It might look like a jumble of wires and circuitry right now, but everything inside your computer's case connects in very specific ways. After a quick tour of what-hooks-to-what, I'm...

In a stunning reversal, Microsoft has made the most recent Vista SP1 Beta code available to anyone who wants to download it from their site. Originally they’d made it available only to a small group of known testers in corporate and home environments.

I can’t decide if they’re just looking for more free testing from a wider audience (a common reason to release code early) or they’ve decided it’s a lot more stable than previously thought. People have been clamoring for SP1 for months now. A while back Microsoft pushed the release date out to March 2008, so the free Beta access may also be a case of Microsoft having its cake and eating it too. If the current release candidate works cleanly, they can claim they delivered usable code much earlier than the (revised) schedule required. If Beta testers run into problems, Microsoft can fall back on the “it’s not production-ready code and therefore bugs are expected” explanation.

Vista’s popularity seems to be growing despite all the problems that have been reported. One article notes that “48% of respondents are using or evaluating Windows Vista — up from 29% in the previous poll from February 2007.” Of course, this is to be expected since all PCs are now shipping with Vista pre-installed. Obtaining XP is next to impossible unless you simply buy a new license copy.

Of course, the same article mentions another reason Microsoft is motivated to release SP1. The company hopes to “align SP1’s availability with Windows Server 2008, which Microsoft hopes to ship on or before its Feb. 27, 2008 launch event in Los Angeles.” Marketing intervenes!

The proximity of the SP1 release may also account for this rise in popularity, since “over the years, SP1 versions of any Microsoft products have become a traditional milestone that some corporate users wait for before they even consider rolling out the software.” This isn’t an unusual approach, though. When I manage large IT environments, I generally avoid all “point zero” (i.e. 4.0, 5.0, etc.) releases since they generally include major new functionality that’s likely to require lots of patches when it hits the field. There’s nothing like rolling out a shiny new release to a thousand machines, only to find that a major bug renders them unusable to a large percentage of the user population.

The world just got smaller (again). Google maps now offers integration with data from The Weather Channel that allows users to overlay temperature and forecast data, along with cloud cover and other information, at the click of the proverbial mouse button. Is this cool, or what?

The technology, like so much of the current Web, is a consequence of Web 2.0 technologies like AJAX that allow components of pages to be updated without refreshing the whole view. If you haven’t been following this trend (shame!), here’s how it works.

Early, Cro-Magnon Web pages required a full refresh in order to display changes in data. There was no easy way for a page to detect a user clicking on a radio button, for instance. The “submit” button was the only way to trigger an update, which refreshed the whole page.

Likewise, a page could load an animation once but no mechanism existed for the animation to be updated automatically when new data came in. For instance, if you were viewing a weather map that showed a “looped” image of clouds moving across the US, the only way to update the loop was by reloading the whole page.

Then came the “iframe,” or “invisible frame.” This, along with some JavaScript tricks, allowed clever developers to capture clicks anywhere on a page and pass them back to the server for additional processing. The result is what we’re seeing today – live pages that respond to clicks, mouse-over events, and other user input without requiring a full refresh.

This is the future of the Web. Everyone is converting to Web 2.0, and many are using AJAX. The Google Maps application is based on AJAX, and its new Weather Channel feature is just another layer atop that existing base. If you hit the “My Maps” tab, you can customize your presentation even further. Need info on the latest gas prices? What about photos of specific areas? Real estate prices? Google Maps has all these, and more modules will certainly be added as they’re developed.

Web 2.0 is the Web the way it should have been from the beginning.

Today Lenovo makes available for order something we announced several months ago – Novell SUSE Linux Enterprise Desktop (SLED). I think someone in the technology press summed it up best when he said “finally.” I think the wait was worth it.

Since I’ve been one of the people publicly putting together the words “Lenovo” and “Linux” lately, I got an advance copy to try out and play around with. As is now my usual MO, I’ve installed it inside a virtual machine. However, since the version Novell supplied was a VMware virtual machine, I started by installing the VMware player to make it work.

