlackBerry devices now, BES 10 goes much further than the MDM the company created many years ago to manage devices. In the last several years many companies have created various techniques to strengthen the management of mobile devices, their users, data and applications. The biggest part of these techniques is MAM (Mobile Application Management) and <a href="http://www.informationweek.com/byte/personal-tech/mobile-applications/interop-mdm-is-dead-long-live-emm/240008495">collectively they are all known as EMM (Enterprise Mobility Management)</a>. EMM, as I said, is a name for a loose collection of techniques designed to go beyond simple, coarse device management. Users hate MDM, especially in a BYOD environment. It allows nay, mandates! that IT administer both the business and personal content on the phone. IT may find it necessary to wipe the device, and this will wipe everything, including the pictures of your kids. (Parenthetically, this is another reason you should always back up personal data to some cloud service.) There's no clear definition of what services EMM provides and how, nor is there even a clear industry-wide vocabulary for it. But BES 10 has a definition of its features. What makes them different from Apperian, Zenprise or Good Technology, all of which make products that advance the capabilities of managing applications and data on mobile devices? The answer is that a very high percentage of large organizations already have a BES on their network. True, the need for the BES on those networks has been declining as users move away from their BlackBerry devices, but the BES is still there and working. If the move up to BES 10 isn't too hard to do, it can solve a lot of problems for IT. The BES can manage all of their iOS and Android devices and make them more secure in the process. BlackBerry tells me they think they have the best implementation of MAM for third-party devices available. Deploying a secured app is as easy as checking a box in BES 10 admin before deploying the app. BES 10 also provides the corporate app store capabilities that large companies need, showing users under management only apps published by the company or those whitelisted by IT in the BlackBerry World store. On the personal side of balance, users have full access to the BlackBerry World store.In all fairness, it BES 10's management capabilities for iOS and especially Android, are weak compared to what it can do with BlackBerry 10 devices. It's tempting to think that this is part of the plan to sell BlackBerry devices (and perhaps it could work), but I don't think this is the case. For now, BES 10 provides for iOS and Android what management capabilities the devices have by default. With BES 10 and BlackBerry 10 you get a device on which work data and applications are managed tightly, but personal data and applications are not even accessible to IT. Users can be blocked from copying data from the personal space to the work space. These capabilities, which the company calls BlackBerry Balance, are the dream scenario for BYOD. But BES 10 will provide MAM to iOS and Android apps once again, this is not delivered yet and BlackBerry is not providing a date, but is promising this support. It involves wrapping apps that BES deploys to the device in a management layer that controls data going into or coming out of them. I'm not sure exactly what capabilities BlackBerry enables, but other MAM providers allow for custom authentication, app-specific VPN, logging and other tracking. It's hard to see how it could provide the full Balance experience to Android and, especially, to iOS users. But BES programming interfaces are also open so third parties can create new management systems to allow BES 10 to manage other types of devices. For instance -- not that this is happening -- but Microsoft could create a program to plug into BES 10 so that it could be used to manage Windows Phones. Clearly BlackBerry wants to sell BES 10 hard, especially into all those organizations that already have an older BES. BES 10 itself costs nothing, either for a hosted service or the server software that you install on your own premise hardware. The cost is in the CALs per mobile device, which cost north of $90 per for BlackBerry, iOS or Android, and the old CALs from older BES versions don't transfer to BES 10. But for this year, as part of <a target="_blank" href="http://us.blackberry.com/business/blackberry-10-ready.html">the BlackBerry 10 Ready Program</a>, the company is offering <a target="_blank" href="http://us.blackberry.com/business/blackberry-10-ready/bes-license-trade-up.html?IID=us:bb:desktop:Business:BlackBerry10Ready:tradein">a free swap of old BlackBerry device CALs for BlackBerry 10 CALs on BES 10</a>. There is one other serious attempt to standardize mobile management: <a target="_blank" href="http://www.samsung.com/us/business/samsung-for-enterprise/index.html">SAFE (Samsung Approved For Enterprise)</a>. The idea of SAFE is to create standardized management interfaces in the device for management systems, and several companies, including AirWatch and SOTI, have announced such support. The interfaces supported in SAFE (http://www.samsung.com/us/business/samsung-for-enterprise/downloads/SAFE_Brochure_Updated_1012.pdf) are a lot more than simple MDM, but not a whole lot more and certainly far short of EMM. Pete Devenyi, senior vice president, Enterprise