TechTakes

Visit Adobe's web site today and you'll see something new: a host of applications based on Adobe AIR, a new "cloud computing" development platform that further blurs the distinction between desktop computing and web applications. There are already a number of free applications available for download – take a look and download a few. Whether you want to read or listen to free books online using Netbook to access the Gutenberg collection, manage a project, handle your digital photos, finding the missing chord for your latest song with Chorducopia . . . you get the idea. There are tools for eBay, Google, and a host of other major players in the online arena, and today is just opening day.

AIR is the latest salvo in the war between Adobe's Flash and Microsoft's Silverlight – software that blends the user experience of the browser and the desktop. Further developments will bring smartphones into the fray, giving end users unprecedented mobility and access to their data and causing a new set of headaches for security administrators. For more about the big picture on this, see "Adobe Blurs the Line Between PC and Web" by John Markoff in today's New York Times.

John Markoff's writes in today's New York Times about research done at Princeton University and sponsored in part by the Department of Homeland Security that proves the vulnerability of computer data stored using today's encryption standards. It turns out that while the data is safely encrypted using advanced security algorithms, the encryption keys are stored in unencrypted form, allowing them to be stolen from the memory chips on which they reside. So if someone gets possession of your computer, they can freeze the chips and read out the data containing the encryption key, giving them the ability to access all your encrypted data. (Link to article)

It's not a living-room technique likely to be used by a common thief, although it takes nothing more than a can of compressed air to freeze the chips. However it raises questions about the standard assumptions many people make about security and the efforts criminals or intelligence agencies may make when they have a high-value target. There are ways to separate the key from the computer containing the encrypted data – for example, putting the key on a USB flash drive or a smart card – but those additional measures require extra effort for the computer owner and thus inhibit the adoption of stronger security practices.

Does this mean that data sent over the internet to data centers for backup and disaster recovery purposes and stored in encrypted format is vulnerable? Probably not, for several reasons. The research did not prove a vulnerability in the data encryption itself; it showed that the current method of storing encryption keys was vulnerable. So it's the equivalent of saying that the locks on the house are providing good security, but if someone can find out where you hid the key under the rock in the garden, they can open the doors and get into the house. The research was aimed at personal computers and laptops in which the encryption key was stored on memory chips on the same device. Separating the storage locations for the key and the data is a significant barrier – and if the key resides on a computer system miles away from the encrypted data, and further requires authenticated access to the account using an account identifier and user password, the risk is considerable lower.

The Princeton results might actually make a case for more extensive use of remote data storage facilities for sensitive data. Presumably the data would never get into the physical possession of criminal elements (we have to leave out government access to facilities and the possibility of willing or forced cooperation of the data center under national security justifications, legal or otherwise). With the growth in cloud computing in which information assets are kept on servers in data centers and accessed over the internet, the Princeton researchers have made another case for thin-client computing, in which the local device is nothing more than a terminal providing a screen, keyboard, and network connection to the data, and holds no data locally.

There are other risks in this scenario – what if the USB key or smart card is lost or stolen? With enough information about the owner of the device and the associated accounts, secure data might be compromised. But it would be much harder to gain access to the data – and there are always risks, which is why having a set of sound security policies and practices is the only way to reduce vulnerability (the "attack surface") and to be able to manage quickly the problems resulting from a security breach.

Verizon, AT&T and T-Mobile just announced unlimited cell phone calling plans for $99.99 per month. Sounds good, but there are a few wrinkles. First, the plans only save money for heavy cell phone users; if you're not already paying more than $99.99 there's little reason to pay more for the coverage you already have.

Verizon charges $99.99 per line for the unlimited calling plan. If your family has two or more lines on a Verizon Family Share plan and you're paying, say, $149.99 for 3,000 minutes monthly, to get the $99.99 unlimited plan you would have to pay that on each line, or put one line on the unlimited plan and then add plans at lower prices with limited minutes for the other line(s). There are similar subtleties to the AT&T and T-Mobile offerings, so before you make the change, make sure you understand the terms of the new contract.

Where's Sprint?

Verizon, AT&T and T-Mobile just announced unlimited cell phone calling plans for $99.99 per month. Sounds good, but there are a few wrinkles. First, the plans only save money for heavy cell phone users; if you're not already paying more than $99.99 there's little reason to pay more for the coverage you already have.

Verizon charges $99.99 per line for the unlimited calling plan. If your family has two or more lines on a Verizon Family Share plan and you're paying, say, $149.99 for 3,000 minutes monthly, to get the $99.99 unlimited plan you would have to pay that on each line, or put one line on the unlimited plan and then add plans at lower prices with limited minutes for the other line(s). There are similar subtleties to the AT&T and T-Mobile offerings, so before you make the change, make sure you understand the terms of the new contract.

Where's Sprint?

Motorola has had its ups and down over the past decade, and the turmoil continues. Why? They just don't get it right. An example:

I have two Motorola Bluetooth headsets, the H500 and the H700. I wanted to set up Bluetooth on my Windows Vista computer so I can use one of the headsets for Skype to make internet phone calls. After a bit of fiddling around, I got the H700 working with Vista. But the H700 is a snazzy little headset whose major feature is power management (it turns off when you fold the microphone in, saving battery on both the headset and a cell phone), so I'd rather use it with my Motorola Q9M smartphone (which is great except for the lack of a touchscreen and a full Windows Mobile implementation).