(I don’t want to hijack my own post by talking about virtual machines again, but to those readers who commented that I needed to try out VMware, you were absolutely right. If there’s interest, I’ll do a subsequent post on the topic.)

Unlike when I installed Ubuntu, I didn’t have any initial problems getting up and running. It just worked. The shell looked very familiar to what I am used to in Windows. The Computer button in the lower left hand corner works very similarly to the Start menu in Windows. I’m sure someone out there will tell me that this is because one version has the KDE environment and the other has Gnome, (or something like that). I’m still feeling my way through this, so regardless of which shell is running on top of it all, I was much more comfortable with SLED than I was with Ubuntu.

Performance is fast, even in a virtual machine. I’m sure that the native version would be even faster. Since Lenovo is not providing much customization on this iteration, I did miss a few features, most significantly, the scroll button on my TrackPoint. Also amusing is that the Windows key on my keyboard also brought up the Computer (Start) menu in Linux.

The environment felt so familiar that I decided to go ahead and write this blog post in the included OpenOffice.org Writer within SLED. However, when it came time to post, I did move it over to Microsoft Word 2007, my preferred way to post these blog posts due to its integration with WordPress. Frustration abounded though when I could not drag and drop my newly created file onto my Windows desktop. I guess it is too much to ask for drag and drop between Linux and Windows, but it sure would be nice. Setting up a common “shared” folder between Linux and Windows just isn’t as elegant.

I played around with other preinstalled programs and my only real issue was that couldn’t get audio to work. I know this isn’t a problem on the hardware we are shipping with SLED preloaded, and in fairness to the Novell and ThinkPad teams, this machine technically isn’t a supported configuration.

For those who want to learn all of the configuration details or to order a model, here’s a link to our site. I don’t know final pricing – that’s on the web page, but remember that you shouldn’t expect that you should take the retail price of Windows and subtract it from the list price of a similarly configured Windows model. Part of what you are paying for is getting full support directly from Lenovo. That isn’t free for us. Plus, Microsoft does not charge us retail prices to load Windows on our machines anyway.

Over the next few weeks I’m going to be playing more with this distribution. I instinctively like it.

Did you know that Microsoft will occasionally release major updates for their operating systems called Service Packs? They're very important to install and luckily much harder to miss these days...

Security response teams are reporting incidents involving a new Rootkit that’s designed to install itself as part of an infected system’s MBR (Master Boot Record). Symantec has dubbed it Trojan.Mebroot and it seems to be getting a lot of airplay. It first showed up in December, when hackers “were able to infect nearly 5,000 users in two separate attacks, staged on Dec. 12 and Dec. 19.”

It’s believed the responsible parties are those who previously infected a quarter million (yeah, that’s right) machines in a prior Rootkit attack. The new version uses a similar method, which has probably been refined in order to be more effective and harder to detect. It’s the old cat-and-mouse game of attack, response, and counterattack.

Attacking via the MBR is pretty serious, since gaining control over it means you can effectively tell the PC which OS to boot. When a PC is powered on, its BIOS looks at the MBR first. It takes instructions found there and uses them to initiate (boot or, for old timers, “bootstrap”) the installed OS. This Rootkit is also sophisticated enough to alter the Windows kernel in an effort to hide its activities.

The worst aspect of this is that the developers are probably using code created as a proof of concept at NV Labs a few years back. This is a case of legitimate research being hijacked to assist criminals, which is nothing new in either the high tech world or elsewhere. It is, however, very annoying.

At present, it’s said that detection of the new malware is hit or miss. Some antivirus companies have already issued updates that should catch it, while others are still working on theirs. MBR attacks have been uncommon lately, but were used extensively during DOS days. As one security researcher commented, “It’s not some new attack vector that’s going to be hard to prevent,” he said. “It’s just something that people haven’t really paid attention to.”

I suspect antivirus vendors will sit up and take more notice if this type of attack continues its increase in popularity.