Software at BlackBerry, told me that they don't have a "BlackBerry first and then all the others" strategy; their goal is for BES to take full advantage of the management interfaces that they can. On iOS the capabilities are limited by Apple, but for Android if BlackBerry is serious about making BES 10 the leading EMM management system they'll commit to support SAFE and to be competitive with the MobileIrons and AirWatches of the world. Here's my prediction: BlackBerry has been on tour showing the new phones and BES 10 to IT people around the world. A lot of those IT people have older BlackBerries. Expect them to set up BES 10, trade up their phones and CALs to version 10 and then become the evangelists for BlackBerry 10 in the rest of the company. It might work, it might not, but it's a reasonable strategy.2013-03-02T11:57:00ZEvernote Resets Everyone's Passwords After IntrusionAfter detecting a coordinated intrusion into their network, Evernote forced a system-wide password reset today. The attackers were able to access Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords.http://www.informationweek.com/byte/personal-tech/evernote-resets-everyones-passwords-afte/240149870?cid=RSSfeed_IWK_AuthorsEvernote's security team has detected a coordinated attempt to gain access to secured areas of their systems. So as to be safe, rather than sorry, <a target="_blank" href="http://blog.evernote.com/blog/2013/03/02/security-notice-service-wide-password-reset/">they have forced all users to reset their passwords before proceeding to use the service</a>. <div style="margin:0; padding: 0 0 5px 5px; width:385px; float:right; text-align:center;"><img style="border:1px solid black;" alt="Evernote Resets Everyone's Passwords After Intrusion" src="http://twimgs.com/darkreading/bloggers/evernote-password.jpg" alt="same as caption" hspace="0" vspace="0" border="0" /><div style="margin:4px 0 0 0; padding:0; color:#990000; font-weight:bold;">New password? What new password?</div></div>I noticed this myself this morning when I tried to load up Evernote on my Mac and got the message nearby that my password had changed and that I should enter the new one. This left me confused as I had not reset my password. Then I noticed a post on Facebook from Evernote, which I received because I had Liked them, noting the system-wide password reset and linking to the blog entry on their site to which I liked just above. Other people also found the mechanism the company used confusing. The blog notes that the attackers were able to access Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords. They were not able to access payment information nor any user content. The passwords are salted and hashed; if that was done properly, they should be of no use to the attackers. Evernote will also be releasing updates to their apps very soon to address the attack.2013-03-01T08:00:00ZOpen Public Wi-Fi: How To Stay SafeOpen public Wi-Fi networks are still very common in coffee shops like Starbucks, public libraries and other common areas, yet using them can compromise the confidentiality of your communications. We do have many ways for you to protect yourself, some stronger than others.http://www.informationweek.com/byte/personal-tech/wireless/open-public-wi-fi-how-to-stay-safe/240149727?cid=RSSfeed_IWK_AuthorsUsing open public Wi-Fi networks is dangerous business; if you're not careful, your communications are open to everyone else on the network. But there are ways to protect yourself. If you have the option, you should use an encrypted network. In the alternative, if you use an open, unencrypted network, use a virtual private network to protect your communications. Failing even that, be sure to use only HTTPS sessions. <div style="margin:0; padding: 0 0 5px 5px; width:185px; float:right; text-align:center;"><a target="_blank" href="http://twimgs.com/informationweek/byte/commentary/2013-Feb/wifi-networks-available.jpg"><img alt="" src="http://twimgs.com/informationweek/byte/commentary/2013-Feb/wifi-networks-available-200.jpg" alt="same as caption" hspace="0" vspace="0" border="0" /></a><div style="margin:4px 0 0 0; padding:0; color:#990000; font-weight:bold;">Beware those without the lock icon (click image for larger version)</div></div>When you look at a list of available Wi-Fi networks, like the one nearby, there are basically two types: those that are encrypted (with the lock icon) and those that are unencrypted. If you connect to an unencrypted network all of your traffic is open for all the world to see, unless you take other measures to encrypt it. On such a network, all users can see all other users' traffic. Worse still, other users can hijack your session and communicate with the website you were on as if they were you, or redirect your computer to a site you didn't intend to visit. These attacks, while not strictly new at the time, were made widely known by the release of <a target="_blank" href="http://codebutler.com/firesheep?c=1">Firesheep</a>, which made it easy to do. Even if you are forced to log in to a web page or check a box after you connect to an open network, your traffic is not being encrypted. The login merely controls your access outside the wireless gateway to the Internet. There are three main encryption standards supported by the networks with the lock icon: WEP, WPA and WPA2. WEP is an old and broken protocol, easily cracked. WPA