I tried in vain to configure the H500 for use with Windows Vista. The installation process set up two devices, and told me that one installation succeeded and the other installation failed. I fiddled some more, and finally, unable to find a new driver on the Motorola support web site, call Motorola technical support. The support engineer tells me very politely that "Motorola doesn't support Vista." When I point out that the H700 headset works just fine with Vista, but I want a new driver for the H500 so I can use it with Vista he says "If you got the H700 to work in Vista, good for you, but we don't support Vista."

Now, never mind the grief Microsoft is taking over the delayed release of Service Pack 1 for Vista due to – guess what? – a lack of driver updates from recalcitrant vendors such as Motorola. Vista had a years-long development and testing period, and has been in the marketplace for well over a year. It's Microsoft, and the next generation of Windows. For any vendor to say "we don't support Vista" is inexcusable. And my old, old Jabra BT350 headset works just fine with Vista – when I dusted it off it installed lickety-split with no fiddling around.

Motorola's problem? They get to the right place, whether it's Bluetooth headsets or smartphones, and then they fail to execute properly, and fail to support their products and customers by delivering updated industry-standard drivers and features. No wonder, when they fail at the small things that matter to consumers, that they miss the big picture and their stock is down from a high of $51 per share in 2000 to around $11 per share today (which is an astounding 50% increase from the low of $7 a couple of years ago but down from a middling peak around $25 as they rocketed downhill).

Mainstream press is now beginning to write about the value and possibilities embedded in the combined online traffic of Microsoft and Yahoo, which outpaces Google. Search and advertising revenue is one component of the battle among these three, in which both Microsoft and Yahoo have clearly lost the race to Google. Even if the takeover goes through, Google will have a 2-to-1 advantage in this sector.

But opening up new channels for cloud computing – whether it is mashups from Microsoft's Popfly group, Yahoo's Zimbra, or new ways for Microsoft to deliver the productivity benefits of its core server-based Office and Outlook programs to a web-centric consumer and business market – is huge. The pricing of productivity software is in an accelerating race to the bottom – most people want free software. Many are apparently willing to pay nominal charges annually for ad-free use, perhaps combined with some additional support, larger file storage limits, or other value-added components such as shared documents and groupware enhancements. But the resistance to Microsoft's licensing model among consumers and businesses alike – especially small businesses that does not get the per-user price breaks of larger corporations – is increasing, creating opportunity for competitors and threatening Microsoft's long-term domination of the productivity market.

The buzz is that Yahoo will reject Microsoft's first offer for any of several reasons: it undervalues Yahoo; the offer, part cash and part stock, has declined in value since Microsoft stock has gone down following the takeover bid; Yahoo just wants more money for stockholders. However, Microsoft is known for its tenacity, and Yahoo doesn't have many clear exit options and has failed at articulating a clear strategy and executing it over the past couple of years, leading to its current vulnerability.

The potential clash of corporate cultures looms large over the prospects for a combined Microsoft-Yahoo. Remember the colossal failure of Time-Warner and AOL, which enriched a few at the expense of many, and never resulted in any great innovation, synergy, or value to the majority of stockholders or consumers.

Microsoft's bid to take over Yahoo has gotten a lot of ink and plenty of bits since it was announced a few days ago. Coverage ranges from search engine volume to advertising dollars to corporate culture clashes and now, Google's efforts to prevent the deal. I haven't seen anyone mention the fact that Yahoo is still #1 in web site traffic (although Google, starting near Microsoft's position five years ago closed the gap around 2006 and is now neck-and-neck with Yahoo). A combined Microsoft/Yahoo stands to push Google back into the #2 spot by a significant amount, a gap which could take Google another few years to close, assuming that all else remains the same. There is so much focus on paid search and advertising models that the value of traffic itself is being discounted in the current discussion.

Microsoft is trying to stave off web-based computing such as Google Docs as a threat to its domination of the desktop productivity market. In Ray Ozzie, who may understand group computing and network-based collaboration better than anyone else, Microsoft has an architect to guide their web strategy and offerings such as their Live brands and SharePoint. Yahoo Mail and Hotmail can merge, and the webmail experience can be improved. There is still no comparison between web mail and the value of a client application such as Outlook. Building on the traffic that email usage brings opens up tremendous opportunity. It remains to be seen whether Google's Gmail will prove the value of behavioral targeting, or will fall prey to an increasingly savvy consumer who does not want all documents stored on Google servers to be mined for personal preferences and targeted advertising.

Add to this the great added value of so many free add-ons and templates for Office applications that Microsoft has on its web site, suddenly exposed to Yahoo users who might never have known about or ventured into the huge web of Microsoft.com. I am constantly amazed at how few Microsoft customers know about or download items such as free newsletter templates for Word or Outlook, free viewers or file converters for Office, or XPS as a browser-based add-on that creates PDF-compatible documents without the need for huge file downloads and constant upgrades from Adobe. These are tremendous assets that Microsoft doesn't do a good job of marketing. From its #19 position in web traffic, it's not clear that Microsoft could extend its reach. But getting Yahoo and becoming a clear #1 in web traffic under the new entity (if they figure out the linkage) could provide a tremendous benefit, boosting the core Office desktop line even as they bolster their software-as-a-service offerings.

(Web traffic ratings courtesy of Alexa.)