As if poor sales and bad Vista reviews weren’t enough, now Microsoft is admitting to the presence of several new password-related vulnerabilities in XP and earlier OS releases. One, a weakness in the LSASS (Local Security Authority Subsystem Service) area, could allow attackers to use tactics similar to those used by the Sasser worm a few years back. This vulnerability is not considered as critical though, since it doesn’t allow remote users to exploit the problem.

OS weaknesses vary in severity, depending on the range of exposure. A weakness is considered very bad if someone on a remote system can make use of a hole in a security subsystem or other sensitive area. It’s much less bad if the weakness requires local access to the system, since this limits exposure to people who have keys to the system’s physical location.

The other impending patch is apparently more serious because it also affects mighty Vista, despite new features that are supposed to prevent malware installation by keeping user privileges at a lower level. Redmond isn’t saying much about the “security update it expects to release tomorrow, except to say that it is a critical bug-fix for Windows Vista and XP users because the vulnerability it fixes could be used by attackers to install unauthorized software on a victim’s computer. This update is rated important for Windows Server 2003 users and considered moderate for Windows 2000.”

The fact that they’re not disclosing the exact nature of the vulnerability probably indicates it’s pretty serious. In other words, they want to have the patch in place and allow users time to install it before any details are released. This is a smart move, since every hacker and his (or her) mother would be leveraging the vulnerability.

Yes, that’s right, 1/8 is the first Patch Tuesday of 2008. Happy downloading!

Many of us at Lenovo have been monitoring the recent forum conversations touting a new generation of ThinkPad. It’s been interesting to read the comments, and I have been thoroughly impressed with the resourcefulness of people in taking a simple picture and extrapolating so much information from it. (That doesn’t mean they’re right). Check the discussion out here or here.

Wired Magazine had a great article this month on Immersive Games in which companies are creating puzzles, riddles and treasure hunts for their fans to solve. Individuals have no chance themselves of solving the puzzles, but the collective wisdom of people around the world can do some pretty amazing things. I think this quote from the article sums it up nicely.

Our assumption,” says Sean Stewart, the game’s head writer, “was never that there’s a continent of people who love nothing better than to do spectrogram analysis. But there are always a few, and if you make a world that’s compelling enough, there’ll be a lot to do even if you’re not interested in the really arcane stuff.”

I haven’t even begun to do justice to the article, so I’d highly recommend checking it out. Fortunately, Wired puts its articles online.

While Lenovo has not created an immersive game, looking at the posts reads like a game is unfolding.

First, a picture appears on an obscure site in a foreign language not familiar to most people.

Second, taking that picture, fans are able to do some pretty creative things with it like determine product dimensions. I’ve got to applaud the creativity of overlaying the picture posted on the forums with of a picture of a known size, matching up the ports and then extrapolating product dimensions.

Third, start a massive hype cycle in which people start filling in the blanks. Soon everyone is an expert, and since “he heard from a reputable source that…,” the story quickly grows and spreads.

Fourth, (and we’re not quite to this stage yet), out come the fanboys and the bitter naysayers. The naysayers claim that this is going to be the worst product ever and bankruptcy for the company is nigh. Sell your stuff on eBay now before it becomes completely worthless. On the other end are the groups where everything is rainbows and kittens. “This is going to be Lenovo’s BEST product ever…We’re entering a new era…Battery life of 36 hours!…”

The reality often is somewhere in the middle.

I’ve got to admire companies who can keep products secret ahead of announce. Apple and Nikon are great examples. Their mentality is, “If you tell, you’re fired, and then we’ll sue you and make sure your garbage never gets picked up again.” The downside to extreme secrecy is that Apple will never be a true player for large companies until the company starts offering a product roadmap. Business customers don’t tolerate not knowing when and how product changes will occur. They need this information to plan their roll outs of thousands of machines.

On the other hand, I’ve often thought that we make too much information available too early. Customers like when we do this, but honestly, whether a product weighs 1.6kg or 1.8kg is immaterial for deciding when to transition products from one generation to the next. Plus, when we disclose too early we stall sales.

Take a look at the forums. Offer your own speculation if you’d like. We’ll be watching closely.

If you didn't already know, the start menu power button in Windows Vista is configured to put your computer in sleep mode by default. While this may be fine for...