is strong, but WPA2 is the state of the art. A properly-implemented WPA2 network gives you protection strong enough for all but secret agent work. But even more important, both WPA and WPA2 support session isolation. Other users on the network can't see your traffic. For this reason it's better to offer a WPA2-protected network and publicize the password, perhaps with a big sign on the wall, than to offer open Wi-Fi. Another possibility is to include the password in the SSID, such as "WiFi-pw-is-ChakaKhan." What if encrypted Wi-Fi isn't available? Your best option is to use a VPN or Virtual Private Network. Most users who have a VPN get access to it through their business, but there are private VPNs for individuals, too. Many are free or low cost. I use <a target="_blank" href="http://www.hidemyass.com/vpn/">HMA! Pro VPN</a> (HMA stands for Hide My Ass). It has a free web proxy and there are free VPNs, but I pay for the Pro version of HMA because I like the fact that it protects my entire network stream. Any application I use that communicates on the Internet uses strong encryption talking out to its network, at which point it is proxy-ed out to its final destination. The site I'm talking to doesn't know who or what I am based on network traffic; it only sees HMA's network, so I'm also anonymous to these other parties. The other option you have on an otherwise open network is to make sure to use HTTPS websites only. When you use HTTPS, all communications are encrypted using TLS/SSL. Well, almost all. Sometimes a site will say HTTPS and you'll get the lock icon, possibly even an EV-SSL site with the green address bar, but some elements on the page, such as some graphics, are transported on HTTP. This is an opening for an attacker. Back when Firesheep came out, many large and popular websites like Facebook and Twitter offered HTTPS, but didn't force it on users. Since then both have changed to switch the user to an HTTPS session if they attempt to connect to HTTP. After Firesheep, a standard was also developed for web servers to force clients to interact with them only over HTTPS.<a target="_blank" href="http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security">HSTS (HTTP Strict Transport Security)</a> is implemented through the HTTP header "Strict-Transport-Security," but I can't find any good numbers on how widely it is implemented. The <a target="_blank" href="https://www.ssllabs.com/ssldb/index.html">Qualys SSL Server Test</a> allows you to test an HTTPS server for many characteristics, including support for Strict Transport Security. So you have many ways to ensure that when you are surfing in dangerous waters the sharks don't see you. One day our systems will be built to default always to secure configurations, but we're not there yet. We do know how we can protect ourselves and it's our job to do it.2013-02-28T08:00:00ZThe Best Way to Spend Your Security BudgetIt's easy to come up with scenarios in which mobile devices can compromise an organization. On the spectrum of real-world threats, these are almost all outliers. Probably the most important thing for you to do is to make sure all your SQL queries are parameterized. This will eliminate the most important mass-attack technique used against large companies.http://www.informationweek.com/byte/personal-tech/desktop-applications/the-best-way-to-spend-your-security-budg/240149675?cid=RSSfeed_IWK_AuthorsEveryone could use more security budget. There's always more to do. So you have to prioritize your spending. Where can you spend it most effectively? Should you be spending big money on mobile security? Probably not. The only smart way to prioritize security spending is to do it where it will be the most effective. Mobile security threats are very real and present some really scary scenarios. No way should you blow it off. But the fact is that mobile threats, like Android malware and data exfiltration on BYOD devices, aren't what is causing the big problems and embarrassing headlines for companies. What is causing those problems? You can find those causes <a target="_blank" href="https://www.owasp.org/index.php/Top_10_2013-Top_10">here, in the OWASP Top 10 Project</a>. OWASP is the Open Web Application Security Project, one of the most worthy organizations out there working genuinely to help IT and programmers to improve security. <a target="_blank" href="https://www.owasp.org/">Its web site</a> is a treasure trove of constructive advice for making your systems more secure. The Top 10 list (the one linked to above is a release candidate for discussion, but it looks pretty much like its recent predecessors) contains "a broad consensus about what the most critical web application security flaws are." In other words, they are the important problems that are really being exploited out in the wild. These are programming terms, not the sort you usually hear of with respect to products being sold. Number 1 on the list is Injection, which the organization defines this way: "Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker's hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data." The most famous and most consequential of injection flaws is SQL injection. The really big damage to companies and their reputation happens when systems are compromised on the back end, where the big data is stored. SQL injection is the most popular way to do it. <a target="_blank" href="http://www.f-secure.com/weblog/archives/00001427.html"><img src="http://twimgs.com/informationweek/byte/commentary/2013-Feb/SQL-Injection-452.jpg" /></a><div style="margin:4px 0 0 0; padding:0; color:#009999; font-size:small; ;font-style: italic; text-align:right;">The results of a mass SQL injection campaign in 2008. (source: <a target="_blank" href="http://www.f-secure.com/weblog/archives/00001427.html">F-Secure</a> - click image for larger version)</div> The amazing thing about SQL injection is that not only is it the most damaging of vulnerabilities, but we know a way to end it: parameterized queries. Vulnerable SQL code usually gets that way because a program takes user input (First Name, Last Name, Address, etc.), uses that to construct a SQL statement dynamically and then executes it. When the user/attacker inputs characters that terminate the query and execute another, the dynamic SQL statement ends up executing the attacker's query. If you're involved in this sort of programming I strongly recommend studying <a target="_blank" href="https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet">the OWASP SQL Injection Prevention Cheat Sheet</a>. I won't go into detail here about how parameterized queries work, just to note that it's a programming technique in which user input is bound to program variables that are then used by server facilities to construct the query and execute it. Not only are these queries impervious to SQL injection, but they can easily execute faster, if heavily utilized. Note that you won't find mobile threats, at least not explicitly, in the OWASP top 10. That's because, for all their potential to cause damage, it's still really just potential. Attackers would have to go to a lot of trouble to execute a mass attack on mobile devices, but one SQL injection attack can bring in big bucks. It's a no-brainer that you should make this problem top priority.2013-02-25T13:30:00ZFirefoxOS #Fail: The Web is Not the PlatformMozilla says that 'Content Is King' and 'The Web Is The Platform'. This strategy is an old and failed one. Apple briefly, and insincerely, tried it. The whole history of personal computing, let along the history of mobile devices, shows that he who takes maximum advantage of the capabilities of the platform wins the market.http://www.informationweek.com/byte/personal-tech/firefoxos-fail-the-web-is-not-the-platfo/240149358?cid=RSSfeed_IWK_AuthorsIt seems like an obvious argument, even a tautology: People don't buy computing devices for the hardware or even the software, they buy them for the things they can do with them. In the context of mobile devices, Mozilla launches its <a target="_blank" href="http://www.mozilla.org/en-US/firefox/partners/">Firefox OS</a> this week at Mobile World Congress making that same argument: Content is King. <a target="_blank" href="http://twimgs.com/informationweek/byte/commentary/2013-Feb/Mozilla-Firefox-OS/Firefox-OS-content-is-king.jpg"><img alt="" src="http://twimgs.com/informationweek/byte/commentary/2013-Feb/Mozilla-Firefox-OS/Firefox-OS-content-is-king-452.jpg" /></a><div style="margin:4px 0 0 0; padding:0; color:#009999; font-size:small; ;font-style: italic; text-align:right;">No, it's not. (click for larger image)</div> It's an old argument, one you especially make when you don't have a strong argument for your hardware or software. This is definitely the case with Firefox OS, but it's even worse than that. <div style="margin:0; padding: 0 0 5px 5px; width:190px; float:right; text-align:center;"><img alt="Mozilla Firefox OS home screen" src="http://twimgs.com/informationweek/byte/commentary/2013-Feb/Mozilla-Firefox-OS/Firefox-OS-phone-screen.jpg" alt="same as caption" hspace="0" vspace="0" border="0" /><div style="margin:4px 0 0 0; padding:0; color:#009999; font-size:small; ;font-style: italic; text-align:right;">Firefox OS home screen</div></div>HTML apps are a good solution for a large number of mobile applications. They leave a lot of phone functionality unexploited, but they can get the job done in a way that's comparatively cheap and quick to develop and works on just about any mobile device. So if this is the case, why are enterprises building apps generally iOS apps as fast as they can? Because nobody is happy with lowest common denominator interfaces. BYOD has especially undermined the ability of IT and ISVs to get away with such a strategy. People see all the slick apps that are optimized for their platform and they look down on apps that are plain and unsophisticated. Like I said, this is especially true in modern times, but it's anything but new. Even the earliest PC applications were more popular the more they optimized for the platform. My first job out of college was working on a team writing a 4GL database system. Our program had simple text input/output that allowed us to be portable to a wide variety of platforms, from the UCSD p-System to the IBM PC to the DEC PDP-11. But dBase II and our other competitors were flashier and, truth be told, easier to use because they were optimized for the PC user interface. There was more to the story, but we didn't last and this was a big part of it. <div style="margin:0; padding: 0 0 5px 5px; width:190px; float:left; text-align:center;"><img alt="Mozilla Firefox OS logo" src="http://twimgs.com/informationweek/byte/commentary/2013-Feb/Mozilla-Firefox-OS/Firefox-OS-Logo.jpg" alt="same