Some of our Lenovo notebooks come with face recognition software, which is actually a reemergence of an old idea. We had facial recognition capabilities a long time ago. My first experience was with a ThinkPad T23 with an external camera mounted on the system’s UltraPort. It didn’t work well at all. Most likely because the cameras of that era were terrible. I think they were 0.3 megapixels, but may not have even been that much.

Now that some systems include integrated cameras with much better quality (1.3MP), facial recognition has become much better. The included software lets you log onto your Windows account simply by sitting in front of your system. Your face is your password. What is much cooler is that it is very user friendly for multiple user accounts. For example, let’s say you have three Windows accounts – Mom, Dad, and Sis. If you have associated their faces with their respective user accounts, the system determines which person is in front of the computer when Windows boots and automatically logs them onto the right account. In practice this works very well and is extremely fast at recognition. I was able to test this with several of my colleagues and each time all they had to do was sit in front of the computer and the system took care of the rest.

Depending on the software used, face recognition uses multiple techniques to identify a person’s face. Some of the more advanced programs use texture mapping in which a person’s skin texture is analyzed and matched. Most however, define nodal points on a person’s face and then use software to mathematically represent those points. Things measured include distance between the eyes, width of the nose, length of the jaw line, or shape of the cheekbones. Together these concatenate a numerical code which is stored in a database for later retrieval.

One particular aspect of the software Lenovo uses is rather freaky. When you sit down in front of the camera, the system generates two white dots that follow your eyes. Of course, this is completely harmless and is nothing more than a few white pixels shown on screen. However, when I see this, I immediately think that there are two lasers drilling holes into my corneas. Neurotic, yes, but that doesn’t stop me from wishing there was a way to turn this off. Others I polled liked the feature, so your experience may be totally different.

Of course, a feature like face recognition invites play, and what better way to play than to try and fool the software.

First up was an 8 x 10 color glossy photograph of yours truly (with circles and arrows and a paragraph on the back). No matter how I held the photograph, no matter whether the security settings were set high or at their lowest setting, no matter what angle I held the photo, I was not able to use it to log onto the system. The result was exactly what I had expected – that the software was smart enough to distinguish a face from a picture of a face.

My next experiment was to see if the system recognized all types of faces. Sitting at home, I tried to enroll both of my birds. The software wouldn’t enroll them. I thought that perhaps that since their eyes were not at the front of their heads, the camera couldn’t see both at once and therefore couldn’t get a good reading. So next I tried my friend Jim’s cat. Same result – the software refused to accept the cat, but did happen to enroll Jim’s face when he got too close to the camera while holding the cat. Just for good measure, I tried another friend’s dog. On all of these, the software wouldn’t enroll the animals. So it seems that only human faces are recognized and accepted by the software.

It was time for one last experiment. Many people are familiar with the fabled two-key system to launch nuclear missiles. In this scenario, no one person can launch the weapons. It takes two people standing several yards apart turning the keys simultaneously to make it work. What if we could apply that same principle here – requiring TWO faces, not one, to log onto a user’s account? While we wouldn’t be launching nuclear weapons, such a scenario could be useful in any number of ways.

So I sat side by side with my friend Aimee in Lenovo’s Product Reviews lab to see if we could make this work. We created a new Windows account and tried to enroll both of our faces at once. The lighting was good, and since we were sitting at the same height right next to each other, we were more or less equal in the eyes of the camera. The software indicated a good capture, so we logged off. We sat down together and the system logged us on successfully. Then we tried just sitting in front of the system one by one. It logged on Aimee, but didn’t accept my face.

For good measure, we tried the whole setup one more time. Again, it picked Aimee’s face over mine. So not only is the software biased towards human faces, it also is biased towards women’s faces. I guess I should feel marginalized, but I’m more amused than anything else.

Overall I was impressed with the software. It was fast, accurate, and easy to use. Supposedly there is a password management feature where you can use your face to act as your password – much like on our fingerprint reader models. I haven’t tried it out yet, but if it is just as easy to use, then I think it would be a very viable solution.