as caption" hspace="0" vspace="0" border="0" /></div>And Mozilla is at a disadvantage even for a good HTML app. One of the great standards problems of our day -- under covered, if you ask me -- is the WebKitification of the mobile Web. <a target="_blank" href="http://www.webkit.org/">WebKit</a> is the open source browser engine in Apple's Safari, Google's Chrome and a bunch of less-important browsers. WebKit's dominance in usage on the mobile Web has incentivized developers to rely on extensions in the browser that are beyond the standards for CSS and HTML5. Both Opera and Blackberry recently threw in the towel, shifting from their own browser engines to WebKit. Yes, these extensions are open source, but they are also proprietary. <a target="_blank" href="https://developer.mozilla.org/en-US/docs/CSS/CSS_Reference/Webkit_Extensions">Mozilla is working on support for at least some of them</a> and <a target="_blank" href="http://blogs.windows.com/windows_phone/b/wpdev/archive/2012/11/15/adapting-your-webkit-optimized-site-for-internet-explorer-10.aspx">Microsoft is also providing developer guidance</a>. Supporting a phone with a minor player as the OS is not a winning strategy for mobile carriers or ISVs. I just can't see Firefox OS getting any real traction with so many factors working against it.2013-02-22T07:30:00ZMLB.TV Just Charged Your Credit CardAre you an MLB.TV subscriber? In past years they have always asked you to renew. Not anymore. Check your credit card.http://www.informationweek.com/byte/personal-tech/consumer-services/mlbtv-just-charged-your-credit-card/240149117?cid=RSSfeed_IWK_AuthorsAre you an MLB.TV subscriber? In past years they have always asked you to renew. Not anymore. Check your credit card. MLB just charged it for a one year subscription to <a target="_blank" href="http://mlb.mlb.com/mlb/subscriptions/index.jsp?product=mlbtv&affiliateId=MLBTVREDIRECT">MLB.TV Premium</a>. In years past I have always let the decision to resubscribe rattle around in my head. Every year they raise the price and every year I resubscribe because I'm a Phillies fan in the New York market, and MLB.TV lets me watch all the Phillies games and with the Phillies announcers too. I probably would have resubscribed this year too, but I'd like to have been asked. <img src="http://twimgs.com/informationweek/byte/commentary/2013-Feb/mlb.tv.home-or-away.jpg" /> Today MLB.com pushed out version 6.0.0 of <a target="_blank" href="https://itunes.apple.com/us/app/mlb.com-at-bat/id493619333?mt=8">their iOS app At Bat</a>. Around the same time, if you were a previous subscriber and had a still-valid credit card on-file, MLB.com charged it $124.99. A colleague told me that his had been charged in this way. I checked mine and the charge was there: <img src="http://twimgs.com/informationweek/byte/commentary/2013-Feb/mlbtv.charge.jpg"/> I checked with one more friend who subscribes and he was also charged. I think I detected a pattern. Now is the time to make that angry phone call or to tell your credit card company to decline the charge.2013-02-20T13:07:00ZPassword Manager On USB Key Launches On KickstartermyIDkey is a secure USB device that acts as a hardware password manager. The device authenticates the user with a fingerprint swipe. It talks Bluetooth to your mobile device and you talk to it to get it to display secured data such as passwords. But you can't buy it yet; today they launched on Kickstarter for funding.http://www.informationweek.com/byte/personal-tech/password-manager-on-usb-key-launches-on/240148949?cid=RSSfeed_IWK_AuthorsArkami, Inc. today <a target="_blank" href="http://www.kickstarter.com/projects/myidkey/myidkey-passwords-at-the-tip-of-your-finger">launched myIDKey on Kickstarter</a>, looking for $150,000 of funding and to gauge interest. The device is not yet available for purchase and pricing has not been decided. <div style="margin:0; padding: 0 5px 5px 0; width:190px; float:left; text-align:center;"><img src="http://twimgs.com/informationweek/byte/news/2013-Feb/myidkey1.jpg" alt="swipe myIDkey" hspace="0" vspace="0" border="0" /></div>myIDkey is a secure USB key that stores passwords and other user data. The device authenticates the user through a fingerprint swipe on a built-in reader. Users can optionally add a sequence of taps on the reader as another authentication factor. Users can plug the key into a computer where it interacts with myIDkey software to function as a password manager, auto-filling userid and password fields like others. Plugging the device into a computer will also charge the battery in the myIDkey. <hr /><blockquote><a href="http://informationweek.com/byte/personal-tech/mobile-applications/top-5-password-managers/240006395">Click here to read BYTE's analysis of the top 5 password managers</a></blockquote><hr /> Or the user can interact with the device directly by talking to it. In a demo of the product, for example, a user presses a button on the myIDkey and then says "Chase Manhattan" whereupon the myIDKey displays "CHASE MANHATTAN" and secret data associated with it on a built-in OLED screen. For interacting with mobile devices, myIDKey communicates over Bluetooth, providing password management using their iOS and Android apps. <img src="http://twimgs.com/informationweek/byte/news/2013-Feb/myidkey4.jpg" /> myIDkey has several high-end security features. It can be set to erase all secure data after some number of failed attempts to gain access. It can be restored, with proper authorization, from backups on your own local storage, a cloud service like Dropbox or Arkami's cloud. The device itself is designed so that you would have to destroy it in order to open it up and access the internal components. The company is seeking certification under FIPS 140-2, a standard for secure cryptographic devices required by many government agencies and private organizations. <iframe width="452" height="254" src="http://www.youtube.com/embed/clCz39EQ444" frameborder="0" allowfullscreen></iframe>2013-02-19T07:30:00ZThe Office for iPad Myth Lives OnMicrosoft Office for iPad makes perfect sense if you think Surface and Windows 8 are losers and even Microsoft doesn't believe in them. It's way too early to give up on Microsoft's new operating system which works with tablets as well as conventional computers, and the mythical billions it could make with an Office for iPad would lose them far more by undercutting Windows.http://www.informationweek.com/byte/personal-tech/mobile-applications/the-office-for-ipad-myth-lives-on/240148775?cid=RSSfeed_IWK_AuthorsIt's been seen more often than Bigfoot and the Loch Ness Monster of late. For about a year there have been reports that <a href="http://www.informationweek.com/byte/personal-tech/mobile-applications/is-microsoft-office-for-ipad-for-real/232601226">the release of Office for iPad was "imminent."</a> And yet here we are, with no app, just rumors. The latest <a target="_blank" href="http://allthingsd.com/20130215/microsoft-could-make-billions-from-office-for-ipad/">spate</a> of <a target="_blank" href="http://channelnomics.com/2013/02/18/microsoft-misses-billions-office-ipad/">stories</a> derive from speculation by Morgan Stanley analyst Adam Holt that Microsoft could make $2.5 billion annually on Office for iPad. He bases that number on an assertion of about 150 million iPads in circulation; guessing that 40 percent of them would buy Office (at full retail price!) based on the claim that 30 to 40 percent of Macs have Office on them, so of course the same percentage of iPad users would buy it; and a $60 price, $42 of which goes to Microsoft and $18 to Apple for their App Store cut. The $2.5 billion number assumes 40 percent (150,000,000 * 04. * $60 * 0.7 = $2,520,000,000.00). Perhaps 150 million iPads have been sold, but I doubt that many are in circulation still, and no doubt many, especially of older generations, are in the hands of children who do nothing but watch videos and play games with them. Perhaps 30 to 40 percent of Macs have Office on them I really wonder about this number but the idea that the same percentage of iPad users would want a fat client business productivity suite designed for mouse and keyboard seems like sloppy thinking to me. And finally, perhaps Microsoft would be willing to let Apple get 30% of the proceeds from their Office sales, but... no, scratch that. They wouldn't let that happen, no way, no how. <img src="http://twimgs.com/informationweek/byte/commentary/2013-Feb/loch-ness-office.jpg" /> The kind of thinking that leads to the conclusion that Microsoft would make a real Office for iPad is the kind of thinking that assumes that Surface and Windows 8 generally are losers and even Microsoft doesn't believe in them. This idea is, at the very least, premature. Microsoft is not about to spend all the money and prestige they have put into Windows 8 and Surface and then undermine it with a product that makes iPad much more attractive. This doesn't mean that Microsoft wouldn't make something for iPad users to access Office Office 365 that is. <a href="http://www.informationweek.com/byte/personal-tech/mobile-applications/office-for-ipad-dont-expect-much/240144256">A client access app for the web-based Office service makes perfect sense</a>, especially in as much as Microsoft could distribute it for free. And Microsoft has made software like this in the past: <a href="http://www.informationweek.com/byte/personal-tech/mobile-applications/microsoft-office-web-apps-for-ipad-a-gam/240006020">our review of Microsoft Office Web Apps For iPad</a> gives some clues to what Microsoft is and is not willing to do on the iPad. But even this may not be in their interest. Why make things even that much better for Apple? Holt wasn't necessarily saying that Microsoft was going to make an Office for iPad (although that's <a target="_blank" href="http://www.thedaily.com/page/2012/02/21/022112-tech-apps-office/">what others have said</a>). He was just saying that they would make a lot of money by doing so. There's another side to this argument. First, putting aside the fact that the $2.5 billion is an exaggeration, the chance remains for Microsoft to make even more money and exert more control over a Windows 8-based tablet market. A better Office for Windows 8 than for its competitor platforms would be a good thing for Windows 8, and Windows 8 is a better platform for Office than iOS or Android. It's possible to make a kind of Office for a tablet like the iPad, but it would be much less of a product than the *real* Office, which is a content creation suite and requires user interface devices i.e. the keyboard and mouse not included on an iPad. Unlike other tablet operating systems, Windows 8 directly supports keyboards and pointing devices. These are not old-fashioned devices headed for obsolescence; they are still the main tools for content creation everywhere. Tablets without keyboards and mice are just not as good at mainstream content creation. So don't be surprised when whatever Microsoft releases for iPad is little more than a client access app for Office 365 or something like it. Anything else would be dumb.2013-02-15T10:40:00ZiPhone Vulnerability: Return of the Lock Screen BypassHow Do security regression errors happen? The key to preventing new code from breaking old code is proper testing. Improved automated testing helped Mozilla to cut regressions caused by security patches. In the case of the iPhone 5 lock screen bypass, a hole in the test plan may be responsible.http://www.informationweek.com/byte/personal-tech/iphone-vulnerability-return-of-the-lock/240148663?cid=RSSfeed_IWK_AuthorsReports yesterday of <a target="_blank" href="http://www.theverge.com/2013/2/14/3987830/ios-6-1-security-flaw-lets-anyone-make-calls-from-your-iphone">a lock screen bypass in the iPhone 5</a> noted that a "similar" bug was <a target="_blank" href="http://www.engadget.com/2010/10/25/ios-4-1-glitch-lets-you-bypass-lock-screen-to-access-phone-app/">found in iOS 4.1 and fixed in 4.2</a>. In both cases, the lock screen, which is only supposed to let you make emergency calls or enter the lock code, allows the user to perform other functions, like make other phone calls. How do these errors resurface after being fixed? In Apple's case, the problem could be a weakness in their test plans or procedures. <div style="margin:0; padding: 0 0 5px 5px; width:190px; float:right; text-align:center;"><img src="http://twimgs.com/informationweek/byte/commentary/2013-Feb/iphone-lock-screen-180.jpg" alt="iphone lock screen" hspace="0" vspace="0" border="0" /><div style="margin:4px 0 0 0; padding:0; color:#990000; font-weight:bold;">The iPhone lock screen</div></div>When an error that was fixed shows up again later it is called a regression error. Regression errors generally are when some change to the program, a new version or software patch, breaks some feature of the program. Security fixes are one type of feature that could be broken. Controlling regression errors is a matter of proper documentation and testing. Good code documentation should at least give future developers the chance to recognize that changes will affect the feature. But it's testing that is the key to preventing regressions. Any well-designed software project has a formal test plan as part of it. As new features and bug fixes are added, test should also be added to the test plan to make sure that new fixes don't break old features or fixes. In the case of security patches, a test needs to be added to the plan to check for each vulnerability that is fixed. <iframe id="viddler-8cbac961" src="http://www.viddler.com/embed/8cbac961/?f=1&offset=0&autoplay=0&secret=69660486&disablebranding=0" width="452" height="289" frameborder="0" mozallowfullscreen="true" webkitallowfullscreen="true"></iframe><div style="margin:4px 0 0 0; padding:0; color:#009999; font-size:small; ;font-style: italic; text-align:right;">The original iOS 4.1 lock screen bug, as demonstrated by Engadget.</div> The real key to making regression testing practical is to automate it. Back around 2007 and 2008, Mozilla had a very bad problem with security patches causing regressions of other security patches. They finally got it under control and attributed their success, in part, <a target="_blank" href="http://blog.mozilla.org/security/2010/02/10/fixing-security-holes-without-introducing-new-bugs/">to increased automated testing</a>. Almost any test can be automated, even by simulating user interface actions by hardware through the USB connection to the device. But the lock screen on iOS is a problem for test automation. The lock screen is designed not to allow external hardware to break out of it, lest someone else take your phone and gain control of it. There's no automated way to test it, so you have to test it manually. In all likelihood, Apple has some manual tests to perform as well, but it's easy to see how they would get shrugged off in a hurry or given to some intern who didn't execute them properly. Expect an angry memo to go around at Apple about this, but deadlines are deadlines and one day the manual testing will again seem like a corner worth cutting. Thanks to super-resaerchers Charlie Miller and Dan Kaminsky for discussing this with me.2013-02-11T09:08:00ZSurface Pro Out, But You Can't Get ItThe 128GB Surface Pro from Microsoft sold out mere hours after becoming available for purchase. The much-maligned 64GB version is available. Microsoft says that this model has 30GB, not 23GB of built-in storage free, and another analysis shows that the 128GB Surface Pro's free storage compares to that of Apple's MacBook Air.http://www.informationweek.com/byte/personal-tech/tablets/surface-pro-out-but-you-cant-get-it/240148256?cid=RSSfeed_IWK_AuthorsThe Microsoft Surface Pro launch event was scheduled for Friday night at a Best Buy in Manhattan. Customers were to be able to buy them starting at midnight. Mother Nature had other ideas though, and the blizzard we called Nemo wiped out both events. But the Surface Pro became available nonetheless. The company announced that it was <a target="_blank" href="http://blog.surface.com/b/surface/archive/2013/02/09/surface-pro-available-now.aspx">"Available Now" on a Saturday entry on the new Surface Blog</a> by Panos Panay, Microsoft's general manager for Surface. You can buy it, for instance, at Microsoft retail stores and <a target="_blank" href="http://surface.microsoftstore.com/store/msstore/Content/pbpage.Surface_Pro?ESICaching=off">directly from the company online</a>. Or so it appears. We haven't actually tried to buy one, but have read numerous reports of them being hard to find and of the 128GB model being sold out. Even Microsoft is already out of them online: <a target="_blank" href="http://twimgs.com/informationweek/byte/news/2013-Feb/Surface-Pro-Out-Of-Stock.jpg"><img src="http://twimgs.com/informationweek/byte/news/2013-Feb/Surface-Pro-Out-Of-Stock-zoom.jpg" /></a><div style="margin:4px 0 0 0; padding:0; color:#009999; font-size:small; ;font-style: italic; text-align:right;">Microsoft is out of Surface Pro 128GB units for online sale. (Click for larger image)</div> <div style="margin:0; padding: 0 0 5px 5px; width:107px; float:right; text-align:center;"><a target="_blank" href="http://twimgs.com/informationweek/byte/news/2013-Feb/BestBuy-Surface-Pro-Unavailable.jpg"><img style="border:1px solid black;" src="http://twimgs.com/informationweek/byte/news/2013-Feb/BestBuy-Surface-Pro-Unavailable-CROP.jpg" alt="Surface Pro unavailable at Best Buy" hspace="0" vspace="0" border="0" /></a><div style="margin:4px 0 0 0; padding:0; color:#990000; font-size:small;">Meanwhile, at Best Buy... (Click for larger image)</div></div>64GB Surface Pro units are much easier to find, although this particular configuration received criticism even before it shipped with reports, based on analysis of pre-release units, that it had only 23GB of available disk space. More on this criticism and Microsoft's response below. The situation at Best Buy and other retailers is no better. The big box retailer doesn't sell Surface Pro online, but a search on its website for stores nearby (in a New Jersey suburb of New York City) shows that <a target="_blank" href="http://www.bestbuy.com/site/olspage.jsp?id=pcat17006&type=page&skuId=7952262&searchpage=true&_requestid=198849">none are to be had in stores either</a>. Click on the nearby image for more on the search. Anticipation of the Surface Pro in the trade press has been lukewarm at best, but demand for it may have been greater than expected. <a target="_blank" href="http://betanews.com/2013/02/10/surface-sells-out/">This story on Betanews </a> tells of an online poll it ran in which 45% of 2,000 respondents intended to buy one "as soon as available." The Betanews story, along with many a tweet we've seen, indicate that people are actively shopping for Surface Pro and not finding it. Surface Pro is also officially for sale at Staples, but the 128GB version is also effectively unavailable. <a target="_blank" href="http://www.staples.com/Surface-Windows-8-Pro-128GB/product_148595">The page for that product</a> reads "Currently Out of Stock." Surface Pro, in contrast to the <a target="_blank" href="http://www.microsoft.com/Surface/en-US/surface-with-windows-rt/home">Surface with Windows RT</a>, runs the mainstream Intel architecture version of Windows. The Surface RT uses an ARM architecture processor and cannot run normal programs written for Windows. It is designed to run only apps from <a target="_blank" href="http://windows.microsoft.com/en-US/windows-8/apps">the Microsoft Store</a>. Surface Pro has a 10.6-inch ClearType HD Display with 1920 by 1080 resolution. The CPU is a 1.7GHz Intel Core i5 processor with HD 4000 graphics. The device has 4GB RAM and either 64GB or 128GB storage. The front- and rear-facing cameras are 720p. It comes with a full complement of sensors: an accelerometer, an ambient-light sensor, a compass and gyroscope. It has 802.11an Wi-Fi, Bluetooth 4, and USB 3. The dimensions and weight are: 10.81 x 6.81 x 0.53 inches and just under two pounds. Price: $899 (64GB); $999 (128GB). All mobile devices lose some of their storage to the operating system and other bundled software and data, but the Surface Pro loses more than usual. Early reports that the 64GB Surface Pro would come with only 23GB free (and 83GB free on the 128GB version) created bad press before even reviewers had their hands on the devices. Microsoft's Panay replied to some of these complaints, oddly, <a target="_blank" href="http://www.reddit.com/r/IAmA/comments/18063g/i_am_panos_panay_with_the_surface_windows_8_pro/">on Reddit, rather than on the Microsoft blog</a>. Panay stated that the early reports were inaccurate in that they were based on observations of pre-release machines with extra data on them. Shipping Surface Pros would have 6-7GB more than was reported (i.e. 29-30GB for the 64GB model and 89-90GB for the 128GB model). The Surface and Surface Pro also come with a microSDXC socket for storage expansion, although performance of such storage would lag behindthat of built-in storage. The default Surface Pro configuration also comes with nearly 8GB of storage dedicated to a Recovery Partition which can be offloaded to a MicroSD card, freeing up that space as well. For more detail on available storage on Surface Pro, especially compared to the MacBook Air, see <a target="_blank" href="http://www.zdnet.com/surface-pro-versus-macbook-air-whos-being-dishonest-with-storage-space-7000011009/">this analysis by Ed Bott of ZDNet</a>.